securing seed, brute forcing one missing word in seed

[stan4electrum]

Hi everyone,

I'm trying to invest some considerable money into crypto. I'm thinking about creating more wallets and distribute funds a little and give family members access each to one wallet in case they will need it. So wallets are potentially for long term store without using it by hot wallet.
I'm looking for good solution to do this.

I originally wanted to create wallet end export bip39 seed to back it up.
Then I wanted to modify the seed by adding something to phrase but this is apparently supported only by Electrum wallet which is not using bip39 standard.
Then I learnt that bip39 is not extensible. So I wanted to replace one word in phrase by other word that only person with access to this wallet would know. My thinking behind this is that if I (and others) will store the original seed on paper or electronically, if someone would steal the seed, it will lead to valid wallet but with some insignificant coins on it. But only by replacing one particular word in it would restore correct wallet. Which potential hacker would not know about.
Unfortunately now I learnt that it is not possible to just swap one word because of last word is checksum that would also need to be replaced and is not simple to determine anyway.

So if I change any word in seed it will become invalid, which will give hacker a clue that this seed is modified in some way. Here comes my question if hacker would want to figure out correct seed and he would assume that one of the word is incorrect, how difficult it would be to figure out which word is to be replaced and which word to use instead? It is possible to determine if from checksum word directly or is the brute force the only way?
if he would need to brute force it, what is the complexity of finding one random word anywhere in the phrase?
I saw this interesting article about figuring our last 4 missing words by brute force which took about one day to find complete seed. But this is slightly different mathematical issue.

Thanks for ideas.

[hosseinimr93]

Then I learnt that bip39 is not extensible.

This is wrong.
Create a new wallet in electrum. Select "Standard wallet" and then "I already have a seed". Click on "options". Check "BIP39 seed" and "Extend this seed with custom words" options.
Now, enter you BIP39 seed phrase and click on "Next". After that, electrum will ask you to enter the passphrase.
With adding a passphrase (which can be any combination of words or characters), you will generate completely different addresses.

I think this is the best solution for you. There is no need to change any of the words.

[seoincorporation]

A good solution would be to use VanityGen to generate the address and private keys.

That way you can share the private keys of each addy to one member of your family, and when they want to access the bitcoins then they can import the private keys in blockchain.com wallet. This way they can import the keys to almost any wallet and it would be easy for them.

[titular]

A good solution would be to use VanityGen to generate the address and private keys.

That way you can share the private keys of each addy to one member of your family, and when they want to access the bitcoins then they can import the private keys in blockchain.com wallet. This way they can import the keys to almost any wallet and it would be easy for them.

If I recall correctly, VanityGen still hasn't updated its prices in the past few years. It used to be relatively cheap to use this service. However, until they update their bitcoin price to match what the market price is..you could be paying several hundred dollars for your vanity address.

I also messaged the generator's creator asking about adjusting the prices, but he/she didn't seem too interested in this.

[bitmover]

I originally wanted to create wallet end export bip39 seed to back it up.
Then I wanted to modify the seed by adding something to phrase but this is apparently supported only by Electrum wallet which is not using bip39 standard.

This is not true.

First, you can use a passphrase in many wallets, such as ledger trezor and many others.

You can also use bip39 seed in electrum wallet

Then I learnt that bip39 is not extensible. So I wanted to replace one word in phrase by other word that only person with access to this wallet would know. My thinking behind this is that if I (and others) will store the original seed on paper or electronically, if someone would steal the seed, it will lead to valid wallet but with some insignificant coins on it. But only by replacing one particular word in it would restore correct wallet. Which potential hacker would not know about.
Unfortunately now I learnt that it is not possible to just swap one word because of last word is checksum that would also need to be replaced and is not simple to determine anyway.

Don't do that.

You may think this is smart, but your funds will be more likely at risk.
If you need extra security, add a passphrase to a normal bip39 seed. Each person can have a different passphrase

Don't try to create a new security system. There are good options here. Learn them first.

i recommend ledger and trezor wallets for everyone
 they are the safer choice for newbies. your coins will be safe, and that is what matters here.

[stan4electrum]

Don't do that.

You may think this is smart, but your funds will be more likely at risk.
Of you need extra security, use a passphrase to a normal bip39 seed.

Don't try to create a new security system. There are good options here. Learn them first.

i recommend ledger and trezor wallets for everyone
 they are the safer choice for newbies. your coins will be safe, and that is what matters here.

Hardware wallets are very easy to loose or be stolen when you want to travel with it.
Keys can be secured by passphrase only when stored electronically. When you store something electronically you often forget where did you store it. especially after longer time. If keys are store electronically then they are vulnerable to be stolen. If you want to properly secure the keys you need to use strong password. That also requires to write it down and store it somewhere. It may seem to be good way to you but I can't see this done by my wife and kids and remember where keys are and passphrase is and keep then offline and apart each other. And still have access to them.

Seed is pretty good and easy for non technical people to keep. You can store multiple copies all around in offline form and can easily take it with you anywhere. But it needs a way to add a simple element to it that only owner knows. If stolen, no problem, it is stored on other places and thief cannot use it.
 

[BlackHatCoiner]

So I wanted to replace one word in phrase by other word that only person with access to this wallet would know. My thinking behind this is that if I (and others) will store the original seed on paper or electronically, if someone would steal the seed, it will lead to valid wallet but with some insignificant coins on it.

• Don't store it electronically.
• Don't save your seed phrase in a place that is likely to be found.

Unfortunately now I learnt that it is not possible to just swap one word because of last word is checksum that would also need to be replaced and is not simple to determine anyway.

You can just extend your seed phrase with another word(s) and send your money there. You can achieve what you want that way. (And it'll be far more safe)

Keys can be secured by passphrase only when stored electronically.

Of course not.

[hatshepsut93]

Never try to make your own changes to the existing crypto systems, you'll either risk locking yourself out of your money or will create something inherently weak.

If you want a password, use BIP 39 seed with an extension word. This way, if someone gets access to your seed, they won't be able to take your funds immediately and instead will have to bruteforce your password. But you will also have to manage this password carefully, otherwise you can simply lose your coins, just like those people who have wallet.dat files from 2011, but don't know their password.

[odolvlobo]

So if I change any word in seed it will become invalid, which will give hacker a clue that this seed is modified in some way. Here comes my question if hacker would want to figure out correct seed and he would assume that one of the word is incorrect, how difficult it would be to figure out which word is to be replaced and which word to use instead? It is possible to determine if from checksum word directly or is the brute force the only way?
if he would need to brute force it, what is the complexity of finding one random word anywhere in the phrase?
I saw this interesting article about figuring our last 4 missing words by brute force which took about one day to find complete seed. But this is slightly different mathematical issue.

So, if you changed one word in a 12-word phrase, an attacker that knows this would only have to try 12276 possibilities (12 x 1023). I think that would probably take less than a second, so the checksum isn't really a factor.

A better solution would be to use a bip-39 password that is kept separate from the seed phrase.

[stan4electrum]

So, if you changed one word in a 12-word phrase, an attacker that knows this would only have to try 12276 possibilities (12 x 1023). I think that would probably take less than a second, so the checksum isn't really a factor.

Yeah, that it is indeed. So changing word that makes seed incorrect is not a solution.
Will think about the password. But I guess you mean some other password, like extension word. not the password for encrypting the keys generated out of the seed.
How compatible is "bip-39 password " between wallets? is it part of bip39 standard?
I'll google something about it.
Thanks

[hosseinimr93]

But I guess you mean some other password, like extension word. not the password for encrypting the keys generated out of the seed.

The word (or a combination of words or characters) added to the seed phrase is usually called passphrase, so it's not confused with the password used for encrypting the wallet file locally.

How compatible is "bip-39 password " between wallets? is it part of bip39 standard?

Yes. Any wallet allowing you to add a passphrase to your BIP39 seed phrase should generate the same addresses for you.