Hi, could some one explain how are seedphrases considered to be super secure? If it’s just a random string of words from a well-known list of words, what stops someone with a simple python script generating random phrases and trying to open wallets with them?
What you care about is the amount of “entropy” in the password/phrase you’re using, and secondarily how easy it is to communicate or remember it.
If we assume the valid characters for a password are the upper and lower letters and the digits we have 26+26+10=62 valid characters. Lets add a couple of symbols to bring that to 64, or 2^6 bits. That means eaxh character gives you 6 bits of entropy.
The standard BIP-0039 word list used for generating passphrases has 2048 (2^11) entires, or 2^11 bits of entropy per choice.
Therefore a standard 24 word passphrase has 24*11=262 bits of entropy, which would be equivalent to a 44 character random password, whilst also being much easier to record and check. If you misrecord one character of a random password it is useless to you, but you can easily see if you mistyped a word from the word list.
As to why they can’t be brute-forced by trying different combinations, you still have to deal with the 2^262 different possible combinations. As you’re trying to guess wallet addresses, lets assume everyone in the world has 10, for a total of roughly 80billion valid addresses, or 2^36.2. Lets round that up to 2^37. That gives each guess a 1 in 2^(262-37), or 1 in 2^225 chance of hitting a valid address. The universe is only about 2^59 seconds old, so even checking a billion (2^30) passphrases per second would mean you’d only be able to check a tiny fraction of that number.
Combinations like this can be deceptive, a 24 word phrase doesn’t seem like much, but it’s functionally uncrackable with anything resembling our modern understanding of mathematics and computation.
I had the same question… How does Rabbit-Black-Tunnel-Foggy-Weather has more entropy than NotmYPassvv0rd12-butSTIL.e@sier!
I mean like the first one is just some random dictionary word count… :/ I kinda interested in that topic too so thank you for posting this question !!
It doesn’t. The second one has more bits of entropy; exactly how much depends on the calculator you’re using.
But in order to crack as dictionary words, you have to know it’s dictionary words. If you don’t know that, you have to treat it as all ASCII printable characters, or more.
But cracking dictionary words is easier than random characters, isn’t it? I mean that’s why dictionary attacks are so popular.
Why do password generators use random dictionary words instead of random gibberish?
From the XKCD they seem to say that random words are more secure than words with random pattern. Though I do agree that it’s easier to remember !
Maybe there’s something I don’t get but if everyone use random words as password, attackers need just to use dictionary attacks rather than
ASCII printable charactersattacks, no?Yes, if you know the hash is of dictionary words. If you have a hash, with no knowledge of its contents, you cannot make that assumption and must increase your search space.
For example, if I give you this md5 hash: bd49d549f7c1f0169d6d61322a02d39d
How long do you think it will take to guess if you use dictionary words? The answer is “infinity”, because it’s not dictionary words. What if you expand to all lowercase letters? Uppercase? Numbers? Symbols? All ASCII printable characters? Even then you’ll never crack it, because it’s UTF-8. With that knowledge, you can probably crack it in seconds because it’s a pretty short string, but otherwise, never.
Thanks for all the answers, Im just going through them quickly now, so quick question, if I understand it correctly, then, knowing seedphrases are from a well known list, all lower case words, doesn’t it make it less safe then? Since attacker knows whats behind the hash? Wouldn’t making it all random instead of using wellknown list more secure?
Yes, it’s less secure if they know it’s from a list, and which list.
If they don’t know that, they have to treat it like a completely random password, which is a lot slower to crack.
The entropy of pass phrases is higher than that of most passwords that are used in real life.
Of course if you have a password manager you are better off having a long random string.
What is keeping people from brute forcing is that the hashing algorithms used are purposefully slow, so they limit how many combinations you can check per second.