Examples: query, "exact match", wildcard*, wild?ard, wild*rd
Fuzzy search: cake~ (finds cakes, bake)
Term boost: "red velvet"^4, chocolate^2
Field grouping: tags:(+work -"fun-stuff")
Escape special characters +-&|!(){}[]^"~*?:\ - e.g. \+ \* \!
Range search: properties.timestamp:[1587729413488 TO *] (inclusive), properties.title:{A TO Z}(excluding A and Z)
Combinations: chocolate AND vanilla, chocolate OR vanilla, (chocolate OR vanilla) NOT "vanilla pudding"
Field search: properties.title:"The Title" AND text
Answered
Is it hypothetically possible to access other people's wallets using brute force?

On TON (and other blockchains that I know of) word mnemonics are like both login and password at the same time. So if I get it right, technically nothing stops a malicious person from trying random word combinations in hopes to get hold of other people's wallets, but there are just too many possible combinations so these attempts are probably useless.

Indeed, the words are taken from a 2048-word dictionary, so a number of possible 24-words combinations is insane (2048 to the power of 24, I guess?), and the chances of finding a mnemonic that holds money are extremely small. So I understand that it's probably nothing to worry about in a practical sense. But I would like to understand everything theoretically, so I want to know:

  1. Do I get it right that new wallet mnemonics are generated in a (pseudo-)random way, so purely hypothetically they could collide? Could someone try creating a new wallet with Tonkeeper, get the same mnemonic as me and get the access to my wallet? It would probably happen to no one in a million years, but does the possibility exist?

  2. If someone tried to brute force (try as much random mnemonics as possible) to get hold of existing wallets, what is the number of mnemonic per second they could check using a powerful server? And would adding a second server double that speed? Is there some limit on the possible brute forcing speed and how high it is?

  3. Do I get it right that there is no other form of protection other than the mnemonic? If I owned a hardware wallet for Toncoins and locked it in a physical safe, but someone brute forced different mnemonics and found mine, they would still be able to withdraw my funds?

  
  
Posted one year ago
Edited one year ago
pic
More
Evgeniy Trifonov
40 Administrator
Revisions Report
Votes Newest

Answers

Yes, the mnemonic is the only thing that defines the private key of your wallet. If you somehow will get to know someone's mnemonic phrase, you will have full access to their wallet. That's why it's so important to keep the phrase secret.

I should also note that it's possible to generate a private key without using a mnemonic phrase. Commonly used wallets usually do not expose this functionality (because you won't be able to back up your wallet by writing that phrase somewhere), but theoretically, it's possible. It will reduce the possibility of a collision (from 1 in 2048²⁴ ≈ 3⋅10⁷⁹ as you correctly stated, to 1 in 2⁵¹² ≈ 10¹⁵⁴), but won't eliminate it completely. Because wallets are generated independently, there is no real way to prevent collision in the theoretical sense.

You also may find interesting the tool called "vaniton". Basically, it implements the brute force, but instead of trying to find the exact keys (which is not feasible), it just searches for mnemonic phrases that will produce nice-looking addresses (i.e. containing some predefined substrings, for example).

Now, to your questions:

  1. Purely hypothetically – yes, collisions are possible.
  2. Estimating the exact speed is hard because it really depends on the hardware. On my machine, the vaniton's benchmark showed the rate of 13.7 addresses per second. Adding more servers would proportionally increase the speed of the brute force attack. Again, if we are talking purely theoretically, there's no limit on the potential speed of the attack (but in reality even using all computing power available on Earth won't help much).
  3. Yes, that's correct.

I would emphasize once more: while these statements are all correct in theory, it's not possible to brute force 3⋅10⁷⁹ phrases in any practical sense (no matter how many servers you use). For example, if you had access to 1 billion servers, each one will still need to check approximately 3⋅10⁷⁰ phrases, which is still an astronomically huge number. Even assuming the rate of 3 million phrases per second (on each server) it would take 10⁶⁴ seconds or about 3⋅10⁵⁶ years (that's a 56-digit number). For comparison, the current age of the Universe is "just" 1.37⋅10⁹ years.

2
2
Posted one year ago
Edited one year ago
pic
More
Denis Olshin
30 × 1
  
  

Thanks for such a detailed answer!

Evgeniy Trifonov   one year ago Report
Revisions Report
Write your answer
16K Views
1 Answer
one year ago
one year ago
Tags
Answered cryptography
mnemonic
Similar posts