Is a single s 12 word seed and passphrase really enough to protect life savings?

[offnr]

From what I understand a 12 word seed generated with high entropy dice rolls, and a strong passphrase is strong enough security for most people. As a newby I am slowly rolling in funds into my wallet and getting more paranoid.

At what point does this setup ever not become sufficient? Is it a certain threshold of btc? Something else?

Just spitballing here. Pls halp

[logfiles]

So long as you safely back up the seed phrase. It's safe.
Just practice proper wallet back up techniques (i.e. avoid copying and pasting, avoid taking screenshots, avoid storing the seeds online...) and also make sure you access your wallet using a clean air gapped device.

There's no threshold on the amount of BTC you can put there, except for the current circulating supply. But If the Bitcoins is really a lot, I would split it up in a couple of wallets (if you understand the talk of not putting all the eggs in one basket), but this would also mean more responsibility on the back-ups.

[Poker Player]

In the title you talk about life savings. If that's all you have and it's a large amount (not like $30) you shouldn't have it all in one place. If you have a net worth of hundreds of thousands of dollars it is normal to have it divided between the value of your house or at least your equity in it, liquid money (in cash or in the bank) for unforeseen events, and then if you want, just bitcoin, but it won't hurt to have other assets as well. So if something happens to you with the 12 words you have plenty left.

But even if you have a lot of Bitcoins, like 200, I don't think it's smart to have them only in a single HW. Better to have several, with their seeds properly hidden in different places, at least one with a multisig system.

[pooya87]

You don't need to use "dice rolls" to generate an entropy and call it secure. A computer generated entropy (and seed phrase) is secure enough and 99.9% of bitcoin users who want to use a deterministic wallet are already doing that without any problems.

What determines whether or not your funds are safe are:
1) The tool you used to generate the seed
You should use safe software that is open source and is reviewed by experts so that it is bug-free and old enough to have found and fixed overlooked issues.
Popular wallets like Electrum are excellent for this purpose.

2) The environment in which you generated the seed phrase
For maximum security you want to use an air-gap system to generate, like a computer that has never been connected to the internet.
You could use a live Linux without any internet access.

3) Correct storage of your backup and correct future uses
For example you want to write down your seed phrase and keep that paper in a safe place outside of the reach of others.
Also in future usages (like when you want to spend some coins) you also want to do it in an air-gap system because your keys should never "see the light of day" so to speak.

[SilverCryptoBullet]

From what I understand a 12 word seed generated with high entropy dice rolls, and a strong passphrase is strong enough security for most people.

With different word set for your wallet mnemonic seed phrase, you will have different entropy.

https://learnmeabitcoin.com/technical/keys/hd-wallets/mnemonic-seed/
12 words: 128 bit
15 words: 160 bit
18 words: 192 bit
21 words: 224 bit
24 words: 256 bit

BIP 39: Entropy and word length.

With 2¹²⁸ to 2²⁵⁶ private keys to find, it's very safe, no chance to brute force private keys.

You only need to use an open source and non custodial wallet that creates your wallet mnemonic seeds with 128 or 256 bits of entropy. It's safe enough to use especially with 256 bits of entropy. You can create your wallet mnemonic seed with bigger than 256 entropy but there are only 2²⁵⁶ private keys.

How Much Entropy Do You Need?

BIP32 allows seeds to be from 128 to 512 bits. BIP39 accepts from 128 to 256 bits of entropy; Electrum v2 accepts 132 bits of entropy; Aezeed accepts 128 bits of entropy; SLIP39 accepts either 128 or 256 bits. The variation in these numbers makes it unclear how much entropy is needed for safety. We’ll try to demystify that.

BIP32 extended private keys consist of a 256-bit key and a 256-bit chain code, for a total of 512 bits. That means there’s a maximum of 2512 different possible extended private keys. If you start with more than 512 bits of entropy, you’ll still get an extended private key containing 512 bits of entropy—​so there’s no point in using more than 512 bits even if any of the standards we mentioned allowed that.

However, even though there are 2512 different extended private keys, there are only (slightly less than) 2256 regular private keys—​and its those private keys that actually secure your bitcoins. That means, if you use more than 256 bits of entropy for your seed, you still get private keys containing only 256 bits of entropy. There may be future Bitcoin-related protocols where extra entropy in the extended keys provides extra security, but that’s not currently the case.

The security strength of a Bitcoin public key is 128 bits. An attacker with a classical computer (the only kind which can be used for a practical attack as of this writing) would need to perform about 2128 operations on Bitcoin’s elliptic curve in order to find a private key for another user’s public key. The implication of a security strength of 128 bits is that there’s no apparent benefit to using more than 128 bits of entropy (although you need to ensure your generated private keys are selected uniformly from within the entire 2256 range of private keys).

There is one extra benefit of greater entropy: if a fixed percentage of your recovery code (but not the whole code) is seen by an attacker, the greater the entropy, the harder it will be for them to figure out part of the code they didn’t see. For example, if an attacker sees half of a 128-bit code (64 bits), it’s plausible that they’ll be able to brute force the remaining 64 bits. If they see half of a 256-bit code (128 bits), it’s not plausible that they can brute force the other half. We don’t recommend relying on this defense—​either keep your recovery codes very safe or use a method like SLIP39 that lets you distribute your recovery code across multiple locations without relying on the safety of any individual code.

As of 2023, most modern wallets generate 128 bits of entropy for their recovery codes (or a value near 128, such as Electrum v2’s 132 bits).

[lovesmayfamilis]

If you are careful in storing your seed phrase, then you should not think of anything else or be afraid. People often forget about the importance of saving their data, and then begin to blame Bitcoin for its insecurity. There is no need to worry that your seed phrase can be selected using the selection method. You would rather win a big lottery prize several times than have your seed phrase hacked.

[satscraper]

From what I understand a 12 word seed generated with high entropy dice rolls, and a strong passphrase is strong enough security for most people. As a newby I am slowly rolling in funds into my wallet and getting more paranoid.

At what point does this setup ever not become sufficient? Is it a certain threshold of btc? Something else?

Just spitballing here. Pls halp

I kinda like the passphrase added to SEED phrase. As a matter of fact a 12 words SEED along is enough  to guard your stash safely unless this SEED in the hand of the stranger. Thus to be on the safe side  It is a good practice to   guard the wallet by  SEED enhanced with passphrase, the latter must be kept separately from SEED.

To keep your SEED and passphrase you may use both primitive (based on paper, washers etc..) and sophisticated methods. The latter are commonly rely on encryption. One of them, end then 100% airtight defence, is described here.

[Stepstowealth]

Out of the many words in the english dictionary, it is next to impossible for anyone to guess the 12 word seed phrase, if we are not careless about it.

If you are careful in storing your seed phrase, then you should not think of anything else or be afraid. People often forget about the importance of saving their data, and then begin to blame Bitcoin for its insecurity. There is no need to worry that your seed phrase can be selected using the selection method. You would rather win a big lottery prize several times than have your seed phrase hacked.

Many of the cases involved with breach of wallet are cases that were result of carelessness or lack of consciousness of security and not actually a lapse in in the efficiency of the 12 word seed phrase. I agree that if a person protects their seed phrase properly, and follow other security advice, the chances of their wallet getting hacked will be very low and close to zero.

[AVE5]

From what I understand a 12 word seed generated with high entropy dice rolls, and a strong passphrase is strong enough security for most people. As a newby I am slowly rolling in funds into my wallet and getting more paranoid.

At what point does this setup ever not become sufficient? Is it a certain threshold of btc? Something else?

Just spitballing here. Pls halp

Of course 12 words seed phrases is good enough to provide you a strong privacy and unbreakable security but that's only when you maintains an excellent private secret key storage where no one gets to it but only you has the access.
So even if you have a thousand seed phrase and looses your value of privacy in keeping it where anyone can get reach to it, be sure it can be compromised. So, it's mostly not about the number of the keys but how you're able to thoroughly handle it. Also, not just about how you secures your seed phrase or how many numbers it could be that may guarantee your wallets security but also, you'd have security threats online where hackers troubleshoots through emails, links and how they may tends to convince you u til you connects your connects to their malicious site handles. There, they'd gain access to your wallet and steal your money without going through the pass keys or security password.

[Charles-Tim]

Yes. But 128 bits of entropy is enough. Even as 24 words seed phrases have 256 bits of entropy, they still have 128 bits of security because anything that can compromise or make 128 bits of security no more secure is enough to compromise wallets generated by 24 words seed phrases because bitcoin private keys have 128 bit of security.

[Darker45]

Lately, I've realized it's too risky to put all your life savings in one basket. It's not a question of how secure a 12-word seed is. It's a question of how the seed is kept securely hidden and intact for many decades. I think it's wise to keep your funds in different wallets. This realization hit me when I can't anymore open my hardware wallet because of screen problems.

Anyway, you can easily address your paranoia. Switch to a 24-word seed phrase. Add a passphrase. Divide your savings into different wallets. Keep them cold. Keep a secure backup. Being paranoid has its benefits. That's better than being lax.

[Luzin]

With different word set for your wallet mnemonic seed phrase, you will have different entropy.

https://learnmeabitcoin.com/technical/keys/hd-wallets/mnemonic-seed/
12 words: 128 bit
15 words: 160 bit
18 words: 192 bit
21 words: 224 bit
24 words: 256 bit

It should have been able to provide the best security.  Except for the mistake of the owner who saved the seed and it is known to many people. But I'm quite curious about quantum computers. Is this computer capable of breaking the seed. I don't understand it well, only I have read quantum computers more often even though I read this computer quatum is still difficult to realize.

[Apocollapse]

I could say it's better to hold maximum of 1 Bitcoin in one wallet, so if you have 100 Bitcoin, you will have 100 different seed phrase. But, you would say it's too much, wasting time and you might forget all of your seed phrase.

After all it's back to our own preference whether we want to split to one or few or dozens wallet, using centralized exchange or hardware wallet etc.

The most important thing is how to get a lot Bitcoin rather than looking how to secure it.

[Ultegra134]

Lately, I've realized it's too risky to put all your life savings in one basket. It's not a question of how secure a 12-word seed is. It's a question of how the seed is kept securely hidden and intact for many decades. I think it's wise to keep your funds in different wallets. This realization hit me when I can't anymore open my hardware wallet because of screen problems.

Anyway, you can easily address your paranoia. Switch to a 24-word seed phrase. Add a passphrase. Divide your savings into different wallets. Keep them cold. Keep a secure backup. Being paranoid has its benefits. That's better than being lax.

It's way more likely to lose your Bitcoin due to human error than someone magically finding your seed phrase. The possible combinations are infinite; there's no way someone can come up with your seed phrase. You can switch to a 24 word seed phrase, but is it really necessary?

Ideally, if you have large amounts of money, it's best to distribute your coins to several wallets, so if things go south, you won't lose all your funds. How well you secure your wallets is vital, don't lose your seed phrases and take care in their proper storage.

Exposing or losing your seed phrase are the leading causes of lost funds, and I'm speaking from experience, as I've lost a handful of wallets in the past myself.