AndreasGassmann
commented
3 years ago First of all, AirGap Vault does support mnemonics that are shorter than 24 words. Specifically, it supports mnemonics of length 12, 15, 18, 21 and 24. However, when generating a new mnemonic with AirGap Vault, the output will always be a 24 word recovery phrase.
So if you want a 12 word seed, you will have to generate it elsewhere and then import it into your Vault. If you do this, make sure it's also generated on an offline device.
The reason we chose to only generate 24 words is not because 12 word mnemonics are insecure, but if the handling of shorter mnemonics is riskier in a few ways:
- More entropy: The 24 words contain more entropy/randomness. In some cases, if the underlying random number generator isn't as good as it should be, the extra 128 bits of entropy you have in a 24 word phrase can make your mnemonic more secure.
- Splitting up seed: Some people "split up" their secret into multiple parts by basically just cutting it into multiple parts. While this is a very bad idea for many reasons, people still do it. In fact, even the bip39 tool by iancoleman has this feature for some reason. If you split up a 12 word mnemonic, the time to brute force it in case you find one part is a couple of minutes. With a 24 word mnemonic, it's still going to be thousands of years.
- Unscramble: Some people like to "swap" some of their words or "scramble" their recovery phrase when they write it down. If you do this with a 24 word mnemonic, chances are higher that a brute force attack will not be successful in a reasonable amount of time. However with a 12 word mnemonic, if I remember correctly, all combinations can be checked in a few hours or less.
So basically it's not really a "mathematical" reason why we use 24 words, but rather to protect our users from losing their funds if they make mistakes.
That being said, I personally actually highly discourage memorising your seed word, especially if you don't have a backup.
- It's easy to simply forget your mnemonic. As you get older, this happens more frequently. But it's also possible that you are in an accident and are experiencing memory loss.
- In case of a physical attack, you can be coerced to reveal your seed phrase.
- You can reveal your seed phrase if you are drunk / drugged (maybe also by an attacker).
I agree with you that the storage of a mnemonic is a very hard problem. However, I still feel that a proper backup is more secure than (only) memorising it.
I would recommend a combination of BIP39 Passphrases for decoy wallets / plausible deniability, as well as social recovery as an emergency backup. We just released a blogpost about social recovery / shamir's secret sharing a few days ago: https://medium.com/airgap-it/how-social-recovery-can-prevent-you-from-losing-all-your-funds-1259e685ee8b
EDIT:
I forgot to mention, in an upcoming release we will add secure recovery phrase generation by using dice or coin-flips, which might be interesting to you.
Ahmed-Ali
IMHO, one of the worst security issues with all self-custody wallets (hardware, software, air-gapped or not) is the difficulty of remembering the recovery phrase; it makes it mandatory to have a copy of it outside your own brain memory, and this is the worst nightmare for me. It can be distracted, stolen, or simply lost.
I tried to work around this with way too many things. i.e encrypted USB thumbs, biometric protected devices, etc... at the end, if the device is lost, you lost the recovery phrase. And writing recovery phrase as a plain text on any material is just a not an option for me (you can't be too paranoid when it comes to crypto).
Hence this request, 24-word is much harder to remember than 12-word recovery phrase. Meanwhile, brute forcing 12-word, as far as I know, is still pretty damn unlikely (or maybe I am wrong?).
Any chance we can add option for 12-word Mnemonic phrase?