Idea for extremely paranoid people who want to create a bitcoin wallet

[Synchronice]

Thesaurus.com is a public website that provides people with over 550,000 synonyms in English language. There are 2048 words in BIP39 wordlist, that is used to create normal bitcoin wallets. While I have to say that there is absolutely no way someone can hack your wallet that was randomly created from BIP39 wordlist and contains 12 seeds, still, there are super paranoid people who even think that  24 words seed phrase can be hacked because it uses publicly available BIP39 wordlist. So, there are people who don't know math, don't want to learn and are stubborn.

So, I came up with an idea for these people. Let's scrape thesaurus.com and download its wordlist database. Since Electrum is an open-source and uses wordlist, I think it might be possible to generate a bitcoin randomly from your own wordlist. Let's put thesaurus 550,000 wordlist into your electrum and randomly generate 24 words seed phrase. I don't know if your computer crashes but I think you will feel relief.

Maybe my post feel like sarcasm but my message is, please, relax!
If you random generate 12 words seed phrase bitcoin address from BIP39 list, your wallet will never be hacked because it will take so much time that you, your bitcoins and probably universe won't exist by that time.
If you random generate 24 words seed phrase bitcoin address from BIP39 list, even if you reveal all of your words in unordered way, still, no one will be able to hack it. Do you understand what I am saying? Even if you reveal all of your seed phrases in an unordered way (It doesn't apply to 12 words seed), your wallet still won't be hacked till this universe exist.

So, please, just chill and relax, don't generate wordlist yourself, there is absolutely no necessity and you may do more harm than good. There is absolutely no case where someone's randomly generated wallet got hacked. In absolutely every case where bitcoins were lost, either the person didn't take security seriously and was infected with malware or just lost his/her keys, that's all.

[1714476492]

1714476492

[1714476492]

1714476492

[1714476492]

1714476492

[1714476492]

1714476492

[o_e_l_e_o]

Since Electrum is an open-source and uses wordlist, I think it might be possible to generate a bitcoin randomly from your own wordlist.

It's easily done. Just navigate to your Electrum installation folder, and go to \electrum\wordlist. First back up "english.txt", and then edit the original with your own wordlist. Job done.

I just pulled the wordlist from here and gave it a shot: https://github.com/dwyl/english-words. It has 466k words, and it worked just fine. I generated the following seed phrase:

Code:

bacillogenous vowely Lafite nonsalably countermutiny untranquilness twice-jailed outrooting

Thanks to how Electrum works, you don't need to know my wordlist to recover that above seed phrase. You can import it in to any copy of Electrum just fine and recover the same wallet, which will give you the following address first:

Code:

bc1qkxsvxe4kl0ehz7ymy77ahy8jd4037ghvyzcwrc

However, doing this completely misses the point. The above seed phrase has exactly the same entropy as a seed phrase using the default wordlist - 132 bits. Increasing the size of the wordlist does not change the underlying entropy used to generate the seed phrase.

[Synchronice]

However, doing this completely misses the point. The above seed phrase has exactly the same entropy as a seed phrase using the default wordlist - 132 bits. Increasing the size of the wordlist does not change the underlying entropy used to generate the seed phrase.

That's what I am saying, however, people can't understand that there is absolutely no difference in real world whether you use 2048 public wordlist or all the words that exist in English language. But you have probably seen this more often than me that people are afraid they will lose their coins because someone bruteforces their wallet and the public availability of wordlist will make that process fast and smooth and so on. I know it's not true and I know that in both cases, entropy is the same. But if anyone has OCD and wants a relief, I found thesaurus as a solution They will have no more fear.

[LoyceV]

But you have probably seen this more often than me that people are afraid they will lose their coins because someone bruteforces their wallet and the public availability of wordlist will make that process fast and smooth and so on. I know it's not true and I know that in both cases, entropy is the same. But if anyone has OCD and wants a relief, I found thesaurus as a solution They will have no more fear.

My "solution" is to tell them to try "hacking" someone else's wallet. Give it your best shot, enter as many of those words into new wallets as your keyboard can handle! Or use software for it, "hack" billions upon billions of seed phrases! The same with private keys: run vanitygen on the rich list for as long as you want. By doing so, maybe you'll convince yourself how secure Bitcoin really is.

[hugeblack]

If you random generate 12 words seed phrase bitcoin address from BIP39 list, your wallet will never be hacked because it will take so much time that you, your bitcoins and probably universe won't exist by that time.

I think the most important point is what "random" means? Some people think that the human brain is good at randomness, or for example, as long as the seed is long, I am safe. No one can guess a seed that is 12 words long, so I will generate it myself, but they are wrong. Randomness means a strong random number that represents a 128 bit key at least, that If the randomness is 32bit key, you are not safe, and so on. In short, if you do not understand how entropy works, then trying to rely on the human brain will cause you to lose your money. Use a good, open source wallet, and you can verify that the entropy is at least 128 bits long, then you are safe.

You can verify electrum code entropy from here ---> https://github.com/spesmilo/electrum/blob/3.3.8/electrum/mnemonic.py#L163

[Findingnemo]

As per the theoretical calculation time taken to brute force the 24-word recovery seed from the BIP list is longer than the age of our universe which is expected to be around 14 billion years.

I considered a system that can do 1 billion combinations per second then the time taken to brute force 24 word seed would be 2.76 million trillion years.

Calculations from chat GPT

Number of Combinations = 2048^24 = 8.71 x 10^77
Combinations per Second = 10^9 (1 billion)

Time (in seconds) = (Number of Combinations) / (Combinations per Second)
Time = (8.71 x 10^77) / (10^9) = 8.71 x 10^68 seconds

To convert this into years:

Time (in years) = (8.71 x 10^68 seconds) / (60 seconds/minute * 60 minutes/hour * 24 hours/day * 365 days/year)
Time ≈ 2.76 x 10^60 years

So, it's 2.76 million trillion years.

My "solution" is to tell them to try "hacking" someone else's wallet.

why isn't it not possible original meme

Warning!, skip the video at 0.05.

[hosseinimr93]

I considered a system that can do 1 billion combinations per second then the time taken to brute force 24 word seed would be 2.76 million trillion years.

For a 24 word seed phrase, the total number of combinations would be 2.96 x 10^79 and assuming we have a computer that can check 1 billion combinations per seconds, it takes 9.40 x 10^62 years to check all the combinations.
If the seed phrase is BIP39, the number of possible combinations would be 1.16 x 10^77 and it takes 3.67 x 10^60 years to check all those combinations.

There are errors in the calculations done by ChatGPT.

2048^24 isn't equal to 8.71 x 10^77
8.71 x 10^68 seconds isn't equal to 2.76 x 10^60 years.
2.76 x 10^60 years isn't 2.76 million trillion years.

[pooya87]

FWIW even if you change all the algorithms used to create the mnemonic to work with a much bigger entropy (eg. 2048 bit) with using the much bigger word list; in the end when you derive private keys from that entropy, those keys are still going to provide you with only 128-bits of security

[Synchronice]

I think the most important point is what "random" means?

That's a question, what is random? I suggest you to check this post: https://bitcointalk.org/index.php?topic=5395587.msg60219656#msg60219656
Also, this quote from Radioactive decay wiki page sounds interesting:

Radioactive decay is a stochastic (i.e. random) process at the level of single atoms. According to quantum theory, it is impossible to predict when a particular atom will decay, regardless of how long the atom has existed.[2][3][4] However, for a significant number of identical atoms, the overall decay rate can be expressed as a decay constant or as half-life. The half-lives of radioactive atoms have a huge range; from nearly instantaneous to far longer than the age of the universe.

Overall, in our real, simple life, I would say that if we can generate combination of word seed phrases from a wordlist and we don't know how that happened or happens and we can't calculate how it chooses words, what logic it does follow, then we can call it random.

Some people think that the human brain is good at randomness, or for example, as long as the seed is long, I am safe.

Those people don't know math and probably still believe in fairy tales. Human brain follows some logic, even if that logic sounds illogical for us So, human brain likes to follow certain path and when human thinks to generate a random word seed phrase, he or she always follows certain logic. For example, from 2048 wordlist, one human may say that let's take 7th word as a first word, then let's 2048th word, then 2047th word, then 1st word, then middle word. You see, there is a logic here and it's not random, it can't be random because human has to think to create something, human thinks how to create it, human is not a machine that can generate something without thinking about it, that's just impossible.

[o_e_l_e_o]

Also, this quote from Radioactive decay wiki page sounds interesting

Radioactive decay is indeed a truly random process. We know from Bell's theorem that radioactive decay is not governed by "local hidden variables". In other words, we know that there are not events or process happening which we cannot measure or don't even know exist which are determining when such atoms decay. The decay of such atoms is indeed truly random, with the likelihood of decay at any given time dictated only by the half life of the isotope in question. The decay of such isotopes follows a Poisson distribution, the same as bitcoin mining.

Overall, in our real, simple life, I would say that if we can generate combination of word seed phrases from a wordlist and we don't know how that happened or happens and we can't calculate how it chooses words, what logic it does follow, then we can call it random.

I would disagree with this. Not knowing how something happens or what logic it follows does not make it random. Rather, the opposite is true. We need to know exactly how it is generating entropy so we can confirm that it is indeed random (or at least, pseudorandom).

[Synchronice]

Overall, in our real, simple life, I would say that if we can generate combination of word seed phrases from a wordlist and we don't know how that happened or happens and we can't calculate how it chooses words, what logic it does follow, then we can call it random.

I would disagree with this. Not knowing how something happens or what logic it follows does not make it random. Rather, the opposite is true. We need to know exactly how it is generating entropy so we can confirm that it is indeed random (or at least, pseudorandom).

If you know how something happens and what logic does it follow, then repeat the same and crack every generated wallet that was following that logic.
You certainly don't know why Electrum chose 1st word, 19th word, 1331th word and so on to generate wallet when you clicked on generate button and you don't know why Electrum chose 49th word, 258th word, 231th... on your next click on generate button. If you knew, then it wouldn't be random or it still would be but such randomness would not be beneficial, we don't want predictable randomness, we want unpredictable one.

This is an offtopic question. Are you really a doctor? The Sceptical Chymist said it somewhere I remember and I truly wonder if you are a doctor, how did you manage to be so knowledgeable in programming and physics. You are truly a very educated person and it's really an honor to have you on this forum. I appreciate you!

[hosseinimr93]

If you know how something happens and what logic does it follow, then repeat the same and crack every generated wallet that was following that logic.

Take note that a random number generator uses known mathematical formulas for generating the random number, but the output is unpredictable.
Therefore, it's not that we don't know how electrum generates an entropy. We do know how electrum generates an entropy. The thing we don't know is the output.

[LoyceV]

FWIW even if you change all the algorithms used to create the mnemonic to work with a much bigger entropy (eg. 2048 bit) with using the much bigger word list; in the end when you derive private keys from that entropy, those keys are still going to provide you with only 128-bits of security

"Only"

That's the thing: there's no point for making up your own complicated schemes to create or store your private keys. All you're doing is creating a false sense of additional security, at the risk of making a fatal mistake which results in losing access to your Bitcoins.

[o_e_l_e_o]

If you know how something happens and what logic does it follow, then repeat the same and crack every generated wallet that was following that logic.

I think we are disagreeing on semantics here rather than the underlying principles.

Of course you are correct in that you don't want a process which can easily be repeated to achieve identical results. But conversely, I do know exactly why Electrum picked each word in the seed phrase it generates for me - it uses randrange which in turns sources entropy from /dev/urandom. The entropy it receives from /dev/urandom will indeed be a cryptographically secure pseudorandom number, but I also know the processes that my OS uses to seed /dev/urandom.

This is an offtopic question. Are you really a doctor? The Sceptical Chymist said it somewhere I remember and I truly wonder if you are a doctor, how did you manage to be so knowledgeable in programming and physics.

Yes indeed! I just like to read, learn, and tinker.

[o_e_l_e_o]

Personally i find it's surprising Electrum seems to use all 466K words rather than only first 2048 and even adjust total words accordingly. And lastly i wonder whether different version of Electrum have same behavior when you supply custom words.

Certainly it's been possible at least since Electrum moved away from using their own wordlist and moved to mirroring the BIP39 wordlist.

The math is quite interesting, if you want to work it out. Given a word list of 466k, then each word can encode log₂(466,000) = 18.83 bits of entropy. For a 132 bit seed phrase, this needs 132/18.83 = 7.01 words, which has to be rounded up to 8. If you used a wordlist of 474,861 words, then you could generate a 7 word seed phrase for 132 bits.

Alternatively, you can go the other way and give Electrum a wordlist of two words, say 0 and 1, and it will generate a 132 "word" seed phrase.

You can see where Electrum works it out here: https://github.com/spesmilo/electrum/blob/6dfbdec73e97231c01b1a813ae293083a3dbd1cd/electrum/mnemonic.py#L208. Takes the length of the wordlist and calculates the log in base 2, giving the value bpw, or bits per word.

[LoyceV]

The math is quite interesting, if you want to work it out. Given a word list of 466k, then each word can encode log₂(466,000) = 18.83 bits of entropy. For a 132 bit seed phrase, this needs 132/18.83 = 7.01 words, which has to be rounded up to 8. If you used a wordlist of 474,861 words, then you could generate a 7 word seed phrase for 132 bits.

This is quite interesting indeed. So if your word list gets long enough, you'll need less seed words. That might even make it easier to remember (if only I'd know what those words mean).
So if I create a list of every combination from a to zzzzz, I get a very short seed:

Code:

julkt jtqbf hhocl qhtic bezsh kvgba

With 12 million "words", Python consumes a few GB memory and takes a while to create a new seed phrase. I expect this to get worse with much longer lists.

Of course, this takes away the "error correction" you'd have by using a dictionary word, so it's not really useful. But I'm amazed Electrum can just restore this seed phrase without the seed words!

[DaveF]

Eliminating all the other technical bits about this you then wind up with the issue of what happens when the file changes and words are removed.
https://www.abc4.com/news/9-words-removed-from-the-dictionary/

It's 10 years from now and one of your words was Brabble.
And you go to recover your seed and it just does not work.
Sucks to be you.

Well worked on standards like BIP39 exist for a reason. This just makes a mess of it.

As per the theoretical calculation time taken to brute force the 24-word recovery seed from the BIP list is longer than the age of our universe which is expected to be around 14 billion years.

The universe is expected to last much longer then that. As in trillions of years.
Our solar system will be toast in about 10 billion years.

Either way does not matter. Still won't crack it in a lifetime.

-Dave

[o_e_l_e_o]

So if I create a list of every combination from a to zzzzz, I get a very short seed:

Code:

julkt jtqbf hhocl qhtic bezsh kvgba

So 12,356,630 "words" gives 23.56 bits per word. 132/23.56 gives 5.6, which means 6 word seed phrases.

But I'm amazed Electrum can just restore this seed phrase without the seed words!

The important point to note is that an Electrum seed phrase is not converted back in to the entropy which generated it, or broken down in to bits, at any point. Unlike BIP39 which does require a fixed and known wordlist so it can convert your words back in to bits in order to verify the checksum, Electrum's version system simply hashes your words as they are and uses the first 8 or 12 bits of that hash.

After this, in order to actually start generating private keys, the next step (for both BIP39 and Electrum) is to feed your words as they are in to HMAC-SHA512, alongside salt of the word "mnemonic" (for BIP39) or "electrum" (for Electrum) concatenated with any passphrase. So again, no need for Electrum to convert your words back in to bits. (This is also why you can import BIP39 seed phrases with unknown wordlists in to Electrum. Electrum will warn you it is an unknown wordlist and it cannot verify the checksum since it cannot convert your words back in to bits in order to verify the checksum as I've explained above, but it can still feed those words in to HMAC-SHA512 and generate master keys and subsequent child keys.)

But yes, I'd highly recommend nobody does this. Understanding the principles of what is going on is all good, but you should always stick to the standardized methods.

It's 10 years from now and one of your words was Brabble.
And you go to recover your seed and it just does not work.

Doesn't matter for Electrum seed phrases  - Electrum does not need to know the wordlist used. For BIP39, even if every copy of the BIP39 wordlist was lost forever, you could still recover BIP39 seed phrases, you just wouldn't be able to verify the checksum.

[Faisal2202]

However, doing this completely misses the point. The above seed phrase has exactly the same entropy as a seed phrase using the default wordlist - 132 bits. Increasing the size of the wordlist does not change the underlying entropy used to generate the seed phrase.

But is it not possible, that the words in your seed phrase (that you made by using the wordlist of thesaurus) are not included in the seed phrase of BIP39 wordlist. I mean, if the words are not included in the BIP39 wordlist, it makes it more secure. Or isn't.

I do understand the underlying encoding procedure is same but the words are changed, and what if we remove all the words from BIP39 list and use the remaining ones to create a seed phrase for electrum, it will use the same encryption method to create the seed phrase but it will be more safer than before, or I am missing something here.

And a question of seed phrase and pass phrase, the phrase you created by giving the wordlist of thesaurus, is it seed phrase or pass phrase? I mean in pass phrase we use our own preferred words. Or I am also missing something here. 

[Synchronice]

I do understand the underlying encoding procedure is same but the words are changed, and what if we remove all the words from BIP39 list and use the remaining ones to create a seed phrase for electrum, it will use the same encryption method to create the seed phrase but it will be more safer than before, or I am missing something here.

Seriously, does it really matter if something takes 10^3*10^12+3 or 10^3*10^33+3 years to bruteforce?
By the way, Electrum creates 132 bits of entrophy, 11 bits of entropy per word (12 words). If you increase the number of words in wordlist, like I offered and o_e_l_e_o demonstrated, the number of bits of entropy per word will increase and the number of words will decrease, like he generated 8 words instead of 12 words but his number of bits of entropy per word increased from traditional number 11 to 18.83.

Just read this line:

The math is quite interesting, if you want to work it out. Given a word list of 466k, then each word can encode log₂(466,000) = 18.83 bits of entropy. For a 132 bit seed phrase, this needs 132/18.83 = 7.01 words, which has to be rounded up to 8. If you used a wordlist of 474,861 words, then you could generate a 7 word seed phrase for 132 bits.

So, this is a little trick and that's why opened a topic. People think that 2048 words are not enough and their public availability makes them a victim of hackers. Now, what about all the words that exists in English language? Sounds cool, right? Only some words from half a million words to generate your bitcoin wallet seed phrase. But in reality, if entropy is 132 bits, you will get 8 words instead of 12 words. Instead of increasing number of words, one should increase number of entropies and move from 128 bits to 256 but reality is that simply there is no reason. People are paranoid and are looking for false sense of increased security when there is absolutely zero danger. It's like living in New Zealand and collecting weapons to protect yourself from Dinosaurs attack. There are no dinosaurs, you don't need a weapon.