Gesamte Lebensersparnis in die Brieftasche mit 12-Wort-Samenphrase
- Dieses Thema hat 14 Antworten und 1 Teilnehmer, und wurde zuletzt aktualisiert vor 1 Monat, 1 Woche von
.
-
Beiträge
-
-
Ich habe gerade Trezor Safe 3 gekauft und eine Wallet mit 12 Wörtern und einer 6-Buchstaben-Passphrase erstellt, und ich mache mir keine Sorgen, dass jemand meine Wallet erraten könnte. Ich mache mir Sorgen über Supercomputer, die rund um die Uhr arbeiten und JEDE Wallet erraten, und wenn sie über eine stolpern, und ich bin sicher, dass sie das tun werden, möchte ich nicht, dass es meine ist. Durch die Verwendung von 24 Wörtern fühle ich mich sicherer, wenn ich meine gesamten Ersparnisse und die Hälfte meiner monatlichen Ausgaben für ein paar weitere Jahre in diese Wallet stecke.
Ich habe keine Option für 24 Wörter gefunden.
Wenn aus irgendeinem Grund eine 12-Wort-Seed-Phrase und eine Passphrase immer noch ausreichen, erläutern Sie das bitte.
-
There are estimated 500 million cryptocurrency users currently. Assume that everyone has a 12-word seed.
That means that if you brute-force through all 12-word seeds, you have a chance to find a non-empty wallet every 340 282 366 920 938 463 463 374 607 431 tries (that is 3.4 * 10^29 ).
—
Per [this website](https://mempool.space/graphs/mining/pools), the Foundry USA mining pool has a hashrate of 162 EH/s, that is, 162 * 10^18 hashes per second. This makes them, arguably, the biggest single-purpose supercomputer in the world. They can’t do anything but mine bitcoins, but at that job, traditional supercomputers don’t hold a candle.
This is netting them 40 blocks in the past 24 hours, for a very nice steady income of 252 BTC per day.
—
Brute-forcing seeds takes different hardware, and you need over 2000 times more operations per one seed.
But for the sake of this experiment, assume that the hardware is the same. So dividing 162 EH/s by 2000, we get a hashrate of 81 Pseeds/s, that is, 81 * 10^15 seeds per second.
Divide 3.4 * 10^29 tries per seed, by 81 * 10^15 seeds per second, and you get **4 billion seconds per seed**.
That is, in other words, **133 years** to find a seed that has something on it.
—
But okay. Let’s assume that someone _very very rich_ buys **100 times** more hardware than Foundry USA, all **custom made for single purpose** of brute-forcing seeds, and runs it for **one year** to find someone’s seed, and let’s say the seed is yours.
Foregoing, mind you, _at least_ 40 blocks or 250 BTC per day, so **91 thousand Bitcoin** in steady income, a large fraction of which btw you need to _pay for all the electricity_ that this operation consumes.
And this nets them, what did you say your life savings were? 5 BTC? 20 BTC? … this nets them 20 BTC **per year**.
—
What do we call a person who runs this operation? An idiot, that’s what.
—
Brute-forcing 128bit seeds makes zero economic sense and it never will.
—
But you can’t argue with feelings so feel whatever you want. You can certainly use a 24-word seed on your TS3, if it makes you sleep safer at night. Just install Electrum and set up your Trezor wallet through Electrum. You’ll get an option to pick 24 instead of the default 12.
-
A six letter password can be brute-forced easily by consumer hardware today, nevermind tomorrow. If someone gets access to your seed phrase, your passphrase is so miniscule and insecure that it should be considered non-existent.
Use a passphrase that is ~20 characters long. Use a diverse character set, i.e, use numbers, capitals, and special characters if you’d like. You said “letters”, so I’m assuming you used a six character alphabetic passphrase, which would take 308,915,776 attempts to brute-force. A consumer CPU can do this in less than a minute.
A 20 character passphrase that uses alphabetic, capital, and numeric characters would require 7.0442343e+35 attempts to break. Seventy undecillion, four hundred forty-two decillion, three hundred forty-three nonillion. This grows exponentially larger if you use a special character (which has so many different possibilities depending on your locale, that I cba to factor how long it would take)
-
>If for some reason 12 word seed phrase and a passphrase is still enough, please elaborate
this video explain why 24word seed phrase doesn’t mean more security when it comes to HD wallets: [https://www.youtube.com/watch?v=pTyAeXZvi1g](https://www.youtube.com/watch?v=ptyaexzvi1g)
add [strong passphrase](https://blog.trezor.io/is-your-passphrase-strong-enough-d687f44c63af) to your 12 word seed and you are sorted.
-
-
-
u/Previous-Pair-3781 just posted this same question, so you can double your answers by reading their thread as well.
Read [Landauer’s principle][a]. It calculates the minimum amount of power to do some atomic cryptographic operation on an infinitely efficient thought computer. Take that number and multiply it by 2^128 and you find that you would need to harness the power of the sun for the remainder of it’s life to perform the amount of computation required to cover that key space.
If you think 2^128 is too small, and you insist on 2^256, you are effectively saying, “yeah, that could happen, need the complete output of every star in the observable universe harnessed till the heat death of eternity”.
I mean sure… if it helps, but it certainly isn’t necessary to prevent against brute force.
Quantum computing doesn’t help. It only calculates private keys given public keys. It doesn’t perform brute forcing.
Only advantage that a 24 word seed gives you is the ability to encode it in a scramble cipher since even `24!` is large enough to guard against brute-forcing. For example. I put $100 into the following seed mnemonic. Only thing I’ve is shuffled the word order around, but the words are all the same
^(‘squeeze bike dance bread outer glide lunch capital girl caught river train kid success gain powder cool math tilt crew action hover much exchange’)
Final thought is a warning against passphrases. They are not needed to secure a Trezor-3. They are fine for account isolation or decoy wallets if that is your need. If you use a passphrase, IMHO, you MUST record your either the keys fingerprint, or derivation and XPUB.
[a]: https://en.wikipedia.org/wiki/Landauer’s_principle (‘math action hover capital outer crew lunch cool bread gain glide girl success train kid river much tilt exchange bike powder squeeze dance caught’)
-
-
Check out the table in this [article](https://blog.trezor.io/is-your-passphrase-strong-enough-d687f44c63af) to get an idea of how much it will cost to brute force your paraphrase.
Also if you’re using a hidden wallet (a.k.a wallet with passphrase) even if this hypothetical super computer found your wallet, there wouldn’t be any funds in it. So how would it then know to start applying passphrases.
-
-
-
-
-
-
12 word seed (other redditor showed the incredible math as to the likelihood of that) + a thorough passphrase (or divide it up into several) is all the protection you’ll ever need.
The FAR bigger risk is putting your pin, seed, and passphrase in separate secure locations. Then factor in redundancies, that presents a needed plan in place.
I have 6 figures worth of crypto and finally have my backup plan in place that if my house were robbed/burnt down, my crypto is still safe. In addition, if I die, my spouse has the instructions for recovery, and if she dies, my family has instructions from our will.
-
- Du musst angemeldet sein, um auf dieses Thema antworten zu können.
