The 12-word seed phrase provides 128 bits of entropy and has been the standard for many crypto wallets. This level of entropy translates to an astronomical number of possible combinations, making it highly resistant to brute-force attacks with current technology. In contrast, 24-word seed phrases offer 256 bits of entropy, doubling the theoretical security.

However, the practical security gain from using a 24-word phrase over a 12-word one is not as substantial as the numbers suggest. The effective security of Bitcoin’s elliptic curve cryptography (secp256k1) is 128 bits. This means that regardless of the seed phrase length, an attacker cannot reduce the number of steps required to calculate a private key from a public key below this threshold.

12 words is enough

Adam Back, a prominent cryptographer and CEO of Blockstream, has advocated for the sufficiency of 12-word seeds, stating that they provide adequate security for most users. The shift towards 24-word phrases in some hardware wallets, such as Trezor, was primarily driven by specific implementation requirements rather than a pressing need for enhanced security.

The real security challenge often lies not in the length of the seed phrase but in how users store and protect it. Both 12-word and 24-word phrases are vulnerable to phishing attacks, physical theft, and user error in storage. A securely stored 12-word phrase is far more effective than a carelessly handled 24-word one.

From a user experience perspective, 12-word phrases offer distinct advantages. They are easier to write down, remember, and input, reducing the likelihood of errors during wallet recovery processes. This simplicity can be crucial in high-stress situations where users need to access their funds quickly.

While 24-word phrases do provide a higher level of theoretical security, the practical benefits in the context of current cryptographic standards are marginal. The additional complexity they introduce may even lead to increased user errors, potentially compromising security.

Using 24-word phrases might be justified as an extra precautionary measure for institutional or high-value accounts. However, a properly secured 12-word seed phrase offers more than sufficient protection against potential threats for the average user.

Where 24 words may be better

Wei Dai, a renowned cryptographer and creator of b-money, offers a nuanced perspective on the security implications of seed phrase lengths. He emphasizes that while a 12-word seed phrase (128 bits of entropy) is theoretically sufficient for single-user security when hashed to a 256-bit key, the situation changes dramatically in a multi-user environment.

Dai points out that this construction can only support up to 2^64 keys before risking collisions, a limitation that becomes significant in real-world deployments where millions of users generate wallets. His insight illustrates the importance of considering concrete security bounds and more comprehensive security models that go beyond single-user scenarios.

As the crypto ecosystem evolves, so do the security measures surrounding it. Some wallet providers now offer customizable entropy options, allowing users to choose between 12, 18, or 24 words based on their personal security preferences and risk assessments. Options such as Shamir Secret Sharing are also available on some hardware wallets using 20 or 33 words.

Ultimately, the choice between a 12-word and 24-word seed phrase should be based on a user’s specific needs, technical comfort level, and risk profile. While the longer phrase may offer a psychological sense of increased security, users should remember that the most critical factor in protecting their digital assets is their seed phrase’s careful handling and storage, regardless of its length.

Education on best practices for seed phrase management remains crucial. Whether opting for 12, 18, 20, 24, or 33 words, users must prioritize secure storage methods, such as offline backups and hardware wallets, to ensure the safety of their digital assets in an increasingly complex digital landscape.

Mentioned in this article