The security of a crypto wallet is based on the seed phrase - a string of words that serves as the master key for accessing and recovering digital assets. Commonly used seed phrases are 12 and 24 words, TechBullion will tell you the differences for security purposes.

A 12-word seed provides 128 bits of entropy and is the standard for many crypto wallets. This level of entropy results in an astronomical number of possible combinations, making it highly resistant to attacks using modern technology. 24-word seed phrases offer 256 bits of entropy, doubling the theoretical security.

However, the practical increase in safety from using a 24-word phrase compared to a 12-word phrase is not as significant as assumed. The effective security of elliptic curve cryptography (secp256k1) is 128 bits. This means that regardless of the length of the seed phrase, an attacker cannot reduce the number of steps required to calculate the private key from the public key below this threshold.

Are 12 words enough?

Adam Back, renowned cryptographer and CEO of Blockstream, advocates for the sufficiency of 12-word Seed phrases, stating that they provide adequate security for most users. The move to 24-word phrases in some hardware wallets such as Trezor was primarily driven by specific implementation requirements rather than a pressing need for improved security.

The real security issue is often not the length of the seed phrase, but how users store and protect it. 12- and 24-word phrases are vulnerable to phishing attacks, physical theft, and user storage errors. A securely stored 12 word phrase is much more effective than a carelessly used 24 word phrase.

From a user experience perspective, 12-word phrases have clear advantages. They are easier to write down, remember and enter, which reduces the likelihood of errors during the wallet recovery process. This simplicity can be critical in situations where users need to quickly access their funds.

While 24-word phrases do provide a higher level of theoretical security, the practical benefits in the context of current cryptographic standards are negligible. The additional complexity they introduce can even lead to more user errors, potentially compromising security.

The use of 24-word phrases may be justified as an additional precaution for institutional or large accounts. However, a properly protected 12-word seed provides more than enough protection against potential threats for the average user.

Where can 24 words do better?

Wei Dai, renowned cryptographer and creator of b-money, offers a detailed look at the security implications of seed length. He points out that while a 12-word seed phrase (128 bits of entropy) is theoretically sufficient for single-user security when hashed with a 256-bit key, the situation changes dramatically in a multi-user environment.

Dye notes that this design can only support up to 2^64 keys without risk of collisions, and this limitation becomes significant in real-world deployments where millions of users create wallets. His insight illustrates the importance of considering specific security boundaries and more comprehensive security models that go beyond single-user scenarios.

As the crypto ecosystem evolves, so do the security measures surrounding it. Some wallet providers now offer customizable entropy options, allowing users to choose between 12, 18 or 24 words depending on their personal security preferences and risk assessment. Options such as Shamir Secret Sharing are also available on some hardware wallets, using 20 or 33 words.

Ultimately, the choice between a 12-word and a 24-word initial phrase should be based on the user's specific needs, technical comfort level, and risk profile. While a longer phrase may create a psychological feeling of increased security, users should remember that the most important factor in protecting their digital assets is to carefully handle and store their original phrase, regardless of its length.

Whether you choose 12, 18, 20, 24, or 33 words, users should prioritize secure storage methods such as offline backup and hardware wallets to keep their digital assets safe in a complex digital environment.