Trezor Safe 3 allows for Shamir backup. Oddly, that is a 20-word seedphrase, with 3 of the words the same in each derivation. So in essence it is really a 17-word seed? So odd.
This is a great example of the point I was making in the video. From their website: Trezor Suite will automatically initiate a device with Shamir backup using 20-word shares (128-bit strength). trezor.io/learn/a/what-is-shamir-backup Note that it says 128 bit strength. Even though there are more words it will contain the same amount of entropy as a 12 word seed phrase. There are tradeoffs with Shamir - I would argue that it’s not worth it in 90% of cases because it complicates your recovery process. But regardless - it’s not “safer” just because there are more words. It’s exactly the same amount of entropy
@@RhettReisman , thanks! It seems the best way is to use 12 words, keep it simple, and don't lose your seed. Anything beyond that just adds risk, not reduce it. No matter that the numbers show.
Great video…. A little confused on 128-bit entropy schema. Are we saying that the addition 12 words AFTER the first 12 aren’t random enough to be considered truly random? Therefore we’re adding unnecessary complexity and not (in practice) much more security?
Yeah, I find this confusing too, as long as we are choosing out of the 2048 word pool randomly for each word, shouldn't it be more secure in theory with 24 words, AND in practice? It's just not random enough? What does only using 128 bits of entropy with 24 words really mean here? Isn't entropy just a function of how many random words you use, IE: 12 vs 24? How is it "unused" entropy as per the quote? Isn't it being used by nature of having the randomly generated 24 word seed phrase?
Andreas is definitely not a blow hard trying to sell a book - he’s released it for free to everyone on the internet In practice most hardware wallet manufacturers are only using 128 bits of entropy. Think of the bits like empty slots where a number can go. A bit can have 2 values. 0 or 1. If I have 128 slots (bits) I have 2^128 possible values or 10^38 possible combinations If I have a 24 word seed phrase and 2048 possible words that’s 10^79 combinations. If I have more combinations of seed phrases than I have slots of available entropy I’m having to drop all that extra entropy - it ends up not being used. It’s a software/hardware reality of production HD wallets that is dropping entropy for 24 word seed phrases
@@RhettReisman The problem with your explanation, is just the blanket statement saying that modern day hardware wallets only use 128 bits of entropy with no explanation or anything to back it up. I've seen other videos that explain how entropy works and how there are about 11 bits of entropy in each word. (It's really 10.6 repeating) so 12 words x 10.6 repeating is 128 bits of entropy and 24 words x10.6 repeating is 256 bits of entropy Entropy is just how random the whole thing is. You can have 12 random words for 128 bits of entrophy, or 24 for 256 bits of entropy. Making a program that chooses from 2048 words 24 times is not complicated at all, it's just a few lines of code not counting the word list you've have to look through. So to say that most wallets are only made with 128 bits of entropy even if they have 24 words is like saying 12 of the 24 words weren't chosen randomly. It doesn't make any sense.
@@RhettReisman And on the point about more seed phrases than slots. Each word is made of 11 bits, so it's 2^11 possible combinations for the 0's and 1's since there's 2 choices 11 times, so that's 2048 possible words. You're just doing that 24 times instead of 12. All of the possible bits are covered with the 2048 words.
Check out this video if you haven’t already ua-cam.com/video/D9j5y3tyMo8/v-deo.htmlsi=fAFAFc-UFR0Hj7Kq I go over the random function in Python and show you how different seeds affect the number. It is pretty confusing though lmk if there’s a specific part that I could explain better r
If a wallet only uses 128 bits of entropy (which is what most of them are doing) 12 words and 24 words are including the same amount of randomness. In that case 12 words is more secure than 24
It needs to be from the bip39 dictionary - not every dictionary word works. You can select your own words, but you shouldn’t because you’ll likely pick a low entropy seed phrase. Computers are better at picking words randomly.
Newbie question but, what if a large percent of all possible seed phrases are generated at some point Will it then be a lot easier for a computer to guess a seed phrase correctly?
If you generated the seed using Trezors normal process you’re fine It’s just that it’s probably the same level of security and harder to store than 12. If you already have one though it’s less important to try to get a new one
There is no Secure Element in the Trezor One, you should upgrade to Trezor Safe and regenrate your 24 words seedphrase in it (or switch to a 12 words ... it's much easier to memorize)
I have a question & concern. My concern is around a program that can "brute force" a 12 word vs 24 word seed phrase. Since the 2048 words are known, computer programs can generate 12 word phrases and test random phrases until eventually finding a wallet. Wouldn't you agree that a 24 word seed phrase would protect you much better against this issue?
It would if the wallets that generate the 24 words use 24 words of entropy, but most don’t. Because most only use 12, they’re functionally the same. Every computer on earth working together would take centuries to crack a 12 word seed phrase. You shouldn’t worry about it
@@tpks2542 , I am also interested in that question. I sense the answer is yes but to me this seems like all one is doing is adding a paper wallet overlay (memorized passphrase) to a HD wallet. HD wallets were meant to eliminate paper wallets but adding a passphrase to me seems like going backwards.
It’s likely that if you guess 100 random wallets that they’ll be empty because there are more wallets combinations than grains of sand on earth. 100 guesses is not very many
Suppose only 200000 people have a cold storage wallet right now. Guessing 12 words in a row. An unlocking Bitcoin would be difficult period what do you say to the person that says what if, in 10 years there's 250 million cold storage wallets and use? It would make it much easier to start guessing 12 words in a row and unlocking a wallet with Bitcoin in it.
It doesn’t matter how many people use bitcoin it doesn’t get any easier to guess a seed phrase. We already know every combination of seed words - the point is that number is way too high for you to ever guess a single one (there will always be wayyyy more empty seed phrases than populated ones). 250,000,000 is still like 10^13 smaller than a 12 word phrase. It’s imperceptibly small.
@@RhettReisman Appreciate the comment back. That's just the question I get the most. Can I guess 12 words and unlock somebody's wallet somewhere in the world. I use multi signature storage anyways. Is it possible, or is it already you being used a computer guessing seadt phrases to unlock a wallet with bitcoin. Instead of guessing hash, it would be guessing to seed phrases
Fourth reason to not do 24 word..... you won't be tempted to split your seed phrase location, which I think will cause a lot of lost BTC in years to come.
Trezor Safe 3 allows for Shamir backup. Oddly, that is a 20-word seedphrase, with 3 of the words the same in each derivation. So in essence it is really a 17-word seed? So odd.
This is a great example of the point I was making in the video.
From their website: Trezor Suite will automatically initiate a device with Shamir backup using 20-word shares (128-bit strength).
trezor.io/learn/a/what-is-shamir-backup
Note that it says 128 bit strength. Even though there are more words it will contain the same amount of entropy as a 12 word seed phrase.
There are tradeoffs with Shamir - I would argue that it’s not worth it in 90% of cases because it complicates your recovery process.
But regardless - it’s not “safer” just because there are more words. It’s exactly the same amount of entropy
@@RhettReisman , thanks! It seems the best way is to use 12 words, keep it simple, and don't lose your seed. Anything beyond that just adds risk, not reduce it. No matter that the numbers show.
Had this same thought when I saw the new Trezors only do 12 words. You explained it very well. Thanks dude
Yeah it’s a really interesting concept - happy to help :)
Great video. Thanks for sharing your knowledge!
Happy to help :)
Happy new year!
Love your videos and contributions.
Thank you! Happy to help :)
Wow, my first video. Subscribed.
Let’s goooooo
👍 Your videos are awesome. I have learned so much from your channel. Thanks.
Appreciate it 😁 happy to help Steve
Excellent vidéo. Thank you. Read your post …
Thanks man happy new year 🎆
Subscribed !
You dropped this, king 👑
Great! Thank you Rhett!
Hey Jarol happy to help!
Great video….
A little confused on 128-bit entropy schema. Are we saying that the addition 12 words AFTER the first 12 aren’t random enough to be considered truly random? Therefore we’re adding unnecessary complexity and not (in practice) much more security?
Yeah, I find this confusing too, as long as we are choosing out of the 2048 word pool randomly for each word, shouldn't it be more secure in theory with 24 words, AND in practice? It's just not random enough? What does only using 128 bits of entropy with 24 words really mean here? Isn't entropy just a function of how many random words you use, IE: 12 vs 24? How is it "unused" entropy as per the quote? Isn't it being used by nature of having the randomly generated 24 word seed phrase?
Maybe the person he was quoting in the video was just a blow hard trying to sell a book?
Andreas is definitely not a blow hard trying to sell a book - he’s released it for free to everyone on the internet
In practice most hardware wallet manufacturers are only using 128 bits of entropy. Think of the bits like empty slots where a number can go.
A bit can have 2 values. 0 or 1. If I have 128 slots (bits) I have 2^128 possible values or 10^38 possible combinations
If I have a 24 word seed phrase and 2048 possible words that’s 10^79 combinations.
If I have more combinations of seed phrases than I have slots of available entropy I’m having to drop all that extra entropy - it ends up not being used.
It’s a software/hardware reality of production HD wallets that is dropping entropy for 24 word seed phrases
@@RhettReisman The problem with your explanation, is just the blanket statement saying that modern day hardware wallets only use 128 bits of entropy with no explanation or anything to back it up. I've seen other videos that explain how entropy works and how there are about 11 bits of entropy in each word. (It's really 10.6 repeating) so 12 words x 10.6 repeating is 128 bits of entropy and 24 words x10.6 repeating is 256 bits of entropy
Entropy is just how random the whole thing is. You can have 12 random words for 128 bits of entrophy, or 24 for 256 bits of entropy. Making a program that chooses from 2048 words 24 times is not complicated at all, it's just a few lines of code not counting the word list you've have to look through.
So to say that most wallets are only made with 128 bits of entropy even if they have 24 words is like saying 12 of the 24 words weren't chosen randomly. It doesn't make any sense.
@@RhettReisman And on the point about more seed phrases than slots. Each word is made of 11 bits, so it's 2^11 possible combinations for the 0's and 1's since there's 2 choices 11 times, so that's 2048 possible words. You're just doing that 24 times instead of 12. All of the possible bits are covered with the 2048 words.
What if you do a 24 parent seed and then use 12 word cold seeds for your actual wallets
That could be a good work around as long as you make sure the 24 word has enough entropy
does using a passphrase with seed is impossible to brute force ? because a passphrase doesnt have a standard of 2048 words
Any 12 or 24 word seed phrase generated with enough entropy is impossible to brute force. Passphrases make them more secure.
Excellent!
Happy to help :)
The way entropy works when generating randomness is so hard to comprehend. Well i find it hard to understand it.
Check out this video if you haven’t already ua-cam.com/video/D9j5y3tyMo8/v-deo.htmlsi=fAFAFc-UFR0Hj7Kq
I go over the random function in Python and show you how different seeds affect the number. It is pretty confusing though lmk if there’s a specific part that I could explain better r
Cool Homie
🫶🐐
You dropped this king 👑
Excelent video, thanks a lot, I reseaching about this topic and you information is very good.
Happy to help :)
3:44 but why… not sure I understood this part…
If a wallet only uses 128 bits of entropy (which is what most of them are doing) 12 words and 24 words are including the same amount of randomness.
In that case 12 words is more secure than 24
@@RhettReisman i think I understand. But then why not on 256 bits if 24 words ?
So, I can't select words out of a fixed dictionary?
It needs to be from the bip39 dictionary - not every dictionary word works.
You can select your own words, but you shouldn’t because you’ll likely pick a low entropy seed phrase. Computers are better at picking words randomly.
Newbie question but, what if a large percent of all possible seed phrases are generated at some point
Will it then be a lot easier for a computer to guess a seed phrase correctly?
Computers don't know which seed phrases are generated and which ones aren't
I have trezor one with 24 words
Am i safe?
If you generated the seed using Trezors normal process you’re fine
It’s just that it’s probably the same level of security and harder to store than 12. If you already have one though it’s less important to try to get a new one
There is no Secure Element in the Trezor One, you should upgrade to Trezor Safe and regenrate your 24 words seedphrase in it (or switch to a 12 words ... it's much easier to memorize)
@@thomasconstant9354
I can't do it...Bitcoin is too complex for me. I'm a dummy.
I switched to ETF & MSTR with little BTC in my trezor.
I have a question & concern. My concern is around a program that can "brute force" a 12 word vs 24 word seed phrase. Since the 2048 words are known, computer programs can generate 12 word phrases and test random phrases until eventually finding a wallet. Wouldn't you agree that a 24 word seed phrase would protect you much better against this issue?
It would if the wallets that generate the 24 words use 24 words of entropy, but most don’t.
Because most only use 12, they’re functionally the same.
Every computer on earth working together would take centuries to crack a 12 word seed phrase.
You shouldn’t worry about it
@@RhettReisman Thank you, even with the security of a 12 word seed, would you recommend adding a passphrase for extra protection?
@@tpks2542 , I am also interested in that question. I sense the answer is yes but to me this seems like all one is doing is adding a paper wallet overlay (memorized passphrase) to a HD wallet. HD wallets were meant to eliminate paper wallets but adding a passphrase to me seems like going backwards.
@@tpks2542yes 12 words plus a few words as a pass phrase
@@tpks2542 If you use a physical ledger, the passphrase will definitely add a serious layer of security as it is not stored on a the device.
what if you make your own 24 word seed w dice and then restore in an hd wallet
Great question. I assume that would fix your problem, but might depend on the hardware/firmware of the wallet
What if you use dice
Dice should fix the problem if you roll 100
What are production hd wallets? The ledger nano ?
Yeah - ledger, trezor, coldcard, etc. basically every hardware wallet
Why is coldcard having 24 words ?
They also allow 12 and 18
@@RhettReisman oh!
Someone managed to guess 100 random trust wallet addresses but all were empty how it could be possible?
It’s likely that if you guess 100 random wallets that they’ll be empty because there are more wallets combinations than grains of sand on earth. 100 guesses is not very many
Suppose only 200000 people have a cold storage wallet right now. Guessing 12 words in a row. An unlocking Bitcoin would be difficult period what do you say to the person that says what if, in 10 years there's 250 million cold storage wallets and use? It would make it much easier to start guessing 12 words in a row and unlocking a wallet with Bitcoin in it.
It doesn’t matter how many people use bitcoin it doesn’t get any easier to guess a seed phrase. We already know every combination of seed words - the point is that number is way too high for you to ever guess a single one (there will always be wayyyy more empty seed phrases than populated ones). 250,000,000 is still like 10^13 smaller than a 12 word phrase. It’s imperceptibly small.
@@RhettReisman Appreciate the comment back. That's just the question I get the most. Can I guess 12 words and unlock somebody's wallet somewhere in the world. I use multi signature storage anyways. Is it possible, or is it already you being used a computer guessing seadt phrases to unlock a wallet with bitcoin. Instead of guessing hash, it would be guessing to seed phrases
I want to put a wallet into anaother wallet
Why?
Fourth reason to not do 24 word..... you won't be tempted to split your seed phrase location, which I think will cause a lot of lost BTC in years to come.
Exactly! People want to get too smart with all of this and some of them will pay the price.
Exactly! People want to get too smart with all of this and some of them will unfortunately pay the price.
He forgot to have you MUST use 24 words for a hot wallet or else you are screwed.
I’m him. I didn’t forget. You can use 12.
🧠🧠🧠🧠🧠