Seed Phrase: Brute Forcing, 12 vs 24 Words, Seed Phrase Splitting
Learn the time required to brute force a seed. Learn why use 24 vs 12 words. Learn if/when splitting a seed phrase.
Welcome back to the “Crypto Seed Phrase Playbook” article series. Let’s get into the nitty gritty, demystify a couple of important points and cover sensitive topics that gets everyone talking.
FYI: Many of the figures presented in this article are back-of-a-napkin calculations. They are presented in this way so that as many readers as possible can understand them and even check them.
Articles Of The Series
Brute Forcing, 12 vs 24 Words, Seed Phrase Splitting 🌶️ YOU ARE HERE 📍
Got my seed backup kit? Guide For Seed Backup Kit 📙
More to follow in the coming weeks ⚡️
Brute Force Seed: How Future Proof Is It?
Let’s look at:
The present. How many words can we currently brute force?
The near future. When is likely to be the time we can brute force one more word?
The far future. What about quantum computers?
Time Required To Brute Force A Seed Backup
Brute Forcing. In Real Life. Right now.
Takeaways from conversations I had with experts and research I made:
3 words: probably the limit of what you can reasonably crack on your own machine.
4 words: the limit of what you can crack with a some powerful cloud computing. For instance, 4 words took 6 months on a cluster of FPGAs.
5 words: Given technological progress being made, will soon take 6 months to crack 5 words on a cluster of FPGAs.
📚 Read more: bruteforcing the last 5 words of seed backup.
Brute Forcing. 12 Words. In Theory.
Assuming
5.4e+39 possible seed phrases if 12 words (2048^12)
10 000 000 000 000 000 000 operations per second = speed of all supercomputers combined
400 351 968 000 000 000 seconds = age of the universe (~14 billion years)
12 words: 1360 times the age of the universe
Brute Forcing. 24 Words. In Theory.
Assuming
2.9642775e+79 possible seed phrases if 24 words (2048^24)
10 000 000 000 000 000 000 operations per second = speed of all supercomputers combined
400 351 968 000 000 000 seconds = age of the universe (14 billion years)
24 words: 7.4041786e+42 times (42 zeros after the seven) the age of the universe
📚 Read more: Reddit “Time to brute force seed phrase by age of universe”
What About Quantum Computers?
Well, quantum computers will not only enable brute forcing of crypto seeds, but also any current encryption mechanism including those used by banks and governments.
Quantum computers will be a much larger threat to the world when targeting nuclear plants, defense systems and traditional finance.
On the other hand, despite the entire crypto market capitalisation being less than the valuation of Apple (1 single company) there already are government sponsored hackers group.
So who knows? Best to keep an eye on that topic and on how to upgrade your OpSec accordingly when the time comes.
Seed Backup: Using 12 vs 24 Words
This is unintuitive, so here is the key takeaway to set expectations: using 24 words is exponentially more safe than using 12 words.
24 words are NOT “just 2 times harder” to brute force than 12 words.
As seen in the previous paragraph, brute forcing 12 words could take 1360 times the age of the universe whereas for 24 words it could take up to 7.4041786e+42 times (42 zeros after the 7) the age of the universe.
That’s a difference of about 5.444249e+39 (39 zeros after the 5) 🤯
Splitting Your 12 Words In 2 Parts Of 6 Words
TLDR: do NOT split your seed backup if it’s 12 words.
As seen in a section above called “Brute Forcing. In Real Life. Right now.”: “Given technological progress being made, will soon take 6 months to crack 5 words on a cluster of FPGAs.”
And guess what? The last word of every seed phrase is just a checksum. That means if someone finds the first 6 words of your 12 words that you had preciously hidden somewhere safe, they do not have to find 6 words but actually 5 words!
Yes. Pretty spicy! 🌶️
Splitting Your 24 Words In 2 Parts Of 12 Words
As Vitalik Buterin puts it:
“The problems with theft can be alleviated if you split the phrase in half and give half to your friend, but (i) almost no one actually promotes this, (ii) there are security issues, as if the phrase is short (128 bits, a 12 word BIP39 seed phrase) then a sophisticated and motivated attacker who steals one piece may be able to brute-force through all 2^64 possible combinations to find the other, and (iii) it increases the mental overhead even further.”
Source: Vitalik Buterin in his article on “ Why we need wide adoption of social recovery wallets“
In case you live in a cave: Vitalik is the inventor of Ethereum.
From Vitalik’s article we have two key takeaways:
NEVER use 12 word seed phrase. Only 24.
It’s OK to split your seed phrase if it’s a 24 words seed phrase
Still Paranoid?
Assume that you split your 24 words.
As seen before, the last word of every seed phrase is just a checksum. That means if someone finds the first 12 words of your 24 words that you had preciously hidden somewhere safe, they do not have to find 12 words but actually 11 words.
How long will it take for someone to brute force these 11 words?
As seen in a section above called “Brute Forcing. In Real Life. Right now.”, there is currently no technology available to brute force so many words.
A Word Of Caution
Seed splitting is controversial so try to wrap your head around this problem. Should you decide that Vitalik is wrong, then do your own research & be prepared to prove it.
Articles Of The Series
Brute Forcing, 12 vs 24 Words, Seed Phrase Splitting 🌶️ YOU ARE HERE 📍
Got my seed backup kit? Guide For Seed Backup Kit 📙
More to follow in the coming weeks ⚡️
Follow me twitter.com/AdrienBe_