All articles

12, 20, and 24 word wallet backup

Table of Contents

Security of 12-word wallet backups
Trezor Model One and the 24-word wallet backup
No real use case for 24-word wallet backup on Trezor Model T and Trezor Safe 3
SLIP39: A secure alternative for splitting wallet backups
SLIP39: A secure alternative for splitting wallet backups

When it comes to securing your cryptocurrency wallet, you might have questions about the security provided by a 12-word recovery wallet backup (formerly recovery seed) and whether a 24-word wallet backup would offer better protection.

In this article, we will address these concerns and help you understand the security of a 12-word wallet backup, the practical implications of using a 24-word wallet backup on the Trezor Model T or Trezor Safe 3, and the benefits of using Shamir Backup for users seeking advanced security measures.

Security of 12-word wallet backups

A 12-word wallet backup provides 128 bits of entropy, which is more than sufficient for the security of your private keys.

Bitcoin uses elliptic curve cryptography and 256-bit private keys, but the security of the elliptic curve is around half of the used bits, resulting in 128-bit security for the secp256k1 curve.

In practice, it is highly unlikely that an attacker could guess or brute-force a 12-word wallet backup with 128 bits of entropy in a feasible amount of time.

Thus, a 12-word wallet backup offers a high level of security that is sufficient for most users, balancing security and ease of use.

Trezor Model One and the 24-word wallet backup

The Trezor Model One uses a 24-word wallet backup to enhance security during the basic recovery process on a host computer.

When you enter 12 words on your computer in random order, the entropy may not be sufficient to ensure a high level of security. In this case, using a 24-word wallet backup is essential.

However, if you recover your wallet directly on the device (instead of entering words on the computer), a 12-word wallet backup is sufficient.

The Trezor Safe 5, Trezor Safe 3, and Trezor Model T all offer direct device entry, making a 24-word backup unnecessary.

No real use case for 24-word wallet backup on Trezor Model T and Trezor Safe 3

While a 24-word wallet backup provides more entropy (256 bits), the practical increase in security is not as significant as it may appear.

As mentioned earlier, the security of your wallet is primarily determined by the cryptography used, and you cannot increase the number of steps it takes an attacker to calculate the private key from your public key.

SLIP39: A secure alternative for splitting wallet backups

SLIP39 is an algorithm that divides a secret (your wallet backup) into multiple parts and reconstructs the original secret by combining a certain number of those parts.

The Trezor Safe 5, Trezor Safe 3, and Trezor Model T support 20-word SLIP39 backups as a default option. This allows users to:

Create separate shares of their wallet backup.
Increase security of their wallet backup.
Recover the wallet even if one part is lost or compromised.

Users seeking additional security or considering splitting their wallet backups should explore SLIP39 as a more effective solution than custom splitting schemes or using a 24-word wallet backup.

SLIP39: A secure alternative for splitting wallet backups

Check out our article: SLIP39 FAQs

We also recommend watching this video, where we explain SLIP39 and how to use it:

;