0

As the image below shows, when you try to restore an existing wallet from a seed (a sequence of 12 words), the program offers some autocomplete suggestions. Though I'm sure the risk is purely theoretical – in the sense that the number of permutations is high enough to make any attempt at guessing practically impossible – isn't it, still, a theoretical security risk?

What exactly is the benefit of offering autocomplete for a word seed sequence, since it's predicated not on memorization but on safe keeping (ideally on a piece of paper) ?

Just to make it absolutely clear, the image was taken from Github, and (I assume!) it only serves as an example and does not reflect an actual wallet

enter image description here

Beltway
  • 316
  • 1
  • 11
  • It depends where the dictionary for those suggestion lies. If it relies on the operating system, this will make no difference as an attacker already knows only valid words are accepted. – Beltway Nov 16 '21 at 11:25

2 Answers2

0

Phrases consist of words. Attackers know that and will use this word guessing approach already anyway, no matter whether the software helpfully autocompletes manual attempts or not. This just prevents typos and user frustration without impacting the security.

Given the sheer number of words (assuming they were picked in a securely random fashion and presuming the dictionary is at least a thousand words), the chance of stumbling upon someone's actual combination is practically equal to zero without a quantum computer. I see 12 words, even with a small dictionary of 1000 words that's log(1000^12)/log(2) 120 bits of entropy and well outside the range of the most powerful computers today. Autocompleting words will not change that math.

Luc
  • 31,973
  • 8
  • 71
  • 135
0

The auto complete makes no difference at all. The wallet generation uses a dictionary that is part of the BIP39 specification. This dictionary have 2048 words, and by default it uses 12 words, giving you around 132 bits of entropy.

Even if the attacker knows the first letter of every word, he already have the dictionary and autocomplete does not make his work easier. And the work is impossible in practical terms: it does not matter if the attacker guesses the private key only after the heat death of the Universe, because it means Bitcoin exchanges aren't available anymore.

Electrum even have a page explaining this.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142