- To create a BIP39 Split seed, the idea is to manually split a 24-words seed into 3 different segments and create redundancy.
- Each share contains 2/3rd of the whole seed and is 16 words long. 8 words are missing in each share.
AB | BC | CA
16 words | 16 words | 16 words
- In the case of a BIP39 Split, the shares are not independent. With one share, enough information is available to know that 8 words are missing and in which position they are. The security of one share is reduced compared to a whole 24 words seed.
- If someone finds a 24 words BIP39 share, the overall security comes down to 8 words to guess:
Initial seed length
BIP39 share missing words
Encryption level of one share
- To keep a reasonable level of encryption per share, HODLR Disks BIP39 Split 2-of-3 recovery scheme should never be used with less than a 24-words seed.
- According to Ian Coleman (Source: https://iancoleman.io/bip39/#english), brute forcing a 24 words BIP39 Mnemonic split with only one share could take up to 3’830’854 years for a single CPU.
- If you think you could be targeted by such a resourceful crypto expert thief, you should better review your security strategy from scratch and definitely use Shamir Secret Sharing security scheme.