[Feature] Increase word seed

[qdhj]

Is there an existing request for feature?

• [X] I have searched the existing issues

What feature would you like?

The generated key is based on a 13-word seed, there is no option to increase it?

Anything else?

No response

[beantaco]

Session Desktop currently only generates 13-word mnemonics for users. However, my understanding is Session Desktop accepts any mnemonic of 12+1, 15+1, 18+1, 21+1 or 24+1 words in length. The first 12, 15, 18, 21 or 24 words are the cryptographic material, and the last word is a check word that is chosen (by calculation) from one of the mnemonic's words. Given there are 1626 words in the wordlist, each 3 words has entropy 32 bits (although not exactly), therefore a 13-word mnemonic has 128 bits entropy, and a 25-word mnemonic has 256 bits (the check word has no entropy).

https://github.com/oxen-io/session-desktop/blob/ca6fbcbc44c97a72755f68604eeec204e0acd3bd/ts/session/crypto/mnemonic.ts#L56-L119

Do you know of any argument that supports that a 128-bit Session seeds is vulnerable now or in the future? I guess quantum computing might be a major reason, but I'd be happy to hear of other compelling reasons to increase the Session seed length.

If you immediately want a Session mnemonic longer than 12+1 words, you can do this. Create two new Session mnemonics, discard the check word from each mnemonic, concatenate the two shorter mnemonics together, then figure out (by calculation or by trial and error) which of the 24 words is the correct 25th check word.

I'd also be happy to see a discussion of pros vs cons of supporting generation of longer seeds/mnemonics.

In my mind...

• Longer seeds may be stronger against brute-force attacks and quantum attacks, but supporting evidence is required to validate this.
• Allowing seeds of various lengths statistically increases utilization of the Session ID space (space of 256-bit values).
• Although probabilities are at nano or small level, what does allowing seeds of various lengths statistically do to the probability of Session ID collisions?
• Is seed length something that should be delegated to user discretion?
• Longer mnemonics are more inconvenient to store, remember, input and share.

[ghost]

The 12-word mnemonic phrases, while widely used (and considered secure), are going to be definitely more vulnerable to quantum computing — a small world that's taking off, with the potential to break certain cryptographic algorithms, including those used in cryptocurrency wallets.

There is already some development in this area. For instance, Shor's algorithm, with sufficient compute power can be used to efficiently solve certain mathematical problems. Still, a long shot, but quite possible.

Personally, I haven't read anywhere there is evidence this has happened, but if it's not too complex, why not upgrade? The same argument could be made on the opposite direction on using a lower number that provides sufficient protection.

Another important point in this subject is that, while the mnemonic phrase length plays an important role, exploring also quantum-resistant cryptographic schemes that involve the use of different algorithms is also important, and probably necessary in many products — albeit not possible in all situations.

[KeeJef]

Tracked internally via SES-2277