On Mon, Dec 24, 2018 at 2:48 PM Aymeric Vitte via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

>
> I don't see very well why it's easier to write n words that you cannot
> choose rather than a 32B BIP32 hex seed, and I have seen many people
> completely lost with their wallets because of this
>

In practice it has quite a few qualities that make it a bit more resilient
for physical (written) storage.

If a few letters of a word get rubbed off or otherwise become illegible, it
is pretty easy for a native speaker to figure out what the word is supposed
to be. Even a non-native speaker could look through the word list and
figure out which word fits. Missing characters in a hex string require more
advanced brute force searching, which the average user isn't capable of.

Additionally, having the bits grouped into words makes a more serious
recovery easier. If you lose one entire word, it can be brute forced in
about 5 minutes on a normal pc, even if you don't know which position the
missing word is in (I have published a tool that does just this:
https://jmacwhyte.github.io/recovery-phrase-recovery). If you are missing
two words, you can brute force it in about a week (napkin math).

If you were missing a random chunk of a hex string, I don't know how you'd
go about brute forcing that in a timely manner.

As an aside, from a UX standpoint we've seen that the 12 words don't *look*
important so people don't take them seriously (and they get lost). A hex
string or equivalent would look more password-y, and therefore would most
likely be better protected by users.

James