The video from Andreas Antonopoulous that I shared in post #15 explains very clearly why both of these are overly cute solutions that actually reduce your security. It's worth the 14 minutes to watch, IMO: https://www.youtube.com/watch?v=jP7pEgBpaO0

In a nutshell:

- Common phrases, book passages, quotes, etc. are easier to crack than 6 to 8 randomly picked words.

- Making things overly complex by choosing longer passages increases your odds of incorrectly entering data (on creation and/or recovery), forgetting where the passage starts and stops and details on how it was entered, and ultimately losing access to your crypto.

- Splitting your 24 words into two lists may help some, but not as much as you might think. If an attacker finds half of your word list, the other half is much easier to crack. 24 words provides 256 bits of entropy. 12 words gives you 128 bits of entropy (which is still good), but that something like 10^35 less complex to crack, and not 1/2 as difficult to crack as you might think.

- According to Andreas, the best option is to safeguard your words and apply a 6-8 random word passphrase to provide a 2nd layer of protection. Store the seed phrase and pass phrase securely and separately and you've got a good measure of protection that balances solution complexity and security while reducing the risk of permanent loss due to human error. Towards the end of the video, he gives some cautionary examples of how overly complicating the solution can cause you to forever lose access to your crypto.

I came across a comprehensive Q&A from Andreas Antonopoulos about using optional passphrases. I'm posting it here for reference in case it's of interest:

https://www.youtube.com/watch?v=jP7pEgBpaO0

Andreas provides a clear and approachable explanation of how passphrases work, things to avoid, how long it would take to brute force them, and best practices for using them. He recommends using a passphrase that's comprised of six to eight random words (!) to balance security and complexity.    

Thanks to o_e_l_e_o for introducing me to Andreas' work! It's really accelerating my learning.

Thank you both! I feel very confident about diving into this now, thanks to all of the guidance that you and others have patiently given me in this thread. You've answered so many of my open questions, and I'm very appreciative.
 
o_e_l_e_o, thank you as well for mentioning Andreas Antonopoulous in my other post. If I had more merit points left that I could give you, I would. You're an incredible asset to this community.

I wish I'd discovered Andreas' YouTube channel years ago. I watched a couple of his introductory videos last night, and was blown away by how good they are. He has a large subscriber base on YouTube, but I'm a little saddened that his individual videos have had relatively few views over the years. It's a shame. He also seems to have stopped posting new videos on YouTube in the past year. I'm going to try to catch up on his video archive, and also subscribe to his Patreon to support his newer content.

o_e_l_e_o, Thanks for keeping me honest about the fact that I don't have an air-gapped system. I'll stop referring to it that way, and think of it as a dedicated crypto computer.  
dkbit98 Thanks for helping to round out my understanding of bitcoin account types, and for your guidance on blockchain explorers
Husires, m2017 Thanks for encouraging me to consider using Linux instead of Windows. I'm open to the idea
Elevates Thank you for the security tips, and for pointing me to Ledger Academy. I'll spend some time today using their learning resources

I'm grateful to all of you for your guidance. Your responses made me think of a few questions I wanted to ask, which will hopefully be useful to others as well:

1. Linux Distro recommendations - Is a mainstream distribution like Ubuntu preferred, or would you lean to a security focused distro like Tails, Qubes OS, etc?  Is there a go-to security focused distro you would recommend, that also offers good compatibility for running a full node and mempool explorer?  Most of the reviews I see online can't seem to agree on their top 3 recommendations for secure Linux distros, though many of the same names show up in their larger lists.

2. Using TOR instead of Firefox or Chrome - Would you have any concerns about using TOR as the primary browser for downloading software and performing crypto transactions? Traffic traverses a lot of nodes in TOR, but from a privacy standpoint, it should be more secure. I just don't know if this is considered a good or bad practice in the crypto community.

3. Using a VPN - Any thoughts on how important this is, if you're already using a privacy browser like TOR?  I've read conflicting things on the Internet about whether to use TOR + a VPN together or not. I have no idea what to make of it.

4. Using a dedicated crypto computer vs. air-gapped computer - In the foreseeable future, I'm not planning to spend crypto. I'm just stacking sats and accummulating coins for the the long-term. Given this, can you help me better understand what situations would warrant investing in an air-gapped computer? Although it's not air-gapped, I feel it's worth having a dedicated crypto PC solely to perform crypto tasks (e.g., logging into my exchange and transferring coins to my hardware wallet, using a block chain explorer, running a full node, running the ledger software, etc). The way I think about it is by restricting the number of websites/code I run on the dedicated PC, the less likely it is that I'll end up being exposed to crypto malware. To use a real world analogy, I think it's similar to the way that reducing the number of people you interact with reduces your likelihood of catching a virus and getting sick. What are your thoughts?

 

Thank you for your thoughtful reply, o_e_l_e_o.

As I get deeper into this, I'm realizing there's so much bad and/or only partially accurate information out there...I'm going to make an effort to spend more time here learning from this community going forward.

Yes, you're absolutely right. I was conflating "public key" and "wallet address" as being the same thing. In my defense, I've watched multiple videos on YouTube as I've been trying to learn crypto concepts that say explicitly that the public key is the same thing as your wallet address. Here are a few brief examples:

https://www.youtube.com/watch?v=GSTiKjnBaes
https://www.youtube.com/watch?v=bvSJm7fHXto

But based on what you said above, it seems like those videos are wrong (or at best, are oversimplifying). I searched some more and came across this video, which suggests it's more complicated than this, and that as you say, a wallet address is actually a hash of the public key, and not the public key itself:

https://www.youtube.com/watch?v=8es3qQWkEiU

Thank you for leading me in the right direction, Hossein! As a follow up question, I wanted to ask: Are there any situations where you'd ever hand out the public key directly to someone? I'm wondering why there's even a distinction between wallet address and public key (and why both exist) if all the other party needs is a hashed wallet address to transfer crypto to you.


Thank you for this as well! It's incredibly helpful to have as a reference.

There are definitely tradeoffs to consider. Losing your password is one more vector to lose your coins, but then again having someone find your seed phrase without a password protecting it leads to the same outcome. I've just never hear anyone talk about adding a password to your seed phrase when dealing with hardware wallets.

That said, I did come across this thread that shows it's possible to add a 25th word on the Nano S, for example. Maybe it's just an issue of discoverability/promotion...

https://bitcointalk.org/index.php?topic=5283562.0. 

As I've been trying to get more educated on bitcoin, I came across this wiki link on seed phrases.

https://en.bitcoin.it/wiki/Seed_phrase

Seed phrases, like all backups, can store any amount of bitcoins. It's a concerning idea to possibly have enough money to purchase an entire building with the key just sitting on a sheet of paper without any protection. For this reason many wallets make it possible to encrypt a seed phrase with a password.

The password can be used to create a two-factor seed phrase where both "something you have" plus "something you know" is required to unlock your bitcoins.

This works by having the wallet creating a seed phrase and asking the user for a password. Then both the seed phrase and extra word are required to recover the wallet. Electrum and some other wallets call the passphrase a "seed extension", "extension word" or "13th/25th word". The BIP39 standard defines a way of passphrase-protecting a seed phrase. A similar scheme is also used in the Electrum standard. If a passphrase is not present, an empty string "" is used instead.

Warning! Forgetting this password will result in the bitcoin wallet and any contained money being lost. Do not overestimate your ability to remember passphrases especially when you may not use it very often. Also, the seed phrase password should not be confused with the password used to encrypt your wallet file on disk. This is probably why many wallets call it an extension word instead of a password.

It got me thinking...

1. Why doesn't every hardware wallet support the use of a seed phase + password?  It seems like a really simple way to add a layer of protection in case the seed phrase you've written down is discovered. Right now, written seed phrases are like writing your bank account and log-in credentials on a piece of paper and hoping nobody finds it.

2. Do modern hardware wallets like the Ledger Nano S Plus, Nano X, Trezor, etc. already support applying a password to seed phrases? Is it just a feature that's hidden and not promoted that much?

Thank you for helping me fill out the gaps in my understanding, Hosseinimr. In particular, I appreciate the privacy related insights you pointed out about connecting to an Electrum server and the value of running a private node. Looks like I have a bit more learning to do on those topics.  

I definitely don't ever want to give out my private keys. I'm mainly trying to avoid inadvertently doing that as I read the horror stories of people who accidentally sent their private key instead of their public one and had all of their coins stolen. I wish the two didn't look so similar. It's why I'm trying to figure out if there are obvious clues to look for to distinguish a public key from a private one.

First of all, I just wanted to say thank you to all of you who patiently answer questions for us newbies. We appreciate it more than you know. I'm getting ready to transfer BTC from an exchange to self custody on a Ledger hardware wallet. I've tried to get as educated as I can, but wanted to confirm if I'm missing anything in terms of best practices before starting. Here's what I have in mind:

(Kind-of) Air-Gapped Computer
1. I bought a dedicated Windows laptop, re-formatted the hard drive and installed a fresh copy of Windows directly from Microsoft
2. I ran Windows Update to get the latest security patches
3. I installed the Chrome browser

It should be a clean machine with no malware, bloatware or adware. I refer to it as "kind-of air gapped" because I had to connect to the Internet to download Windows from the Microsoft web site, download patches through Windows Update, and install Chrome.  I read the purists saying you have to have a virgin computer that never touched the Internet, and install Linux on it, but I wonder if this is really necessary given that my private keys are stored on the hardware wallet and never make it to the PC. Technically, I guess it's not an air-gapped system, but more of a dedicated computer that will only be used for the following things:

- To install and update the hardware wallet and install/run the ledger software and apps
- To set up a watch-only wallet
- To log into the exchange web site to transfer my coins to my hardware wallet
- To run a full node (if I need to)

I don't plan to use it for anything else, but in the back of my mind I'm wondering if any of this is necessary and/or putting my coins at risk

Setting Up the Hardware Wallet

1. Setup the Ledger. Create the seed phrase and write it down on paper (no photos, no copy paste, no online storage, etc.)
2. Make sure I go only to the real Ledger web site, install the Ledger software, and download the Ledger apps for the handful of coins I'm interested in storing (nothing too crazy - just half a dozen of the major, established coins)

Set up a watch only software wallet on my PC
I haven't done this yet, but was wondering if I could get your advice on best practices for doing this. Some specific questions I have:

Q. I was thinking of using the Electrum software wallet. Are there any better options?
Q. Any concerns with installing the watch only wallet on my regular daily-use PC instead of the dedicated crypto PC?
Q. Are there any best practices for setting up a watch only wallet?

Transfer the coins from the exchange to the hardware wallet
Here, I'm assuming that the general process is to log into the ledger software, say I want to transfer coins to to my hardware wallet. Take the public key/wallet address Ledger generates and give that to the exchange to initiate the transfer. I was planning to do all of this on the dedicated computer. Then wait for a while for the transaction to be validated and the transfer to be completed. I can use a block chain explorer to monitor what's happening with the transaction. Wait until multiple confirmations are showing to feel confident that everything went through, and check the watch only wallet to confirm the right balance is showing. Some general questions I have here:

Q. Am I missing anything or getting anything wrong in these steps?
Q. The biggest risk seems to be accidentally sending the private key instead of the public key. Is that foolproof on modern hardware wallets (e.g., do you have to go through a stupid amount of work to get the private key, making it less likely to screw up) or is there something to watch out for?
Q. Do public wallet addresses always start with 1 or 3 (which something I'd read)? How many characters long are public keys compared to private ones? Is there some other high confidence way confirm the string is the public key and not the private one?
Q. What blockchain explorer would you all recommend using?
Q. Do I need to set-up a full node to do this (i.e., is it really necessary)? If so, should I set up the node on my dedicated computer, or on my regular daily use PC? Does it matter?
Q. Lastly, can anyone help me understand the concept of sweeping and if it's something I need to explicitly do? Does ledger automatically take care of that?

Please let me know if I'm thinking about any of this the wrong way, and thanks again for your patience and willingness to help me figure this out! BTC still seems too complicated for mainstream adoption, but I'm committed to getting on board, and hoping someday that I can pay the knowledge forward.

I've read the hardware wallet mega thread, but still don't have a clear answer on what wallets are recommended and which ones to stay away from. What are the best hardware wallets on the market today, and which ones would you recommend for storing mainstream coins like BTC, ETH, SOL, MATIC, etc.? I'm looking for a cold wallet for long-term storage, and am open to air gapped solutions with a solid track record as well. Which ones would you recommend and why?

Thanks in advance! This community is very helpful, and it's a blessing that there are resources like this beginners forum for those of us who are early in our crypto journey.