Are 24 word Bitcoin seed phrases better than 12 words for security? Liam 'Akiba' Wright · 3 months ago · 3 min read
News ▸ Bitcoin ▸ Analysis
The real security challenge often lies not in the length of the seed phrase but in how users store and protect it.
Liam 'Akiba' Wright
Jun. 21, 2024 at 3:58 pm UTC
3 min read
Updated: Jun. 21, 2024 at 4:00 pm UTC
Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.
Ad
At the heart of crypto wallet security lies the seed phrase, a string of words that serves as the master key to accessing and recovering digital assets. While both 12-word and 24-word seed phrases are commonly used, the differences in their security implications have been debated within the crypto community.
The 12-word seed phrase provides 128 bits of entropy and has been the standard for many crypto wallets. This level of entropy translates to an astronomical number of possible combinations, making it highly resistant to brute-force attacks with current technology. In contrast, 24-word seed phrases offer 256 bits of entropy, doubling the theoretical security.
However, the practical security gain from using a 24-word phrase over a 12-word one is not as substantial as the numbers suggest. The effective security of Bitcoin’s elliptic curve cryptography (secp256k1) is 128 bits. This means that regardless of the seed phrase length, an attacker cannot reduce the number of steps required to calculate a private key from a public key below this threshold.
12 words is enough
Adam Back, a prominent cryptographer and CEO of Blockstream, has advocated for the sufficiency of 12-word seeds, stating that they provide adequate security for most users. The shift towards 24-word phrases in some hardware wallets, such as Trezor, was primarily driven by specific implementation requirements rather than a pressing need for enhanced security.
The real security challenge often lies not in the length of the seed phrase but in how users store and protect it. Both 12-word and 24-word phrases are vulnerable to phishing attacks, physical theft, and user error in storage. A securely stored 12-word phrase is far more effective than a carelessly handled 24-word one.
From a user experience perspective, 12-word phrases offer distinct advantages. They are easier to write down, remember, and input, reducing the likelihood of errors during wallet recovery processes. This simplicity can be crucial in high-stress situations where users need to access their funds quickly.
While 24-word phrases do provide a higher level of theoretical security, the practical benefits in the context of current cryptographic standards are marginal. The additional complexity they introduce may even lead to increased user errors, potentially compromising security.
Using 24-word phrases might be justified as an extra precautionary measure for institutional or high-value accounts. However, a properly secured 12-word seed phrase offers more than sufficient protection against potential threats for the average user.
Where 24 words may be better
Wei Dai, a renowned cryptographer and creator of b-money, offers a nuanced perspective on the security implications of seed phrase lengths. He emphasizes that while a 12-word seed phrase (128 bits of entropy) is theoretically sufficient for single-user security when hashed to a 256-bit key, the situation changes dramatically in a multi-user environment.
Dai points out that this construction can only support up to 2^64 keys before risking collisions, a limitation that becomes significant in real-world deployments where millions of users generate wallets. His insight illustrates the importance of considering concrete security bounds and more comprehensive security models that go beyond single-user scenarios.
As the crypto ecosystem evolves, so do the security measures surrounding it. Some wallet providers now offer customizable entropy options, allowing users to choose between 12, 18, or 24 words based on their personal security preferences and risk assessments. Options such as Shamir Secret Sharing are also available on some hardware wallets using 20 or 33 words.
Ultimately, the choice between a 12-word and 24-word seed phrase should be based on a user’s specific needs, technical comfort level, and risk profile. While the longer phrase may offer a psychological sense of increased security, users should remember that the most critical factor in protecting their digital assets is their seed phrase’s careful handling and storage, regardless of its length.
Education on best practices for seed phrase management remains crucial. Whether opting for 12, 18, 20, 24, or 33 words, users must prioritize secure storage methods, such as offline backups and hardware wallets, to ensure the safety of their digital assets in an increasingly complex digital landscape.
Mentioned in this article
Bitcoin Adam Back
Posted In: Bitcoin, Analysis, Featured, Wallets
Author
Also known as "Akiba," Liam is a reporter, editor and podcast producer at CryptoSlate. He believes that decentralized technology has the potential to make widespread positive change.
@akibablade LinkedIn Email Liam
Editor Editor
News Desk
Editor at CryptoSlate
CryptoSlate is a comprehensive and contextualized source for crypto news, insights, and data. Focusing on Bitcoin, macro, DeFi and AI.
@cryptoslate LinkedIn Email Editor
Ad
Ad
Latest Bitcoin Stories
Latest Alpha Market Report
Latest Press Releases
View All
Disclaimer: Our writers' opinions are solely their own and do not reflect the opinion of CryptoSlate. None of the information you read on CryptoSlate should be taken as investment advice, nor does CryptoSlate endorse any project that may be mentioned or linked to in this article. Buying and trading cryptocurrencies should be considered a high-risk activity. Please do your own due diligence before taking any action related to content within this article. Finally, CryptoSlate takes no responsibility should you lose money trading cryptocurrencies.
