Which is better: a secret phrase of 12 or 24 words?

Many people have a question when creating a wallet: “What length should I choose, 12 or 24 words?” Today we'll find out if a long secret phrase is actually safer.

Does length affect safety?

According to BIP39's proposal at https://bip39-phrase.com/, a mnemonic phrase can consist of 12, 15, 18, 21, and 24 English words. Most often we can find 12 and 24 words in wallets.

12 words contain 128 bit entropy – that’s 2 to the 128th power. And this is a huge number that is difficult for a person to imagine. Modern supercomputers cannot work with such orders.

Although a 12-word secret phrase is safe, we still recommend using 24 words. Now we will explain why.

Check sum

A 24-word phrase better protects the user from himself. That is, it is more difficult to make a mistake when writing a mnemonic phrase because protection in 24 words is better than protection in 12 words. We are talking about a checksum, which in 24 words is 8 bits long, versus 4 bits in 12 words.

Let's give an example for clarity. Let's generate a secret phrase of 24 words and substitute it into a script that determines the meaning of the missing word.

We select a length of 24 words and generate a phrase. 

We insert the phrase into the script and put the ? in place of any word. 

After we specify the twenty-fourth word as missing, the script will give eight options. Imagine that we actually made a mistake in the last word and are trying to regain access to the funds. Then we will need to substitute the eight words suggested by the program one by one.

Now we’ll do the same thing, only we’ll generate a seed of 12 words.

We substitute the seed into the script and mark the last word as missing. 

We get 130 options that can be substituted for the pass.

It turns out that finding one missing word in a phrase of 12 is more difficult than finding one word in a phrase of 24.

Entropy

12 or 24 words are based on a random number. To generate a random number for 12 words, we need to flip a coin 128 times, and for 24 words - 256 times. The random number generator we use is of great importance here. For example, if a coin lands on the same side many times, this repeated value will be less noticeable in 256 coin flips than in 128 coin flips.

A large number of repetitions increases the sequence of random values.

Splitting a phrase

Some cryptocurrency owners like to divide their secret phrase into parts. This is a serious security breach and should not be used to store seed. However, phrase splitting can be used to make a multisig wallet.

We use the service and enable the function of dividing the secret phrase into cards. We generate a phrase and enable the show cplit mnemonic cards function. 

Each of the three cards has four different words missing. And we see that it will take only 109 seconds to select the missing words.

Generate a phrase of 24 words

After we split the 24 word phrase, each card will have eight words missing. In order to pick them up, the fraudster will need to wait 38,308 centuries and 54 years.

Finding missing meanings in a 24-word phrase is almost impossible.

Sequence selection

If you mix the order of words in a secret phrase, then the correct sequence can be determined by brute force using the computing power of computers. Once we know which words are used in the seed and need to establish their order, this task will be relatively easy to complete if we establish a sequence of 12 words. However, if you try to collect a seed of 24 words, it will require a huge amount of time and resources.

Establishing the correct sequence of 24 words is also almost impossible.

Compatibility

All crypto wallets are different from each other, some allow you to use only a 12-word phrase, and some models allow you to choose the length of the backup.

The most popular phrase length used in hardware wallets is 24 words. Therefore, if you plan to use different wallets, it is better to work with 24 words.

The 24-word phrase is used in almost all crypto wallets.

Conclusions

We talked about how a 24-word secret phrase helps prevent potential user errors. When splitting a long phrase, scammers are unlikely to be able to find the missing words. During seed generation, it will be easier to create a sequence of random numbers, and if you forget one of the words, it will be easier for you to find it.

From a security point of view, 12 words are not inferior to 24. And the advantage of a short seed is that it is easier to remember.