[ long post advising against using a seed+passphrase, and against using plausible deniability ]
I disagree with many of your points in the above post, the body of which I had to remove in the interest of readability. Readers can click the link above to read your original post, to which I'm replying below.
Adding a passphrase to your seed protects your coins in cases where your plain seed or h/w wallet, such as a Trezor or Ledger, may have been compromised, like in the cases where you can't find your seed backup in the place you expected it to be, or when you lose your Trezor/Ledger. If they were simply lost or thrown away, that's OK, there is no foul play involved, you can simply transfer your coins to a different wallet, even if you're not using an additional passphrase. But, what if they are now in the hands of a thief? In such cases, the passphrase could buy you a significant amount of time (depending on its strength), during which you can transfer your coins to a different wallet. Couple this with plausible deniability, e.g., out of your 100 hypothetical BTC, put only 10 BTC in the plain seed, and the remaining 90 BTC in the seed+passphrase, and the thief will very likely be satisfied and happy to have stolen 10 BTC from you. I wouldn't expect him to attempt to brute force the—now empty—plain seed for an additional passphrase after he has taken your 10 BTC (currently worth more than $100k).
Plain seed result: You had 100 BTC, you lost 100 BTC,
you are left with 0 BTC.
Seed+passphrase result: You had 100 BTC, you lost 10 BTC,
you are left with 90 BTC.
Note that, in the above scenario, you did not have to lie to any authority. Plausible deniability in this case did not involve you having to deny ownership of any coins and subsequently being accused of lying. In any case, it's up to you to decide if and when to lie (and to whom), depending of the specific circumstances. You have a choice. With the plain seed, you don't have that choice. The moment that piece of paper gets into the wrong hands, your imaginary safe is wide open for the paper holder to get in and take your coins—no cracking necessary. That piece of paper is a necessary and sufficient condition for accessing your coins. Adding a passphrase to the mix (not written on that piece of paper), makes that piece of paper a necessary,
but not sufficient condition for accessing your coins. I prefer the latter option!
About the passphrase's cryptographic strength, you can have a strong passphrase that you (and only you) can remember, which is still much easier to remember than the actual seed. I have anonymously tested passphrases with a symbol length and structure similar to the one I'm using to protect my seed, and all test engines have resulted in cracking time estimates of centuries*. Furthermore, even if the passphrase is relatively weak, it may still be able to buy you the time you need to transfer your coins to a different wallet, should you discover that the seed has been compromised. Any passphrase (regardless of its strength) is an additional layer of security. It won't make your coins any less secure, and could buy you time to take action in cases where your seed is compromised.
As for your comment on "above suspicion", I would also like to reach that state IRL (and I believe I have, to a certain extent), but it's not so easy to attain (and maintain). Most of us are social beings interacting with each other, and sooner or later (especially in the coming years, when Bitcoin is expected to sky-rocket) we may become more exposed than we'd like. So, I would be very careful with the statements in the last paragraph of your post. One small leak in your OPSEC could be enough to weaken those statements, in which case you may end up wishing you had that extra layer of security.
---
(*) I'm assuming that the additional passphrase corresponds to the full search space that results from its length and the set of symbols used. If the additional passphrase, as applied to our discussion (i.e., in BIP39), has constraints on length or other parameters, and thus results in a limited search space, I would very much like to know about it, please enlighten me if you can.
---
Edit: Improved syntax.
Poll
