Hi, could some one explain how are seedphrases considered to be super secure? If it’s just a random string of words from a well-known list of words, what stops someone with a simple python script generating random phrases and trying to open wallets with them?
What you care about is the amount of “entropy” in the password/phrase you’re using, and secondarily how easy it is to communicate or remember it.
If we assume the valid characters for a password are the upper and lower letters and the digits we have 26+26+10=62 valid characters. Lets add a couple of symbols to bring that to 64, or 2^6 bits. That means eaxh character gives you 6 bits of entropy.
The standard BIP-0039 word list used for generating passphrases has 2048 (2^11) entires, or 2^11 bits of entropy per choice.
Therefore a standard 24 word passphrase has 24*11=262 bits of entropy, which would be equivalent to a 44 character random password, whilst also being much easier to record and check. If you misrecord one character of a random password it is useless to you, but you can easily see if you mistyped a word from the word list.
As to why they can’t be brute-forced by trying different combinations, you still have to deal with the 2^262 different possible combinations. As you’re trying to guess wallet addresses, lets assume everyone in the world has 10, for a total of roughly 80billion valid addresses, or 2^36.2. Lets round that up to 2^37. That gives each guess a 1 in 2^(262-37), or 1 in 2^225 chance of hitting a valid address. The universe is only about 2^59 seconds old, so even checking a billion (2^30) passphrases per second would mean you’d only be able to check a tiny fraction of that number.
Combinations like this can be deceptive, a 24 word phrase doesn’t seem like much, but it’s functionally uncrackable with anything resembling our modern understanding of mathematics and computation.