Lately, I've been really looking into how mnemonic phrases protect our digital assets, and I've realized something that’s both intriguing and a bit alarming. The security behind a mnemonic phrase really just comes down to a race against time and computing power.
First off, a 12-24 word mnemonic phrase isn't secure because of some fancy encryption; it's actually safe because we don’t have the computing resources or time to check every possible combination in a practical timeframe.
Each word in the mnemonic provides 11 bits of entropy, leading to a total of 256 bits for a 24-word phrase. It's such an enormous number that even with all the supercomputers out there, testing them all would take millions of years given today's tech.
I like to refer to this as "security through delay." It means the main thing keeping someone from brute-forcing a mnemonic is the time it takes to compute.
Once that time barrier is broken, thanks to progress in distributed computing, GPU parallel processing, or even quantum computers, the defenses around mnemonic wallets get really thin.
Just to explore this further, I put together a Node.js script that randomly generates mnemonic combinations and checks them against checksum patterns. It can even test different phrases if you know just one word’s spot among the 12 or 24 words, basically mimicking what a brute force attempt would be like in a limited setting.
What is supposed to be the point of your AI post?
It is well known that mnemonic phrases depend on this kind of security. Did you know that it is the same for many other computer security mechanisms? Many encryption algorithms such as AES, RSA, ECC and many others are secure only because it is computationally infeasible to break them within a reasonable amount of time. You must be new to cryptography, welcome.
The main purpose of AI posts is nothing because the AI who can create posts comes to this forum and posts ordinary AI to hear the comments of the forum members. I think it would be better if he heard the comments from AI himself. Besides, there is no point in posting these baseless AI posts here. I don't know why they create such posts.
I think you forgot that - I talk for Electrum - there's that 100,000 sha256 rounds -, that make unfeasible to even think to put in practice the brute force. Other wallets that got mnemonics probably got some security mechanism in place also.
Ever since humanity invented encryption over a thousand years before computers were invented, it was a race against time and every encryption algorithm has had an expiration date
Are you alt-account of OP?
There is no 100k rounds of SHA256 used by Electrum mnemonic algorithm. In fact the algorithm is pretty much the same BIP-39 which is what other wallets use as well.
The security of the mnemonic algorithms is not based on what the algorithm does (the hash rounds you have in mind), but instead based on the size of the initial entropy. When the smallest entropy allowed is 128 bits, they provide 128 bits of security which is the same security level provided by a 256-bit private key on an elliptic curve like secp256k1.
Nope, no alt. I did checked it again, since last time I had to do with electrum (some long time ago) I saw that there's 100,000 sha256 rounds. But looks like that it's gone.
I was talking about this one: https://github.com/spesmilo/electrum/blob/1.9/lib/account.py#L70-L74 (v 1.9)/ https://github.com/spesmilo/electrum/blob/4bce545c262906ee3ebff30832a1c3328a53b9ae/electrum/keystore.py#L790-L797 (current, this one under Old_KeyStore class) - on 1.9 can be found under OldAccount class. So I'm sorry about that.
Praecedens commentarius meus erravit. Mea culpa.