- To create a BIP39 Split seed, the idea is to manually split a 24-words seed into 3 different segments and create redundancy.
- Each share contains 2/3rd of the whole seed and is 16 words long. 8 words are missing in each share.
Initial seed | Split seed |
ABC | AB | BC | CA |
24 words | 16 words | 16 words | 16 words |
- In the case of a BIP39 Split, the shares are not independent. With one share, enough information is available to know that 8 words are missing and in which position they are. The security of one share is reduced compared to a whole 24 words seed.
- If someone finds a 24 words BIP39 share, the overall security comes down to 8 words to guess:
Initial seed length | BIP39 share missing words | Encryption level of one share |
12 words | 4 words | 44 bits |
15 words | 5 words | 55 bits |
18 words | 6 words | 66 bits |
21 words | 7 words | 77 bits |
24 words | 8 words | 88 bits |
- To keep a reasonable level of encryption per share, HODLR Disks BIP39 Split 2-of-3 recovery scheme should never be used with less than a 24-words seed.
- According to Ian Coleman (Source: https://iancoleman.io/bip39/#english), brute forcing a 24 words BIP39 Mnemonic split with only one share could take up to 3’830’854 years for a single CPU.
- If you think you could be targeted by such a resourceful crypto expert thief, you should better review your security strategy from scratch and definitely use Shamir Secret Sharing security scheme.