This is my first post ("Hello, everyone!") and I wanted to be helpful to the newbies out there, as I remember wondering this myself when I got into crypto a few months back.
The premise:
"If I split my seed words in half, and store them in two different places (maybe two different HOUSES!), then if an attacker/thief finds half, then they won't be able to access my funds, right? They would need to break into TWO different places, so I am double as secure"
The truth in BIP39:
In BIP39, your seed words are chosen randomly from a list of 2048 English words.
[Fun fact: These 2048 words have been chosen in a way that knowing the first 4 letters is enough to uniquely identify a word. So if you spill some coffee over your words, but you can read the first 4 letters, you can still recover your funds! - But please, laminate your words, or better yet, use a fire-resistant metal]
If your wallet uses 12 seed words, then 12 words will be randomly selected from these 2048 English words. If your wallet uses 24 seed words, then 24 words will be selected. These words will be make up your Recovery phrase.
How many unique Recovery phrases can there be with 24 words?
The first word will be chosen from 2048 English words.
The second word will be chosen from 2048 English words.
And so on. In total, 2048 * 2048 * ... * 2048 (as many times as words in your wallet). Thus for 24 word wallets, we can have 204824 unique Recovery phrases. Given that 2048 is 211, we can have (211)24 different Recovery phrases, or 2264 (~3 * 1079, which is a 3 and 79 zeros afterwards).
For 12 word wallets, we can have 204812 unique Recovery phrases, which is (211)12 or 2132 (~5 * 1039 which is a 5 and 39 zeros afterwards).
What is the entropy of your wallet?
For 24 word wallets, your wallet is 1 in 2264 possible wallets (2264 different Recovery phrases), and given that BIP39 use 8 bits to perform a checksum, you have 264-8 = 256 bits of entropy.
For 12 word wallets, BIP39 uses 4 bits to perform a checksum, so you have 132-4 = 128 bits of entropy.
Is brute-forcing half of your words, half as difficult?
Say you have 12 seed words. If you split them into 6 and 6 and an attacker finds 6 of them, is brute-forcing the other 6 words half as time-consuming as brute-forcing your full 12 words? Not quite.
Remember that your 128 bits of entropy for your 12-word wallet comes from an exponent. We have 2132 different Recovery phrases (which came from 204812 if you remember), but we don't have 132 bits of entropy as we use 4 bits to perform a checksum. So we are left with 128 bits of entropy. Guessing half of your words means there is half the exponent. In this case, 6 words mean 20486 possibilities.
Let's divide them. 204812 / 20486 is 73786976294838210000. So once an attacker finds 6 words, finding the other 6 is 73786976294838210000 times easier than it would have been to guess the full 12 words. Let's put this into perspective.
Let's put an example. This will scare you:
If attacker needed 73786976294838210000 minutes = 1229782938247303400 hours = 51240955760304310 days = 140386180165217 years to brute-force your 12 words, but he found what the first 6 words are, he would need 1 minute to brute-force the other 6 and steal your funds.
Is splitting 24 words into 12 and 12 secure?
12 words are considered secure on their own, so to the best of my ability, yes, it is secure. But making your wallet 204824 / 204812 = 5.444517870735016e+39 times weaker (even if secure enough nowadays) is a hefty price to pay for storing your seed words in two different locations. Keep in mind, you can always be susceptible to a $5 wrench attack and if the attacker finds 6 words in ANY of the 2 locations, they will know the other half is missing, and they can hit you with the wrench until you tell them the other half.
Are there better alternatives?
Yes, there are. One of them is the use of a pass-phrase. This is not your 12 or 24 word Recovery phrase, but an additional password you use to secure your crypto, once you have your seed words.
The reason why this is great is because if an attacker finds your Trezor at home, or half your seeds, or whatever hint that you hold crypto, they can $5 wrench attack you until you unlock those funds.
A pass-phrase allows you to have an additional wallet address. The first address is unlocked with your 12 or 24 seed words. The second one needs your 12 or 24 seed words and your pass-phrase. The key is no one knows if a second (or third, etc.) address exists using a pass-phrase on top of your seed words. Thus you place a portion on your funds on the first wallet (using only seed words), let's say 5-15%.
If a thief breaks into your house, and finds your Trezor and/or seed words, they will steal 5-15% of your funds. There will be no hint you hold more crypto. Once they are gone, you can use your seed words (make sure you still have them) and pass-phrase to access the second address, and recover that 85-95% of your funds.
[Note: If the attacker is smart enough, they could look at your transactions, and learn you transferred 5% of your crypto from wallet A to the compromised wallet B, but 95% was transferred from that same wallet A to wallet C. So there must be another wallet. Hence, the more you obfuscate your funds' origin, the better. For example, you can have the funds come into the two wallets from two different sources, such as two different exchanges]
Anyways, this is pretty long already. I appreciate you stopping by, and hope you learnt some new! Corrections are welcome as well.
Have a good day, everybody!
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments