Author: Erik Aronesty 2022-07-11 13:18:14
Published on: 2022-07-11T13:18:14+00:00
The discussion in this context revolves around the security of a 12-word seed used for Bitcoin wallets. Sorting a seed alphabetically reduces entropy by approximately 29 bits, which means that sorting removes this entropy entirely from the 12-word seed, reducing its entropy from 128 to 99 bits. To recover a few words with an unordered encoding would be easier in case there are holes/errors in the remembered story. To bruteforce the entire keyspace, one would need to come up with every possible combination of 11 words + 1 checksum. This leaves around 10 trillion combinations, which would only take a couple of months to exhaust with hardware that can do 1 million guesses per second. The writer also suggests some ways to approach the problem. One can swap two positions, and then your recovery algorithm can brute-force the result by trying all 132 possible swaps. Another option is to make a single deletion and only have to brute 2048. However, it becomes geometrically more difficult each time (deletion + swap = 270k ops). A home PC can make 20k secpk256 operations per second per core, so try to keep your number under a few million ops, and it's still a decent UX (under a minute).
Updated on: 2023-06-15T22:23:23.251833+00:00