Author: Joseph Gleason ⑈ 2018-12-03 20:54:10
Published on: 2018-12-03T20:54:10+00:00
A user named Steven Hatzakis has developed a method for creating reversible mnemonics, which allows two separate vaults to be connected to the same mnemonic string of words. By entering the words in reverse order (the last word becomes first, second to last becomes second, and so on), users can access the secondary (reversed words) vault. The purpose of this utility is to provide multiple use-cases including passphrases, plausible deniability, and convenience for those wishing to use a separate vault tied to the same string of words. For any randomly generated 12-word mnemonic (128-bits of security), the chances of it also being reversible are 1/16. For a 24-word mnemonic, those values increase to 8 bits which need to match 8 bits from the reversed string, leading to about 1 in every 256 mnemonics also being reversible. While the message space of valid reversible mnemonics should be 2^124 for 12 words, that search must still be conducted over a field of 2^128. Steven Hatzakis believes there could be at most 4-bits of loss for a 12-word mnemonic, but only if an attacker had a way to search only the space of valid reversible mnemonics (2**124). He estimates that this isn't feasible, however, he has asked others to chime in on whether they believe there is any security loss, in terms of entropy bits (assuming the initial 128 bits were generated securely).Steven Hatzakis has already written the code that can be used for testing (on GitHub user @hatgit), and when run from terminal/command prompt it is pretty fast to find a valid reversible mnemonic. However, on IDLE in Python on a 32-bit and 64-bit machine, it could take a few seconds for 12 words and sometimes 10 minutes to find a valid 24-word reversible mnemonic. Steven Hatzakis has two questions: 1) How useful could this be for users/devs/service providers etc.? and 2) Is any security loss occurring and whether it is negligible or not?
Updated on: 2023-06-13T16:06:54.316533+00:00