jerry0 (OP)
|
|
October 21, 2020, 08:14:11 PM |
|
I always felt safe is bad idea because isn't that the first place a thief would look besides it in the open and the table/drawers? So hide the safe. Bolt it to some concrete underneath your floorboards. No thief is going to find it unless they demolish your house. Now if you hide it in a notebook or in the open, but its like hidden in words or things like that, well a thief wouldn't even check that wouldn't you agree? Why wouldn't they? I assume in this scenario the thief knows that they are looking for a bitcoin seed phrase. Words circled in a book or a list of words in a notebook is going to be entirely obvious. You say the code is trivial, but how would they even figure it out? I mean it could mean a password that is in code form or something. Unless that thief knows what it is... wouldn't that be good idea? A thief who is looking for a seed phrase and finds a list of 24 items will almost immediately realize what they are looking at, even if they aren't "words" as such. A half decent computer will be able to break any simple cipher such as an Caeser cipher or Vigenère cipher almost immediately. What do you mean store it in protect format and encrypt it? You mean like in a document and encrypt it with axcrypt or bitlocker? But what you mean encryption key on paper separately? I dont get the paper part.
I mean encrypt the seed phrase and store the encrypted file or text. Whatever key you used to encrypt it should then be stored on paper separately, otherwise you are relying entirely on your memory for your back up. Well I don't think thieves would be targeting bitcoin... dont you think? I mean most thiefs are looking for cash and valuables. Unless they know a specific place has btc, then wouldnt you agree unless its targeted, then a notebook with the words would be safe? Well i dont mean circling words... that would be obvious. But i mean you have a ton of words and sentences but you know exactly what page each one is on... you write it down somewhere or store it online. Also what percent of thieves do you think would even think much if they see words circled? I dont think that many would know about it. Well if a thief knows about crypto, yes obviously they will realize what it is. But would you say even half of thieves know about crypto and the seed? Im sure most ppl know or heard about crypto but you think most know a word seed is where ppl store it? Well if you encrypt the seed phrase and store it in encrypted file or text... yes that is safe. Now you saying if you store it in usb or something not connected to internet right? But if you print it out... well isn't that the same thing as writing it down on paper? Well relying on memory for seed is obviously bad idea. Some ppl say they remember it. Now i could imagine a 12 word seed wouldn't be that hard to remember... but still easy to forget. Now if you talk about a 24 word seed... that is insane.. dont you agree? Now also something else. I read electrum allows you to put another word to the seed and so does nano ledger s. But do ppl do that or not? The thing now is the most important question... if you put a 13th word seed for electrum or a 25th word seed for nano ledger s... does that last word has to be from that 2000+ word list or not? If NOT... then wouldn't it make sense to always do that? Because if you do... i mean how could someone figure that last word out? But what are the requirements for the last word? It has to be letters right? So could it be like dogwenttotheoutsideagain If so... wouldn't this be the safest way to do this? Since if you somehow expose your electrum or nano ledger seed... that person still need your last word? I mean you could make it like catwenttoplaywiththefrog right? Now if that last word has to be one of the word list, then obviously that isn't going to be that effective.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18771
|
|
October 21, 2020, 08:29:39 PM |
|
Now also something else. I read electrum allows you to put another word to the seed and so does nano ledger s. But do ppl do that or not? The thing now is the most important question... if you put a 13th word seed for electrum or a 25th word seed for nano ledger s... does that last word has to be from that 2000+ word list or not? If NOT... then wouldn't it make sense to always do that? Because if you do... i mean how could someone figure that last word out? But what are the requirements for the last word? It has to be letters right? This is called a passphrase. It is a feature of BIP39, and so all BIP39 wallets should support it, but some do not. The passphrase can be anything you like, can have any printable ASCII character in it (so lowercase and uppercase letters, numbers, symbols, and space). There is no limit set by BIP39 as to how long this passphrase can be, but some wallets impose a limit (Ledger has a max of 100 characters, Trezor has a max of 50 characters, Electrum has no max as far as I am aware). You can use multiple different passphrases to lead to multiple different wallets. For example, if I take my Ledger, go to Security -> Passphrase -> Set temporary passphrase and enter the passphrase "PhraseA", my Ledger will generate a brand new set of addresses unrelated to the addresses it is already storing. If I repeat the above steps but enter "PhraseB", I will again get a brand new wallet with brand new addresses. I can do this as many times as I like to generate as many different wallets as I like, all from the same seed phrase. If you do use a passphrase, you should back it up on paper and separately from your seed phrase. Just like your seed phrase, if you forget or lose your passphrase you can no longer access your coins.
|
|
|
|
The Sceptical Chymist
Legendary
Offline
Activity: 3556
Merit: 7010
Top Crypto Casino
|
|
October 21, 2020, 08:51:18 PM |
|
I heard ppl say put it in bank safety box and put it in two parts. That seem good idea since well even if someone get access to your box with half the seed, they still need the other half. But what if someone break into the safe and you didn't know until later on? Or say it happens and your seed paper is gone... though that person only need to take a picture of it or write it down as taking the paper would be dumb as it would draw suspicion. But if you lose half the seed, and say your hardware wallet malfunctions, then you are like screwed.
Dude, there are a million things that could go wrong with probably every method you can think of--and knowing how paranoid you are as far as security goes, my guess is that you'll never be completely reassured that your seed is safe. You have to do the best you can do and hope nothing catastrophic happens. It is quite possible to memorize a seed phrase, and there are mnemonic tricks you can learn to do it. But I would suggest that only as a supplement to having the seed written down or otherwise printed somewhere. I've got a Steelwallet that came with my Nano S, and I've found it useful. It's better than a piece of paper, but either way you still have to keep it in a secure location--and that's always what it comes down to, right? You could write a handwritten letter to yourself (or someone you trust) that includes the seed words in some order that only you would be able to pick them out. Gang members in prison use tactics like that to get messages to the outside (I seen that shit on YT). If you use your imagination, I'm sure you could come up with a solution that causes the least amount of insomnia.
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2504
|
|
October 22, 2020, 10:47:12 AM |
|
Well if a thief knows about crypto, yes obviously they will realize what it is. But would you say even half of thieves know about crypto and the seed? Im sure most ppl know or heard about crypto but you think most know a word seed is where ppl store it?
Just ask yourself.. the typical thief in your neighborhood, what kind of education does he/she have? Are they some IT nerds going out breaking in other people houses? Or are they mostly criminals who don't know how to properly use a computer without getting malware? Well if you encrypt the seed phrase and store it in encrypted file or text... yes that is safe. Now you saying if you store it in usb or something not connected to internet right? But if you print it out... well isn't that the same thing as writing it down on paper?
It doesn't matter whether you write it down or print it out (besides the fact that your printer might leak data). Now also something else. I read electrum allows you to put another word to the seed and so does nano ledger s. But do ppl do that or not? The thing now is the most important question... if you put a 13th word seed for electrum or a 25th word seed for nano ledger s... does that last word has to be from that 2000+ word list or not? If NOT... then wouldn't it make sense to always do that? Because if you do... i mean how could someone figure that last word out? But what are the requirements for the last word? It has to be letters right? [...] If so... wouldn't this be the safest way to do this? Since if you somehow expose your electrum or nano ledger seed... that person still need your last word? I mean you could make it like catwenttoplaywiththefrog right? Now if that last word has to be one of the word list, then obviously that isn't going to be that effective.
It's not really a 13th/25th word. It is a passphrase ( github link to the BIP). It doesn't have to be a word from the wordlist. If you are interested, check the github page.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4363
<insert witty quote here>
|
|
October 22, 2020, 08:37:51 PM Last edit: November 15, 2023, 12:44:34 AM by HCP |
|
And you all thought I was joking about my pool of laser-beam armed sharks inside a hollowed out volcano! seriously tho, this topic is really just a classic example of the "but what if?" game... and you can go down a very very very deep rabbit hole coming up with schemes and solutions to safe guard 12/24 simple words. At the end of the day, it's simple risk assessment and mitigation. So, identify the risks and rank them according to their likelihood of actually occurring and the consequences of them occurring on your chosen seed storage method... ie. burglary, tsunami, meteor crashing into your house, solar flares destroying electronic equipment etc... a handy matrix like this is useful: Anything in the green can probably be ignored (like solar flare vs. seed on paper = Rare + Negligible)... "Yellow" is possibly not worth worrying about either, unless it's going to stop you sleeping at night, (meteor crashing into your house vs. almost any form of seed storage = Rare + Catastrophic)... but even that could be minimised by having a secondary, offsite backup, which would drop it to Rare+Minor. Orange/Red you definitely need to be taking steps to either mitigate the chance of the event happening, or if that isn't possible, minimise the consequences of the event happening. For instance, you may not be able to completely prevent a break in by a determined thief, but by having the seed encrypted helps minimise the consequences of the break in, and you could probably downgrade it from Orange/Red to at least a yellow (say unencrypted seed theft: "Possible + Catastrophic" => encrypted seed theft: "Possible + Minor") Once you've got everything in the green/yellow, you can breath a sigh of relief that you have done what you can to minimise loss and you should be able to sleep better at night. There simply isn't any way to remove all risk of loss, unless you just stop using Bitcoin.
|
|
|
|
jerry0 (OP)
|
|
October 22, 2020, 10:44:18 PM |
|
HCP where did you get that chart from? I never seen it.
But using that chart, it would be bad which is why you see I'm always freaked out when something happens. The likelihood of a thief I would say is possible.
I mean unless you live in a luxury condo highrise where there is security to even get in... then i would say the likelihood is rare... don't you agree? Like im not sure where you are located but I think you said the US. But imagine you live like in the high rise condos with security... say in las vegas or LA or places like that where security is extremely tight... where you can't even get in the building without checking in at the front desk... then to me... the chance of you seed getting stolen would be almost impossible. I mean those high rises are built to even protect well against fires and floods right? Now would you agree if you live in one those places, you don't really have to worry about a thief?
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2504
|
|
October 23, 2020, 09:35:33 AM |
|
HCP where did you get that chart from? I never seen it.
That's a risk assessment table. Google it and you'll find more of them. Versions with 3 to 7 lines and columns are common. But using that chart, it would be bad which is why you see I'm always freaked out when something happens.
" when something happens" or that the possibility exists that something theoretically might happen? Now would you agree if you live in one those places, you don't really have to worry about a thief?
No one can answer that for you. You really need to estimate it yourself. BTW, did you ever think about the possibility that we are thieves trying to get as much information from you as possible to break into your house and steal your seed? Maybe that's a conspiracy against you here and HCP is the leader? Just sayin.. May be worth a thought.
|
|
|
|
jerry0 (OP)
|
|
October 23, 2020, 06:07:51 PM |
|
Okay didn't know there was a risk assessment table, I never heard of it.
Well I mean the odds of happening is normal I say... I say this for anyone that doesn't live in any high rise with security or gated place. You don't agree on this? If you live in a house, theft could happen. I mean... look at those hollywood homes those celebrities have that gotten burglarized by thieves. And those are homes with gated community and security. For some reason you always hear how the cameras went off when this happens.
Well I think almost everyone is vulnerable to theft, doesn't matter if its cash/jewelry or anything else... but of course much more cash etc. So thats why i wanted to know what is the best way to store your seed in general. I always thought having two safe deposit boxes was the best option. But you have heard of deposit boxes being taken though. But then again, what do most ppl do in general for this. Most ppl here seem to say oh just put it on paper and leave it in a drawer. But im sure there has been cases where a fire or natural disaster happens and then theres that.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4363
<insert witty quote here>
|
|
October 23, 2020, 07:28:17 PM |
|
I was originally taught that it was a "Risk Matrix": https://en.wikipedia.org/wiki/Risk_matrixThey're (were?) relatively common in "safety critical" industries such as Aviation when implementing Safety Management Systems etc. They are by no means the "be all and end all" of risk assessment, and there are a few issues with them... but they're a relatively good starting point when considering the risks/mitigations for any given setup. Essentially, they force you to be a little less "emotional", and be a bit more "logical"... is a meteor likely to crash into my house today? No, of course not... I should probably not really worry too much about that. Is my house likely to catch on fire today? Possibly, but unlikely... maybe we can push this down the priority for mitigation. Is my house likely to get burgled? Well, I live in a shitty neighbourhood and my neighbours were broken into last week, so yes it's quite probable... maybe make this priority #1 for mitigation. etc etc There is nothing wrong with using safety deposit boxes, in general they tend to be a fairly secure way of storing things... it's offsite, generally secure and generally they have decent fire suppression systems to prevent total loss and climate control to prevent degradation of items being stored etc, although nothing is guaranteed of course. There are downsides of course, limits on access, splitting a seed in 2 prevents recovery if one piece is inaccessable etc, but if mitigating the risks of your friendly neighbourhood burglar getting hold of your seed are a priority, then it would certainly be an option to consider. As always, there will be risks involved with any system... the ideal scenario is "elimination", but "prevention" (reducing chance of event) or "mitigation" (reducing impact of event) are also acceptable outcomes. In other news, I remember way too much from my former life as a Business Analyst.
|
|
|
|
jerry0 (OP)
|
|
October 24, 2020, 02:00:18 AM |
|
Okay i have might heard that term risk matrix maybe... but the other term i didn't hear.
Safe deposit boxes tend to be safe. But I heard of few cases where burglars drilled in into it. Also, when there are bank robberies, how safe are the customer deposit boxes though? But then again, if you have one bank deposit on one bank... the other say much farther way, that is generally safe right? I mean imagine having 2 safe deposit boxes in 2 different banks but say they were just a short few blocks walk from each other... surely you wouldn't feel that comfortable right?
I mean the way the winklewoss twins do it... im assuming based on the article, they have the seeds in safe deposit boxes throughout the US. So i gotta imagine many he has them in many states right? Thus to spread their risk so to speak? Now if someone has a ton of money, im sure their safe deposit boxes would be in multiple states right?
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18771
|
|
October 24, 2020, 02:09:52 AM |
|
I mean imagine having 2 safe deposit boxes in 2 different banks but say they were just a short few blocks walk from each other... surely you wouldn't feel that comfortable right?
There's being security conscious, which is obviously a good thing, and then there is just being paranoid. What scenario are you imagining here? A team of criminals first track you to find out how much crypto you are holding and identify your back up mechanisms, then hack in to the databases of two different banks to identify which safe deposit boxes are yours, then simultaneously break in to two bank vaults and drill in to your boxes to reconstruct your seed phrase? If that if your risk model, then I'm pretty sure the geographical locations of the two banks you use is irrelevant.
|
|
|
|
jerry0 (OP)
|
|
October 24, 2020, 02:10:05 AM |
|
Well for the average person who isn't rich and at best middle class or even less than that, is basically storing it in your home in few pieces still generally the best way? I see so many ppl say they just write it on paper or notebook and store it in a drawer. But im sure thieves now know more about bitcoin with how mainstream it has gotten... so its like if you put it at home, like a safe under your basement probably the best?
Someone mentioned writing it in their walls in their home... I don't even know what to say about that.
But in general, would you say better to write it on piece of paper or in a notebook would you say better HCP? I still feel a notebook, assuming you have other things written there... its like ppl aren't going to go through your notebook if you know what i mean. Do you agree on this? Also those ledger seed cards that is supplied to you... don't you agree that probably is the worst place to write your seed in especially if you keep the seed in your house? I mean it would basically tell people what it is. Now of course if you put it in a deposit box, no big deal I don't think.
I'm curious but has anyone here stored their seed online... but encrypted it and then somehow it got compromised? All the cases I hear where they store it online and got compromised, well obviously they aren't encrypting it.
Example you store it in a document, but encrypt it with axcrypt or whatever program... then somehow it got compromised? Or you encrypt the document with axcrypt, store in your email... but your email got compromised and somehow they got your axcrypt password?
Or the method I mentioned many times.
Type your see in keepass/lastpass. Then upload it to gmail/dropbox. Someone would need to first get into your email... but then also need your keepass master password in order to access it. So wouldn't those two layers of security be safe? The first of email like gmail or dropbox is obviously not that secure as emails can be hacked... but them getting your master password certainly would be very tough?
I like to know if anyone here has stored their seed online this way, uploading it to the cloud but of course encrypt it with axcrypt/keepass etc... and had no issues with it?
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18771
|
|
October 24, 2020, 02:19:49 AM |
|
I like to know if anyone here has stored their seed online this way, uploading it to the cloud but of course encrypt it with axcrypt/keepass etc... and had no issues with it?
This is a meaningless question. It's like asking if anyone has driven without a seatbelt but is still alive to tell the tale. Just because an individual's method has not been compromised yet does not make it a safe method. There are 100 possible things that could go wrong with that method, from accounts being hacked, passwords being bruteforced, employees of the cloud hosting company accessing files, uploads being intercepted, vulnerabilities in the storage, vulnerabilities in the encryption, seed phrase being leaked before being encrypted, the list goes on. None of these vulnerabilities are even possible with a seed phrase being written down on paper.
|
|
|
|
jerry0 (OP)
|
|
October 24, 2020, 02:34:19 AM |
|
I mean imagine having 2 safe deposit boxes in 2 different banks but say they were just a short few blocks walk from each other... surely you wouldn't feel that comfortable right?
There's being security conscious, which is obviously a good thing, and then there is just being paranoid. What scenario are you imagining here? A team of criminals first track you to find out how much crypto you are holding and identify your back up mechanisms, then hack in to the databases of two different banks to identify which safe deposit boxes are yours, then simultaneously break in to two bank vaults and drill in to your boxes to reconstruct your seed phrase? If that if your risk model, then I'm pretty sure the geographical locations of the two banks you use is irrelevant. I meant criminals getting into safe deposit boxes... then finding cash/jewelry valuables in many of them. Then some of them have the seed. Imagine they found several seeds that were 12 or 6 words... then they go to other deposit boxes in other banks and then find other word seeds like that... they could then combine all of them to see if its a possible match. You don't think they would try that? Or even someone putting the entire 24 word phrase there. You have to assume there are some people might even put the entire 24 word seed in a deposit box right?
|
|
|
|
jerry0 (OP)
|
|
October 24, 2020, 02:37:17 AM |
|
I like to know if anyone here has stored their seed online this way, uploading it to the cloud but of course encrypt it with axcrypt/keepass etc... and had no issues with it?
This is a meaningless question. It's like asking if anyone has driven without a seatbelt but is still alive to tell the tale. Just because an individual's method has not been compromised yet does not make it a safe method. There are 100 possible things that could go wrong with that method, from accounts being hacked, passwords being bruteforced, employees of the cloud hosting company accessing files, uploads being intercepted, vulnerabilities in the storage, vulnerabilities in the encryption, seed phrase being leaked before being encrypted, the list goes on. None of these vulnerabilities are even possible with a seed phrase being written down on paper. Okay the gmail or dropbox box account getting hacked/bruteforced is not that hard I say. But doing that to a master password for keepass... dont you think that is very hard? The one issue I see with this... entering the seed in keepass and uploading it to gmail or dropbox... would be... if your laptop got malware/keylogged. Because if it does, then that other person could see everytime you type. Buf if you make sure you care careful with your laptop and don't get malware/keylogger, wouldn't you agree this method of putting seed in keepass/lastpass and uploading it to gmail/dropbox is safe? Thus the danger is mostly don't get malware on your laptop because then all bets are off?
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4363
<insert witty quote here>
|
|
October 24, 2020, 02:53:58 AM |
|
It's just a never-ending conversation... you keep asking "what if? what if? what if?"... it's been explained over and over and over ad nauseum. If you're comfortable encrypting it and putting it on a cloud device because you trust the encryption software and cloud storage, and you're more concerned about physical theft and burglars breaking into your house and stealing a piece of paper, then just do it. There are just as many issues with storing it on paper (fire/flood/theft risk) as there are with storing stuff online (accounts/passwords compromised, faulty encryption systems etc)... NOTHING is perfect. Just pick a method and go with it. Otherwise we'll be here in another 12 months saying the same things while you ask if moats full of pirahana's are better at keeping away cryptocurrency thieves than moats full of laser-beam wearing sharks
|
|
|
|
jerry0 (OP)
|
|
October 24, 2020, 04:17:18 AM |
|
It's just a never-ending conversation... you keep asking "what if? what if? what if?"... it's been explained over and over and over ad nauseum. If you're comfortable encrypting it and putting it on a cloud device because you trust the encryption software and cloud storage, and you're more concerned about physical theft and burglars breaking into your house and stealing a piece of paper, then just do it. There are just as many issues with storing it on paper (fire/flood/theft risk) as there are with storing stuff online (accounts/passwords compromised, faulty encryption systems etc)... NOTHING is perfect. Just pick a method and go with it. Otherwise we'll be here in another 12 months saying the same things while you ask if moats full of pirahana's are better at keeping away cryptocurrency thieves than moats full of laser-beam wearing sharks Well yes everything has risk. But the biggest risk I feel with the online encryption method is if your laptop get keylogged/malware. So there is of course that.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18771
|
|
October 24, 2020, 09:16:26 AM |
|
Imagine they found several seeds that were 12 or 6 words... then they go to other deposit boxes in other banks and then find other word seeds like that... they could then combine all of them to see if its a possible match. You don't think they would try that? So lets say some criminals do manage to break in a bank vault in which you own a safety deposit box, and do break in to your safety deposit box which contains half your seed. A very unlikely scenario to start with, but not impossible. How long is it going to take for you to be notified of this? It will be all over the news and the bank is going to be pretty quick to contact the affected customers. You will presumably immediately move all your funds to a new address when you do find out. So, the criminals have a very limited window in which to break in to another bank (which just so happens to be the correct bank), break in to the safety deposit boxes (and just so happen to find your one), and combine your seed phrase, all while being actively hunted by the police and while bank security has probably been ramped up following the first attack. How likely do you think such an attack is? As HCP says, you are going down an endless rabbit hole of "What if?" scenarios. But doing that to a master password for keepass... dont you think that is very hard? Once someone has downloaded your encrypted database to their own local machine, then can attempt to bruteforce it at a rate of potentially millions of possible passwords per second. It's only going to be hard if your password is long and random. wouldn't you agree this method of putting seed in keepass/lastpass and uploading it to gmail/dropbox is safe? No. I store absolutely zero sensitive information on the cloud or email servers, even in encrypted formats. There are far too many unknown variables as I mentioned above, and you are placing complete trust in the third party provider.
|
|
|
|
jerry0 (OP)
|
|
October 24, 2020, 04:58:06 PM |
|
Imagine they found several seeds that were 12 or 6 words... then they go to other deposit boxes in other banks and then find other word seeds like that... they could then combine all of them to see if its a possible match. You don't think they would try that? So lets say some criminals do manage to break in a bank vault in which you own a safety deposit box, and do break in to your safety deposit box which contains half your seed. A very unlikely scenario to start with, but not impossible. How long is it going to take for you to be notified of this? It will be all over the news and the bank is going to be pretty quick to contact the affected customers. You will presumably immediately move all your funds to a new address when you do find out. So, the criminals have a very limited window in which to break in to another bank (which just so happens to be the correct bank), break in to the safety deposit boxes (and just so happen to find your one), and combine your seed phrase, all while being actively hunted by the police and while bank security has probably been ramped up following the first attack. How likely do you think such an attack is? As HCP says, you are going down an endless rabbit hole of "What if?" scenarios. But doing that to a master password for keepass... dont you think that is very hard? Once someone has downloaded your encrypted database to their own local machine, then can attempt to bruteforce it at a rate of potentially millions of possible passwords per second. It's only going to be hard if your password is long and random. wouldn't you agree this method of putting seed in keepass/lastpass and uploading it to gmail/dropbox is safe? No. I store absolutely zero sensitive information on the cloud or email servers, even in encrypted formats. There are far too many unknown variables as I mentioned above, and you are placing complete trust in the third party provider. Okay that make sense if deposit box broken into, it would be over the news and there would be time to move the coins. So in a way, it seems like that probably is the ideal place to put your seeds broken into two places? I gotta imagine if you have the two seeds in two different states, that probably would be more than good enough right? Okay so someone say hack into my gmail/dropbox and has my keepass program. They need to bruteforce it. So let say the master password was something like georgelikesjuice59? Would you say something like that would be easily brute force? What about like Viziofrodo9ball Im randomly using words and some numbers. But for storing it online... you say lot of things could happen. But would you say the bigger chance is they brute force your keepass? Or you laptop getting malware? Because I always felt if you put it in keepass and store it in gmail or dropbox... malware/keylogger on laptop is the biggest issue so you need to be careful with your laptop.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4363
<insert witty quote here>
|
|
October 25, 2020, 03:55:18 AM |
|
Using "words" is not really a good idea. You're essentially making your "long" password "georgelikesjuice59", from only 3 words and 2 digits... or 5 "characters". Assuming something like 500,000 "english" words (I believe the Oxford English dictionary is actually a lot less at ~275,000), you would have (500000^3 * 10^2) combinations = 12500000000000000000. Password cracking utilities are able to take dictionaries of words and mix and match them together at extraordinary speeds. A much better password is something "random" like: XzXCJkz*a68sL#xy No one is bruteforcing that in a hurry... "random" UPPER, lower, numb3r5 and symb@!s is the way to go. It's 94^16 = 37157429083410091685945089785856 possible combinations. Even renting one of those fancy "p3.large" servers with 8 Tesla v100 GPUs that can do like 600 gigahash/second... its going to take years to bruteforce something like that. 37157429083410091685945089785856 / 600000000000 = ~61929048472350152809.91 seconds ==> 1962453423015.95 yearsWhereas your "georgelikesjuice59" = 12500000000000000000 / 600000000000 = 20833333.33 seconds ==> ~241 daysWhile that is still a relatively significant amount of time, it's realistically "doable" Of course, all that is moot if your laptop gets infected with malware/keyloggers etc... then it becomes stupidly trivial for a thief to access your accounts etc. And the solution to stop a malware/keylogger infection leading to your seed being compromised? Write it down on a piece of paper and store it offline
|
|
|
|
|