Can the sync code be guessed?

Hi,
Hope everyone’s well!

A quick question regarding the Sync functionality:
If someone were to simply be trying different 25 word combinations would they occasionally be able to sync into other people’s chains, accessing their data? Or is there some other verification done?
If that’s the case, what are the odds of them encountering any one sync chain in this manner?

Thank you in advance!

Regards,
Yuri

Thank you for reaching out.
This is more of a math problem than anything. Not my strongest suit but might as well give it a go.

The real calculations are more complex than this, but in a very stripped down form:
If we were to say that there were only 100 possible sync code words to choose from (obviously not true, there are many more) and you need to get 25 of them correct in the right order, then we are looking at a permutation problem here.

That means the equation is 100!/(100-25)! which = 100!/75! so…
3761767332187389431968739190317715670695936000000 possible solutions? I think it’s unlikely that a brute force method would work here.

3 Likes

Thank you for the prompt response!
Safety through odds :slight_smile:
What’s the wordlist standard that you’re using?

lmao, trying to get as many details as you can to try to guess at sync codes? Almost feels like you’re going to ask if you can see the wordlist next, then go create a bot to try to run all the permutations until something catches, if it can.

I’m sure you know that one of the best ways for security is to tell as little about your lock as possible. I mean, why sit there and announce all the details that can help people bypass your security?

If I were able to build that without your system catching on, that would simply mean it isn’t safe. I’m simply trying to access what the actual odds of someone being able to brute force it are. If you have no useful contribution, being quiet is always an option.

I’m going to let you know now that any information you provide about a security system will always reduce its effectiveness. As someone who worked security for over 20 years, I can also tell you that people who asked about details of security for a place that didn’t belong to them often weren’t doing it for the right reasons. Key word there is often, so not saying everyone or even accusing you. Just generalizing.

As for the answer, you were already given it by Mattches. As he said, it’s a game of numbers. There’s no system that is 100% safe. You hear of data breaches and hacks all the time. It’s not like Brave or any company has the remedy and 100%… Let’s just say Brave has a system in place that if you unsuccessfully try a sync code so many times, it blocks any further attempts. Should they need to say anything?

That was a contribution. I tried joking it off, but it seems you missed the humor despite me even putting a “lol” for a clue. That said, I am sincere in the idea that giving too many details about security only serves to weaken it. You can always wait to see how much more information Mattches or others from Brave want to give you, but with how protective they are in terms of not explaining Logs and all, I would be shocked if they go into much further detail about their security around Sync.