Bitcoin Safety: Why 12 Words are Better Than 24

This is a great example of the point I was making in the video.
From their website: Trezor Suite will automatically initiate a device with Shamir backup using 20-word shares (128-bit strength).
trezor.io/learn/a/what-is-shamir-backup
Note that it says 128 bit strength. Even though there are more words it will contain the same amount of entropy as a 12 word seed phrase.
There are tradeoffs with Shamir - I would argue that it’s not worth it in 90% of cases because it complicates your recovery process.
But regardless - it’s not “safer” just because there are more words. It’s exactly the same amount of entropy

@@RhettReisman , thanks! It seems the best way is to use 12 words, keep it simple, and don't lose your seed. Anything beyond that just adds risk, not reduce it. No matter that the numbers show.

Yeah it’s a really interesting concept - happy to help :)

You dropped this king 👑

Happy to help :)
Happy new year!

Happy to help 🫡

That could be a good work around as long as you make sure the 24 word has enough entropy

Thank you! Happy to help :)

Appreciate it 😁 happy to help Steve

Hey Jarol happy to help!

It needs to be from the bip39 dictionary - not every dictionary word works.
You can select your own words, but you shouldn’t because you’ll likely pick a low entropy seed phrase. Computers are better at picking words randomly.

You dropped this, king 👑

Check out this video if you haven’t already ruclips.net/video/D9j5y3tyMo8/видео.htmlsi=fAFAFc-UFR0Hj7Kq
I go over the random function in Python and show you how different seeds affect the number. It is pretty confusing though lmk if there’s a specific part that I could explain better r

Yeah, I find this confusing too, as long as we are choosing out of the 2048 word pool randomly for each word, shouldn't it be more secure in theory with 24 words, AND in practice? It's just not random enough? What does only using 128 bits of entropy with 24 words really mean here? Isn't entropy just a function of how many random words you use, IE: 12 vs 24? How is it "unused" entropy as per the quote? Isn't it being used by nature of having the randomly generated 24 word seed phrase?

Maybe the person he was quoting in the video was just a blow hard trying to sell a book?

Andreas is definitely not a blow hard trying to sell a book - he’s released it for free to everyone on the internet
In practice most hardware wallet manufacturers are only using 128 bits of entropy. Think of the bits like empty slots where a number can go.
A bit can have 2 values. 0 or 1. If I have 128 slots (bits) I have 2^128 possible values or 10^38 possible combinations
If I have a 24 word seed phrase and 2048 possible words that’s 10^79 combinations.
If I have more combinations of seed phrases than I have slots of available entropy I’m having to drop all that extra entropy - it ends up not being used.
It’s a software/hardware reality of production HD wallets that is dropping entropy for 24 word seed phrases

@@RhettReisman The problem with your explanation, is just the blanket statement saying that modern day hardware wallets only use 128 bits of entropy with no explanation or anything to back it up. I've seen other videos that explain how entropy works and how there are about 11 bits of entropy in each word. (It's really 10.6 repeating) so 12 words x 10.6 repeating is 128 bits of entropy and 24 words x10.6 repeating is 256 bits of entropy
Entropy is just how random the whole thing is. You can have 12 random words for 128 bits of entrophy, or 24 for 256 bits of entropy. Making a program that chooses from 2048 words 24 times is not complicated at all, it's just a few lines of code not counting the word list you've have to look through.
So to say that most wallets are only made with 128 bits of entropy even if they have 24 words is like saying 12 of the 24 words weren't chosen randomly. It doesn't make any sense.

@@RhettReisman And on the point about more seed phrases than slots. Each word is made of 11 bits, so it's 2^11 possible combinations for the 0's and 1's since there's 2 choices 11 times, so that's 2048 possible words. You're just doing that 24 times instead of 12. All of the possible bits are covered with the 2048 words.

Happy to help :)

If a wallet only uses 128 bits of entropy (which is what most of them are doing) 12 words and 24 words are including the same amount of randomness.
In that case 12 words is more secure than 24

@@RhettReisman i think I understand. But then why not on 256 bits if 24 words ?

Dice should fix the problem if you roll 100

Thanks man happy new year 🎆

Computers don't know which seed phrases are generated and which ones aren't

It doesn’t matter how many people use bitcoin it doesn’t get any easier to guess a seed phrase. We already know every combination of seed words - the point is that number is way too high for you to ever guess a single one (there will always be wayyyy more empty seed phrases than populated ones). 250,000,000 is still like 10^13 smaller than a 12 word phrase. It’s imperceptibly small.

@@RhettReisman Appreciate the comment back. That's just the question I get the most. Can I guess 12 words and unlock somebody's wallet somewhere in the world. I use multi signature storage anyways. Is it possible, or is it already you being used a computer guessing seadt phrases to unlock a wallet with bitcoin. Instead of guessing hash, it would be guessing to seed phrases

Yeah - ledger, trezor, coldcard, etc. basically every hardware wallet

Great question. I assume that would fix your problem, but might depend on the hardware/firmware of the wallet

Happy to help :)

If you generated the seed using Trezors normal process you’re fine
It’s just that it’s probably the same level of security and harder to store than 12. If you already have one though it’s less important to try to get a new one

There is no Secure Element in the Trezor One, you should upgrade to Trezor Safe and regenrate your 24 words seedphrase in it (or switch to a 12 words ... it's much easier to memorize)

@@thomasconstant9354
I can't do it...Bitcoin is too complex for me. I'm a dummy.
I switched to ETF & MSTR with little BTC in my trezor.

It would if the wallets that generate the 24 words use 24 words of entropy, but most don’t.
Because most only use 12, they’re functionally the same.
Every computer on earth working together would take centuries to crack a 12 word seed phrase.
You shouldn’t worry about it

@@RhettReisman Thank you, even with the security of a 12 word seed, would you recommend adding a passphrase for extra protection?

@@tpks2542 , I am also interested in that question. I sense the answer is yes but to me this seems like all one is doing is adding a paper wallet overlay (memorized passphrase) to a HD wallet. HD wallets were meant to eliminate paper wallets but adding a passphrase to me seems like going backwards.

@@tpks2542yes 12 words plus a few words as a pass phrase

@@tpks2542 If you use a physical ledger, the passphrase will definitely add a serious layer of security as it is not stored on a the device.

They also allow 12 and 18

@@RhettReisman oh!

It’s likely that if you guess 100 random wallets that they’ll be empty because there are more wallets combinations than grains of sand on earth. 100 guesses is not very many

Exactly! People want to get too smart with all of this and some of them will pay the price.

Exactly! People want to get too smart with all of this and some of them will unfortunately pay the price.

I’m him. I didn’t forget. You can use 12.
🧠🧠🧠🧠🧠