A 12 word seed provides 128 bit entropy. A 24 word seed provides 256 bit entropy (refuced to 160 bits by ripemd160). How much entropy does a 12 word seed with additional self-chosen password/passphrase provide?

typo: "reduced"Edit: My conclusion (see comments in the thread) is that already a rather weak password added to the 12 word seed is sufficient to boost the seed's overall entropy from 128 bit to above 160 bit, which is the entropy of a private key itself (due to RIPEMD160 hash).So with a sole 12-word seed, a brute force attacker would be much better off attacking the seed (128 bit) than the private key itself (160 bit). But with a moderately complex 13th password on top of the 12-word seed, the seed's entropy would exceed 160 bit and the attacker would be better off brute-forcing the private key directly.Important: This logic only holds if I do NOT use the password-free 12-word-seed wallet at all! Because, if I store some dummy bitcoins on the wallet without passphrase, the successful attacker has already found a valid seed with a 128-bit attack and needs negligible additive (instead of otherwise multiplicative) extra effort (say 32 bits) to find my full wallet, which thereby lost its 160 bit security! via /r/Bitcoin http://bit.ly/2Kfv39O