All articles

Seed Backup 12 vs 24 Words

When it comes to securing your cryptocurrency wallet, you might have questions about the security provided by a 12-word recovery seed and whether a 24-word seed would offer better protection.
 

In this article, we will address these concerns and help you understand the security of a 12-word recovery seed, the practical implications of using a 24-word seed on the Trezor Model T or newer devices, and the benefits of using Shamir Backup for users seeking advanced security measures.


Security of 12-Word Recovery Seeds

A 12-word recovery seed provides 128 bits of entropy, which is more than sufficient for the security of your private keys. Bitcoin uses elliptic curve cryptography and 256-bit private keys, but the security of the elliptic curve is around half of the used bits, resulting in 128 bits for the secp256k1 curve used.
 

In practice, it is highly unlikely that an attacker could guess or brute-force a 12-word recovery seed with 128 bits of entropy in a feasible amount of time. Thus, a 12-word seed offers a high level of security that is sufficient for most users, striking a balance between security and ease of use.


Trezor Model One and the 24-Word Seed

The Trezor Model One uses a 24-word seed to enhance security during the basic recovery process on the host computer. When you enter 12 words on your computer in random order, the entropy in random order may not be sufficient to ensure a high level of security. In this case, using a 24-word seed is essential.


However, if you choose not to recover your wallet on the host computer and instead enter all the words directly on the device, a 12-word seed is sufficient for securing your wallet. With the introduction of the Trezor Model T and its touchscreen interface, the need for using a 24-word seed for recovery on the host computer is no longer necessary.
 

No Real Use Case for 24-Word Seed on Trezor Model T and Newer

While a 24-word recovery seed does provide more entropy (256 bits), the practical increase in security is not as significant as it may appear. As mentioned earlier, the security of your wallet is primarily determined by the cryptography used, and you can never increase the number of steps it takes an attacker to calculate the private key from your public key.
 

Users should not feel the need to create a 24-word seed on the Trezor Model T or upcoming models, as a 12-word seed is more than secure enough.
 

Shamir Backup: A Secure Alternative for Seed Splitting

If users require more than 12 words for a custom seed splitting scheme, they should consider Shamir Backup instead. Shamir's Secret Sharing is an algorithm that divides a secret (your recovery seed) into multiple parts and reconstructs the original secret by combining a certain number of those parts.
 

The Trezor Model T supports Shamir Backup, allowing users to create and store separate shares of their seed. This increases the security of the seed and allows for wallet recovery even if one part is lost or compromised. Users seeking additional security or seed splitting should explore Shamir Backup as a more effective solution than custom seed splitting schemes or using a 24-word seed.
 

Check out our article: What is Shamir Backup? to learn more 


We also recommend watching the following video, where we explain Shamir Backup and how to use it with your Trezor Model T: