Bitcoin Forum

Assuming you want to have five wallets. Let us say 2 for bitcoin and 3 for altcoins. Having more than one because it is good not to have only just one wallet. Because of that, you split the coins into 5 wallets. I also prefer to use bitcoin only wallet for bitcoin.

For one seed phrase, you can have three backups which is what people are saying on this forum. For 5 wallets, that is 15 backup. If you will keep the backup in different places, that is becoming impossible.

What about having only one seed phrase and backup the seed phrase in three places on a paper. If you want to generate the 5 wallets, you will set different passphrase and have only 1 seed phrase.

Example of the passphrase:

_-\A.bb.ccc&zzz.yy.X/-_

I can make it longer like this if I have the passphrase backup online:

$+$-sbdgsgsgs$+$-362+2;$;_-$:_;$)$+_+$+3+$_-(3shdhrhe3+$-jsjdhrh_+$-#-#ehsh$!$-$-$eudydhdbs$-$&363

That is 23 characters long which will be difficult to brute force. Another thing is that if you have the backup in different places, people that see it will not know that it is passphrase.

These are my questions:
Is the method good?
Is this better than having just seed phrase backup in different locations?
Can you have the passhrase backup encrypted on online password manager so far the seed phrase backup are offline

The proper way is to have different seed phrase and passhrase. But the backup is getting difficult for me because I do not have safe places to keep the backup anymore because the seed phrase are getting plenty.

If I have three backup for just one seed phrase, I can use my memory for the fourth backup and have the passphrase online encrypted and protected on a password manager.

I do not want posts like do not memorize seed phrase. We all know that. I depend on my backup, the fourth is just for emergency purpose.

there's a big difference between a passphrase and an extension word...

In case of a password/passphrase/pin =>  If you have the same seedphrase and use it on different wallets and use a different passphrase (or pin, or password), you're undermining your security. If one of those wallets is vulnerable and the attacker is able to get his hands on either the seed or the mpk, the attacker is able to rob all 5 wallets since the password merely encrypts the mpk, so it doesn't matter if you used different passwords to encrypt said mpk (since he'll steal the unencrypted version anyways... Or the encrypted version which only needs to be bruteforced once, not 5 times).

If you're extending your seed with a 13th or 25th word, things are a bit different... This being said, if for some reason an attacker exploits a weakness in the wallet that allows him to capture the first 12 or 24 (or whatever number) of seedwords, he only has to bruteforce this extension word 5 times, which is far easyer than bruteforcing the complete seed + extension word (which is impossible). Offcourse, a long extension word makes this a lot harder (if not practically impossible). This is basically my setup, but i keep no unencrypted version of my seedphrase and i only use hardware wallets to store my funds.

For your next question: keeping the password or the extension word in an online password manager decreases your security... If an attacker is able to exploit an attack vector that lets him get his hands on your seed phrase he no longer needs your password. Keeping an extension word in an online password manager will require him to steal your seed + brute force his way into your password manager, which is hard (but certainly not as safe as keeping everything offline).

Basically, the "ideal" way to create the wallets is completely offline seed creation + completely offline extension word. The best way to store the seeds are 5 different seeds + 5 different extension words saved in at least 2 safe places, and never store seed + extension word @ the same place... All other things described in your post decrease your security.. This being said: you might be fine willing to decrease your secutiy in order to increase your redundancy of backups, but that's very hard for a thirth party to decide... You're probably fine re-using the seed and adding a very long extension word that you keep in a very secure cloud environment using a very hard passphrase for encryption, but I would never do this since for me it wouldn't feel secure enough (but maybe for you it does?).

Personally, i have one 24 word seed phrase + several extension words. I use this seed on my 2 hardware wallets, and i keep said 2 hardware wallets in two safe places. I have different wallets on both hardware wallets by using the different extension words. I then used ssss to split the seed up into 3 parts using a 2 out of 3 scheme with passphrase encryption and i stored the 3 slices in 3 very safe places. I did not keep several copy's of the seed phrase, since i have 2 physical wallets + one encrypted copy of the seed phrase split in 3 parts using a 2/3 ssss scheme. Odds of me losing both hardware devices and 2 out of 3 slices are negligible (since the storage spots are physically far apart... It would basically need an atomic bomb nuking half my country in order for me to lose access to my wallets).

If an attacker:

• gets his hands on one slice: he can't do anything since he needs 2
• gets his hands on two slices: he needs to bruteforce the passphrase of the ssss scheme + the extension words
• gets his hands on a physical hardware wallet and bruteforce the pin + the extension words

The thing does remain: there are always attack vectors... The more attack vectors you eliminate, the bigger the odds of you losing access to your wallet or funds... If you try to make up schemes to make sure you will never lose access to your funds, you'll inevitably open up very small attack vectors for potential thiefs. It's very hard to find a balance.

I think people will know that I am talking about BIP39 passhrase, which you can also call extended word.


Thank you for this reply. I will go for the short 23 character passphrase can contain character like this ._- numbers and alphabets in lower and upper case like this:

_-\A.bb.ccc&zzz.yy.X/-_

I wish to go longer if I save it online, but offline is always safer. 23 characters will not be hard to put down on paper.

It is also good to mention that the passphrase should be backup in different places offline and not with seed phrase.

Very bad idea to store it online. Because if even one person gets a hold of your password hash, they can simply upload it and similar hashes to a website such as hashkiller.io (a site that specializes in cracking passwords) and the distributed network of hackers with GPUs and CPUs will be able to smash it in no time.

There is no reason to back up the password anyway, since if you lose the wallet file, its game over. That's one of the advantages of backing up the mnemonic phrase instead of the password, because you can actually restore the wallet from a mnemonic.

It's ok but just believe that not everyone will definitely have a take on using this kind of method, we have individual preference when it comes to securing the seed phrase backup techniques.


They both have their advantages and disadvantages, backing up seedphrase in different locations could serve it own danger if you're unable to have access to the second location where the remaining seeds were backed up, using this kind of method could also be somewhat risky in the sense that if you get attacked by someone who is highly intelligent in cryptography, coding and many of these machines language, they can decrypt your code by any means if they wish to, these are rare genius.


As for me, NO
I don't trust anything online backup system.

You may have BIP 85 compliant wallet which is capable to generate bunch of child-seeds from master SEED. In this case it is sufficient to have one single  backup of  master-Seed.

The list of hardware wallets with above feature can be found here (https://bitcointalk.org/index.php?topic=5416497.msg62484724#msg62484724).  

AFAIK, the only software wallet which supports BIP 85 is AirGap Vault (https://bitcointalk.org/index.php?topic=5361608.msg62511628#msg62511628). Being installed on Android cellular it turns the latter phone  into device with security comparable to dedicated hardware wallets.

There is no such thing as a very secure cloud environment. Anything on the cloud is at risk.

I would point out that this passphrase could be better. There is no need to use repeating characters, no need to use a pattern, no need to have the second half an invert of the first half, and so on. Each of these things decreases the security. A better 23 character passphrase would look something like this:

L(9Nm>&@dn;+Ej_:e>!fnpd
k@T(4zadT:A~(aU'*[+nWk}
)d3}cx>c#'95g{\Q&Kp"~$Y

23 characters or 500 characters - if you are saving it online it makes no difference. It is at the same risk of being compromised, and is only as safe as the security of wherever you are storing it (which will likely be much less than the security of 23 random characters).

If you must back up something electronically, then I would suggest using an airgapped device, encrypting it, and storing it on a USB drive or SD card which will only ever be plugged back in to the same airgapped device. But then of course you now have the problem of where you back up your encryption key.

If you have 5 wallets and want strict security measures for each of them I hope you have at least 5 Bitcoin or their equivalent between Bitcoin and altcoins, otherwise it seems to me that you are too paranoid. It's a problem I see with Bitcoin, if I have $100K in the bank, hypothetically authorities can seize it, or freeze it, or make it difficult for me to move it if I want to move to another country, but I am not at risk of losing them due to a $5 wrench attack.

Since you don't give more data, what I would do would be:

1. Have fewer wallets.
2. Consider that some of the wallets should be multisig.
3. Have fewer backups.

And I would never store anything online neither seeds nor passphrase.

It depends.

You may take easy-remember-pattern, repeat it say n-times, hash it and get literally unbreakable password.

For instance SHA256[^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(] =  1CC3DDE752FF34619AE8AAF7403DBF5EDFA6185FF23FE62ECCFA503BBD0DEF79

requires ~ 10⁶⁰centuries to break assuming 10¹¹ guesses/sec.

P.S. Could have been 10⁹ times wrong in above calculation, made in a hurry,  but  10⁹ compared to 10⁶⁰centuries   doesn’t matter  ;D

Declaimer: don't use above password.

Sometimes it is inevitable to have many wallets, especially when you are using Bitcoin and Altcoins; and also for privacy and security reasons.
Multisignature wallets do not reduce the backups or make it fewer, instead it increases it. Let's say you have just one wallet, but it is a 2-of-3 multisignature wallet, you will need to back up three seed phrases and three master public keys, which invariably increases the backups.

I have been thinking about this a lot lately because I don't think that Multisig is the right path for everyone and I especially think that is true for smaller amounts of money and for lesser experienced users.

I would use a single seed phrase stamped into steel or titanium that will last a natural disaster. I would also use a piece of paper with the same seed phrase that you can access a little more easily but you can also destroy easily. the more places that you have your seed phrase stored, the greater the likelihood that it becomes compromised unless you have multiple passphrases to use with that seed.  

Once you have that, I would stick to passphrases with 24 characters including numbers and ASCII characters. I like this stainless steel passphrase stick that can hold 24 characters: https://codl.co/products/punchplate-4-compact24-words but there are other otc options.

I don't think you need to go crazy with multisig security if you have your seed phrase backed up and stored somewhere safe and then use multiple passphrases with that seed phrase. I know that there is no single right answer for this but I think that passphrases provide a high level of security with a reasonable UI/UX without a lot of the technical requirements or a full multisig setup.

IMO for people who use a correct cold storage setup or hardware wallet, the accidental loss of seeds/passwords/extension words is a bigger risk than someone carrying out a sophisticated multi-stage attack against them. Do we even have any documented cases of airgap-jumping malware that targets Bitcoin wallets? Yet the stories of people losing their seed words that were written on a piece of paper are quite common.

Like 5 wallets? In my opinion that depends on the amount you HODL, as I said before.


You can have a 2-of-3 multisignature wallet where 1 is held by a company, like unchained.com, which I guess a lot of people won't be a fan of, but it's an option, and you only need 2 backups.

If you have only 1 seed phrase, you will have only one wallet.

If you want to backup that wallet with 5 different wallet passphrase, you will have 5 different backups for a same (one) wallet. You will not have 5 different wallets because you use 5 different wallet passphrase.

Top 25 Passwords in 2018 Are an Embarrassment to Humankind (https://www.esquire.com/lifestyle/a25570880/top-passwords-2018/)
How to create a strong password (https://www.avast.com/c-strong-password-ideas)
How to Create a Strong Password (and Remember It) (https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/)
How to create a secure password (https://www.wikihow.com/Create-a-Secure-Password)

If you create passwords manually, you will end with your favorite patterns which are not good and you must use password generators to create random passwords for you.
Are your passwords in the green ? (https://www.hivesystems.io/blog/are-your-passwords-in-the-green)

Only if an attacker is attempting to brute force every possible combination, which no one will do. As soon as they learn you've used a repeating pattern, it becomes exponentially easier.

The point would be instead of having 5 individual wallets, you could have a single 2-of-3 multi-sig wallet. The security of each wallet is improved despite requiring fewer back ups.

You are mistaken here. You can combine a single seed phrase with as many different passphrases as you like to create as many different wallets as you like. If an attacker accesses your seed phrase, they will only be able to access the base wallet and not any of the passphrased wallets unless they also steal or bruteforce each passphrase individually.

No way for attacker to learn that SHA256 message contains a repeating pattern as SHA256 is irreversible function in practice. The point here is that password is SHA256 [message] rather than message itself. User can easily remember that message as it is patterned but for attacker it will be inaccessible to like a sealed book.

My point being only if an attacker has no idea how you generated the passphrase. And given that you've just shared this method on a public forum, that's no longer the case. :P

I prefer simply using truly random passphrases, just as your seed phrase should also be truly random and not generated from an easy to remember string. Taking SHA256(string) is simply a brain wallet, and we have tens of thousands of examples showing that brain wallets are horrendously insecure and having all their coins stolen.

Random passphrase, backed up on paper, stored separately to your seed phrase. Done.

For high amount of bitcoin like 5 BTC, you can even go for wallet on an airgapped device in a way that you will only make transaction using QR code which is the safest means to transfer unsigned and signed transactions. You can go for wallets like Electrum 2FA, having the 2FA on another device different from the one used to setup an Electrum 2FA wallet. You can go for multisig. Buying two hardware wallets or even three and use it to setup a multisig wallet. You can even use a reputed hardware wallet.

But people have different opinions. You may not have up to 0.5 BTC not to talk of 5 BTC but have five different wallets. For people that deals with bitcoin and altcoins, there may be different reason they have up to five wallets. Not until when they have up to 5 BTC. That should just be your personal preference. But likely that as someone is having more online wallets, he may want to have the coins on different wallets.

Example is to have a wallet for bitcoin saving, bitcoin spending, altcoins saving, altcoins spending and altcoin staking. That is five wallets already.

It is never advisable to store key phrase online as it is always prone to hackers. As long as internet is concerned every device with internet connection is prone to hackers. If sophisticated centralised exchanges could be hacked  then why can key phrase not be able to hack by hackers. It Is better avoided than allowed happened OP.

As for wallets, excessive opening of wallets compound  more key phrase for storage. I believe it would be nice for one  narrow down  the rate at which one uses multiple wallets as I can result to loss of funds and assets in most cases due to misplaced key phrase as a result of mix-ups.

Nope, still a case, because  firstly , your may construct whatever pattern you want, secondly, you may apply hashing as many times as you want and finally SHA256 is not the only hashing function with irreversible feature. You may even construct your own function which is not known to anybody. You have plenty of choices in fact.  :P :P :P

The point to use this technique is easy remembering message for digesting and, at the same time, to have unbreakable password in outcome.

Now you need to remember your pattern, how many times you repeated it, which hash function you used, how many rounds of the hash function you used, and so on. All to end up with a password generated from <30 bits of entropy. And if you use your own function, then you could easily make a mistake rendering your password very insecure and if you don't back up your function then wave your coins goodbye. Plus relying on your memory for passwords is a recipe for disaster, which is why every good wallet tells you to write down your seed phrase with pen and paper.

It seems to me like a massive overcomplication of a very simple process - generate a random passphrase, and write it down.

Much easier to remember all that things than  password  from random characters.

However I don't say that random passphrases are bad. In fact I 'm using them in my every day life, generating new passwords   for new services when needed. The method I have described I use for my masters password that encrypts my KeePass.

Brute forcing a passphrase is possible when you know the seed (if the passphrase is weak) but brute forcing a seed is not possible even when you know the passphrase because a seed is never weak. So exposing a passphrase is less dangerous than exposing a seed.
Thus IMO, it's less risky to have one single passphrase and several different seeds. Because if one people discovers your passphrase he won't be able to brute force your 5 wallets, while here someone discovering your seed will be able to brute force your wallets if your passphrase isn't strong enough.

It is a common advice to start with. Most people always say that it is never advisable to store your key phrase online that's why I said that it is common. It is indeed helpful to increase your security when you didn't store your key phrase online. As you have known, there's a possibility that the platform that you are using to store your key phrase might get hacked and even If it didn't get hacked, the platform might have vulnerabilities that will cause problems like leaked data. That's the reason why I prefer using offline storage like USB for example but what I really do is to write it in a piece of paper and cover it with transparent packing tape or to laminate the paper.

There have been plenty of weak seed phrases created in the past, via poor, bugged, or malicious wallets or PRNGs.

I disagree. Just make your passphrase have a minimum of 128 bits of entropy, which is the same as 12 word seed phrases and the same amount of security provided by bitcoin private keys. This means 20 characters if you draw from the full set of 95 printable ASCII characters. The advantage of this is if an attacker finds one of your back ups. Let's say you have 5 seed phrases with 1 passphrase. If an attacker finds a back up, there is a 83.33% chance they find a seed phrase, which is immediately identifiable as a seed phrase, so they know to keep looking for other back ups or to target you specifically. If you have 1 seed phrase and 5 passphrases, if an attacker finds a back up then there is a 83.33% chance they find a passphrase, which could be absolutely anything. Bonus points if you have an encrypted file folding fake "sensitive" data locked by that passphrase which you can unlock to prove the passphrase has nothing to do with bitcoin.

There is also the issue of plausible deniability. Having multiple decoy passphrases you can hand over in the case of a $5 wrench attack to protect your real stash is preferable to only having a single passphrase holding everything.

I agree, but you did cherry-pick this one sentence out of a big text that basically told OP that he was decreasing his security by doing this (the complete context was keeping the seed words offline and saving the very complex extension word you'll need every time you want to spend from, for example, a hardware wallet in an encrypted password safe in the cloud)... I clearly stated that everything except using an unique seed phrase + strong extension word and keeping them completely offline in a safe place and separated from each other was decreasing his security.

I merely stated that for some people, it might be ok to create a seedphrase and keep it 100% offline whilst creating strong extension words and keeping them in an encrypted password vault on a reliable cloud storage *might* be good enough for them... I never said it was the best idea, i even stated i would never do it since it wouldn't feel secure enough for me.

Bottom line is that bitcoin is about personal responsibility and personal choice... If you think you'll lose your seed phrase (and all your funds in the meantime), you might be fine storing your seedphrase in a slightly less secure way so the odds of exposing your seeds rise a very little bit whilst your odds of losing your seed decrease a lot.
If you use a hardware wallet on a daily basis, and you're opting to use the one seed for several wallets using a very long extension 13th (or 25th) word, it might be ok for you to store said extension words in an encrypted keepass safe on a cloud vendor's hardware since you'll need to fetch those words very regularly... Is it the safest option? No, it isn't, but it's the one you might be comfortable with (i wouldn't be).
Who am i to judge... The only thing i can say is that for you personally, and your usecase, the opsec you chose *might* be ok... I can only state that i wouldn't do this, and that it's not the *best* way to store sensitive data... But if this is the way you want to work, i cannot and will not stop you...


That was basically what i wanted to say... People do lose their seedprhases from time to time (or their 13th/25th word). The easyer you make it for yourself not to lose access to this sensitive data, the easyer you make it for an attacker... It's about finding a balance... You could potentially store the seedprhase using an ssss that requires 10 out of 10 chunks to restore your seed, then encrypt the passphrase needed for the ssss scheme, then encrypt the 13the/25th word and store all this data in seperated physical places... No hacker will ever be able to rob you, but if you ever need that seed or those extension words, odds are small you'll be able to restore it yourself...

Apologies. I should have prefaced that statement by saying I agree with everything you had written except for that one sentence.

Given the sheer volume of cloud storage hacks which happen on a constant basis, I don't think anyone should ever store anything truly sensitive on the cloud, especially nothing bitcoin related. And while I agree with everything else you said, I would stop short at making that recommendation. Yes, there is a trade off to be had between risk of accidental loss and risk of malicious access, but the risk of a third party accessing something stored on the cloud is so astronomically high that it is unacceptable.

Performing full client side encryption first with a strong algorithm and strong encryption key and so forth is all well and good, but the majority of people using cloud storage do not do this, and the people who are capable of doing this properly probably aren't using cloud storage in the first place. There are countless examples of cloud storage services which claim to encrypt all your files first doing so poorly, or incompletely, or insecurely, or leaking data on transfer, and so on. These services simply cannot be trusted. And if you have somewhere secure to back up your long and random decryption key, then why not just use that place to back up your passphrase in the first place?

If you really feel you cannot safely back up a seed phrase offline, then there are other options which are much preferable to cloud storage, such as a multi-sig distributed between multiple locations or multiple trusted friends or family members.

In this context, what do you think about cloud vault solutions like the "Personal Vault" on an Office 365 account?
 
The additional identification barrier should make it much more difficult for hackers to gain access. Not, of course, from attacks via backdoors, which Microsoft employees, for example, could then exploit. However, the fact that the Vault is directly integrated into OneDrive means that even technically unsophisticated crypto owners can use it very easily.

For me personally, using the Vault to store my Mnemonic Code is out of the question, but I would definitely store scanned documents like my passport there.

It's not about attackers hacking the log in credentials for your individual account, which can be made next to impossible by requiring a hardware 2FA key for example, but rather the security of the entire system.

I assume this Microsoft software is closed source, meaning you are trusting completely that it is encrypting your data properly, with a secure algorithm, with a secure key, without leaking anything, and then transferring it securely, and then storing it securely across multiple servers in multiple countries. You have no idea how good or bad that security is, no idea where these servers are, no idea who has physical access to these servers, and so on.

As I explained above, you can find many examples of failure somewhere in this process and data being leaked. Every big entity has experienced data leaks in the past - Microsoft, Google, Apple, Amazon, Meta, the lot. It would incredibly naive to think they won't experience data leaks again in the future.

I'm not about to trust the safety of my funds to a closed source process designed and implemented by a company which has a record of leaking data.