this post was submitted on 01 Mar 2025
2 points (100.0% liked)

/c/cybersecurity - Cybersecurity News & Discussion

2276 readers
1 users here now

A community for technical news and discussion of cybersecurity and closely related topics.

founded 4 years ago
MODERATORS
[email protected]
2
ELI5 Seedphrase Cryptography (lemmy.ml)
submitted 3 weeks ago by [email protected] to c/[email protected]
8 comments fedilink hide all child comments
 

Hi, could some one explain how are seedphrases considered to be super secure? If it’s just a random string of words from a well-known list of words, what stops someone with a simple python script generating random phrases and trying to open wallets with them?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

But cracking dictionary words is easier than random characters, isn't it? I mean that's why dictionary attacks are so popular.

Why do password generators use random dictionary words instead of random gibberish?

From the XKCD they seem to say that random words are more secure than words with random pattern. Though I do agree that it's easier to remember !

Maybe there's something I don't get but if everyone use random words as password, attackers need just to use dictionary attacks rather than ASCII printable characters attacks, no?

[–] [email protected] 1 points 3 weeks ago (1 children)

Yes, if you know the hash is of dictionary words. If you have a hash, with no knowledge of its contents, you cannot make that assumption and must increase your search space.

For example, if I give you this md5 hash: bd49d549f7c1f0169d6d61322a02d39d

How long do you think it will take to guess if you use dictionary words? The answer is "infinity", because it's not dictionary words. What if you expand to all lowercase letters? Uppercase? Numbers? Symbols? All ASCII printable characters? Even then you'll never crack it, because it's UTF-8. With that knowledge, you can probably crack it in seconds because it's a pretty short string, but otherwise, never.

[–] [email protected] 1 points 3 weeks ago (1 children)

Thanks for all the answers, Im just going through them quickly now, so quick question, if I understand it correctly, then, knowing seedphrases are from a well known list, all lower case words, doesn’t it make it less safe then? Since attacker knows whats behind the hash? Wouldn’t making it all random instead of using wellknown list more secure?

[–] [email protected] 1 points 3 weeks ago

Yes, it's less secure if they know it's from a list, and which list.

If they don't know that, they have to treat it like a completely random password, which is a lot slower to crack.