Trezor Passphrase Security - What If My 24 Words Got Out?

[hypersafe2020]

I looked into the Trezor wallets and they have a feature were you can create as many wallets as you like with one 24 word seed. You can use just the 24 word seed or use the 24 word seed with a passphrase on top of it.

Now if my 24 words got out there but not my passphrase, how long would it take for someone to crack my passphrase? How much more vulnerable would I be with 24 words known but my passphrase is still secure?

[1713883225]

1713883225

[1713883225]

1713883225

[1713883225]

1713883225

[1713883225]

1713883225

[1713883225]

1713883225

[OmegaStarScream]

It all depends on the complexity/strength of your passphrase. It can take anywhere from a few minutes to a lifetime.

Trezor has an article about this, give it a read: https://blog.trezor.io/is-your-passphrase-strong-enough-d687f44c63af

[DireWolfM14]

The only thing I'll add to what OmegaStarScream said is that it could take billions of eons to crack a really complex passphrase.  A passphrase can be any ASCII character, lower-case, upper-case, numbers, and special characters.  A highly complicated passphrase would be nearly impossible to crack.

Having said that, if you think your seed phrase has been compromised, set up a new one as quickly as possible.  If you misplaced or lost your Trezor, assume your seed phrase has been compromised. 

[Csmiami]

--

Isn't the whole article based on the assumption of the user getting the Hardware wallet robbed, but with the seed not leaked? The attacker tries to bruteforce the password in order to access the device and steal the funds, that we all get.

But in the event of the seed being leaked, that's what I understood from OP, wouldn't the attacker be able of importing it without the need of the passphrase? I imagine how the scenario would be with say, electrum wallet, and if I have a seed, the it doesn't matter that I loose the password.

[DireWolfM14]

--

Isn't the whole article based on the assumption of the user getting the Hardware wallet robbed, but with the seed not leaked? The attacker tries to bruteforce the password in order to access the device and steal the funds, that we all get.

But in the event of the seed being leaked, that's what I understood from OP, wouldn't the attacker be able of importing it without the need of the passphrase? I imagine how the scenario would be with say, electrum wallet, and if I have a seed, the it doesn't matter that I loose the password.

Adding a passphrase to a 12-word seed phrase essentially turns the seed into a 13-word seed phrase, except that 13th word isn't limited to the Bip39 word list.  The passphrase can by any word or set of ASCII characters.

By adding a passphrase you are hashing a completely new HD wallet, with a new set of addresses.  Without having access to both, the seed phrase and the passphrase, the your wallet is protected.  One or other is essentially useless.

If your Trezor is stolen, and the thief is able to hack your PIN, and extract your seed phrase, he wouldn't be able to steel your bitcoin unless he also has your passphrase.

[HCP]

But in the event of the seed being leaked, that's what I understood from OP, wouldn't the attacker be able of importing it without the need of the passphrase? I imagine how the scenario would be with say, electrum wallet, and if I have a seed, the it doesn't matter that I loose the password.

Even if you put your words in Electrum, you'd only see the "default" wallet... unless you clicked the "Extend this seed with custom words" option:


and then entered your "passphrase".

NOTE: A BIP39 Passphrase is not the same as a wallet password .

They're completely different concepts as you can see from DireWolf's explanation regarding the BIP39 passphrase. Without that passphrase, the 24 words alone are not enough to generate your passphrase protected wallet.

You can test by using Ian Coleman's "Mnemonic Code Converter". Generate a new random seed mnemonic... and note the "BIP39 seed" and some of the private keys/address. Then type something in the "BIP39 Passphrase (optional)" box. You'll see that as soon as you enter anything, the "BIP39 seed" changes and then all the derived private keys and addresses also change.

Having an empty "BIP39 passphrase" is like the "default" wallet in Trezor and Ledger etc... putting anything in that box is like using a "passphrase".

Whereas, the wallet "password" used in something like Electrum is simply for encrypting the wallet data... but you can change that password without affecting the wallet addresses being generated.

[Csmiami]

---

Yep, thanks for adding the info. Once I saw Direwolfs' reply, I started looking around; and found the Trezor blog entry about how passphrases work. I don't really know how I skipped it when I bought the device, but it was something interesting to read and learn about

[bob123]

Isn't the whole article based on the assumption of the user getting the Hardware wallet robbed, but with the seed not leaked?

If someone is able to gain access to a trezor, he can extract the seed within a few minutes, given that he has the necessary knowledge/hardware on how to accomplish that.

The thing with the trezor hardware wallets is that the security heavily relies on the password.

There are some hardware projects already which automatically glitch the trezor at the right time to extract the seed (and the pin). This roughly takes 2-5 minutes.


@OP
It depends on your password. More on the amount of characters than on the complexity. With 20-30 chars, you are definitely fine. 5-8 would be pretty risky.

[Rath_]

If someone is able to gain access to a trezor, he can extract the seed within a few minutes, given that he has the necessary knowledge/hardware on how to accomplish that.

The thing with the trezor hardware wallets is that the security heavily relies on the password.

Actually, since the recent update, there's another way to mitigate this problem. Trezor T can save a secret on any SD card which along with PIN encrypt the data stored on the device. So, keeping the SD card separately makes the attack invalid. I have described it in this thread in more detail. Trezor One users are out of luck.

[o_e_l_e_o]

I don't really know how I skipped it when I bought the device, but it was something interesting to read and learn about

It isn't something to just learn about - it something that you should be using.

Passphrases are great tool for everyone to use. If your seed phrase is backed up on paper (as it should be), then if that paper is stolen then so are all your funds. An attacker with access to your seed phrase can clear out all your coins in a matter of minutes. If you use a passphrase in addition to your seed phrase, then an attacker with your seed phrase has to then also brute-force your passphrase. If your passphrase is long and random enough this is essentially impossible, meaning an attacker with your seed phrase can do nothing and your coins remain safe. You should also back your passphrase up on paper but separately to your seed phrase, so an attacker finding one doesn't immediately find the other.

You can use as many different passphrases as you like with a single seed phrase, allowing you to create unlimited numbers of "hidden" wallets. This also provides protection against physical attacks on your person in the form of plausible deniability.

Further, since you are using a Trezor, due to the vulnerabilities of the device anyone who has physical access to it is able to extract your seed phrase. If you are not using a passphrase, then as above, your coins can be quickly stolen.

I would highly recommend everyone use a passphrase. Just remember to back it up, as if you forget it, your coins will be lost.