Nostr Web Client

If I have your seed phrase, brute forcing your passphrase is not difficult, and gets easier every year. All I need is the UTXO set and cheap compute. There is no rate limiting, and the difficulty of testing a phrase is too low

John Smith 5mo ago 💬 1

it's a password.

you can't brute force a 16 character password I can't brute force it.

maybe a gvmt can do it fast enough, but if you're at that point you're more fucked than just 'oh fuck someone stole my seed phrase' level of fuck.

and if hardware become increasingly close to be able to do it you just make a new wallet.

plus the goal of the passphrase is to give you a layer of security, if someone stoles your seed phrase you should know that someone stole it, thus you gain time to change to a new wallet before they can do anything.

if you can't know that someone stole your seed phrase then your setup is just stupid.

Reply to this note

Please Login to reply.

Discussion

ynniv 5mo ago

That's bcrypt(10). Divide all of those by 1,000 to get a more realistic estimate. This assumes that each character is random, which you are most likely to forget, so really use the number of words / 4, etc.

24 words is a great place to be. This passphrase option isn't making it as hard as you think, and makes it much easier for you to forget your backup