1. But its a computer entering each one etc over and over right? And not like a person doing it manually right? Now with brute force, is it a program that does it or is it a computer?
Technically, a person manually typing random seed phrase is also considered "
bruteforce".
2. If say someone has all the words for each electrum and nano ledger s... is your seed basically compromised even if one doesn't know the order of each one?
If that happened, it's only a matter of time before 'the one who has the jumbled words' find the correct order.
12-words have about half a billion combinations that a typical computer can do in minutes/hours using BTCRecover (
given that he knows one of the wallet's addresses).
24-words can stretch the time a lot longer but getting the correct order once all of the words got compromised is still inevitable.
3. How many words being exposed for electrum and nano ledger s would you consider your seed a bit compromised? Obviously if you give 1-2 words out for electrum or nano ledger s... that is still very safe right? But obviously electrum is not as safe because less words. If someone has your first 6 words of electrum or the last 6 words... how long would it take to brute force that? What about ledger with 12 words... say someone found one half of your 24 word seed?
12-words is indeed less secure than 24 but that doesn't make it unsecure.
If the attacker if bruteforcing the words than the "
entropy", then just base it from the number of possible permutations;
like for example, 6 out of 12 words was compromised:
2048^6 = 73,786,976,294,838,206,464 which still a lot for a regular computer but you can consider it compromised.
For leaked 1 or 2 words, I can tell that it's not enough to be compromised.
4. Order is much less important than the words right? Like is it better to have exposed 6 words of your 24 word seed as oppose to having say 3 words straight of your 24 word seed?
Hmm, when it comes with exposing only a portion of the seed phrase, the attacker would never know if it's the correct order or straight.
I think, normally, an attacker will try to complete the words first thus a seed phrase in a random order is much safer IMO.
5. I always felt the 12 word seed in electrum wasn't safe because I thought hey only 12 words and the word list is only over 2000 words or so. I thought to myself, well imagine I just go to recovery seed in electrum and just trial and error all the words... surely I would make one hit ... but this is basically impossible right?
As said by the above post, there too many combinations for a 12-word seed to be considered unsecure.
2048^12 is equal to
5,444,517,870,735,015,415,413,993,718,908,291,383,296 combinations.
I doesn't look much (
that's why BIP39 wasn't implemented in Bitcoin Core) but the number is still impossible to bruteforce with the current supercomputers.
Surely someone has found crypto this way right? I mean i dont know exactly how many combinations there are... but its not like okay you need to hit exactly one of these combinations... theres so many combinations of seed words.
So far, there's none, if you can find some article or news about a seed-phrase collision, it's an FUD.