12 words is absolutely enough but there are some instances where 24 is more difficult to brute force.
If somebody randomly comes across 12 scrambled seed words, it’s relatively trivial to guess every possible permutation with even normal computer hardware.
If somebody comes across 24 scrambled words, it’s next to impossible to try every possible permutation with any hardware.
Neither do I but I have met some people who think they are hot shit because they scramble their 12 words to protect themselves from an attacker.
This would obviously work for a very low level attacker, but anybody with the desire to do some Google searching and has access to even mediocre computer power could crack 12 scrambled words
So, how hard is it to find the right order of 12 words? There are ~480 million permutations of those 12 words. Luckily, because of the BIP39 standard we have some advantage, the 12th word is a checksum. So only 1 in 12 of those permutations constitutes a valid mnemonic. We are down to 14 paragraphs with ~50 million valid mnemonics from each.
He kind of misses the main reason why 12-words are as secure as 24-words: someone deriving the private key from a public key will use Pollard's rho algorithm. They won't brute force the words. Regardless of 128 bits or 256 bits of entropy it takes 2^128 iterations to compute the private key using rho, according to Wullie1:
24-word based private/public keys do have 256 bits of entropy, but it still only takes on the order of 2^128 iterations to compute the private key from a public key.
I never thought about it that way, that the words are not actually the private key, they are a mnemonic resource to make memorization easier. It’s like an interaction mask, is that it? I’m not a technical person.
Yes exactly. It’s what we call an encoding. It’s kind of like how in English we call a school bag a backpack and in Spanish a mochila and we can draw it as a picture. They’re all different encodings of the same information.
Footnotes