Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Wallet software
Topic OP
Brute Force And Seed Phrase Security Questions
by
jerry0
on 21/10/2020, 19:54:19 UTC
So i know brute force means like you try all the combinations..


1. But its a computer entering each one etc over and over right?  And not like a person doing it manually right?  Now with brute force, is it a program that does it or is it a computer?




Now the electrum seed is 12 words.  The nano ledger is 24 words.  I know other wallets have 12 as well and others have 24 in general




2. If say someone has all the words for each electrum and nano ledger s... is your seed basically compromised even if one doesn't know the order of each one?  I gotta assume electrum could easily be done by manually typing each word and combination right?  But with the nano ledger s, a lot more time but thats probably done in days?  And its a program that will brute force it?  Thus you see on the computer and it would auto type all the words and enter each time... then rinse and repeat?  Or is that not how brute force works?




3. How many words being exposed for electrum and nano ledger s would you consider your seed a bit compromised?  Obviously if you give 1-2 words out for electrum or nano ledger s... that is still very safe right?  But obviously electrum is not as safe because less words.  If someone has your first 6 words of electrum or the last 6 words... how long would it take to brute force that?  What about ledger with 12 words... say someone found one half of your 24 word seed?



4. Order is much less important than the words right?  Like is it better to have exposed 6 words of your 24 word seed as oppose to having say 3 words straight of your 24 word seed?




5.  I always felt the 12 word seed in electrum wasn't safe because I thought hey only 12 words and the word list is only over 2000 words or so.  I thought to myself, well imagine I just go to recovery seed in electrum and just trial and error all the words... surely I would make one hit ... but this is basically impossible right?  Because ppl I assume with brute force program could type the combinations of words for them in electrum?  Thus imagine it type each manually by looking at the word list while it would be doing the same but machine doing it and faster... is that right?  I thought well if it keeps entering words... wouldn't it eventually find a match?  Or is there a period where after you type in say 50 combinations and it doesn't work... it can't enter more words until a certain time period?  Like imagine you try to log into your email account with password and you are wrong three times then it won't let you log in for another hour or so etc... but no issue like that with brute force?