this post was submitted on 01 Mar 2025
2 points (100.0% liked)

/c/cybersecurity - Cybersecurity News & Discussion

2276 readers
1 users here now

A community for technical news and discussion of cybersecurity and closely related topics.

founded 4 years ago
MODERATORS
gfjzjcx@lemmy.ml
2
ELI5 Seedphrase Cryptography (lemmy.ml)
submitted 3 weeks ago by reboot5853@lemmy.ml to c/cybersecurity@lemmy.ml
8 comments fedilink hide all child comments
 

Hi, could some one explain how are seedphrases considered to be super secure? If it’s just a random string of words from a well-known list of words, what stops someone with a simple python script generating random phrases and trying to open wallets with them?

you are viewing a single comment's thread
view the rest of the comments
[–] catloaf@lemm.ee 1 points 3 weeks ago (1 children)

Yes, if you know the hash is of dictionary words. If you have a hash, with no knowledge of its contents, you cannot make that assumption and must increase your search space.

For example, if I give you this md5 hash: bd49d549f7c1f0169d6d61322a02d39d

How long do you think it will take to guess if you use dictionary words? The answer is "infinity", because it's not dictionary words. What if you expand to all lowercase letters? Uppercase? Numbers? Symbols? All ASCII printable characters? Even then you'll never crack it, because it's UTF-8. With that knowledge, you can probably crack it in seconds because it's a pretty short string, but otherwise, never.

[–] reboot5853@lemmy.ml 1 points 3 weeks ago (1 children)

Thanks for all the answers, Im just going through them quickly now, so quick question, if I understand it correctly, then, knowing seedphrases are from a well known list, all lower case words, doesn’t it make it less safe then? Since attacker knows whats behind the hash? Wouldn’t making it all random instead of using wellknown list more secure?

[–] catloaf@lemm.ee 1 points 3 weeks ago

Yes, it's less secure if they know it's from a list, and which list.

If they don't know that, they have to treat it like a completely random password, which is a lot slower to crack.