Is a memorable sentence a safe IOTA seed?

Here’s one that I get asked more often, and there’s a lot of nonsense ‘wisdom’ about it out there, so I am doing the calculations for you.

Here is the initial hurdle for anyone trying a seed: you will need to convert the seed into an address to be able to check if the address was ever used, which is a time-consuming process that involves hashing the seed 730 times. That makes brute force attacks on a seed very slow. Let’s say you can do this process in 1 millisecond. Then trying 1 billion different seeds would take you 277 days. And there are 8.7 x 10¹¹⁵ different seeds…

Okay, let’s limit the amount of seeds by using a memorable one. The average English word length is 5.1 characters. The average person knows 20,000–45,000 words. Let’s take the low count to find the best case scenario for cracking a sentence seed.

There are about 16 5-character groups in an 81 character seed. So that would mean a brute force dictionary attack would have to check in the order of 20,000¹⁶ combinations, which is 6.55 x 10⁶⁸ combinations or 20 orders of magnitude more than the entire Bitcoin address space.

Let’s make it worse for us. Let’s say the most used words are 3000 different words. That would still mean 3000¹⁶ combinations or 4.3 x 10⁵⁵. Which is 7 orders of magnitude over the Bitcoin address space.

Note that many crypto wallets nowadays have a mnemonic phrase to recover your wallet. An example is the BIP39 standard. A simplified explanation of how mnemonic phrases work is that the wallet software has a word list taken from a dictionary, with each word assigned to a number. The mnemonic phrase can be converted to a number which is used as the seed to a deterministic wallet that generates all the key pairs used in the wallet.

The English-language word list for the BIP39 standard has 2048 words, if the phrase has 12 words then the number of possible combinations is 2048¹² or 5.4 x 10³⁹ combinations. And this is still deemed secure. Although there seems to be a move to 24 words. And if you want to encode an IOTA seed using BIP39 you will actually need 36 words!

Here’s a sentence seed that I would have absolutely no problems with (spaces added for readability):

WHY ON EARTH DO PEOPLE THINK THAT A MNEMONIC SEED CANNOT BE SAFE ENOUGH TO PROTECT MY FUNDS 9 IDIOTS

See how simple it is?

One additional note: making your memorable sentence a word list instead of an actual sentence increases the randomness considerably, because an ordinary sentence evidently has certain patterns that could possibly be exploited. Don’t ask me how, there are zealots out there that keep on repeating this as a mantra: the information density of an English sentence is about 1.2 bits per word. Which may be true, but where would you begin? How would you verify that you are on the right track for cracking a seed without generating the entire 81 character sentence and trying it out? I agree that if you know it’s a sentence you could use grammar rules to rule out unlikely combinations, but still I would not hesitate to use the above sentence seed.

Granted, using very common sentences like the start of a popular lyric or prayer will probably get you hacked at some point. But that has nothing to do with the density of information. That has more to do with plain stupidity. The same goes for ‘themed’ seeds strictly made up of for example Star Trek words. Even though unlikely it may be that someone will try a dictionary attack like that because of the amount of nerds in crypto space. Use your brain to think like an attacker and rule out the weak ones.

So what would be a good random word seed and still be memorable? Any random word list you come up with! Seriously. Make sure the words are really unrelated. Just look around you for inspiration and add a few words that only you could think of. You will find that just the process of coming up with the sentence and writing it down will already help you remember it.

Adding weird (or foreign) words to the mix, repeating a word somewhere (to combat attacks that explore the uniqueness of words), introducing deliberate spelling errors (that result in non-existent words, like: errros) and mixing in the number 9 here and there in the middle of a word dramatically increases the brute force search space and hence the security.

Here is one I am creating right now on the spot (spaces added for readability):

PEPPERMINT BACKPACK PRINGELS MICROWAVE TOWEL BULLSHIT ROSEBUD FLASH WAIKIIK DIARRHEA KABOOM

Note the typos in ‘pringles’ and ‘waikiki’ to make them nonsense words. I would gladly put a fortune behind this seed (if I had not included it in this article for everyone to see) or a similar one.

Finally, brute force isn’t the attack vector you have to fear except in pathetic cases. There is a MUCH MUCH MUCH larger chance that someone will steal your key (even if it was randomly generated) by finding it stored in readable form on your hard drive (people are inherently lazy) or by a virus that installs a key logger or clipboard logger on your system. In the end us humans are the weak link in this. Most security breaches are done through social engineering.