cypherstack
New Bitcoin Wallets should use 12 Words
Currently Stack Wallet and Stack Duo default to 24 words when creating a new bitcoin wallet.
I think it would be a better user experience to use 12 words for new wallets. The cryptographic security of bitcoin doesn't extend beyond 128 bits so 24 words doesn't actually offer better security in practice.
New users are also less likely to write down their seed if it is 24 words vs 12 words.
sure. @rehrar will make the UX decisions on whether having a choice is the best user interface. If he decides it is better UX to not have users choose I would urge him to use 12 words as default.
24 words is astronomically more secure than 12. A brute force of 24 words given the words and not the order is infeasible, a brute force of 12 given the words and not the order can be done in minutes. Defaulting to 12 with no option to select 24 is an awful idea.
Actually the fact that 24 words appears to be unavailable as an option currently is why I came here to open a feature request, to find that the feature was removed deliberately is a bit unsettling to be honest.
New bitcoin wallets should have the option to use 24 words and a passphrase offset, what the default is is inconsequential to me but more secure options being removed is concerning and bad UX.
Wait, so the conclusive proof that all wallets should default to 24 words is that an attacker could find your seed words all cut up individually and scattered about so they don't know the order? Lol, lmao even.
12 words is absolutely plenty enough https://bitcoin.stackexchange.com/questions/118558/is-24-words-seed-safer-than-12-words-in-terms-of-bruteforcing-the-private-key
If you want to make the argument that users should have the choice, fine that's at least fair. But acting like a 12 words seed phrase is insecure is ludicrous.
Lol, lmao even.
Spoken like a serious individual. Security is serious business. 256 bits of entropy is inarguably better than 128 bits of entropy, there's just no world in which you'd prefer the latter if you take security seriously.
It has happened that a person has had their seed phrase brute forced by an attacker getting the 12 words but not the order. This is definitively not the case with 24 words. If you think that they are equally secure then youre delusional. Good enough? Maybe. Not for me and not for anyone serious about their security.
I do think people should have the option. It doesn't make sense for a standard option (and the standard practice for people serious about security) to be missing in a wallet that otherwise functions superbly. This is the only wallet implementing standard derivation paths and word lists that I've seen that doesn't have it.
@mister-monster
While you are correct and 24 words is more secure, I think you have the wrong target audience.
I stand by my initial comment that if the default is 12 words users are more likely to write down the words than if its 24 words. A decent % of users are just taking a screenshot their seed words when they appear onscreen.
Unfortunately the majority of users are not that serious about their security, this is hard to change. Good wallets are designed with typical user in mind.
@rehrar will make the decisions about the UX as I commented already in terms of allowing both 12 and 24 words.
Ok, sure, 12 is the default so that people are less lazy. I don't really buy it, I think they'd screenshot if it were 5 words but I'm sure some small percentage are less likely to see it as a hassle, so makes sense.
But 24 words should absolutely not be just a completely nonexistent option in a bitcoin wallet. It is the standard. Maybe an "advanced" button in the page right before seed generation? You could even allow people to input a passphrase offset, multisig or whatever else you decide to implement later in an advanced mode, and just keep the simple 12 words as your default easy mode.
@mister-monster I see no issue with your suggestions. I will of course refer to @rehrar as it is his project.
@rehrar checking out the latest version now, fantastic! Thanks very much for taking my suggestions into consideration. I really appreciate it, you implemented it fast!
