I still have problems with the need for 37 random characters for the 25th word.. and let's say if someone just has 10-15 somewhat random characters, then how long is it going to take to break into the Trezor?
I think a lot of confusion has arisen about how strong a passphrase should be to protect someone's seed in case someone comes into physical possession and tries to extract the seed. What someone wanted to emphasize is that a passphrase of at least 37 random characters would provide the same level of protection as the seed itself (24 words) and is practically impossible to brute force, but that does not mean that 10+ characters are not resistant to brute force.
We can always check how long it actually takes to brute force a password on sites like
https://www.passwordmonster.comOnly 9 characters in this password makes it virtually impossible to brute force ->
By the way, we have a long term member in these here parts that swears by that piece of crap, aka Ledger, and surely there are probably quite a few members who may or may not be in the closest about their use (and apparent belief) in the Ledger crap.
Ledger does not have the problems that Trezor has, but if we take into account that a few years ago almost the entire database of users with all the data was hacked, and that a few months ago they announced the revolutionary
"seed recovery" service, they shot themselves in the knee by giving the possibility at all to one such device shares the user's seed with as many as three different companies.
Of course, the service is optional and you pay $9.99 per month, but when someone does something completely contrary to what they have been advocating for years, I wonder how to trust such a company.
Oh I see that the 39+ pin is different from the extra word...and that 39 character pin would resolve the other issue regarding a hacker getting ahold of the physical device and breaking into it.. so that still leaves the issue of the 13th or 25th word actually not needing to be very complicated, and a 8-15 character passphrase may well make it quite difficult to get at the wallet because they would first need to know (or suspect) that such a wallet (or extra portal to a wallet) actually exists in connection with the 12 or 24 word seed that was extracted from the device.
As I already wrote, I think that the passphrase I mentioned above is more than enough if we take into account today's computers and the time it would take for someone to brute force such a password. Of course, the whole thing doesn't matter at all if someone who knows what he's doing doesn't get hold of our hardware wallet.
Speaking of how to take care of our hardware devices, I always remember an interesting film on that very topic - it's worth watching if you haven't seen it already.
https://www.youtube.com/watch?v=hf97ofTlZhk (Schloss Bitcoin (2020) - deutscher Kurzfilm - Crime Black Comedy Subtitles in English, French & more)
Good post.
That was my point in my earlier post about giving ourselves enough time to restore the seed to another device and transfer the coins to another wallet, unknown to the thief. Practically, one needs just a few days/weeks of time, and in most cases the theft can be discovered immediately after the fact, so the transfer can be done in the first 24 hours. This means that the thief has to have a pretty powerful computer rig to be able to brute force a passphrase of 10+ ASCII characters in 24 hours, or even a week or a month.
I've tested variations of my passphrase (even shorter versions of it) in several different, and well-respected, passphrase strength testers, and they all report a crack time of centuries! Another thing to note is that the attacker does not have an immediate indication that the correct passphrase was found, because ALL possible passphrases (even "wrong" ones) result in valid (albeit empty) wallets. So, the attacker will need to check the blockchain against ALL passphrase candidates, and reject those that result in empty wallets.
I'm quite confident that even a modest, few-characters-only passphrase should be able to stall even the seasoned thief for sufficient time for us to transfer our coins to a fresh wallet. Using a 128-bit entropy PIN or passphrase is surely the safest option, but greatly reduces the usability of the wallet, as Jay has pointed out. Furthermore, using such a humongously long/complex PIN/passphrase, you run the risk of "locking yourself out" of your wallet, because you may forget part of it, which may prompt you to write it down somewhere, thereby defeating the purpose of using a PIN/passphrase in the first place.
I particularly liked
vapourminer's "Trezor wipe-restore" method. Never thought of it, and it does make sense for those not using their Trezors often (myself included).
It's a trade-off, with potentially dire consequences at either extreme. I choose the middle ground, i.e., a PIN and passphrase that are complex enough to deter even a seasoned thief/hacker, but memorable enough to reside in the neurons of my brain -- that last part could potentially be dangerous in case of amnesia or head injury.
I'm glad we're having this discussion, it certainly helps us all be more aware of the potential dangers and act accordingly.
Poll
