Hi, could some one explain how are seedphrases considered to be super secure? If it’s just a random string of words from a well-known list of words, what stops someone with a simple python script generating random phrases and trying to open wallets with them?
It doesn’t. The second one has more bits of entropy; exactly how much depends on the calculator you’re using.
But in order to crack as dictionary words, you have to know it’s dictionary words. If you don’t know that, you have to treat it as all ASCII printable characters, or more.
But cracking dictionary words is easier than random characters, isn’t it? I mean that’s why dictionary attacks are so popular.
Why do password generators use random dictionary words instead of random gibberish?
From the XKCD they seem to say that random words are more secure than words with random pattern. Though I do agree that it’s easier to remember !
Maybe there’s something I don’t get but if everyone use random words as password, attackers need just to use dictionary attacks rather than
ASCII printable charactersattacks, no?Yes, if you know the hash is of dictionary words. If you have a hash, with no knowledge of its contents, you cannot make that assumption and must increase your search space.
For example, if I give you this md5 hash: bd49d549f7c1f0169d6d61322a02d39d
How long do you think it will take to guess if you use dictionary words? The answer is “infinity”, because it’s not dictionary words. What if you expand to all lowercase letters? Uppercase? Numbers? Symbols? All ASCII printable characters? Even then you’ll never crack it, because it’s UTF-8. With that knowledge, you can probably crack it in seconds because it’s a pretty short string, but otherwise, never.
Thanks for all the answers, Im just going through them quickly now, so quick question, if I understand it correctly, then, knowing seedphrases are from a well known list, all lower case words, doesn’t it make it less safe then? Since attacker knows whats behind the hash? Wouldn’t making it all random instead of using wellknown list more secure?
Yes, it’s less secure if they know it’s from a list, and which list.
If they don’t know that, they have to treat it like a completely random password, which is a lot slower to crack.