Thesaurus.com is a public site that gives users over 550,000 synonyms in English. The BIP39 wordlist has 2048 words used for making standard bitcoin wallets. I get that some folks think a wallet made from a BIP39 list with 12 words can be hacked, but honestly, it’s nearly impossible. Yet, there are people who don’t get the math or don’t wanna learn and just stay stubborn.
So, I got this idea for those people. What if we scrape thesaurus.com and grab its entire wordlist? Since Electrum is open-source and uses a wordlist, we might be able to create a bitcoin wallet using our own unique wordlist. Imagine taking thesaurus' 550,000 words and randomly picking 24 for your seed phrase. Not sure if your computer would handle it, but I bet you’d feel a lot better.
I know it might sound sarcastic, but I really mean it. Just chill a bit! If you randomly generate a 12-word seed phrase using the BIP39 list, your wallet is pretty safe, like it would take so long to hack that by the time someone could do it, you, your bitcoins, and probably the whole universe would be long gone.
And if you do a 24-word seed phrase from the same BIP39 list, even if you spill all the words in any order, no one’s cracking it. You get what I’m saying? Even if you reveal all your seed phrases in random order (this doesn’t apply to the 12 words), your wallet still remains secure.
A concept for super paranoid folks wanting to set up a bitcoin wallet
19 replies 276 views
It's easily done. Just navigate to your Electrum installation folder, and go to \electrum\wordlist. First back up "english.txt", and then edit the original with your own wordlist. Job done.
I just pulled the wordlist from here and gave it a shot: https://github.com/dwyl/english-words. It has 466k words, and it worked just fine. I generated the following seed phrase:
Thanks to how Electrum works, you don't need to know my wordlist to recover that above seed phrase. You can import it in to any copy of Electrum just fine and recover the same wallet, which will give you the following address first:
However, doing this completely misses the point. The above seed phrase has exactly the same entropy as a seed phrase using the default wordlist - 132 bits. Increasing the size of the wordlist does not change the underlying entropy used to generate the seed phrase.
That's what I am saying, however, people can't understand that there is absolutely no difference in real world whether you use 2048 public wordlist or all the words that exist in English language. But you have probably seen this more often than me that people are afraid they will lose their coins because someone bruteforces their wallet and the public availability of wordlist will make that process fast and smooth and so on. I know it's not true and I know that in both cases, entropy is the same. But if anyone has OCD and wants a relief, I found thesaurus as a solution They will have no more fear.
My "solution" is to tell them to try "hacking" someone else's wallet. Give it your best shot, enter as many of those words into new wallets as your keyboard can handle! Or use software for it, "hack" billions upon billions of seed phrases! The same with private keys: run vanitygen on the rich list for as long as you want. By doing so, maybe you'll convince yourself how secure Bitcoin really is.
I think the most important point is what "random" means? Some people think that the human brain is good at randomness, or for example, as long as the seed is long, I am safe. No one can guess a seed that is 12 words long, so I will generate it myself, but they are wrong. Randomness means a strong random number that represents a 128 bit key at least, that If the randomness is 32bit key, you are not safe, and so on. In short, if you do not understand how entropy works, then trying to rely on the human brain will cause you to lose your money. Use a good, open source wallet, and you can verify that the entropy is at least 128 bits long, then you are safe.
You can verify electrum code entropy from here ---> https://github.com/spesmilo/electrum/blob/3.3.8/electrum/mnemonic.py#L163
As per the theoretical calculation time taken to brute force the 24-word recovery seed from the BIP list is longer than the age of our universe which is expected to be around 14 billion years.
I considered a system that can do 1 billion combinations per second then the time taken to brute force 24 word seed would be 2.76 million trillion years.
Calculations from chat GPT
why isn't it not possible original meme
Warning!, skip the video at 0.05.
For a 24 word seed phrase, the total number of combinations would be 2.96 x 10^79 and assuming we have a computer that can check 1 billion combinations per seconds, it takes 9.40 x 10^62 years to check all the combinations.
If the seed phrase is BIP39, the number of possible combinations would be 1.16 x 10^77 and it takes 3.67 x 10^60 years to check all those combinations.
There are errors in the calculations done by ChatGPT.
2048^24 isn't equal to 8.71 x 10^77
8.71 x 10^68 seconds isn't equal to 2.76 x 10^60 years.
2.76 x 10^60 years isn't 2.76 million trillion years.
ju5t_rocketMember
Posts: 29 · Reputation: 234
#8Oct 6, 2019, 11:10 PM
FWIW even if you change all the algorithms used to create the mnemonic to work with a much bigger entropy (eg. 2048 bit) with using the much bigger word list; in the end when you derive private keys from that entropy, those keys are still going to provide you with only 128-bits of security
That's a question, what is random? I suggest you to check this post: https://bitcointalk.org/index.php?topic=5395587.msg60219656#msg60219656
Also, this quote from Radioactive decay wiki page sounds interesting:
Overall, in our real, simple life, I would say that if we can generate combination of word seed phrases from a wordlist and we don't know how that happened or happens and we can't calculate how it chooses words, what logic it does follow, then we can call it random.
Those people don't know math and probably still believe in fairy tales. Human brain follows some logic, even if that logic sounds illogical for us So, human brain likes to follow certain path and when human thinks to generate a random word seed phrase, he or she always follows certain logic. For example, from 2048 wordlist, one human may say that let's take 7th word as a first word, then let's 2048th word, then 2047th word, then 1st word, then middle word. You see, there is a logic here and it's not random, it can't be random because human has to think to create something, human thinks how to create it, human is not a machine that can generate something without thinking about it, that's just impossible.
Radioactive decay is indeed a truly random process. We know from Bell's theorem that radioactive decay is not governed by "local hidden variables". In other words, we know that there are not events or process happening which we cannot measure or don't even know exist which are determining when such atoms decay. The decay of such atoms is indeed truly random, with the likelihood of decay at any given time dictated only by the half life of the isotope in question. The decay of such isotopes follows a Poisson distribution, the same as bitcoin mining.
I would disagree with this. Not knowing how something happens or what logic it follows does not make it random. Rather, the opposite is true. We need to know exactly how it is generating entropy so we can confirm that it is indeed random (or at least, pseudorandom).
If you know how something happens and what logic does it follow, then repeat the same and crack every generated wallet that was following that logic.
You certainly don't know why Electrum chose 1st word, 19th word, 1331th word and so on to generate wallet when you clicked on generate button and you don't know why Electrum chose 49th word, 258th word, 231th... on your next click on generate button. If you knew, then it wouldn't be random or it still would be but such randomness would not be beneficial, we don't want predictable randomness, we want unpredictable one.
This is an offtopic question. Are you really a doctor? The Sceptical Chymist said it somewhere I remember and I truly wonder if you are a doctor, how did you manage to be so knowledgeable in programming and physics. You are truly a very educated person and it's really an honor to have you on this forum. I appreciate you!
Take note that a random number generator uses known mathematical formulas for generating the random number, but the output is unpredictable.
Therefore, it's not that we don't know how electrum generates an entropy. We do know how electrum generates an entropy. The thing we don't know is the output.
"Only"
That's the thing: there's no point for making up your own complicated schemes to create or store your private keys. All you're doing is creating a false sense of additional security, at the risk of making a fatal mistake which results in losing access to your Bitcoins.
I think we are disagreeing on semantics here rather than the underlying principles.
Of course you are correct in that you don't want a process which can easily be repeated to achieve identical results. But conversely, I do know exactly why Electrum picked each word in the seed phrase it generates for me - it uses randrange which in turns sources entropy from /dev/urandom. The entropy it receives from /dev/urandom will indeed be a cryptographically secure pseudorandom number, but I also know the processes that my OS uses to seed /dev/urandom.
Yes indeed! I just like to read, learn, and tinker.
Certainly it's been possible at least since Electrum moved away from using their own wordlist and moved to mirroring the BIP39 wordlist.
The math is quite interesting, if you want to work it out. Given a word list of 466k, then each word can encode log2(466,000) = 18.83 bits of entropy. For a 132 bit seed phrase, this needs 132/18.83 = 7.01 words, which has to be rounded up to 8. If you used a wordlist of 474,861 words, then you could generate a 7 word seed phrase for 132 bits.
Alternatively, you can go the other way and give Electrum a wordlist of two words, say 0 and 1, and it will generate a 132 "word" seed phrase.
You can see where Electrum works it out here: https://github.com/spesmilo/electrum/blob/6dfbdec73e97231c01b1a813ae293083a3dbd1cd/electrum/mnemonic.py#L208. Takes the length of the wordlist and calculates the log in base 2, giving the value bpw, or bits per word.
This is quite interesting indeed. So if your word list gets long enough, you'll need less seed words. That might even make it easier to remember (if only I'd know what those words mean).
So if I create a list of every combination from a to zzzzz, I get a very short seed:
With 12 million "words", Python consumes a few GB memory and takes a while to create a new seed phrase. I expect this to get worse with much longer lists.
Of course, this takes away the "error correction" you'd have by using a dictionary word, so it's not really useful. But I'm amazed Electrum can just restore this seed phrase without the seed words!
hawk_ledgerMember
Posts: 28 · Reputation: 129
#17Oct 8, 2019, 07:33 PM
Eliminating all the other technical bits about this you then wind up with the issue of what happens when the file changes and words are removed.
https://www.abc4.com/news/9-words-removed-from-the-dictionary/
It's 10 years from now and one of your words was Brabble.
And you go to recover your seed and it just does not work.
Sucks to be you.
Well worked on standards like BIP39 exist for a reason. This just makes a mess of it.
The universe is expected to last much longer then that. As in trillions of years.
Our solar system will be toast in about 10 billion years.
Either way does not matter. Still won't crack it in a lifetime.
-Dave
So 12,356,630 "words" gives 23.56 bits per word. 132/23.56 gives 5.6, which means 6 word seed phrases.
The important point to note is that an Electrum seed phrase is not converted back in to the entropy which generated it, or broken down in to bits, at any point. Unlike BIP39 which does require a fixed and known wordlist so it can convert your words back in to bits in order to verify the checksum, Electrum's version system simply hashes your words as they are and uses the first 8 or 12 bits of that hash.
After this, in order to actually start generating private keys, the next step (for both BIP39 and Electrum) is to feed your words as they are in to HMAC-SHA512, alongside salt of the word "mnemonic" (for BIP39) or "electrum" (for Electrum) concatenated with any passphrase. So again, no need for Electrum to convert your words back in to bits. (This is also why you can import BIP39 seed phrases with unknown wordlists in to Electrum. Electrum will warn you it is an unknown wordlist and it cannot verify the checksum since it cannot convert your words back in to bits in order to verify the checksum as I've explained above, but it can still feed those words in to HMAC-SHA512 and generate master keys and subsequent child keys.)
But yes, I'd highly recommend nobody does this. Understanding the principles of what is going on is all good, but you should always stick to the standardized methods.
Doesn't matter for Electrum seed phrases - Electrum does not need to know the wordlist used. For BIP39, even if every copy of the BIP39 wordlist was lost forever, you could still recover BIP39 seed phrases, you just wouldn't be able to verify the checksum.
But is it not possible, that the words in your seed phrase (that you made by using the wordlist of thesaurus) are not included in the seed phrase of BIP39 wordlist. I mean, if the words are not included in the BIP39 wordlist, it makes it more secure. Or isn't.
I do understand the underlying encoding procedure is same but the words are changed, and what if we remove all the words from BIP39 list and use the remaining ones to create a seed phrase for electrum, it will use the same encryption method to create the seed phrase but it will be more safer than before, or I am missing something here.
And a question of seed phrase and pass phrase, the phrase you created by giving the wordlist of thesaurus, is it seed phrase or pass phrase? I mean in pass phrase we use our own preferred words. Or I am also missing something here.
Seriously, does it really matter if something takes 10^3*10^12+3 or 10^3*10^33+3 years to bruteforce?
By the way, Electrum creates 132 bits of entrophy, 11 bits of entropy per word (12 words). If you increase the number of words in wordlist, like I offered and o_e_l_e_o demonstrated, the number of bits of entropy per word will increase and the number of words will decrease, like he generated 8 words instead of 12 words but his number of bits of entropy per word increased from traditional number 11 to 18.83.
Just read this line:
So, this is a little trick and that's why opened a topic. People think that 2048 words are not enough and their public availability makes them a victim of hackers. Now, what about all the words that exists in English language? Sounds cool, right? Only some words from half a million words to generate your bitcoin wallet seed phrase. But in reality, if entropy is 132 bits, you will get 8 words instead of 12 words. Instead of increasing number of words, one should increase number of entropies and move from 128 bits to 256 but reality is that simply there is no reason. People are paranoid and are looking for false sense of increased security when there is absolutely zero danger. It's like living in New Zealand and collecting weapons to protect yourself from Dinosaurs attack. There are no dinosaurs, you don't need a weapon.
Related topics
- Recovering a Bitcoin wallet and address 8
- CipherSeed: A Comprehensive Guide to Super-Secure Crypto Wallet Backups 5
- Issue with Bitcoin Core Wallet after power outage 8
- Transforming my wallet into an HD wallet bitcoin core 26 4
- Help Needed: BTC Purchase via Trust Wallet Where's My Bitcoin? 12
- bitcoin-qt sync issues and slow speeds 6