- To create a BIP39 Split seed, the idea is to manually split a 24-words seed into 3 different segments and create redundancy.
- Each share contains 2/3rd of the whole seed and is 16 words long. 8 words are missing in each share.
Initial seed | Split seed |
ABC | AB | BC | CA |
24 words | 16 words | 16 words | 16 words |
- In the case of a BIP39 Split, the shares are not independent. With one share, enough information is available to know that 8 words are missing and in which position they are. The security of one share is reduced compared to a whole 24 words seed.
- If someone finds a 24 words BIP39 share, the overall security comes down to 8 words to guess:
Initial seed length | BIP39 share missing words | Encryption level of one share |
12 words | 4 words | 44 bits |
15 words | 5 words | 55 bits |
18 words | 6 words | 66 bits |
21 words | 7 words | 77 bits |
24 words | 8 words | 88 bits |
- To keep a reasonable level of encryption per share, HODLR Disks BIP39 Split 2-of-3 recovery scheme should never be used with less than a 24-words seed.
- According to Ian Coleman (Source: https://iancoleman.io/bip39/#english), brute forcing a 24 words BIP39 Mnemonic split with only one share could take up to 3’830’854 years for a single CPU.
- If you think you could be targeted by such a resourceful crypto expert thief, you should better review your security strategy from scratch and definitely use Shamir Secret Sharing security scheme.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article