Why doesn't every hardware wallet support two-factor seed phrases?

[larry_vw_1955]

This is not a good idea,

i know it's not a good idea i think the point i was trying to make though is by splitting up the passphrase into two parts, it makes it even harder for someone to discover it. so more security right? well, not so fast. there's also the issue of making things more complex for the owner of the wallet. the more complexity equals more possibility for problems to occur.

People who are trying to make stuff to complex usually end up losing access to stuff they are trying to hide.
 

exactly. that's why i'm not even a huge fan of the additional passhprase but i do understand it has merits.

[1715157218]

1715157218

[1715157218]

1715157218

[1715157218]

1715157218

[1715157218]

1715157218

[o_e_l_e_o]

hopefully the decoy coins amount to enough cash that they don't become wise to what you're doing.  you certainly don't want to be cheap there. it needs to be enough so that they actually believe you don't have a secondary stash somewhere that is bigger. because if they believe that then you got a whole other problem, convincing them that your net worth is that small. oh and here's a free tip: don't have any 2 ways transactions between your decoy and main wallet since when the robbers get home and see that your decoy coins are related to a bigger wallet, they might possibly pay you another visit.

Correct on all counts. I actually said just this in another thread just a few days ago: https://bitcointalk.org/index.php?topic=5437245.msg61679886#msg61679886. You decoy wallets need to plausibly be your entire stash, and there must be no links (physical, electronic, or blockchain) between your decoy wallets and your main hidden stash.

otoh, if they see that there was only a single deposit or two made to this wallet you gave them with no other activity they might begin to suspect you did it for that purpose...

I'm not sure about that. I have a handful of wallets purposefully for long term cold storage that simply have one or two deposits in to them, sometimes years ago, and no further activity since then. That's exactly what a main cold storage would look like. It's not going to be a wallet I'm spending from on a regular basis.

[Pmalek]

And then you've got software like Electrum, which will scan a bunch of commonly used derivation paths for you if you forget.

I have never looked into what derivation paths Electrum scans, but I am guessing the software scans a bunch of paths for change addresses as well, does it? Or does change automatically get recovered together with the correctly selected coin type and account number? Some non-standard wallets probably customize this as well that Electrum may or may not know about.

[o_e_l_e_o]

I have never looked into what derivation paths Electrum scans

You can find them here: https://github.com/spesmilo/electrum/blob/master/electrum/bip39_wallet_formats.json
Scans 14 in total - all the usual ones you would expect, plus a couple of unusual ones from specific wallets.

but I am guessing the software scans a bunch of paths for change addresses as well, does it?

It does now, after I opened an issue about lost change last year: https://github.com/spesmilo/electrum/issues/7804

Or does change automatically get recovered together with the correctly selected coin type and account number?

The way it works is that it scans the first derivation path on the list above for any transactions on either the first 20 receiving addresses or the first 10 change addresses. If it finds some transaction history, then it will recover the entire wallet, and it will also increment the account number by 1 for that specific derivation path and check that wallet too. It will repeat this process until if finds an empty wallet, and then move on to the next derivation path on the list above.

[n0nce]

otoh, if they see that there was only a single deposit or two made to this wallet you gave them with no other activity they might begin to suspect you did it for that purpose...

I'm not sure about that. I have a handful of wallets purposefully for long term cold storage that simply have one or two deposits in to them, sometimes years ago, and no further activity since then. That's exactly what a main cold storage would look like. It's not going to be a wallet I'm spending from on a regular basis.

You are both right; some people have a 'cold wallet', note down its first receiving address and dollar-cost-average new coins into it every day, week or month, for instance. Or whenever they have extra money (fiat or Bitcoin) to move to their long-term cold storage investment.

Others buy a lump sum once and don't touch it (or save up more BTC into other wallets).

All this ambiguity is great for plausible deniability, because it means even a single deposit into a decoy wallet could represent the whole stash (as long as it is large enough).

[larry_vw_1955]

I'm not sure about that. I have a handful of wallets purposefully for long term cold storage that simply have one or two deposits in to them, sometimes years ago, and no further activity since then. That's exactly what a main cold storage would look like. It's not going to be a wallet I'm spending from on a regular basis.

i don't know if a scenario like that is believable that you would only have bitcoin in cold storage but not a wallet that you use everyday. anyone that has any common sense would know that you have to have some hot wallet and demand to see that too. hopefully you have some decoy hot wallets too.

[Pmalek]

i don't know if a scenario like that is believable that you would only have bitcoin in cold storage but not a wallet that you use everyday. anyone that has any common sense would know that you have to have some hot wallet and demand to see that too. hopefully you have some decoy hot wallets too.

o_e_l_e_o has already said that you can't connect any of his multiple wallets through transactions coming in or going out. He mixes his coins to break the links. The discovery that wallet #1 belongs to o_e_l_e_o would therefore not lead you to blockchain evidence proving that wallets #2 and #3 are also o_e_l_e_o's. I am sure he has hot wallets and coins he would give you if you attacked him in his home. But if he did everything correctly, you are never going to know the person you are stealing from is o_e_l_e_o, and you can't possibly know how many other wallets he has and where.   

[o_e_l_e_o]

i don't know if a scenario like that is believable that you would only have bitcoin in cold storage but not a wallet that you use everyday.

Of course I also have a number of wallets which are used on a regular basis with frequent transactions, but such wallets are obviously not my main cold storage wallets and do not contain large amounts of funds. These wallets would be the first to go in the case of a $5 wrench attack. If an attacker is unsatisfied with such wallets and keeps going in search of a cold storage wallet, then I can hand over one or more such cold storage wallets which instead of being filled with regular transactions have the transaction pattern I described above - one or two deposits followed by months or years of inactivity. And as Pmalek said, the compromise of any of my wallets provides absolutely zero clues as to the existence of any other wallets.

And actually I just recently lost all my wallets once again in yet another unfortunate boating accident!

[larry_vw_1955]

Of course I also have a number of wallets which are used on a regular basis with frequent transactions, but such wallets are obviously not my main cold storage wallets and do not contain large amounts of funds. These wallets would be the first to go in the case of a $5 wrench attack. If an attacker is unsatisfied with such wallets and keeps going in search of a cold storage wallet, then I can hand over one or more such cold storage wallets which instead of being filled with regular transactions have the transaction pattern I described above - one or two deposits followed by months or years of inactivity. And as Pmalek said, the compromise of any of my wallets provides absolutely zero clues as to the existence of any other wallets.

well you got all the bases covered. i thought i would be able to find some weakness in your strategy something you weren't doing but seems like you have it all done properly. so congrats.

And actually I just recently lost all my wallets once again in yet another unfortunate boating accident!

you're joking right?    just don't expect an attacker to believe that...

[o_e_l_e_o]

well you got all the bases covered.

I certainly hope so! I do think it is important to examine your security set up from every possible angle to protect against loss, disaster, forgetfulness, theft, etc.

you're joking right?    just don't expect an attacker to believe that...

Heh. No. of course no attacker will believe that. It's a running joke. Unfortunately I am very careless and lose all my bitcoin in a boating accident at least three times a year.

[DireWolfM14]

Unfortunately I am very careless and lose all my bitcoin in a boating accident at least three times a year.

That is quite a careless habit you've developed, but it seems pretty typical for a red-blooded, freedom-loving American.  I've been losing firearms in unfortunate boating accidents since the early aughts.  I tend to store my seeds in the same places I store my firearms, so my bitcoin is just as vulnerable. 

And I haven't even owned a boat in last 4 years.   

[o_e_l_e_o]

That is quite a careless habit you've developed

Tell me about it! Every time I move some bitcoin to a cold storage wallet, I lose it within 24 hours. Every damn time!

I tend to store my seeds in the same places I store my firearms, so my bitcoin is just as vulnerable.

Might as well save yourself some time here and just engrave your seed phrases directly on to your firearms.

And I haven't even owned a boat in last 4 years.

What a coincidence! I also lost my boat in an unfortunate boating accident.

[larry_vw_1955]

Heh. No. of course no attacker will believe that. It's a running joke. Unfortunately I am very careless and lose all my bitcoin in a boating accident at least three times a year.

someone would have a better chance of convincing the government they lost their guns than their crypto in a boating accident.