How hard is it to guess a seed phrase? (2024)

When you sign up for a new bank account, you will most likely be asked to verify your identity and provide personal information about yourself. Apart from other things we won’t get into, this enables the bank to uniquely identify you as a customer and make sure nobody else can open an account in your name or access your existing one.

With bitcoin wallets, things work a bit differently. Since there is no single point of authority in a decentralized network, users cannot “open” a wallet in the same way one would open a bank account. On the contrary: Bitcoin wallets can be created without any coordination or communication with anyone else, which raises an interesting question for many: How do wallets protect against accidentally creating an “already existing” wallet – or even doing so on purpose?

A bitcoin wallet is essentially just a collection of private keys. With hardware wallets like the BitBox02, these private keys are generated, stored and managed in a very secure way while maintaining ease-of-use. Some wallet setups might be more complicated than others, with additional protections like passphrases or advanced strategies for wallet backups in use, but in the end they all safeguard only a small piece of information.

As with most other things, information can get stolen if not properly taken care of, compromising it forever once revealed. This is why protecting the information to access your wallet – the backup recovery words on paper, metal or a microSD card is so important.

Still, this doesn’t answer the question of how we can prevent the creation of “duplicate wallets” as described above. The simple answer to this question is that we actually can’t. In theory, you might become rich on accident when you create a new wallet on your BitBox02 (or any wallet for that matter)! Don’t get too excited, though, as we now explore the more thorough answer to this question.

We already established that a bitcoin wallet simply stores information. Information can be represented or “encoded” in many ways. While the user of a bitcoin wallet might use recovery words from the BIP-39 wordlist as an encoding method, a hardware wallet will use a binary representation of zeroes and ones – because that’s how computers work.

Regardless of the encoding method used, the secret information behind a bitcoin wallet with 24 words is just a very large number, containing 256 consecutive ones and zeroes:

To measure the amount of information in a number like this, experts will often bring up the concept of “entropy”, which is just a fancy word to express how difficult it is to guess it – at least in the context of a bitcoin wallet.

For example, if you flip a coin four times in a row and note down the results, you will end up with four bits of entropy. Eventually, guessing the correct order of heads and tails is easy in this case, as there are only 16 possibilities in total. In other words: Creating a bitcoin wallet based on four coin flips is a very bad idea.

Note: If you really want to create a wallet yourself by “rolling your own seed”, please check out our blog post on the topic first, as there are important aspects to consider.

You might jump to the conclusion now, that 256 bits of entropy are not enough to create a secure bitcoin wallet. Modern computers can perform billions of operations per second (and growing), so surely someone will eventually guess a number that happens to lead to a big bitcoin stash, right?

Let’s draw some comparisons to illustrate how impossibly large these numbers actually are.

Comparing the difficulty of guessing a seed phrase with 24 words to real world examples is quite hard, because such real world examples simply don’t exist.gi The theoretical total amount of Bitcoin wallets, which sits around 2²⁵⁶, is more or less comparable to the amount of atoms in the observable universe. Our brains quickly struggle to process or even imagine the true magnitude of such a number, since the observable universe is already unfeasibly large by itself.

Playing along with this analogy, telling someone to take a guess at your recovery words would be comparable to someone taking a round-trip around the entire known universe and by chance picking the same atom you selected before them.

But what about using just 12 recovery words, which is common practice among other wallets and also an optional feature in the BitBoxApp? Although the random number behind wallets with 12 recovery words is a lot smaller (2¹²⁸), it is still large enough from a security perspective and roughly comparable to 57 billion times the weight of planet earth in grams. Our traveler from above would have to pick the correct one-gram-piece of one of 57 billion earth like planets, which, even if not comparable to the entire universe, still sounds very unlikely.

As we learned in the previous sections, a bitcoin wallet can only be deemed secure if the random number which was used to create it has a high enough entropy.

Crucially, this does not automatically apply to every large number, because not every large number was created randomly. As an example, the number 2121212121… and so forth has a clear pattern to it. Everyone knowing this pattern can quickly apply it to any arbitrary length, which would make any wallet created like this insecure.

There have been numerous cases of hacked wallets in the past due to weak random number generators, which use reproducible or predictable patterns, kind of like the one above, resulting in numbers that aren’t truly random. Another example would be users themselves, who used weak and common passwords to create their wallets (also known as brain wallets).

For this reason and to increase redundancy even further, the BitBox02 draws the random number used to create wallets from several sources of entropy: