How long would it take to brute-force a BlindPost mnemonic?

Your BlindPost identity is a 12-word mnemonic. No phone number, no email, no username — just twelve words you write down somewhere safe.

A common reaction: "Twelve words? That doesn't sound like much."

Let's actually do the math. Spoiler: brute-forcing one would take longer than the universe has existed, even using every computer that has ever been built.

What does "12 words" really mean cryptographically?

Those 12 words aren't random English vocabulary. They're chosen from a fixed list of 2,048 words specified by BIP39 — an industry standard used by Bitcoin wallets, Ethereum wallets, and most modern cryptographic identity systems.

Each word in the list is unique enough that you can't confuse two words when reading or hearing them. The list has 2,048 entries, which is exactly 2^11 — meaning each word carries 11 bits of entropy.

12 words × 11 bits = 132 bits of entropy. After accounting for the 4-bit checksum that BIP39 includes (to detect typos), you get an effective security strength of 128 bits.

128 bits of entropy means there are:

2^128 = 340,282,366,920,938,463,463,374,607,431,768,211,456 ≈ 3.4 × 10^38 possible mnemonics

That's 340 undecillion. To put that in perspective:

• Number of grains of sand on Earth: ~7.5 × 10^18
• Number of stars in the observable universe: ~10^24
• Number of atoms in 100,000 Earths: ~3 × 10^50
• Possible 12-word BIP39 mnemonics: ~3.4 × 10^38

There are more possible mnemonics than there are stars in the observable universe — by a factor of about 10 trillion.

How fast can someone actually try guesses?

Brute-forcing isn't just generating a random combination. For each guess, the attacker has to:

1. Derive a seed from the mnemonic using PBKDF2-HMAC-SHA512 with 2,048 iterations of stretching
2. Derive a cryptographic key from that seed
3. Test whether that key matches the target

Each guess therefore takes significantly more compute than a single hash. Even on dedicated GPU hardware optimized for mnemonic cracking, a high-end attacker might manage 10^9 (one billion) guesses per second.

Some teams claim higher with custom ASICs — let's be generous and assume 10^12 (one trillion) guesses per second, which is far beyond what real-world cracking rigs achieve today on PBKDF2-derived keys.

At one trillion guesses per second:

Time required = 3.4 × 10^38 / 10^12 = 3.4 × 10^26 seconds

How long is 3.4 × 10^26 seconds in human terms?

• Age of the universe: ~4.35 × 10^17 seconds (13.8 billion years)
• Time to brute-force a BlindPost mnemonic at 1 trillion guesses/sec: ~780 million times the age of the universe

If you started brute-forcing the moment of the Big Bang, using hardware 1,000× more powerful than what exists today, you would have completed about **0.0000001