DYING_S0UL (OP)
|
|
October 22, 2023, 01:39:58 PM |
|
Everyone knows that the words that are used for seed phrases are not random. The BIP39 wordlist (2048 words) is used for creating seedphrases, and they hold a specific meaning. The last seed word generates a checksum, which validates the data. Also, the wordlist isn't infinite, meaning we have a certain parameter. My question is, Is it possible to crack a seedphrase with brute force? Suppose you have a lot of computing power. Like having a super or quantum computer. I am not talking about recovering a lost wallet or missing seed words. I know there are many Python based tools, like btcrecover, that can perform this task. If one had the original seed (wrong order) or a part of the seed, like 10 out of 12 words or 21 out of 24 words, one might be able to successfully recover the wallet. What I am referring to is taking completely random words from BIP39, run some tools and algorithms, and try to make a valid existing seed (Having balance or no balance isn't important). I know this might be a stupid question, and a lot of you might be wondering why I wanted to know this. The thing is, I saw a bunch of videos on YouTube and Facebook where some tools were trying to bruteforce seeds. They were using thousands of combinations of seeds (I forgot to save the video link). I understand, it might be fake. But is there any technical explanation for my question? Another small question, why does BIP39 has only 2048 words? What's the reason? Is it related to any maths or equations? I am not a hacker, cracker, or anything like that, but a curious person who wants to learn new things. If this topic already exists, please give me the reference link. I want to know more.
|
|
|
|
Zaguru12
|
Move thread to bitcoin support Board. Here is o_e_l_e_o explanation on the topic, this means for 24 words we will probably be looking at billions of years to come. With good hardware, btcrecover will descramble a 12 word BIP39 seed phrase in an hour: https://btcrecover.readthedocs.io/en/latest/Usage_Examples/2020-05-02_Descrambling_a_12_word_seed/Example_Descrambling_a_12_word_seed/. Although not exactly the same due to the checksum, lets assume that if you know 12 out of the 24 words then you could descramble the remaining 12 words in roughly the same amount of time. If you don't know the position of 13 words instead of 12, then there are 13x as many combinations to try, so that would take roughly 13 hours. For 14 words, 7 days. For 15 words, 16 weeks. For 16 words, 5 years. For 17 words, 85 years. For 18 words, 1500 years. No point calculating beyond that really. Another small question, why does BIP39 has only 2048 words? What's the reason? Is it related to any maths or equations?
Because it doesn’t matter as long it is a 12 word seed phrase the entropy will remain 128 bits and 256 bits if it is a 24 word seed phrase and the entropy is actually what determines the security or randomness of the word not how many they seems to be. Here is also a thread explained by o_e_l_e_o on it
|
| | . .Duelbits. | │ | ..........UNLEASH.......... THE ULTIMATE GAMING EXPERIENCE | │ | DUELBITS FANTASY SPORTS | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ████████████████▀▀▀ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | . ▬▬ VS ▬▬ | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ███████████████████ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | /// PLAY FOR FREE /// WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
hosseinimr93
Legendary
Offline
Activity: 2576
Merit: 5666
|
The last seed word generates a checksum, which validates the data.
The checksum isn't the last word. In a 12 word seed phrase, the checksum is the last 4 bits and in a 24 word seed phrase, the checksum is the last 8 bits. My question is, Is it possible to crack a seedphrase with brute force? Suppose you have a lot of computing power. Like having a super or quantum computer.
A 12 word BIP39 seed phrase provides 128 bits of security and is secure enough. What I am referring to is taking completely random words from BIP39, run some tools and algorithms, and try to make a valid existing seed (Having balance or no balance isn't important).
It's possible to pick random words from the BIP39 wordlist and have a valid seed phrase, but it's not possible that the seed phrase has been already generated by someone else before. As I said, a 12 word BIP39 seed phrase provides enough entropy. Take note that it's not a secure way to generate a seed phrase by selecting words. The correct way is to generate a random entropy and then encode that to a seed phrase.
|
|
|
|
DYING_S0UL (OP)
|
|
October 22, 2023, 02:07:46 PM |
|
Move thread to bitcoin support Board.
Moved... Take note that it's not a secure way to generate a seed phrase by selecting words. The correct way is to generate a random entropy and then encode that to a seed phrase.
I know it's not wise to choose our own seed words. Just like today, I was also curious about choosing my own seed words. That why I created a thread in the past and got that answer. Can we choose our own seed words?
|
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1694
Merit: 8324
Bitcoin is a royal fork
|
|
October 22, 2023, 02:35:51 PM |
|
Also, the wordlist isn't infinite, meaning we have a certain parameter. If you want to scale security, forget about words and seed phrases. A seed phrase is an encoding of a 256 bit entropy. That means there can be 2^256 different seeds. Here's a great video that demonstrates how big that is: https://piped.video/watch?v=S9JGmA5_unY. Nobody is going to randomly brute force seed phrases, unless they're nuts. In fact, a private key can be cracked more easily as the public key cryptography used in Bitcoin provides 128 bit security. Here is o_e_l_e_o explanation on the topic, this means for 24 words we will probably be looking at billions of years to come. Note that he's talking about brute forcing by knowing which words are used but not the order of them. If you don't know the 24 used words, then you'll have to choose among 2048, which raises the time exponentially.
|
|
|
|
BitMaxz
Legendary
Offline
Activity: 3430
Merit: 3165
Playbet.io - Crypto Casino and Sportsbook
|
|
October 22, 2023, 02:37:25 PM |
|
~snip~
If your whole point is if someone can guess your seed phrase then it's possible so if you are afraid about your wallet you can manually add an extra word/passphrase on BIP39 wallet to encrypt your seed phrase even if they know your seed phrase they can't still able to access your wallet without the extra word/passphrase.
|
|
|
|
nc50lc
Legendary
Offline
Activity: 2590
Merit: 6329
Self-proclaimed Genius
|
Another small question, why does BIP39 has only 2048 words? What's the reason? Is it related to any maths or equations?
Here's the small answer Because the entropy ( plus checksum) where the mnemonic seed is based from is sorted per 11-bits, each of those 11-bit part corresponds to a word. Then the reason for " 2048" is because that is the limit that an 11-bit number can do, from 00000000000 ( 0 in decimal) to 11111111111 ( 2047 in decimal)
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3486
Merit: 17626
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
October 22, 2023, 02:44:59 PM |
|
Everyone knows that the words that are used for seed phrases are not random. This is where your assumption takes the wrong path. It doesn't matter that the words are not random, the words are only used as a human readable interpretation of a very large random number. So, the number is random, and you use common words to avoid mistakes writing it down. My take on brute-forcing: try it! My "solution" is to tell them to try "hacking" someone else's wallet. Give it your best shot, enter as many of those words into new wallets as your keyboard can handle! Or use software for it, "hack" billions upon billions of seed phrases! The same with private keys: run vanitygen on the rich list for as long as you want. By doing so, maybe you'll convince yourself how secure Bitcoin really is.
|
| | Peach BTC bitcoin | │ | Buy and Sell Bitcoin P2P | │ | . .
▄▄███████▄▄ ▄██████████████▄ ▄███████████████████▄ ▄█████████████████████▄ ▄███████████████████████▄ █████████████████████████ █████████████████████████ █████████████████████████ ▀███████████████████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀███████████████▀ ▀▀███████▀▀
▀▀▀▀███████▀▀▀▀ | | EUROPE | AFRICA LATIN AMERICA | | | ▄▀▀▀ █ █ █ █ █ █ █ █ █ █ █ ▀▄▄▄ |
███████▄█ ███████▀ ██▄▄▄▄▄░▄▄▄▄▄ █████████████▀ ▐███████████▌ ▐███████████▌ █████████████▄ ██████████████ ███▀███▀▀███▀ | . Download on the App Store | ▀▀▀▄ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▀ | ▄▀▀▀ █ █ █ █ █ █ █ █ █ █ █ ▀▄▄▄ |
▄██▄ ██████▄ █████████▄ ████████████▄ ███████████████ ████████████▀ █████████▀ ██████▀ ▀██▀ | . GET IT ON Google Play | ▀▀▀▄ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▀ |
|
|
|
Faisal2202
|
|
October 22, 2023, 04:34:16 PM |
|
Everyone knows that the words that are used for seed phrases are not random. This is where your assumption takes the wrong path. It doesn't matter that the words are not random, the words are only used as a human readable interpretation of a very large random number. So, the number is random, and you use common words to avoid mistakes writing it down. So those seed phrase are not real numbers, I mean, of course, they are in human readable form but in computer sight, they are in bits. Wait a second are you talking about these stream of bits. Well, I just watched the video preferred by the BlackHatCoiner and it was really awesome and convincing, although, I am getting used to forget things, but I did knew about bits before. Just your statement reminds me of it. Thanks for it. Overall, I am also having similar thoughts, and wanted to ask about it, but did not had the time to search about it on my own, but due to this thread, I don't have to spend time. But nobody gave the answer to the question of why the number of words are limited to 2048, or anyone have already gave!
|
|
|
|
DYING_S0UL (OP)
|
|
October 22, 2023, 04:45:23 PM |
|
Everyone knows that the words that are used for seed phrases are not random. This is where your assumption takes the wrong path. It doesn't matter that the words are not random, the words are only used as a human readable interpretation of a very large random number. So, the number is random, and you use common words to avoid mistakes writing it down. So those seed phrase are not real numbers, I mean, of course, they are in human readable form but in computer sight, they are in bits. Wait a second are you talking about these stream of bits. Well, I just watched the video preferred by the BlackHatCoiner and it was really awesome and convincing, although, I am getting used to forget things, but I did knew about bits before. Just your statement reminds me of it. Thanks for it. Overall, I am also having similar thoughts, and wanted to ask about it, but did not had the time to search about it on my own, but due to this thread, I don't have to spend time. But nobody gave the answer to the question of why the number of words are limited to 2048, or anyone have already gave! Saw that video. Man, that's a lot of numbers. Not just lots, a lot!!! I imagine there is no word in this world to quantify this amount of numbers. I get it. Basically the point is that, it will take forever.
|
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1694
Merit: 8324
Bitcoin is a royal fork
|
But nobody gave the answer to the question of why the number of words are limited to 2048, or anyone have already gave!
They are 2048, because that is 2^11. This means that for every 11 bits you can represent a word. Say that a seed phrase is 128 bits long, which is 12 words long. If you extend these 128 bits to something divisible by 11 (i.e., 132 which is the point of 4 bits checksum), you can represent any seed in a sequence of 132 / 11 = 12 words. Saw that video. Man, that's a lot of numbers. Not just lots, a lot!!! I imagine there is no word in this world to quantify this amount of numbers. I get it. Basically the point is that, it will take forever. As the video demonstrates, there are just not that many resources to begin with. But, note that the 128-bit security is much less than the 256-bit.
|
|
|
|
bitmover
Legendary
Offline
Activity: 2478
Merit: 6287
bitcoindata.science
|
|
October 23, 2023, 12:42:58 AM Merited by DYING_S0UL (1) |
|
Another small question, why does BIP39 has only 2048 words? What's the reason? Is it related to any maths or equations?
Here's the small answer Because the entropy ( plus checksum) where the mnemonic seed is based from is sorted per 11-bits, each of those 11-bit part corresponds to a word. Then the reason for " 2048" is because that is the limit that an 11-bit number can do, from 00000000000 ( 0 in decimal) to 11111111111 ( 2047 in decimal) Let me illustrate this answer
|
|
|
|
nc50lc
Legendary
Offline
Activity: 2590
Merit: 6329
Self-proclaimed Genius
|
|
October 23, 2023, 05:03:47 AM |
|
-snip- Because the entropy (plus checksum) where the mnemonic seed is based from is sorted per 11-bits, each of those 11-bit part corresponds to a word. Then the reason for "2048" is because that is the limit that an 11-bit number can do, from 00000000000 (0 in decimal) to 11111111111 (2047 in decimal)
Let me illustrate this answer It's a pretty close example for the maximum combinations that a 2048 words can do but that images is mostly used to explain the Bitcoin private key range of 256bits. My post is mostly about the reason for having only 2048 words. -snip- But nobody gave the answer to the question of why the number of words are limited to 2048, or anyone have already gave!
Just two posts above yours. I think I did a pretty good explanation and example to make 2^11 which represents each word understandable even for beginners. Was it because of the last possible number is 2047, Yes? If you count " 00000000000" in which is counted, that'll be a total of 2048 words.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18726
|
Here is o_e_l_e_o explanation on the topic, this means for 24 words we will probably be looking at billions of years to come. As pointed out by BHC above, these calculations are for unscrambling known words. While this is possible for a 12 word seed phrase, unscrambling a 24 word seed phrase even when you know all 24 words is impossible. Brute forcing a 24 word seed phrase from scratch is several trillion trillion trillion trillion times harder than that. you can manually add an extra word/passphrase on BIP39 wallet to encrypt your seed phrase Passphrases do not encrypt seed phrases. They are used as a salt in the HMAC-SHA512 function which turns your seed phrase in to your master keys.
|
|
|
|
DYING_S0UL (OP)
|
|
October 23, 2023, 05:03:53 PM |
|
They are used as a salt in the HMAC-SHA512 function which turns your seed phrase in to your master keys.
By salt did you meant this?
|
|
|
|
nc50lc
Legendary
Offline
Activity: 2590
Merit: 6329
Self-proclaimed Genius
|
|
October 24, 2023, 03:40:33 AM |
|
Passphrases do not encrypt seed phrases. They are used as a salt in the HMAC-SHA512 function which turns your seed phrase in to your master keys.
Additionally, to differentiate the two and for others to better understand of the term " encrypt": - With encryption, the original data can be recreated from the secret and the encrypted data.
- PBKDF2 functions like HMAC, however is a "one-way" function, there's no going back from 'seed' to 'seed phrase'.
|
|
|
|
pooya87
Legendary
Offline
Activity: 3626
Merit: 10997
Crypto Swap Exchange
|
|
October 24, 2023, 04:01:39 AM |
|
Think about it this way, why can't we brute force a base58 encoded private key aka a WIF? After all each character in a WIF is selected from a list of only 58 characters which is smaller than 2048! That's because we don't select chars from the 58 char long list, base58 is just an encoding and the security comes from the size of the data or the entropy it is encoding. BIP39 is exactly the same. We don't select works from a small list of 2048 words, we are encoding a much bigger data/entropy that is not possible to brute force. ~a checksum, which validates the data.
Checksums in most algorithms including BIP39 are there to ensure data integrity not validation. In other words it ensures that the words you entered don't contain a mistake like wrong word or wrong order.
|
|
|
|
|
krogothmanhattan
Cypher Hodl LLC
Legendary
Offline
Activity: 2702
Merit: 3540
The Stone the masons rejected was the cornerstone.
|
|
October 24, 2023, 07:30:03 PM Merited by DYING_S0UL (1) |
|
Why not have a seed with a passphrase.
MNEMONIC SEED = WALLET A
MNEMONIC SEED AND PASSPHRASE= WALLET B
Wallet A would be the bitcoin addresses that would show if ever brute forced.
I would place a few Sats in it so in case Wallet A is ever brute forced open and swept
then I would have ample enough time to remove any BTC from wallet B...HOPEFULLY.
The question is, Wallet B is a hidden wallet...so even if someone stole your seed they
will not be aware of Wallet B.
|
|
|
|
DYING_S0UL (OP)
|
|
October 24, 2023, 07:59:22 PM |
|
Got it! I have been reading a lot lately. Not that I understood all of it, but I'm digesting in bit by bit. ~snip~
Hey, that's a good idea. I actually never though it like that. It might be worth the try. I'll try to keep that in mind. Everyone knows that the words that are used for seed phrases are not random. This is where your assumption takes the wrong path. It doesn't matter that the words are not random, the words are only used as a human readable interpretation of a very large random number. So, the number is random, and you use common words to avoid mistakes writing it down. I never knew that. All I though was those words were selected randomly to complete 2048 word list. Who knew they were something like a disguise of large numbers.
|
|
|
|
|