Bitcoin Forum
November 21, 2019, 08:07:45 AM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Passhprase strength  (Read 354 times)
Nunuface
Newbie
*
Offline Offline

Activity: 16
Merit: 4


View Profile
October 08, 2019, 06:56:18 PM
Last edit: October 14, 2019, 07:43:16 PM by Nunuface
 #1

hi
1574323665
Hero Member
*
Offline Offline

Posts: 1574323665

View Profile Personal Message (Offline)

Ignore
1574323665
Reply with quote  #2

1574323665
Report to moderator
1574323665
Hero Member
*
Offline Offline

Posts: 1574323665

View Profile Personal Message (Offline)

Ignore
1574323665
Reply with quote  #2

1574323665
Report to moderator
The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
1574323665
Hero Member
*
Offline Offline

Posts: 1574323665

View Profile Personal Message (Offline)

Ignore
1574323665
Reply with quote  #2

1574323665
Report to moderator
1574323665
Hero Member
*
Offline Offline

Posts: 1574323665

View Profile Personal Message (Offline)

Ignore
1574323665
Reply with quote  #2

1574323665
Report to moderator
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1834
Merit: 2095

Use SegWit and enjoy lower fees.


View Profile WWW
October 08, 2019, 07:21:00 PM
 #2

Choosing good passphrase / password is quite tricky and it depends on your attack scenario (such as how much money/time attacker willing to spend and how well do the attacker know about you).

Your passphrase choice is vulnerable against dictionary attack, but if you think the attacker won't have idea about you and your family, then i think it's strong enough against weak/low cost attack scenario.

Would 6 random names be safe enough as passhprase against brute force attacks if my private key is known?

Your passphrase doesn't matter if private key of your Bitcoin address is known

DannyHamilton
Legendary
*
Offline Offline

Activity: 2254
Merit: 1570



View Profile
October 08, 2019, 07:28:40 PM
Merited by Welsh (2), ETFbitcoin (1)
 #3

HI guys

I am seeing too many horror posts regarding BTC being stolen so I am going to protect my coins by a passphrase.
Would 6 names of family members would be secure enough? Because I prefer my passphrase to be memorized.
I realize that 6 names of family members isn't as secure as completely random words but not having to write anything down or store anything has many security benefits too.
My keys are safely stored offline already.

It was safer before you asked.

Now that you've told the entire world that you plan to use "6 names of family members", an attacker can just take the time to learn who all of your family are and then use that information to take your bitcoins.

Would 6 random names be safe enough as passhprase against brute force attacks if my private key is known?

NO.

A password is useless once your private key is known.  A password is to keep someone from gaining access to your private keys.

If you do not have exclusive access to your private keys, then you do not exclusively control your bitcoins.

DireWolfM14
Copper Member
Hero Member
*****
Offline Offline

Activity: 588
Merit: 961



View Profile WWW
October 08, 2019, 09:12:34 PM
 #4

So let me rephrase: if my 24-words are known, would 6 random words as a passphrase on top of my 24-words protect me against a bruteforce attack? I dont need exchange level security because im not rich, but just wondering Smiley

Thanks for the help!

Yes.  Your passphrase essentially becomes an extension of your seed phrase.  Anyone who has your seed phrase would find an empty wallet, unless they also know your passphrase.  Six random words is a pretty safe bet.  I'm not sure about Ledger, but Trezor can accommodate 35 characters for a passphrase.  That might be the standard for Bip39, so I imagine it's the same with any hardware wallet that supports Bip39 passphrases. 

███████████████████████████
█████████▀▄▄▄▄▄██▀▀████████
█████▀▄█▀▀▄▄▄▄▄▄▄▀▀▄▄▀█████
████ █▀▄███████████▄▀██████
███▄█ ███████▀ ██████ █ ███
██▀█ ███  ▀▀█  ▀██████ █ ██
██ █ ████▄▄      ▀▀▀██ █ ██
██ █ █████▌        ▄██ ████
███▄█ █████▄▄   ▄▄███ █▀███

████▀█▄▀█████▌  ▀██▀▄█ ████

█████▄▀▀▄▄▀▀▀▀   ▄▄█▀▄█████
████████▄██▀▀▀▀▀▀██████████

███████████████████████████
|▄█████████████████████████▄
███████████████████████████
████████▀▀▄▄▄▄▄▄▄▀▀████████
██████▀▄▀▀██░░░██▀▀▄▀██████
█████░██▄░░▄▄▄▄▄░░▄██░█████
████░█▀▀░▄██▄▄▄██▄░▀░█░████
████░█▄▄░█░█░░░█░█░▄▄█░████
████░██▀░▀██▀▀▀██▀░▀▀█░████
█████░█░▄▄░▀▀▀▀▀░▄▄░█░█████
██████▄▀██░░▄██░░██▀▄██████
████████▄▄▀▀▀▀▀▀▀▄▄████████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
███████████████████▀█▀░█▀▄█
████████████████████░░░░░▀▄
████▄▄▄▀██████████▄▄░░░░░░▀
███████▀▄░▀▄░░▀▀███▄█░░░░░█
██████▀▄▄▄▀░░░░░░░▀█▄█░█▄█▄
█████▀░░░░░▀▀▀░░░▀▄▀███████
█████░░░░█░███░█░░█░███████
█████▄░░░▀░▀▀▀░▀░▄▀▄███████
██████▄░░░░▀▀▀░▄▄▀▄████████
████████▄▄░░░░▀▄▄██████████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
█████████████▐░░░░█████████
█████████████▐▄▄▄▄█████████
██████▀█▀███▀▀▀███▀█▀██████
███████▄▀▄▀▀░█░▀▀▄▀▄███████
█████████▀▀█▀▀▀█▀▀█████████
████████░█▀▀▀█▀▀▀█░████████
███████░█▀▀█▀▀▀█▀▀█░███████
██████░█▀▀▀█░░░█▀▀▀█░██████
█████░█▀▀█▀▀▀█▀▀▀█▀▀█░█████
████░█▀█▀▀▀█▀▀▀█▀▀▀█▀█░████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
███████████████████████████
███████████████████████████
█████████▀▀▀███████████████
█████▀▀░░▄▄░░░▄████████████
█████▀▄░▀░▄▄▀▀░░▀▄░▄▀██████
█████░░▀█▀░░▀▀░▄░█▄▄▄▄█████
█████▌▀▄▐▌░█░▀░▀░█░░░░█████
██████▄░░█░░░▀▀░▄▀░▀░██████
████████▄▐▌░▄▄█████████████
███████████████████████████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
████████████████████▀▀▀░███
████████████████▄░░░░░░░███
█████████████████▀░░░░░▐███
███████████████▀░░░░▄▄░████
█████████████▀░░░░▄████████
██████████▀▀░░░▄███████████
███████▀░░░▄▄██████████████
███▀▀▄▄▄███████▀▀▀▀▀███████
███████▀▀▀▀▀█░░░░░░░░▀█████
██▀▀▀▀░░░░░▄░░░░░░░░░▄░░▀▀█
░░▄░░░░▀▄░░█▄░░░▄▀░▄█░░░░░░
▀▄░▀█▄▄███▄███▄██▄███▄▄▀░▄▀
|ROULETTE
MINES
TOWERS
DICE
CRASH
──── ─── ─
nc50lc
Hero Member
*****
Offline Offline

Activity: 784
Merit: 798


Self-proclaimed Genius ㊙️


View Profile WWW
October 09, 2019, 03:22:05 AM
 #5

So let me rephrase: if my 24-words are known, would 6 random words as a passphrase on top of my 24-words protect me against a bruteforce attack? I dont need exchange level security because im not rich, but just wondering Smiley
Yes, the BIP39 passphrase protects the entire wallet by changing the derived master private key depending on your passphrase;
but each private key (if you've exported), aren't safe when stored in an unsecured storage.

I got a feeling that you're mixing up the terms: private key, keys and seed.

I understand your point that my idea was more safe before I told anyone. That's why I created a new account for this question.
-snip-
But the second half of DannyHamilton's post remains valid because anyone can access the paired address' funds if its private key was leaked.
But then again, there's no known hardware that can bruteforce private keys without any "hint".

What do you mean by "bruteforce attack", [1] getting the seed using the private key(s) or [2] bruteforcing the BIP39 mnemonic phrase or private key?
1: IDK if that "gossip" is even possible. But if ever, the passphrase wont help as it's not the "BIP39 seed" (mnemonic phrase) that will be bruteforced, it's the "seed" (where your private keys were derived).
2: Almost impossible.

Nunuface
Newbie
*
Offline Offline

Activity: 16
Merit: 4


View Profile
October 09, 2019, 12:09:10 PM
Last edit: October 14, 2019, 07:43:24 PM by Nunuface
 #6

hi
o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 756
Merit: 2997


Decent


View Profile
October 09, 2019, 01:04:30 PM
 #7

I'm not sure about Ledger, but Trezor can accommodate 35 characters for a passphrase.  That might be the standard for Bip39, so I imagine it's the same with any hardware wallet that supports Bip39 passphrases.
The max passphrase length on a Trezor is actually 50 characters (https://wiki.trezor.io/Passphrase), whilst on a Ledger it is 100 characters (https://support.ledger.com/hc/en-us/articles/115005214529-Advanced-passphrase-security).

There is theoretically no limit to how long a passphrase can be. The passphrase is simply used as a salt for the PBKDF2 function, which turns mnemonic phrase in to seed. (You can read more here: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki) As a quick test, I just created and then recovered an Electrum wallet with a passphrase of 20,000 characters.

My question is: what if I publicly post my 24-word seed, how safe would my funds behind the passphrase then be?
Ok. Well first of all, obviously don't do that. Tongue

The answer to your question depends on a couple of things. If the attacker knows nothing about your passphrase, and is going to simply have to brute force every combination of 48 characters (6 words * 8 characters each), drawing from a full 95 character ASCII set, this would give 95^48, which is approximately equivalent to 315 bits of entropy. This will never be hacked, and is significantly more entropy than a 24 word mnemonic phrase (256 bits).

If the attacker knows that you have joined 6 dictionary words together, assuming an English word list of around 200,000 words, you are now looking at 200,000^6 combinations, which is around 105 bits of entropy, which although much less, is almost certainly still going to be plenty.

If the attacker knows that you have joined 6 names together, then the number of combinations is far, far smaller. However, if the attack doesn't know any of that, and is just going to blindly bruteforce, then the chances are they would still start with a straightforward dictionary attack.

o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 756
Merit: 2997


Decent


View Profile
October 09, 2019, 01:49:04 PM
Merited by Coolcryptovator (1), Nunuface (1)
 #8

Its same as other wallet like electrum, you are able to recover with only seed. You don't need passphras to recover fund. So, Do not share your seed phrase with anybody
That's not quite accurate.

If someone has your mnemonic phrase, then yes, they can derive your seed, from that your private keys, and steal all your coins within your main wallet.

However, if you use a passphrase in addition to the mnemonic phrase, then it generates an entirely different seed and entirely different private keys. Just having your mnemonic phrase isn't enough to steal these coins - an attacker also needs to know the passphrase in addition to the mnemonic phrase.

You can have one set of addresses in your main wallet, protected only by your mnemonic phrase, but you can also have a second (or third, or fourth, or as many as you want) set of addresses, also protected by the same mnemonic phrase with an additional passphrase. You can use as many different passphrases with the same mnemonic phrase as you want, and each passphrase will generate an entirely separate set of keys and addresses. Furthermore, there is no way to prove that one or more passphrase protected wallet(s) even exist (except I suppose if you have obviously linked them via blockchain analytics). This is part of the reason for using one or more passphrases - plausible deniability. If someone attacks you, you can hand over your mnemonic phrase and they can empty out your main addresses, but they can't access (or even be sure they exist) any additional passphrase protected addresses.

I think you might be confusing a BIP39 passphrase (with acts like an additional 25th word to your mnemonic phrase), and the Ledger Nano's PIN to unlock the device. Have a read of this for some more info: https://support.ledger.com/hc/en-us/articles/115005214529-Advanced-passphrase-security


Nunuface
Newbie
*
Offline Offline

Activity: 16
Merit: 4


View Profile
October 09, 2019, 07:24:36 PM
Last edit: October 14, 2019, 07:43:38 PM by Nunuface
 #9

hi
Welsh
Staff
Legendary
*
Offline Offline

Activity: 1778
Merit: 1710



View Profile
October 09, 2019, 07:43:13 PM
Merited by suchmoon (4), ETFbitcoin (1), o_e_l_e_o (1)
 #10

We couldn't possibly answer this question as there are multiple factors to consider, and at the end of the day its you that has to be comfortable with keeping a large amount of Bitcoin in your own home. I wouldn't even keep my life savings in one place let alone in one wallet, but then you have to consider if putting it in multiple locations is any safer. An option you have is splitting the passphrase up into multiple pieces, and storing them in multiple locations. Thus rendering each bit useless without the other. However, that might be going a little bit overboard if you're comfortable enough with the setup.

Some of the things to consider, and ask yourself:

- Likelihood of your house being burgled
- Likelihood of where your coins are stored from damage (flooding etc)
- Whether anyone knows you own Bitcoin
- If your house was burgled, how easy is it to access where the wallet is stored
- Considering the fact that your house has documents, and pictures the thief might be able to identify you, and your family members, and potentially guess that.

Probably more that I'm failing to remember to as of right now. However, despite all of this your setup is likely more secure than the majority of users on here. Although, all of this is subjective some users here will pick a bone with sharing with family members in case of death or they might be worried that the USB you intend on using might be compromised, but its all down to your personal comfort level, and trust.

Are there security issues with your proposed setup? Yeah, definitely. However, its a better setup than average.

o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 756
Merit: 2997


Decent


View Profile
October 09, 2019, 09:57:46 PM
 #11

In addition to the points made by Welsh above, the thing that jumped out at me was "password protected USB sticks". USB sticks which come with in built software to password protect them can be very variable in their security. I think a better method would be to encrypt your 24 words using a trusted program such as Veracrypt, and store the encrypted file on the USB. You must also take extra care to ensure that your mnemonic phrase never comes close to a computer with internet access. The laptop you are using shouldn't just have the internet turned off for the duration of making the USB sticks - it should have the WiFi card removed and should never go online again.

I also always advise people against remembering things as a sole way of storing information. There are a million and one things that can happen to anyone at any time without warning which can result in memory loss. If someone else knows your passphrase as well, that goes a long way to mitigating the risk, but you might want to also consider physically backing up your passphrase(s). Whether that is storing them on a Cryptosteel in a different location, or also encrypting them and placing them on different USBs, or something else entirely, is up to you.

Nunuface
Newbie
*
Offline Offline

Activity: 16
Merit: 4


View Profile
October 09, 2019, 10:43:36 PM
Last edit: October 14, 2019, 07:43:47 PM by Nunuface
 #12

hi gets under water, then I would be screwed.
Nunuface
Newbie
*
Offline Offline

Activity: 16
Merit: 4


View Profile
October 09, 2019, 10:58:52 PM
Last edit: October 14, 2019, 07:43:57 PM by Nunuface
Merited by Coolcryptovator (1)
 #13

hi
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1834
Merit: 2095

Use SegWit and enjoy lower fees.


View Profile WWW
October 10, 2019, 05:25:27 AM
 #14

- Likelihood of your house being burgled

I think you misunderstood it a little bit. If my house gets robbed (which is likely since it happened before) the hacker would "only" have my mnemonic seed but not my additional passphrase added to my mnemonic seed.
So the robber would only get pennies which are stories in my main wallet, but not my actual savings which is behind the added passphrase.

- People know I own Bitcoin and that I am a big believer.
- I store the mnemonic seed in different locations, so in the case of a flood I should be fine. Unless my whole city gets under water, then I would be screwed.

So basically combination of obfuscation and decoy strategy.

It's good choice, but since people know you're big believer of Bitcoin, then they might conclude that you store your Bitcoin on multiple wallet/location and attempt to rob your house again.

And regarding "password protected USB sticks", you need to know that flash memory have limited lifespan and it heavily depends on write/read activity, storing condition (humidity, temperature, etc.) and quality of the flash memory itself.

Pmalek
Legendary
*
Offline Offline

Activity: 1134
Merit: 1167



View Profile
October 10, 2019, 08:57:20 AM
 #15

- People know I own Bitcoin and that I am a big believer.
People as in your family and closest friends or all your colleagues at work or in school including the junkies and alcoholics hanging out at your street corner? Do you see where I am going with this? The more people know you own Bitcoin the bigger the possibility that someone might try steal it from you.
Don't put yourself in that position and brag about having loads of Bitcoin. You don't need the attention.

████████████████████████████
████████▀▀ █▀ █▀ ▀██████████
█████████▄ ▄▄▄▄▄▄███████████
██████████▀     ▀  ▀████████
███████▀ ▀  ▄█▀▀▀█▀▀████████
██████▄      █▄  ▀▀  ▀██████
██████         ▄▄█▄ ▄ ▀█████
█████ ▄         ▀▀ ▄ ▀ █████
██████▌          █▀█▀ ▐█████
███████  ▄▌         ▄ ██████
████████▄█         ▄████████
█████████▀     ▄▄ ▄█████████
████████████████████████████
.JACKMATE'S...........
.
MAJESTIC..
████████████████████████
███████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
.
..WIN 1 BITCOIN ON EVERY PREMIER LEAGUE MATCHDAY..
████████████████████████████████
████████████▀█▀ ▀█▀█▀███████████
███████████▄ ▄▄▄▄▄▄▄████████████
███████████▀▀▄▄▄▄▄▄▄▄███████████
█████████▀▄ ██▀▄▄▄ ▀ ▄▀█████████
███████▀ ▀█████▄▄▄█▄▄▄██████████
███████▀▄████████▀  ▀█ █▐███████
███████ ▀█████████▄█▀▀██ ███████
████████ ███▀██████ ▄ ██ ███████
████████▌▐▀▄ ██████████ ▄███████
█████████▄██▌▐█████▀██ █████████
████████████▄▀▀▀▀▀▄ ▀▄██████████
████████████████████████████████
.
.JOIN US - IT'S FREE! .
o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 756
Merit: 2997


Decent


View Profile
October 10, 2019, 11:18:58 AM
 #16

The more people know you own Bitcoin the bigger the possibility that someone might try steal it from you.
This is something that I often think about. On one hand, obviously keeping your involvement with bitcoin private is good for you own personal security, but on the other hand, I want to be able to spend bitcoin in person, and I not infrequently talk to local merchants, vendors, tradesmen, etc., about accepting bitcoin (with some success, but that's another story). If no one ever told anyone else that they want to spend/use bitcoin, then there would be no adoption and consequently the price would stagnant and fall.

I don't think simply owning bitcoin makes you a particularly attractive target for scammers, hackers, or thieves. They need to know you are holding enough bitcoin to make it both worth their time and worth the risk. If you have a number of different unconnected wallets, with your main holdings separated, well hidden and not publicized, I think you are relatively safe.

The set up Nunuface is describing is good from this point of view, I think. If his wallet was to be hacked or he was subjected to a $5 wrench attack, he could give away the holdings in his main wallet without it being too big a deal, knowing that his main holdings are safe behind a passphrase.

Nunuface
Newbie
*
Offline Offline

Activity: 16
Merit: 4


View Profile
October 10, 2019, 12:43:41 PM
Last edit: October 14, 2019, 07:44:05 PM by Nunuface
 #17

HI
Nunuface
Newbie
*
Offline Offline

Activity: 16
Merit: 4


View Profile
October 10, 2019, 01:34:35 PM
 #18


I agree - I think there is a very important difference between being enthusiastic about the BTC and taking to shop owners, friends, family members about the possibilities, freedom BTC has to offer and to making people jealous by saying stuff that they can interpret as you having lots of BTC. I think jealous people are dangerous in general and this should be avoided in general, not only with BTC.

I get asked a lot how many coins I got or at what price I bought my first coin. I usually say that I sold all my BTC years ago for a small amount and that it was biggest mistake ever. I am now slowly collecting and hodling/using, but no crazy amounts.

It is very hard because I love talking about BTC with people but I do not want to give them financial advice or making them jealous. That's why I just stick to the technology side and long-term view.
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1834
Merit: 2095

Use SegWit and enjoy lower fees.


View Profile WWW
October 10, 2019, 05:31:18 PM
 #19

I was not aware of the fact that password protected USB sticks have a limited lifespan. Since they are stored in a low humidity/room temperature with nearly no write/read activity I think they can last some time, but it's definitely good to be aware that they don't last forever. Thanks!

I should specify it applies to any kinds of USB sticks (and any storage device actually).

Consider replacing it every 5 - 10 years and having more than one backup solution (which you already done).

Nunuface
Newbie
*
Offline Offline

Activity: 16
Merit: 4


View Profile
October 10, 2019, 11:02:18 PM
Last edit: October 14, 2019, 07:44:15 PM by Nunuface
 #20

HI
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!