🔐 12 vs 24 Word Seed Phrases
I recently learned that 12 word seed phrases are actually more secure than 24 word seeds phrases.
Seed phrases as we know them come from a Bitcoin improvement called BIP 39
Instead of generating a giant number that no one can read, BIP 39 generates 12 or 24 words from a dictionary of 2048 words that represent the private key
Here's a list of every possible word that can be in a Bitcoin seed phrase.
— Chris Blec (@ChrisBlec) December 12, 2023
If you can arrange 12 of them in the right order, you can have full access to massive amounts of Bitcoin.
Bitcoin remains secure because humans don't have a large enough brain to solve this puzzle. pic.twitter.com/I1AAMqYUgQ
List of Every BIP39 Word
That gives us:
Possible combinations of 12 word seed phrases: 2048^12 = 10^39
Possible combinations of 24 word seed phrases: 2048^24 = 10^79
To put those numbers into context:
It would be easier for you to find a grain of sand that I hid somewhere on earth than to guess a 12 word seed phrase
But a 24 word seed phrase is safer because the number is bigger right?
Theoretically, yes but in practice it turns out maybe not
And to understand why, first we need to understand how most Bitcoin and Crypto wallets work today
Hierarchical Deterministic Wallets
Hierarchical deterministic wallets (HD wallets) make it easier for people like you and me to use cryptocurrency
Today, when you're using a Bitcoin wallet new addresses get generated to help protect your privacy.
Before HD wallets, if you wanted to generate a new bitcoin public key you needed to write down and store a brand new private key for that address
If you chose not to generate a new public key then every transaction you ever made would be viewable on the blockchain from anyone you ever transacted with
It would be like if everything you bought with your credit card was displayed on a giant billboard outside your house forever
Anyone walking by would immediately know about your six figure OnlyFans addiction and it would be super embarassing for you
To stop that from happening, programmers invented HD wallets
Now you just have to write down a single seed phrase to secure an unlimited number of addresses
So this advancement of HD wallets is great but what does it have to do with seed phrases?
12 vs 24 Words
It has to do with how much entropy (or randomness) gets used to generate these HD wallets
To refresh everyone:
12 word seed phrase has 2048^12 = 5.4 x 10^39 combinations
24 word seed phrase has 2048^24 = 2.96 x 10^79 combinations
Using 128 bits of entropy gets us: 2^128 = 3.4 x 10^38 combinations which fits into a 12 or 24 word seed phrase
Using 256 bits of entropy gets us 2^256 = 1.15 x 10^77 combinations
This is too much randomness for a 12 word seed phrase to contain - you would need a 24 word seed phrase to store 256 bits of randomness.
So the answer is YES a 24 word seed phrase is more secure than a 12 word seed phrase because it can handle more randomness
BUT now we have to ask the question: in practice how much randomness are HD wallet actually to generate your seed phrase?
It turns out that, for the most part, they're only using 128
To back that up, here's a quote from Andreas Antonopolous's third edition of his book Mastering Bitcoin which is basically the bible of Bitcoin
"From a security perspective, the amount of entropy actually used for the production of HD wallets is roughly 128 bits, which equals 12 words.
Providing more than 12 words produces additional entropy which is unnecessary, and this unused entropy is not used for the derivation of the seed in the way that one might initially suspect.
From a usability perspective, 12 words is also easier to write down, back up, and store." - Andreas Antonopolous, Mastering Bitcoin Chapter 5
So, in theory, YES 24 words is more secure
But in practice when you generate a seed phrase from production HD wallets you're only getting 128 bits of entropy
Which means that when you generate a 24 word seed phrase, you're getting the same level of security as a 12 word seed phrase
But security isn't just about cryptographic security there are other practical pieces to security like:
How easy is it to store 24 words vs 12 words?
Is it easier to make a mistake writing down 24 words vs 12 words?
Which is going to be more convenient for recovery?
When you take questions like this into consideration along with
1) The reality that in production 12 word seeds are just as cryptographically secure as 24 word seeds
2) It's more likely that you lose your crypto by making a mistake than someone hacking your seed phrase
It becomes obvious that 12 word seed phrases are MORE secure than 24 word seed phrases
Learn More
If you want to learn more check out Andreas Antonopolous covering this topic on this show
You can also read Chapter 5 of mastering bitcoin which is free to download on Github or grab a physical copy of the new 3rd edition here
If you check out the video on Cursor.sh, you can actually use Cursor's AI to read and talk to the book after you've downloaded it from Github
It's kind of like getting to talk to Andreas and ask him any Bitcoin questions you might have - which is very 2023
See you next week