How many tries can someone try recovering wallets and security related to it

Hi there guys,

This is something that worries me a lot and I still don’t understand. When configuring my trezor wallet, it gives you a recovery wallet, but it does not allow you to make the words by yourself as I expected to be. Instead, when recovering a wallet you choose between a lot of words, but it’s still a limited amount of words… This gives me concerns of security related to the basic security of your trezor account wallet.

What I want to ask it’s if there is a limit of tries the people can try different combinations of those predefined words of trezor when recovering wallets, or if there are more security measures about that.

I have found the passphrases that could solve the problem because they are directly another new walled that you make with your own phrase, but still, I am curious about the first point.

Still another question that appears is how can passphrases be non-crackeable? I understand that they are just another combination that connects to a new wallet but still someone could connect with a little of bad luck right? Because they can be accessed with the correct phrase by other passphrases services of other providers…

Thank you in advance and have a wonderful year ñ.ñ

Looks can be deceiving.

There is no limit to the number of tries, but you could run a password cracker for your whole life and not find another valid seed.

Imagine this:
There are 12 words in the shortest seed.
Each word is one of the 2048 pre-selected words in the wordlist.
That means that you need 4 decimal digits to write out the number of the word: 0004, 0018, 0397, 2002, and similar.
(the first digit is only 0 1 2 so let’s ignore it and say three digits per word).

12 words, times 3 digits, is 36 digits.

That is, you would have to guess a 36-digit PIN correctly to find another wallet.
(plus a couple more to account for the 4th digit that we discarded).
Or a 20-character random password composed of upper- and lower-case letters, numbers, and special characters.

For comparison: the Powerball lottery wants you to guess 12 digits to win $240 million.

“But someone could still get lucky…” they really couldn’t, not in real life.

Passphrases are not non-crackable. And indeed, if someone has your seed already, they can run a brute-force attack on your passphrase. If you are worried about that, your passphrase needs to be strong enough to cover you.

What you probably mean is that passphrase cannot be extracted from your Trezor. That is because it’s not stored there!

2 Likes