Is it hypothetically possible to brute force access to other people's wallets?
from Evgeniy Trifonov

On TON (and other blockchains that I know of) word mnemonic is like both login and password at the same time. So if I get it right, technically nothing stops a malicious person from trying different combinations in hopes to get hold of other people's wallets, but there are just too many combinations so these attempts are probably useless.

Indeed, the words are taken from a 2048-word dictionary, so a number of possible 24-words combinations is insane (2048 to the power of 24, I guess?), and the chances of colliding are extremely small. So I understand that it's probably nothing to worry about in a practical sense. But I would like to understand everything theoretically, so I want to know:

1. Do I get it right that new wallet mnemonics are generated in a (pseudo-)random way, so purely hypothetically they could collide? Could someone try creating a new wallet with Tonkeeper and get the access to my wallet? I understand that it would probably happen to no one in a million years, but does the possibility exist?

2. If someone tried to brute force (try as much random mnemonics as possible) to get hold of existing wallets, what is the number of mnemonic per second they could check using a powerful server? And would adding a second server double that speed? Is there some limit on the possible brute forcing speed and how high it is?

3. Do I get it right that there is no other form of protection? If you own a hardware wallet for Toncoins and it's locked in a physical safe, but someone brute forced different mnemonics and found yours, they would still be able to withdraw your funds?



🔗 Answer on TON Overflow