Passhprase strength

[Nunuface]

hi

[1714791442]

1714791442

[1714791442]

1714791442

[1714791442]

1714791442

[DannyHamilton]

HI guys

I am seeing too many horror posts regarding BTC being stolen so I am going to protect my coins by a passphrase.
Would 6 names of family members would be secure enough? Because I prefer my passphrase to be memorized.
I realize that 6 names of family members isn't as secure as completely random words but not having to write anything down or store anything has many security benefits too.
My keys are safely stored offline already.

It was safer before you asked.

Now that you've told the entire world that you plan to use "6 names of family members", an attacker can just take the time to learn who all of your family are and then use that information to take your bitcoins.

Would 6 random names be safe enough as passhprase against brute force attacks if my private key is known?

NO.

A password is useless once your private key is known.  A password is to keep someone from gaining access to your private keys.

If you do not have exclusive access to your private keys, then you do not exclusively control your bitcoins.

[DireWolfM14]

So let me rephrase: if my 24-words are known, would 6 random words as a passphrase on top of my 24-words protect me against a bruteforce attack? I dont need exchange level security because im not rich, but just wondering

Thanks for the help!

Yes.  Your passphrase essentially becomes an extension of your seed phrase.  Anyone who has your seed phrase would find an empty wallet, unless they also know your passphrase.  Six random words is a pretty safe bet.  I'm not sure about Ledger, but Trezor can accommodate 35 characters for a passphrase.  That might be the standard for Bip39, so I imagine it's the same with any hardware wallet that supports Bip39 passphrases. 

[nc50lc]

So let me rephrase: if my 24-words are known, would 6 random words as a passphrase on top of my 24-words protect me against a bruteforce attack? I dont need exchange level security because im not rich, but just wondering

Yes, the BIP39 passphrase protects the entire wallet by changing the derived master private key depending on your passphrase;
but each private key (if you've exported), aren't safe when stored in an unsecured storage.

I got a feeling that you're mixing up the terms: private key, keys and seed.

I understand your point that my idea was more safe before I told anyone. That's why I created a new account for this question.
-snip-

But the second half of DannyHamilton's post remains valid because anyone can access the paired address' funds if its private key was leaked.
But then again, there's no known hardware that can bruteforce private keys without any "hint".
What do you mean by "bruteforce attack", _[1] getting the seed using the private key(s) or _[2] bruteforcing the BIP39 mnemonic phrase or private key?
1: IDK if that "gossip" is even possible. But if ever, the passphrase wont help as it's not the "BIP39 seed" (mnemonic phrase) that will be bruteforced, it's the "seed" (where your private keys were derived).
2: Almost impossible.

[Nunuface]

hi

[o_e_l_e_o]

I'm not sure about Ledger, but Trezor can accommodate 35 characters for a passphrase.  That might be the standard for Bip39, so I imagine it's the same with any hardware wallet that supports Bip39 passphrases.

The max passphrase length on a Trezor is actually 50 characters (https://wiki.trezor.io/Passphrase), whilst on a Ledger it is 100 characters (https://support.ledger.com/hc/en-us/articles/115005214529-Advanced-passphrase-security).

There is theoretically no limit to how long a passphrase can be. The passphrase is simply used as a salt for the PBKDF2 function, which turns mnemonic phrase in to seed. (You can read more here: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki) As a quick test, I just created and then recovered an Electrum wallet with a passphrase of 20,000 characters.

My question is: what if I publicly post my 24-word seed, how safe would my funds behind the passphrase then be?

Ok. Well first of all, obviously don't do that.

The answer to your question depends on a couple of things. If the attacker knows nothing about your passphrase, and is going to simply have to brute force every combination of 48 characters (6 words * 8 characters each), drawing from a full 95 character ASCII set, this would give 95^48, which is approximately equivalent to 315 bits of entropy. This will never be hacked, and is significantly more entropy than a 24 word mnemonic phrase (256 bits).

If the attacker knows that you have joined 6 dictionary words together, assuming an English word list of around 200,000 words, you are now looking at 200,000^6 combinations, which is around 105 bits of entropy, which although much less, is almost certainly still going to be plenty.

If the attacker knows that you have joined 6 names together, then the number of combinations is far, far smaller. However, if the attack doesn't know any of that, and is just going to blindly bruteforce, then the chances are they would still start with a straightforward dictionary attack.

[o_e_l_e_o]

Its same as other wallet like electrum, you are able to recover with only seed. You don't need passphras to recover fund. So, Do not share your seed phrase with anybody

That's not quite accurate.

If someone has your mnemonic phrase, then yes, they can derive your seed, from that your private keys, and steal all your coins within your main wallet.

However, if you use a passphrase in addition to the mnemonic phrase, then it generates an entirely different seed and entirely different private keys. Just having your mnemonic phrase isn't enough to steal these coins - an attacker also needs to know the passphrase in addition to the mnemonic phrase.

You can have one set of addresses in your main wallet, protected only by your mnemonic phrase, but you can also have a second (or third, or fourth, or as many as you want) set of addresses, also protected by the same mnemonic phrase with an additional passphrase. You can use as many different passphrases with the same mnemonic phrase as you want, and each passphrase will generate an entirely separate set of keys and addresses. Furthermore, there is no way to prove that one or more passphrase protected wallet(s) even exist (except I suppose if you have obviously linked them via blockchain analytics). This is part of the reason for using one or more passphrases - plausible deniability. If someone attacks you, you can hand over your mnemonic phrase and they can empty out your main addresses, but they can't access (or even be sure they exist) any additional passphrase protected addresses.

I think you might be confusing a BIP39 passphrase (with acts like an additional 25th word to your mnemonic phrase), and the Ledger Nano's PIN to unlock the device. Have a read of this for some more info: https://support.ledger.com/hc/en-us/articles/115005214529-Advanced-passphrase-security

[Nunuface]

hi

[Welsh]

We couldn't possibly answer this question as there are multiple factors to consider, and at the end of the day its you that has to be comfortable with keeping a large amount of Bitcoin in your own home. I wouldn't even keep my life savings in one place let alone in one wallet, but then you have to consider if putting it in multiple locations is any safer. An option you have is splitting the passphrase up into multiple pieces, and storing them in multiple locations. Thus rendering each bit useless without the other. However, that might be going a little bit overboard if you're comfortable enough with the setup.

Some of the things to consider, and ask yourself:

- Likelihood of your house being burgled
- Likelihood of where your coins are stored from damage (flooding etc)
- Whether anyone knows you own Bitcoin
- If your house was burgled, how easy is it to access where the wallet is stored
- Considering the fact that your house has documents, and pictures the thief might be able to identify you, and your family members, and potentially guess that.

Probably more that I'm failing to remember to as of right now. However, despite all of this your setup is likely more secure than the majority of users on here. Although, all of this is subjective some users here will pick a bone with sharing with family members in case of death or they might be worried that the USB you intend on using might be compromised, but its all down to your personal comfort level, and trust.

Are there security issues with your proposed setup? Yeah, definitely. However, its a better setup than average.

[o_e_l_e_o]

In addition to the points made by Welsh above, the thing that jumped out at me was "password protected USB sticks". USB sticks which come with in built software to password protect them can be very variable in their security. I think a better method would be to encrypt your 24 words using a trusted program such as Veracrypt, and store the encrypted file on the USB. You must also take extra care to ensure that your mnemonic phrase never comes close to a computer with internet access. The laptop you are using shouldn't just have the internet turned off for the duration of making the USB sticks - it should have the WiFi card removed and should never go online again.

I also always advise people against remembering things as a sole way of storing information. There are a million and one things that can happen to anyone at any time without warning which can result in memory loss. If someone else knows your passphrase as well, that goes a long way to mitigating the risk, but you might want to also consider physically backing up your passphrase(s). Whether that is storing them on a Cryptosteel in a different location, or also encrypting them and placing them on different USBs, or something else entirely, is up to you.

[Nunuface]

hi gets under water, then I would be screwed.

[Nunuface]

hi

[Pmalek]

- People know I own Bitcoin and that I am a big believer.

People as in your family and closest friends or all your colleagues at work or in school including the junkies and alcoholics hanging out at your street corner? Do you see where I am going with this? The more people know you own Bitcoin the bigger the possibility that someone might try steal it from you.
Don't put yourself in that position and brag about having loads of Bitcoin. You don't need the attention.

[o_e_l_e_o]

The more people know you own Bitcoin the bigger the possibility that someone might try steal it from you.

This is something that I often think about. On one hand, obviously keeping your involvement with bitcoin private is good for you own personal security, but on the other hand, I want to be able to spend bitcoin in person, and I not infrequently talk to local merchants, vendors, tradesmen, etc., about accepting bitcoin (with some success, but that's another story). If no one ever told anyone else that they want to spend/use bitcoin, then there would be no adoption and consequently the price would stagnant and fall.

I don't think simply owning bitcoin makes you a particularly attractive target for scammers, hackers, or thieves. They need to know you are holding enough bitcoin to make it both worth their time and worth the risk. If you have a number of different unconnected wallets, with your main holdings separated, well hidden and not publicized, I think you are relatively safe.

The set up Nunuface is describing is good from this point of view, I think. If his wallet was to be hacked or he was subjected to a $5 wrench attack, he could give away the holdings in his main wallet without it being too big a deal, knowing that his main holdings are safe behind a passphrase.

[Nunuface]

HI

[Nunuface]

I agree - I think there is a very important difference between being enthusiastic about the BTC and taking to shop owners, friends, family members about the possibilities, freedom BTC has to offer and to making people jealous by saying stuff that they can interpret as you having lots of BTC. I think jealous people are dangerous in general and this should be avoided in general, not only with BTC.

I get asked a lot how many coins I got or at what price I bought my first coin. I usually say that I sold all my BTC years ago for a small amount and that it was biggest mistake ever. I am now slowly collecting and hodling/using, but no crazy amounts.

It is very hard because I love talking about BTC with people but I do not want to give them financial advice or making them jealous. That's why I just stick to the technology side and long-term view.

[Nunuface]

HI

[Pmalek]

This is something that I often think about. On one hand, obviously keeping your involvement with bitcoin private is good for you own personal security, but on the other hand, I want to be able to spend bitcoin in person, and I not infrequently talk to local merchants, vendors, tradesmen, etc., about accepting bitcoin

Nothing wrong with that. Dealing with merchants, tradesmen and other bitcoin enthusiasts is good as long as you keep it inside the 'Bitcoin family'. That is why I asked in my previous post what kind of people know that OP owns Bitcoin and what exactly do they know about him. People you trade with, buy or sell to are OK but I would not brag about owning Bitcoin in the public and how safe my hardware wallet is.

[o_e_l_e_o]

Dealing with merchants, tradesmen and other bitcoin enthusiasts is good as long as you keep it inside the 'Bitcoin family'.

That's kind of my point. If we only talk about bitcoin to other people who already use bitcoin, then how is it going to grow? Long term growth of bitcoin (including sustainable price growth as opposed to speculation driven fluctuations) depends on adoption. Adoption will only increase with people who don't use bitcoin starting to use bitcoin. Merchants won't go to the effort of starting to accepting bitcoin unless they know there is a demand for it. If nobody ever talks to merchants/vendors/retailers/tradesmen/whoever about bitcoin, then they won't know there is a demand, they won't ever start accepting it, and adoption will never come.

The future of bitcoin depends on people being vocal about bitcoin and its use, particularly to people outside the "bitcoin family". I'm just not sure the best way to balance that with your own safety.

[dragonvslinux]

Would 6 names of family members would be secure enough? Because I prefer my passphrase to be memorized.

On the pure basis of password strength against brute force attacks and using the 6 of the most common male names from the UK: OliverJacobNoahJackOscarHarry

It would take the following amount of time to brute force using am average computer: 46 NONILLION YEARS / 6130 CENTURIES

Without capitalizing the first letter of each name, it's still pretty good: 86 SEXTILLION YEARS / 10000+CENTURIES

Sources: 1, 2

Looks fine, as long as nobody knows who are right now