Would these two wallets be equally hard to brute force attack?

[ThisUsernameSucks]

Would a HD wallet generated with a 24 words passphrase attached to a 24 word seed phrase that is know to an attacker be as hard to brute force as a HD wallet generated using only 24 words and no passphrase?

[1714672962]

1714672962

[1714672962]

1714672962

[1714672962]

1714672962

[1714672962]

1714672962

[1714672962]

1714672962

[pooya87]

It depends on the passphrase.
Obviously the BIP39 passphrase is an extra layer of security but depending on how the passphrase was generated it could be a strong layer of security or a weak/insignificant one. For example if a famous sentence was used (eg. the hard coded message in Genesis block) it provides nearly 0 security. On the other hand if it is generated randomly (eg. like a 24 word seed phrase is generated) then it can be considered a 256+ bit entropy on top of the mnemonic's 256 bit entropy.

[adaseb]

Good question.

Basically the 24 word seed is from a collection of words but the 24 words password can be basically any words even in a different language.

So as long as the 24 word pass phrase is random it’s more secure but if it’s like some text found in a book or movie then obviously the 24 word seed is more secure.

[Charles-Tim]

You can generate two 24 word seed phrase and use one as seed phrase and the other as passphrase. Easy to generate and it is 100% safe and secure and not possible to brute force it.

[Z-tight]

Would a HD wallet generated with a 24 words passphrase attached to a 24 word seed phrase that is know to an attacker be as hard to brute force as a HD wallet generated using only 24 words and no passphrase?

If an attacker knows your seed phrase that's not protected by a passphrase, they don't have to brute force anything, they'll just import your funds to their own address. A passphrase is an additional layer of security if it is a strong one that will take the attacker years with possibly no success to brute force. You should also use your passphrase to set up plausible deniability and put some money in your "decoy account", so if an attacker gets hold of your seed phrase, they will first move the funds there, which will alert you and give you the chance to sweep your funds that is protected by a passphrase to another wallet.

[Charles-Tim]

If an attacker knows your seed phrase that's not protected by a passphrase, they don't have to brute force anything, they'll just import your funds to their own address.

You mean 'send', not import. You can not import coins to an address. I guess it is a mistake. You can import seed phrase or private key. Or you can sweep the coins into another wallet instead which is what is similar to what you meant.

You should also use your passphrase to set up plausible deniability and put some money in your "decoy account", so if an attacker gets hold of your seed phrase, they will first move the funds there, which will alert you and give you the chance to sweep your funds that is protected by a passphrase to another wallet.

You do not need to fund the address that only the seed phrase generated, if strong passphrase is used, the attacker can not be able to brute force it. Example is if he used another 24 word passphrase, it will be impossible for an hacker to brute force it. But your post could be valid to avoid physical harm. But better to be private and avoid physical harm related to coins and wallet.

[SamReomo]

Would a HD wallet generated with a 24 words passphrase attached to a 24 word seed phrase that is know to an attacker be as hard to brute force as a HD wallet generated using only 24 words and no passphrase?

The wallet generated with a 24 words passphrase and a 24 word seed phrase is of course the stronger one because the passphrase is an extra added security layer to already strong 24 word seed words. But, if the seed words is known to an attacker then the 24 word passphrase will still protect your wallet from the malicious actors, and they will have to know it to transfer your bitcoins.

The 24 word passphrase will protect your wallet even if the attacker knows your seed phrase, and they'll have to brute force your passphrase in order to transfer the funds from your wallet to another wallet. If your wallet has no passphrase and is protected by only seed words then in that case the malicious actor who knows your seed words can easily transfer the bitcoins from your wallet to another wallet.

It's always better to have a strong passphrase, and you should also remember to not share your seed words and passphrase with anyone. Save those in a secure offline laptop or write them on a paper, make sure to have extra copies of the seed words and passphrase. That way no one will be able to steal your bitcoins from your account.

[Z-tight]

You do not need to fund the address that only the seed phrase generated, if strong passphrase is used, the attacker can not be able to brute force it. Example is if he used another 24 word passphrase, it will be impossible for an hacker to brute force it. But your post could be valid to avoid physical harm. But better to be private and avoid physical harm related to coins and wallet.

If an attacker has your seed phrase that is protected by a passphrase, yes they may not be able to brute force it, but it can still be said that your wallet has been compromised because your seed phrase is in the hands of an attacker, which should not happen and we can call that bad operational security. Funding your "decoy account" helps to alert you that your seed phrase has been compromised because the attacker would move the funds in the "decoy account", it does not matter if they will be able to brute force your passphrase or not, you have to sweep your funds out of that wallet to another one with a different seed phrase.

[Charles-Tim]

If an attacker has your seed phrase that is protected by a passphrase, yes they may not be able to brute force it, but it can still be said that your wallet has been compromised because your seed phrase is in the hands of an attacker, which should not happen and we can call that bad operational security. Funding your "decoy account" helps to alert you that your seed phrase has been compromised because the attacker would move the funds in the "decoy account", it does not matter if they will be able to brute force your passphrase or not, you have to sweep your funds out of that wallet to another one with a different seed phrase.

Good idea. But if 24 word passphrase is used and generated from a wallet just like seed phrase, it is completely impossible for an attacker to brute force the passphrase.

[Latviand]

The security of your wallet will only rely on the randomness of the seed phrase if you only use your seed phrase. On the other hand, adding a passphrase will add another layer of security since the passphrase is just another term for "password". Using a passphrase will definitely boost your security especially with the attack being a brute force, it will take the attacker at least 2 heat deaths of the universe before they can open the wallet so even if you're just relying on the seed phrase alone, you're good already.

[decodx]

Would a HD wallet generated with a 24 words passphrase attached to a 24 word seed phrase that is know to an attacker be as hard to brute force as a HD wallet generated using only 24 words and no passphrase?

That's an interesting question. In general, both a 24-word passphrase and a 24-word seed phrase of a hierarchical deterministic (HD) wallet can provide an extremely high level of security. If they are carefully selected and prepared, it becomes practically impossible to brute force them.

However, since the words in the 24-word seed phrase are randomly selected from a 2048-word dictionary, the number of possible combinations can be easily calculated: that's 24!

When considering a 24-word passphrase, things get a lot more complicated. Unlike a seed phrase for a HD wallet, a passphrase can be constructed using any words, including made-up words, derivatives, and abbreviations. For example, according to some research from Harvard University and Google, the English language alone has more than a million words, and the average native English speaker can use between 20,000 and 30,000 words on average. Additionally, unlike a seed phrase, a passphrase can contain the same word an unlimited number of times. Due to the virtually limitless word choices and the potential for creating complex phrases, calculating the exact number of possible combinations becomes nearly impossible. So to conclude, the number of combinations for a 24-word passphrase constructed from such a vast word pool would far exceed the already astronomically large number of combinations for a 24-word seed phrase from a fixed 2048-word dictionary.

[o_e_l_e_o]

Let's assume that in OP's example both 24 word seed phrases and the additional 24 word passphrase were all generated in the usual manner when generating BIP39 seed phrases and all provide 256 bits of entropy.

In such a case, then the two wallets will be exactly as difficult to brute force. When a BIP39 wallet is generated from a seed phrase, your seed phrase and a salt compromised of the word "mnemonic" concatenated with your passphrase are fed in to 2048 rounds of HMAC-SHA512. If you do not use a passphrase, your salt is simply the word "mnemonic" on its own. Either way, the process leads to the same 2048 rounds of HMAC-SHA512, and so there is no discernible difference in the time it takes to generate a wallet from a seed phrase with no passphrase when compared to a seed phrase with a passphrase.

So in OP's example, either I am brute forcing a 24 word seed phrase on its own, or I know the seed phrase and I am brute forcing a 24 word seed phrase being used as a passphrase. Either way, the difficulty is the same.

The difference would come when considering the checksum. Seed phrases have checksums. A 24 word seed phrase has an 8 bit checksum, meaning that on average only 1 out of every 256 random selection of 24 words will result in a valid seed phrase. This means that when brute forcing a 24 word seed phrase from scratch, 255 out of every 256 combinations can be discarded by checking the checksum and without having to run through the computationally expensive hashing and key derivation functions. With passphrases there is no such checksum, and so for every passphrase an attacker would need to run through these functions to derive the wallet.

If the attacker knew your passphrase was a valid 24 word seed phrase on its own, then nothing changes. They can still discard 255 out of every 256 possibilities based on an invalid checksum. If, however, your passphrase was simply 24 entirely random words from the BIP39 list which paid no attention to checksums, then brute forcing this would be 256 times more difficult than brute forcing a valid seed phrase. (Not quite exactly 256 times more difficult since calculating the checksum isn't instantaneous, but very close.)

It's worth pointing out that this is entirely academical and both scenarios are completely impossible before the death of the sun.

[Husires]

Increasing the seed for more than 12 words does not give you a maximum advantage in increasing the security of your coins against a brute force attack. It is true that it will take more than billions of years, but 12 words are safe against this attack.

Choosing 24 words or 24 words passphrase attached will create a problem, which is that if you forget one of these words, or there is a problem in their arrangement, or you lose one of them, then you will lose your money. It is impossible to brute force, but you narrow an additional complication, which is the possibility of losing your money if anything goes wrong, and it is a possibility that increases with the number of words.

[Findingnemo]

.
.
.
It's worth pointing out that this is entirely academical and both scenarios are completely impossible before the death of the sun.

This post clearly explains what is the possibility while trying brute forcing 24words seed phrase/recovery phrase. I have been going through many articles about this for almost 30 minutes and none of them gave such clear explanation as this so kudos for your explanation and technical knowledge.

But what I remember is even brute forcing the 12 words seed phrase is close to impossible so we don't need to worry about the 24 words.

[dkbit98]

Would a HD wallet generated with a 24 words passphrase attached to a 24 word seed phrase that is know to an attacker be as hard to brute force as a HD wallet generated using only 24 words and no passphrase?

24 words passphrase?! I don't know anyone who is using something similar.
Passphrase can be brute forced and cracked much easier than 24 seed words, but you can make passphrase stronger to reduce the risk, or even better to add multiple passphrases.

[southerngentuk]

I find that the security of a passphrase depends on the size of the word group used to generate it and the length of the passphrase itself. So with a significantly larger word pool and the potential for longer passphrases, the number of possible combinations increases exponentially. Hence, the resistance to brute force attacks is much better than a seed phrase from a fixed dictionary. So a strong and complex passphrase, built from a large pool of words, will greatly increase the difficulty of forcing a wallet, even if the original phrase is known.