Is the 12-word phrase app-specific?

Question

I'm new to Bitcoin and trying to understand it, step by step. I tried to make a wallet using Electrum. This gave me 12 words which seem to allow me to regenerate my wallet's private key. When trying to use this 12 words in Exodus (another wallet app) it says those 12 words are invalid. So, I figured these 12 words might be an app internal thing...

Seeing Chris Chen's comment here seems to confirm this.

So, the question would be: if I happen to get my 12-words compromised and someone gets to know them, would I then be still safe as long as this person does not figure out which wallet app I used?

Answer 1

No your funds would still be at risk. There are only a few popular wallets that use seed phrases.

Most wallets use BIP39(https://en.bitcoin.it/wiki/Seed_phrase) but there are some that use different versions or no seed words at all.

Electrum does not ouse BIP39, see their docs explaining why. https://electrum.readthedocs.io/en/latest/seedphrase.html

It would be extremely easy for an attacker to try the most popular versions and steal your funds.

Answer 2

if I happen to get my 12-words compromised and someone gets to know them, then I would be still safe as long as this person does not figure out which wallet app I used?

Technically, no. The attacker only needs to figure out the algorithm used to convert the passphrase into the public key, which may be used by multiple apps.

But that is probably not what you are asking. To answer your real question, if your wallet app is popular, or uses the same algorithm as a popular app (and presumably new Bitcoin users tend to use popular wallet apps), then it would be extremely easy for the attacker to figure out which algorithm you used and therefore compromise your private key. They would simply need to try every popular app, as m1xolyd1an pointed out, and there so few of these that this task would be trivial. So no, you would not be safe.

(This is theoretically the same as trying every possible passphrase, except that there are so many possible passphrases that this is basically impossible.)

Answer 3

With the seed phrase exposed, your funds are likely to be stolen since majority of the wallets implement BIP-39 (which standardize seed words generation). With the exception of Electrum, it would be easy, possibly import attempts in less than five wallets, for someone to transfer the funds.

To quote a section on wallets and seed words (mnemonic words) in the book; Mastering Bitcoin:

Mnemonic codes are defined in BIP-39 (see [appdxbitcoinimpproposals]). Note that BIP-39 is one implementation of a mnemonic code standard. There is a different standard, with a different set of words, used by the Electrum wallet and predating BIP-39. BIP-39 was proposed by the company behind the Trezor hardware wallet and is incompatible with Electrum’s implementation. However, BIP-39 has now achieved broad industry support across dozens of interoperable implementations and should be considered the de facto industry standard.

As a side note, if you used the optional passphrase at the time of generating your seed words (as BIP-39 provides for ),someone attempting to import your seed words, without knowledge of the passphrase will end up on an empty wallet.

Answer 4

Definitely your funds would still be in danger. The word list isn't universal but the fact that even a few of the seeds were to be known cuts down drastically the amount of time it would take to crack a 12 word mnemonic seed phrase. With encryption it is more about how long it is going to take to crack something... not if. As it is now, if the wordlist is known.. and the user is using a 12 words as opposed to 24, depending on the wordlist size it could be possible to crack with progression of the outrageous 256 core cpu's and these cluster computers. Well here are some numbers to show

P(n,r) = {n!}\{(n - r)!}

100 word list with 12 words needed to crack it

P(n,r)=P(100,12) = 503153364153791070720000 possible permutations

100 word list and 24 words needed to crack it

P(n,r)=P(100,24) = 49496938581413018841693936714706785140736000000 possible permutation

100 word list and 6 words needed to crack it --> this is scary cause if half of your seed words get compromised... P(n,r)=P(100,6) = 858277728000 granted if only solving one permutation a sec that's still impossible.. but what of those 256 core consumer cpus.. 256 cores solving 1 a second each and what if they had 10, 20 of them? what if a server farm clustered. So it doesn't matter the brand style or make of the mnemonic seed phrase generator or wallet...ANY time your password is even slightly compromised... it is compromised... period. and you should be concerned.