24 word seed

I always wonder, if all you have to recover a wallet is a 24 word combination. Wouldn't that mean that anyone could use a random 24 word seed to get someone with those series of words?

Other urls found in this thread:

github.com/bitcoin/bips/blob/master/bip-0039/english.txt
mentalfloss.com/article/66863/meet-man-struck-lightning-7-times
lbc.cryptoguru.org/man/theory
twitter.com/SFWRedditGifs

why won't you do it and become a millionaire?

nice just hacked 100k

Man... Electrum dev here, I hadn't thought about that. I guess bitcoin is fucked now, shit. Please don't tell CNBC this, man, please.

Wtf I just lost 100k!

lol yeah man go for it tell us how it goes

nice just hacked 100k

ITS A WRAP BOYS. WERE ALL FUCKED

wtf I love words now

WHERE THE FUCK IS MY BITCOINS!!!111

what dictionary do these kind of apps use, and how large are they?

Your chances of finding a wallet in use are astronomically tiny. There's so many possible combinations that even if everybody on earth had an address, it would still be less likely to find an used address than win the lottery

Nope. The fact that they are words makes it seem like it'd be that easy. But the size of the word list and potential combinations gives you an incredibly low chance of actually getting one in use.

Theoretically possible though I suppose, mitigate by keeping your shit spread out across five different wallets if you have a lot of it. The odds of just one getting guessed is pretty fucking low, but more than that?

wow it worked just got 10 bitcoins

To put it to scale, there's more valid addresses than atoms in the universe. You could bruteforce all day and still not find one in your lifetime.

uhm, did someone just guess my seed? my electrum wallet went to 0

what happens if someone does win the lotto, or gets struck by lightning twice and gets the seed of some poor cunt (me)

what are some ways to not get cyber ganked

there always might be implementation weaknesses, especially if it's just another layer added ontop of the fundamentals (private/public key).

Isn't that also alleviated by multisig wallets? Or how do they work? I assume big wallies and exchanges keep their shit in far secure ways than most of us.

Just calculate it.
It's not 9 possible random digits 24 times.

It's 24 random words out of more than 20 letters with random word length out of tens of thousands of words in random order. Someone do the math. I'm a brainlet

That's less likely as you just getting struck by lightning twice. So I'd worry about that first.

oh fuck god damn it im never leaving the house again

Yeah, if your seed was generated by a malicious generator, you'll easily get ganked. The generator might just put out a predetermined list of seeds and then the host could wait a bit and collect the balances of those seeds

Solid plan

Wow just hacked bitfinex's BTC with OP's method! Thanks!

you're more likely to win the lottery 10 times in a row than for someone to guess your seed

Do you understand how many combinations of 24 words out of the entire dictionary exist? The chances of you correctly guessing a combination that's in use, let alone one for a wallet that actually contains any BTC, is so astronomically tiny that it'll never be worth trying.

...

I dunno about that many.

github.com/bitcoin/bips/blob/master/bip-0039/english.txt

2049 words, assuming 12 words are used with no repetition, unless I suck at math (I do), there's 11070093892986773771686797492736 unique combinations.

All I'm saying is it's super easy to fuck up. Just go and check the many way idiots on reddit are generating their IOTA seeds... granted, that's yet another level of human error. But I'd be very careful with using any "custom"/non-official wallet generator or what not. Most people don't really know what they're doing. Hence the sea of guids which opens plenty of room for 1) malignance and 2) incompetence.

Yes that would help as well, like with Ark allowing a second passphrase to be added.

>no repetition
mistake one

theres also bitcoin.com that are actively trying to scam people out of money.

you cant generate a wallet offline.

I don't know whether they repeat or not and I'm not going to sit there spamming the make new button to find out.

IF repetition is allowed (likely desu), then the number is even higher.

>then the number is even higher.
not by much, since 2049 >> (is much greater than) 12 (repetitions)

True, either way, it's fucking high and you have a very low chance of finding it. It's like trying to bruteforce AES128. Sure we could move to AES256 (or 24 words for wallets), but practically there's no real difference.

If it were an option I would take it though.

well, what you don't consider (yet) is that we don't want to find a specific seed. Just a valid/existing one (hopefully with many monies). So we need to divide by that number, which might be considerable in the future.

Gonna try this on my iPhone thanks OP

Yeah but it's still astronomically tiny, and as I already stated you can mitigate this by spreading out over multiple wallets.

WTF i lost 100k

Thanks asshole,I just lost 100k

GOING TO REPORT THIS TO THE FED.

>you can mitigate this by spreading out over multiple wallets.
if everyone does this, then you can divide our hitrate probability by another factor. :)
but yes, these probabilities are out of scope to be really grasped.. human brains suck at this (probabilities/stats) way too much. In theory this is all sound and good. I'm more worried (then again, not really this much with respect to the core software) about the quality of the implementation (of all parts involved).

Implementation is always a concern, but what can you really do about that? The only real security from this is to spread your bitcoin out into other currencies altogether.

You faggots are laughing but OP is literally correct in a long enough time frame. Naturally as more and more seeds are generated the entire system becomes more valuable to brute force. God this board is retarded sometimes.

Yeah but everyone making new seeds now will never have anything worth stealing. All the OGs with 1000s of coins are not about to start making loads of new wallets and moving their shit into it.

Condider there are over 5000 wordsand u can make up some bullshit words, the entropy of 24 words is 5000^24 is approx 5.9*10^88. The probability of finding the same seed is astronomically tiny

you can check the implementation yourself
biggest concern is probably the source of randomness they use to select words
especially if you paranoid about the manufacturers manipulating their randomness implementation on chip

or like the randomness used in the PS3 encryption i think? what was it something like return 6; everytime top kek

Well I'm going to assume Electrum's implementation of random is probably fine. The greater concern is closer to the blockchain and would affect any and all wallets imo.

That and bad hardware wallets that are closed source.

assuming the uniform distribution i'd say it' around 100000^24 = 10^120 or something like that

>I don't know whether they repeat or not
they do repeat, otherwise the distibution wouldn't be uniform (aka there would exist some combination that unlocks multiple wallet)

Wait why is
>(aka there would exist some combination that unlocks multiple wallet)
true?

Also I have always wondered if it were possible for a deterministic seed to generate SOME addresses that clashed with another wallet. Not all but some crossover.

I JUST GOT 100 BTC YOUR A GENIOUS

Long enough = heat death of the universe

That number in seconds equals 350,797,310,620,708,038,333 Millenia

We're a little beyond guessing one per second at the moment.

>Wait why is
>>(aka there would exist some combination that unlocks multiple wallet)
>true?
to rephrase it:
ASSUME that there are no repetition. that means that the 24-words combinations space is smaller than the address-private key space, so it's not 1 to 1. that means there exist some combinations that unlocks multiple wallet, which is impossible, or that some wallets don't have a 24-words combination, which is impossible too. therefore they repeat.

>Also I have always wondered if it were possible for a deterministic seed to generate SOME addresses that clashed with another wallet.
it is possible, but the probability is negligible (that's actually the correct term, you can google it). basically it's so small that you should worry about an asteroid killing you once you go outside rather that getting clashes between wallets

This is slightly off topic, but can you explain how, for example Ark, allows you to add a second 12 word combination to your address to secure it? How is that address not generated from the original 12 word seed only still?

That would be to find a specific key. Divide that by the amount of wallets open, then consider that you can probably try 70-80+ a second on a decent PC.

maybe slightly offtopic: but I don't get the purpose of these word lists anyways. Are you guys really going to trust your fucking brains/memory with this? The reasonable thing is to have the seed written down somewhere, no matter what.
>mfw brains are fucking usless

Just guessed this dude's seed mentalfloss.com/article/66863/meet-man-struck-lightning-7-times

And yet the Large Bitcoin Collider has already found a handful of collisions.

yeah, but the chance this happens to *someone*, at *some point* is by far much larger than this happening to *you*

that means that 12 word combination space is bigger than the wallets space. if there are 2 12 words combinations then it's atleast 2 to 1 (but probably bigger, that makes it more secure since some 12 worlds combination doesn't yield wallets at all)

so it's ark's system is a little differnt than btc's. quoting from github of btc's 24 word seeds generation method:
>The described method also provides plausible deniability, because every passphrase generates a valid seed (and thus a deterministic wallet) but only the correct one will make the desired wallet available.

so 24 word combo - btc is 1 to 1, while ark's is atleast 2 to 1. i dont know the details about ark ecosystem, but if you google enough you can find all the implementation documented online and see yourself

The purpose is it's easier to write down the words than the unreadable seed they correspond to. You could write down the private key too if you want but why?

i love these threads because of these posts

but in all honesty guys, you know that every street shitting pajeet on this board probably takes this shit seriously and is working on cracking our keys right now as you read this.
if we could make more threads like this we could distract all of the pajeets and save Veeky Forums - think about it

Yeah I could I was just hoping for fast answers.

You can 'pay' (a few Ark) and get your address secured with a second phrase. I can only imagine that some change is made within the blockchain that bans the key for the original 12 word passphrase when used with that address and only allows the key made by combining the two phrases from that point on wards. Otherwise I don't see why even after doing so you couldn't regenerate the wallet with the same original 12 words. It's not as if your address is changed.

>unreadable seed
maybe don't print it in comic sans next time?
>but why?
because. It's the actual private key. No layer/middleman inbetween. That's good.
It's okay to worry about security, but I'm also worried about still having access to my wallet in 20 years.

Ledgers have 24 word combos

The seed derives the private key, writing down the private key is retarded because the only way you'll lose it is if the software that generated the private key disappears off the face of the earth.

Look at the shit the Monero wallet creates. You get a human readable seed (words), but also the spendkey/viewkey. The word seed corresponds to the spendkey. You could write down either, but why write down something you have a far higher chance of fucking up when doing so.

lbc.cryptoguru.org/man/theory

lbc bruteforce 2^159 space instead of the WAY bigger 2^256 because of some retarded design choices in btc wallet generation algorithm or something

>but why write down something you have a far higher chance of fucking up when doing so.
I SAID BECAUSE!!! REEEEEEEEEEEEEEE

The probability of guessing any given wallet is 1 over X^24, where X is the number of valid dictionary words.

Let's imagine there's only 1000 words that can be used to generate the seed. Go ahead and do the math.