At 12:00 > For people who need more info: if you use dice, you get 128 bits of entropy - aka 12-words entropy - with 50 dice rolls (6^50 = 2^128 = 10^38). And 256 bits of entropy - aka 24-words entropy - with 100 dice rolls. BUT remember that 12-words is enough, and is NOT less secure than 24-words. Yes, it feels counterintuitive, but take a look at my other comment for more info.
At 07:30 > SHA-256 is not at risk to be broken by quantic computers. It's only the elliptic curve cryptography (like ECDSA and Schnor) that can be broken by quantic. Quantic can regenerate the Private key from a Public key (aka breaking ECDSA), but cannot regenerate a Public key from a Bitcoin address (aka breaking SHA-256). Satoshi Bitcoins (locked with only a Public key) are at risk, and will be accessed by the first company that own a quantic computer. But our Bitcoins (locked behind Addresses) are not at risk.
Thanks! I found the following a really good commentary on the topic: foundationdevices.com/2023/06/make-12-words-the-standard/ Some critical text from this which has helped improve my understanding as I’ve long operated with the belief that 24 is strictly better: “If you were to use a 24 word seed phrase, even though it would provide additional entropy when generating private keys, the underlying private key would still be broken in 2^128 operations - exactly the same as a 12 word seed. This means that longer seed phrases will not add additional security to the underlying private keys themselves, and only increase the difficulty of brute-forcing a given seed phrase (something that is already statistically impossible for a 12 word seed phrase).”
If you’re going to do a passphrase, I’d recommend at least 12 ideally w/ a mix of letters/numbers and upper/lower cases. Longer if you can, but then that starts to get complex. The following is a very helpful reference as well: www.reddit.com/r/dataisbeautiful/s/oEOSIOKGkN
Remember, 12 words is enough. I know it feels counterintuitive, but that's true: 24-words IS NOT more secure than 12-words, simply because Bitcoin elliptic curve security is only 128 bits anyway. So, using 24-words is like having a 100-character password, while your computer will only look at the first 128 characters anyway, and ignore the rest. SOURCES • Andreas Antonopoulos > Video of may 2023 > At 42:50 ruclips.net/user/live9scIevuymZM?feature=shared&t=2568
Ian: please touch on. Let’s say one wants to start from scratch. Isn’t that really important to use a NONE WINDOW OR IOS system (so NOT ou personal computer) , boot linux on a new computer , dowload Sparrow, Phenix (or Bluu wallet ?) , with air gapped cold card ? Thank you !
Using an "air-gap" ColdCard + Sparrow on any device (PC, Mac, others) is PERFECTLY secure, since Sparrow will ONLY access your xpub (aka master public key), and NEVER your private key (that is stored solely on the ColdCard, and never touch any other device or screen). Of course it necessitates that you use these tools the right way (typically, never enter your 12-words directly on Sparrow or any other app).
@@ikust007 OK. I guess they can access your XPUB indeed, and so monitor your Bitcoin addresses. Maybe using your own node (Umbrel, etc.) may solve this problem.
Similar to what jybevox said, I would imagine there to be a risk of your XPUB becoming known, and I’m also not sure whether running one’s own node would solve for this or not. Definitely an area of security I’m less well-versed in, so will see what I can research and find
Trillions of years to guess a 12 word seed phrase? Assuming this is exaggerated... let's drill down on this with real numbers. Also, knowing that computers are getting exponentially better, what are our seed phrases doing to keep up? ---have any of the thousands of bots trying to guess seed phrases EVER succeeded? It would be hard to believe that they've NEVER ONCE put 12 of the 2048 words in the right order.
Trillions of years seems optimistic indeed. Security experts consensus is that «128bit entropy is far enough» today, and for a long time. Not only for Bitcoin, but for any other finaiclal or critical activities. I guess we'll have to trust them here :) You don't feel confident about it?
It sounds hyperbolic, but it's probably not far off for a realistic brute force attack barring some sort epochal breakthrough in computing technology. Even if you somehow hijacked the hashrate of the *entire* worldwide bitcoin network as is currently stands, it would take something on the order of the age of the universe (roughly 13 billion years) to crack a 128 bit key. Any near future foreseeable brute force attack the median bitcoiner would face would almost certainly have a fraction of a percent of that sort of computing power, so trillions of years would be in the ballpark.
Probably closer to 10s or 100s of billions of years at current levels of computing (trillions is indeed likely a bit much). I’m not aware of a single example of anyone ever guessing a private key. For additional inspiration, check out the GOAT: ruclips.net/video/2eZ5DP2P5As/видео.htmlsi=q7etP2gOfTKTOszd
Yea most estimates I’ve seen are order of magnitude tens of billions (some hundreds) so trillions is indeed a bit much but hopefully folks get the point 😁 Andreas is a favorite on this topic: ruclips.net/video/2eZ5DP2P5As/видео.htmlsi=q7etP2gOfTKTOszd
At 12:00 > For people who need more info: if you use dice, you get 128 bits of entropy - aka 12-words entropy - with 50 dice rolls (6^50 = 2^128 = 10^38). And 256 bits of entropy - aka 24-words entropy - with 100 dice rolls. BUT remember that 12-words is enough, and is NOT less secure than 24-words. Yes, it feels counterintuitive, but take a look at my other comment for more info.
At 07:30 > SHA-256 is not at risk to be broken by quantic computers. It's only the elliptic curve cryptography (like ECDSA and Schnor) that can be broken by quantic.
Quantic can regenerate the Private key from a Public key (aka breaking ECDSA), but cannot regenerate a Public key from a Bitcoin address (aka breaking SHA-256).
Satoshi Bitcoins (locked with only a Public key) are at risk, and will be accessed by the first company that own a quantic computer. But our Bitcoins (locked behind Addresses) are not at risk.
Very good clarification - thank you!
Excellent video! You are a great teacher.
🙏
thanks for your efforts🌹
Great info thanks 👍
Your videos are really excellent. Thank you a lot for sharing all this knowledge :)
Really appreciate that. And thank you for engaging with them!
Fantastic video! Explained in a way that a new bitcoin enthusiast can digest. Thank you Ian!
Really glad to hear that! My pleasure
great video, I am learning.
Love to hear it! It’s a steep learning curve but worth it
great vid. thank you. any notes about 12vs 24 word seed phrases?
Thanks! I found the following a really good commentary on the topic: foundationdevices.com/2023/06/make-12-words-the-standard/
Some critical text from this which has helped improve my understanding as I’ve long operated with the belief that 24 is strictly better:
“If you were to use a 24 word seed phrase, even though it would provide additional entropy when generating private keys, the underlying private key would still be broken in 2^128 operations - exactly the same as a 12 word seed. This means that longer seed phrases will not add additional security to the underlying private keys themselves, and only increase the difficulty of brute-forcing a given seed phrase (something that is already statistically impossible for a 12 word seed phrase).”
Thanks Ian, great refreshers. Curious, what are your thoughts on how many alpha-numeric-ascii characters you feel makes a 'solid' passphrase?
If you’re going to do a passphrase, I’d recommend at least 12 ideally w/ a mix of letters/numbers and upper/lower cases. Longer if you can, but then that starts to get complex. The following is a very helpful reference as well: www.reddit.com/r/dataisbeautiful/s/oEOSIOKGkN
Remember, 12 words is enough.
I know it feels counterintuitive, but that's true: 24-words IS NOT more secure than 12-words, simply because Bitcoin elliptic curve security is only 128 bits anyway. So, using 24-words is like having a 100-character password, while your computer will only look at the first 128 characters anyway, and ignore the rest.
SOURCES
• Andreas Antonopoulos > Video of may 2023 > At 42:50
ruclips.net/user/live9scIevuymZM?feature=shared&t=2568
Great share and clarification - thank you
Whats your opinion about Tangem Wallet? Please make make video.
I've never heard of it! Need to do some research. Looks like the Arculus. Have you used it? Do you like it?
Merci !
Ian: please touch on. Let’s say one wants to start from scratch. Isn’t that really important to use a NONE WINDOW OR IOS system (so NOT ou personal computer) , boot linux on a new computer , dowload Sparrow, Phenix (or Bluu wallet ?) , with air gapped cold card ?
Thank you !
Using an "air-gap" ColdCard + Sparrow on any device (PC, Mac, others) is PERFECTLY secure, since Sparrow will ONLY access your xpub (aka master public key), and NEVER your private key (that is stored solely on the ColdCard, and never touch any other device or screen).
Of course it necessitates that you use these tools the right way (typically, never enter your 12-words directly on Sparrow or any other app).
@@jybevox I agree . My worries are regarding the info that MSFT or Apple can have from the system when updating.
@@ikust007 OK. I guess they can access your XPUB indeed, and so monitor your Bitcoin addresses. Maybe using your own node (Umbrel, etc.) may solve this problem.
Similar to what jybevox said, I would imagine there to be a risk of your XPUB becoming known, and I’m also not sure whether running one’s own node would solve for this or not. Definitely an area of security I’m less well-versed in, so will see what I can research and find
Trillions of years to guess a 12 word seed phrase? Assuming this is exaggerated... let's drill down on this with real numbers. Also, knowing that computers are getting exponentially better, what are our seed phrases doing to keep up?
---have any of the thousands of bots trying to guess seed phrases EVER succeeded? It would be hard to believe that they've NEVER ONCE put 12 of the 2048 words in the right order.
Trillions of years seems optimistic indeed.
Security experts consensus is that «128bit entropy is far enough» today, and for a long time. Not only for Bitcoin, but for any other finaiclal or critical activities. I guess we'll have to trust them here :)
You don't feel confident about it?
It sounds hyperbolic, but it's probably not far off for a realistic brute force attack barring some sort epochal breakthrough in computing technology.
Even if you somehow hijacked the hashrate of the *entire* worldwide bitcoin network as is currently stands, it would take something on the order of the age of the universe (roughly 13 billion years) to crack a 128 bit key.
Any near future foreseeable brute force attack the median bitcoiner would face would almost certainly have a fraction of a percent of that sort of computing power, so trillions of years would be in the ballpark.
Probably closer to 10s or 100s of billions of years at current levels of computing (trillions is indeed likely a bit much). I’m not aware of a single example of anyone ever guessing a private key. For additional inspiration, check out the GOAT: ruclips.net/video/2eZ5DP2P5As/видео.htmlsi=q7etP2gOfTKTOszd
Yea most estimates I’ve seen are order of magnitude tens of billions (some hundreds) so trillions is indeed a bit much but hopefully folks get the point 😁
Andreas is a favorite on this topic: ruclips.net/video/2eZ5DP2P5As/видео.htmlsi=q7etP2gOfTKTOszd
Great video thank you!