2

The Mycelium Wallet has created a Bitcoin wallet for me, then I've written down a 12-word passphrase for the wallet backup. However it looks like a set of words (in the Mycelium) to generate these phrases is limited - at least I've got a passphrase with one word repeated two times.

How can I make sure this passphrase is unique in our world where more than 7 billion people live?

meshcollider
  • 11,815
  • 4
  • 25
  • 53
HEKTO
  • 123
  • 4
  • The lingo may be different for different wallets but passphrase is usually a set of letters, numbers and symbols to create a password. A seed is your set of words usually 12 to 24 for differing wallets. – Josh Dec 11 '17 at 07:04
  • Related: https://bitcoin.stackexchange.com/questions/7724/what-happens-if-your-bitcoin-client-generates-an-address-identical-to-another-pe – meshcollider Dec 11 '17 at 09:31
  • 1
    This does a great job at explaining how the phrases are created, may help shed some light on your question. – DjangoBlockchain Dec 11 '17 at 16:32

2 Answers2

5

The chances of someone "brute-forcing" or guessing your seed is extremely slim. There are more than 5 duodecillion possible combinations of twelve-word seeds. Just so you get an idea of how big that number is, it's more than 1 thousand million million million million million million possibilities.

Monstrum
  • 1,334
  • 7
  • 11
  • 1
    I don't worry about hacking or guessing - I worry that my automatically generated passphrase will be also a somebody else passphrase by accident. It means that in theory I'll have access to somebody else wallet, and he/she will have access to my wallet, right? – HEKTO Dec 11 '17 at 03:49
  • That's correct, however, the chances are the same even for the seed generation. If I were to brute-force seeds, I would run the generation function continuously until I find your seed. – Monstrum Dec 11 '17 at 14:08
  • 1
    @HEKTO: Logically, if it's extremely difficult to make something happen on purpose, then the chances of having it happen by accident are even lower. – Nate Eldredge Dec 11 '17 at 15:59
  • @NateEldredge - yes, I understand. I just worry about the system scale... When I create my own ssh private key in Linux I don't worry about its passphrase, because the number of users, which can communicate with me, is not that large. However the Bitcoin is a global system with billions of potential users and yes, some of them are hackers. – HEKTO Dec 11 '17 at 16:23
  • 1
    Indeed. But the number of possible keys is overwhelmingly gigantic. This principle is at the root of pretty much everything in cryptography and you are going to have to come to terms with it in order to be comfortable with anything. It is a nice exercise to do some calculations: e.g. if every person in the world had a million computers, each of which could try a billion keys per second, how long would it take to guess yours? – Nate Eldredge Dec 11 '17 at 16:56
  • @NateEldredge - I worried (and still is) about the limited set of possible words in the Mycelium, so I think I'll use my own words, not wide-known, not from any popular song or book - then I'll be more comfortable. Thank you! – HEKTO Dec 11 '17 at 17:50
  • @HEKTO: The limited set of words is compensated by the fact that there are 12 of them. The number of possible keys grows exponentially with the number of words, and only polynomially with the length of the word list. You have an effective key size of 132 bits, which is totally infeasible to brute force. Sure you can get more entropy by choosing words from a larger set, but it doesn't really help much - diminishing returns. And if you choose your own words you have to resist the temptation to just choose a phrase you like - they have to be chosen in a strongly random manner. – Nate Eldredge Dec 11 '17 at 18:33
  • @HEKTO: I don't mean to be rude, but you really need to understand the math better - you're worrying about completely the wrong things, and I'm concerned that the solution that makes you more "comfortable" may actually be cryptographically weaker - perhaps dangerously so. – Nate Eldredge Dec 11 '17 at 18:34
  • @NateEldredge - I've just read that the set of words is sorted before its usage. Is it still the case? – HEKTO Dec 11 '17 at 18:35
  • @HEKTO: The words in the mnemonic phrase are not sorted; order matters here. The wordlist is sorted, but all this means is that the numerical value associated to a word corresponds to its alphabetical order. This association is arbitrary anyway (and doesn't need to be secret) so sorted is as good a method as any, and it's convenient to implement. – Nate Eldredge Dec 11 '17 at 18:39
  • @HEKTO LBC, Large Bitcoin Collider, is an effort that tries to crack all private keys. The only vulnerabilities they found were in "brainwallets" where users input a password to generate a private key. Looking at their statistics gives you an idea of, despite the computing power being used, it is still extremely difficult/impossible to crack private keys even with twelve word seeds. – Monstrum Dec 11 '17 at 19:07
  • My question was both theoretical and inquisitive... I thought: a 12-word passphrase to recover the wallet, and that's all? May be, I'm missing something, which makes the private key unique with 100% guarantee? Apparently, there is nothing like that, so we all depend on the enormity of the search space and mathematically proven randomness of keys in this space – HEKTO Dec 11 '17 at 19:47
2

(Some wallets that generate word lists for recovery also allow a user-created passphrase, so I'm using "recovery seed" to denote the word list.)

I'm not familiar with Mycelium specifically, but many wallets use a standard known as BIP39 to generate recovery seeds. That technique draws the words randomly from a list of 2048 words, with duplicates allowed. The order (permutation) of the words is significant. So the number of possible recovery seeds is 2048^12 (^ indicates exponentiation). That is 5.44451787E+39, which is 5,444,517,870,735,015,415,413,993,718,908,291,383,296.

brec
  • 347
  • 1
  • 11
  • 1
    @NateEldredge Thanks! I've edited my answer to reflect allowing of repeated words. – brec Dec 11 '17 at 14:20