If I understand correctly, a 24-word seed is just a 12-word seed with 12 extra decoy words in it. Is that correct?
If so, how can I compute a 12-word seed corresponding to the same wallet as a 24-word seed?
No.
1 Like
Oh, I see, thanks. I got confused by this bit in Recovery seed - Trezor Wiki
To add more strength (randomness) when recovering a 12-word seed on Trezor One, there are 12 fake dummy words introduced by the device and mixed in the pool with the real words. The user inputs the real words mixed with the fake ones, all randomly shuffled, and the device itself sorts them out.
I still have a slightly different question, though: can a 12-word seed and a 24-word seed point to the same wallet? And, if so, what calculations do I need to make to switch between the two?
The answer to you first question is no, it’s either a 12-word wallet or a 24-word wallet (or something in between - a 18-words, perhaps).
About the second question, I’m puzzled why you ask? Do you have a problem with your wallet?
I’m asking because you asked about PIN safety in another thread.
Thanks. I don’t have a problem with my wallet. I just want to know a bit more about this.
Not really.
The seed words are hashed to generate a master secret. Hashing is a one-way process: when you take the resulting master secret, there is no way to find words that generated it, except trying all possible combinations of words.
It’s cosmically unlikely, but not entirely impossible, that there’s a set of 12 words and a matching set of 24 words which, when hashed, come out to the same master secret. However, (a) there’s no guarantee that given a concrete set of 12 words, there exists a corresponding set of 24 words, and (b) even if there was, it’s impossible to find it, except to try every 24-word set one by one (which would take an impossibly long time to do).
1 Like