Seed phrase and passphrase backup

[_act_]

Assuming you want to have five wallets. Let us say 2 for bitcoin and 3 for altcoins. Having more than one because it is good not to have only just one wallet. Because of that, you split the coins into 5 wallets. I also prefer to use bitcoin only wallet for bitcoin.

For one seed phrase, you can have three backups which is what people are saying on this forum. For 5 wallets, that is 15 backup. If you will keep the backup in different places, that is becoming impossible.

What about having only one seed phrase and backup the seed phrase in three places on a paper. If you want to generate the 5 wallets, you will set different passphrase and have only 1 seed phrase.

Example of the passphrase:

_-\A.bb.ccc&zzz.yy.X/-_

I can make it longer like this if I have the passphrase backup online:

$+$-sbdgsgsgs$+$-362+2;$;_-$:_;$)$+_+$+3+$_-(3shdhrhe3+$-jsjdhrh_+$-#-#ehsh$!$-$-$eudydhdbs$-$&363

That is 23 characters long which will be difficult to brute force. Another thing is that if you have the backup in different places, people that see it will not know that it is passphrase.

These are my questions:
Is the method good?
Is this better than having just seed phrase backup in different locations?
Can you have the passhrase backup encrypted on online password manager so far the seed phrase backup are offline

The proper way is to have different seed phrase and passhrase. But the backup is getting difficult for me because I do not have safe places to keep the backup anymore because the seed phrase are getting plenty.

If I have three backup for just one seed phrase, I can use my memory for the fourth backup and have the passphrase online encrypted and protected on a password manager.

I do not want posts like do not memorize seed phrase. We all know that. I depend on my backup, the fourth is just for emergency purpose.

[1714686953]

1714686953

[1714686953]

1714686953

[1714686953]

1714686953

[mocacinno]

there's a big difference between a passphrase and an extension word...

In case of a password/passphrase/pin =>  If you have the same seedphrase and use it on different wallets and use a different passphrase (or pin, or password), you're undermining your security. If one of those wallets is vulnerable and the attacker is able to get his hands on either the seed or the mpk, the attacker is able to rob all 5 wallets since the password merely encrypts the mpk, so it doesn't matter if you used different passwords to encrypt said mpk (since he'll steal the unencrypted version anyways... Or the encrypted version which only needs to be bruteforced once, not 5 times).

If you're extending your seed with a 13th or 25th word, things are a bit different... This being said, if for some reason an attacker exploits a weakness in the wallet that allows him to capture the first 12 or 24 (or whatever number) of seedwords, he only has to bruteforce this extension word 5 times, which is far easyer than bruteforcing the complete seed + extension word (which is impossible). Offcourse, a long extension word makes this a lot harder (if not practically impossible). This is basically my setup, but i keep no unencrypted version of my seedphrase and i only use hardware wallets to store my funds.

For your next question: keeping the password or the extension word in an online password manager decreases your security... If an attacker is able to exploit an attack vector that lets him get his hands on your seed phrase he no longer needs your password. Keeping an extension word in an online password manager will require him to steal your seed + brute force his way into your password manager, which is hard (but certainly not as safe as keeping everything offline).

Basically, the "ideal" way to create the wallets is completely offline seed creation + completely offline extension word. The best way to store the seeds are 5 different seeds + 5 different extension words saved in at least 2 safe places, and never store seed + extension word @ the same place... All other things described in your post decrease your security.. This being said: you might be fine willing to decrease your secutiy in order to increase your redundancy of backups, but that's very hard for a thirth party to decide... You're probably fine re-using the seed and adding a very long extension word that you keep in a very secure cloud environment using a very hard passphrase for encryption, but I would never do this since for me it wouldn't feel secure enough (but maybe for you it does?).

Personally, i have one 24 word seed phrase + several extension words. I use this seed on my 2 hardware wallets, and i keep said 2 hardware wallets in two safe places. I have different wallets on both hardware wallets by using the different extension words. I then used ssss to split the seed up into 3 parts using a 2 out of 3 scheme with passphrase encryption and i stored the 3 slices in 3 very safe places. I did not keep several copy's of the seed phrase, since i have 2 physical wallets + one encrypted copy of the seed phrase split in 3 parts using a 2/3 ssss scheme. Odds of me losing both hardware devices and 2 out of 3 slices are negligible (since the storage spots are physically far apart... It would basically need an atomic bomb nuking half my country in order for me to lose access to my wallets).

If an attacker:

• gets his hands on one slice: he can't do anything since he needs 2
• gets his hands on two slices: he needs to bruteforce the passphrase of the ssss scheme + the extension words
• gets his hands on a physical hardware wallet and bruteforce the pin + the extension words

The thing does remain: there are always attack vectors... The more attack vectors you eliminate, the bigger the odds of you losing access to your wallet or funds... If you try to make up schemes to make sure you will never lose access to your funds, you'll inevitably open up very small attack vectors for potential thiefs. It's very hard to find a balance.

[_act_]

there's a big difference between a passphrase and an extension word...

In case of a password/passphrase/pin =>  If you have the same seedphrase and use it on different wallets and use a different passphrase (or pin, or password), you're undermining your security. If one of those wallets is vulnerable and the attacker is able to get his hands on either the seed or the mpk, the attacker is able to rob all 5 wallets since the password merely encrypts the mpk, so it doesn't matter if you used different passwords to encrypt said mpk (since he'll steal the unencrypted version anyways... Or the encrypted version which only needs to be bruteforced once, not 5 times).

If you're extending your seed with a 13th or 25th word, things are a bit different... This being said, if for some reason an attacker exploits a weakness in the wallet that allows him to capture the first 12 or 24 (or whatever number) of seedwords, he only has to bruteforce this extension word 5 times, which is far easyer than bruteforcing the complete seed + extension word (which is impossible). Offcourse, a long extension word makes this a lot harder (if not practically impossible).

I think people will know that I am talking about BIP39 passhrase, which you can also call extended word.

For your next question: keeping the password or the extension word in an online password manager decreases your security... If an attacker is able to exploit an attack vector that lets him get his hands on your seed phrase he no longer needs your password. Keeping an extension word in an online password manager will require him to steal your seed + brute force his way into your password manager, which is hard (but certainly not as safe as keeping everything offline).

Basically, the "ideal" way to create the wallets is completely offline seed creation + completely offline extension word. The best way to store the seeds are 5 different seeds + 5 different extension words saved in at least 2 safe places, and never store seed + extension word @ the same place... All other things described in your post decrease your security.. This being said: you might be fine willing to decrease your secutiy in order to increase your redundancy of backups, but that's very hard for a thirth party to decide... You're probably fine re-using the seed and adding a very long extension word that you keep in a very secure cloud environment using a very hard passphrase for encryption, but I would never do this since for me it wouldn't feel secure enough (but maybe for you it does?).

Thank you for this reply. I will go for the short 23 character passphrase can contain character like this ._- numbers and alphabets in lower and upper case like this:

_-\A.bb.ccc&zzz.yy.X/-_

I wish to go longer if I save it online, but offline is always safer. 23 characters will not be hard to put down on paper.

It is also good to mention that the passphrase should be backup in different places offline and not with seed phrase.

[NotATether]

$+$-sbdgsgsgs$+$-362+2;$;_-$:_;$)$+_+$+3+$_-(3shdhrhe3+$-jsjdhrh_+$-#-#ehsh$!$-$-$eudydhdbs$-$&363

That is 23 characters long which will be difficult to brute force. Another thing is that if you have the backup in different places, people that see it will not know that it is passphrase.

Very bad idea to store it online. Because if even one person gets a hold of your password hash, they can simply upload it and similar hashes to a website such as hashkiller.io (a site that specializes in cracking passwords) and the distributed network of hackers with GPUs and CPUs will be able to smash it in no time.

There is no reason to back up the password anyway, since if you lose the wallet file, its game over. That's one of the advantages of backing up the mnemonic phrase instead of the password, because you can actually restore the wallet from a mnemonic.

[Dunamisx]

Is the method good?

It's ok but just believe that not everyone will definitely have a take on using this kind of method, we have individual preference when it comes to securing the seed phrase backup techniques.

Is this better than having just seed phrase backup in different locations?

They both have their advantages and disadvantages, backing up seedphrase in different locations could serve it own danger if you're unable to have access to the second location where the remaining seeds were backed up, using this kind of method could also be somewhat risky in the sense that if you get attacked by someone who is highly intelligent in cryptography, coding and many of these machines language, they can decrypt your code by any means if they wish to, these are rare genius.

Can you have the passhrase backup encrypted on online password manager so far the seed phrase backup are offline

As for me, NO
I don't trust anything online backup system.

[satscraper]

For one seed phrase, you can have three backups which is what people are saying on this forum. For 5 wallets, that is 15 backup. If you will keep the backup in different places, that is becoming impossible.

You may have BIP 85 compliant wallet which is capable to generate bunch of child-seeds from master SEED. In this case it is sufficient to have one single  backup of  master-Seed.

The list of hardware wallets with above feature can be found here.  

AFAIK, the only software wallet which supports BIP 85 is AirGap Vault. Being installed on Android cellular it turns the latter phone  into device with security comparable to dedicated hardware wallets.

[o_e_l_e_o]

You're probably fine re-using the seed and adding a very long extension word that you keep in a very secure cloud environment

There is no such thing as a very secure cloud environment. Anything on the cloud is at risk.

_-\A.bb.ccc&zzz.yy.X/-_

I would point out that this passphrase could be better. There is no need to use repeating characters, no need to use a pattern, no need to have the second half an invert of the first half, and so on. Each of these things decreases the security. A better 23 character passphrase would look something like this:

L(9Nm>&@dn;+Ej_:e>!fnpd
k@T(4zadT:A~(aU'*[+nWk}
)d3}cx>c#'95g{\Q&Kp"~$Y

I wish to go longer if I save it online, but offline is always safer. 23 characters will not be hard to put down on paper.

23 characters or 500 characters - if you are saving it online it makes no difference. It is at the same risk of being compromised, and is only as safe as the security of wherever you are storing it (which will likely be much less than the security of 23 random characters).

If you must back up something electronically, then I would suggest using an airgapped device, encrypting it, and storing it on a USB drive or SD card which will only ever be plugged back in to the same airgapped device. But then of course you now have the problem of where you back up your encryption key.

[Poker Player]

If you have 5 wallets and want strict security measures for each of them I hope you have at least 5 Bitcoin or their equivalent between Bitcoin and altcoins, otherwise it seems to me that you are too paranoid. It's a problem I see with Bitcoin, if I have $100K in the bank, hypothetically authorities can seize it, or freeze it, or make it difficult for me to move it if I want to move to another country, but I am not at risk of losing them due to a $5 wrench attack.

Since you don't give more data, what I would do would be:

1. Have fewer wallets.
2. Consider that some of the wallets should be multisig.
3. Have fewer backups.

And I would never store anything online neither seeds nor passphrase.

[satscraper]

There is no need to use repeating characters, no need to use a pattern,

It depends.

You may take easy-remember-pattern, repeat it say n-times, hash it and get literally unbreakable password.

For instance SHA256[^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(] =  1CC3DDE752FF34619AE8AAF7403DBF5EDFA6185FF23FE62ECCFA503BBD0DEF79

requires ~ 10⁶⁰centuries to break assuming 10¹¹ guesses/sec.

P.S. Could have been 10⁹ times wrong in above calculation, made in a hurry,  but  10⁹ compared to 10⁶⁰centuries   doesn’t matter  

Declaimer: don't use above password.

[Coyster]

Have fewer wallets.

Sometimes it is inevitable to have many wallets, especially when you are using Bitcoin and Altcoins; and also for privacy and security reasons.

Consider that some of the wallets should be multisig.
Have fewer backups.

Multisignature wallets do not reduce the backups or make it fewer, instead it increases it. Let's say you have just one wallet, but it is a 2-of-3 multisignature wallet, you will need to back up three seed phrases and three master public keys, which invariably increases the backups.

[Jon_Hodl]

I have been thinking about this a lot lately because I don't think that Multisig is the right path for everyone and I especially think that is true for smaller amounts of money and for lesser experienced users.

I would use a single seed phrase stamped into steel or titanium that will last a natural disaster. I would also use a piece of paper with the same seed phrase that you can access a little more easily but you can also destroy easily. the more places that you have your seed phrase stored, the greater the likelihood that it becomes compromised unless you have multiple passphrases to use with that seed.  

Once you have that, I would stick to passphrases with 24 characters including numbers and ASCII characters. I like this stainless steel passphrase stick that can hold 24 characters: https://codl.co/products/punchplate-4-compact24-words but there are other otc options.

I don't think you need to go crazy with multisig security if you have your seed phrase backed up and stored somewhere safe and then use multiple passphrases with that seed phrase. I know that there is no single right answer for this but I think that passphrases provide a high level of security with a reasonable UI/UX without a lot of the technical requirements or a full multisig setup.

[hatshepsut93]

The thing does remain: there are always attack vectors... The more attack vectors you eliminate, the bigger the odds of you losing access to your wallet or funds... If you try to make up schemes to make sure you will never lose access to your funds, you'll inevitably open up very small attack vectors for potential thiefs. It's very hard to find a balance.

IMO for people who use a correct cold storage setup or hardware wallet, the accidental loss of seeds/passwords/extension words is a bigger risk than someone carrying out a sophisticated multi-stage attack against them. Do we even have any documented cases of airgap-jumping malware that targets Bitcoin wallets? Yet the stories of people losing their seed words that were written on a piece of paper are quite common.

[Poker Player]

Sometimes it is inevitable to have many wallets, especially when you are using Bitcoin and Altcoins; and also for privacy and security reasons.

Like 5 wallets? In my opinion that depends on the amount you HODL, as I said before.

Multisignature wallets do not reduce the backups or make it fewer, instead it increases it. Let's say you have just one wallet, but it is a 2-of-3 multisignature wallet, you will need to back up three seed phrases and three master public keys, which invariably increases the backups.

You can have a 2-of-3 multisignature wallet where 1 is held by a company, like unchained.com, which I guess a lot of people won't be a fan of, but it's an option, and you only need 2 backups.

[SeriouslyGiveaway]

What about having only one seed phrase and backup the seed phrase in three places on a paper. If you want to generate the 5 wallets, you will set different passphrase and have only 1 seed phrase.

If you have only 1 seed phrase, you will have only one wallet.

If you want to backup that wallet with 5 different wallet passphrase, you will have 5 different backups for a same (one) wallet. You will not have 5 different wallets because you use 5 different wallet passphrase.

Top 25 Passwords in 2018 Are an Embarrassment to Humankind
How to create a strong password
How to Create a Strong Password (and Remember It)
How to create a secure password

If you create passwords manually, you will end with your favorite patterns which are not good and you must use password generators to create random passwords for you.
Are your passwords in the green ?

[o_e_l_e_o]

requires ~ 10⁶⁰centuries to break assuming 10¹¹ guesses/sec.

Only if an attacker is attempting to brute force every possible combination, which no one will do. As soon as they learn you've used a repeating pattern, it becomes exponentially easier.

Multisignature wallets do not reduce the backups or make it fewer, instead it increases it.

The point would be instead of having 5 individual wallets, you could have a single 2-of-3 multi-sig wallet. The security of each wallet is improved despite requiring fewer back ups.

If you want to backup that wallet with 5 different wallet passphrase, you will have 5 different backups for a same (one) wallet. You will not have 5 different wallets because you use 5 different wallet passphrase.

You are mistaken here. You can combine a single seed phrase with as many different passphrases as you like to create as many different wallets as you like. If an attacker accesses your seed phrase, they will only be able to access the base wallet and not any of the passphrased wallets unless they also steal or bruteforce each passphrase individually.

[satscraper]

requires ~ 10⁶⁰centuries to break assuming 10¹¹ guesses/sec.

Only if an attacker is attempting to brute force every possible combination, which no one will do. As soon as they learn you've used a repeating pattern, it becomes exponentially easier.

No way for attacker to learn that SHA256 message contains a repeating pattern as SHA256 is irreversible function in practice. The point here is that password is SHA256 [message] rather than message itself. User can easily remember that message as it is patterned but for attacker it will be inaccessible to like a sealed book.

[o_e_l_e_o]

User can easily remember that message as it is patterned but for attacker it will be inaccessible to like a sealed book.

My point being only if an attacker has no idea how you generated the passphrase. And given that you've just shared this method on a public forum, that's no longer the case.

I prefer simply using truly random passphrases, just as your seed phrase should also be truly random and not generated from an easy to remember string. Taking SHA256(string) is simply a brain wallet, and we have tens of thousands of examples showing that brain wallets are horrendously insecure and having all their coins stolen.

Random passphrase, backed up on paper, stored separately to your seed phrase. Done.

[Charles-Tim]

If you have 5 wallets and want strict security measures for each of them I hope you have at least 5 Bitcoin or their equivalent between Bitcoin and altcoins, otherwise it seems to me that you are too paranoid. It's a problem I see with Bitcoin, if I have $100K in the bank, hypothetically authorities can seize it, or freeze it, or make it difficult for me to move it if I want to move to another country, but I am not at risk of losing them due to a $5 wrench attack.

Since you don't give more data, what I would do would be:

1. Have fewer wallets.
2. Consider that some of the wallets should be multisig.
3. Have fewer backups.

For high amount of bitcoin like 5 BTC, you can even go for wallet on an airgapped device in a way that you will only make transaction using QR code which is the safest means to transfer unsigned and signed transactions. You can go for wallets like Electrum 2FA, having the 2FA on another device different from the one used to setup an Electrum 2FA wallet. You can go for multisig. Buying two hardware wallets or even three and use it to setup a multisig wallet. You can even use a reputed hardware wallet.

But people have different opinions. You may not have up to 0.5 BTC not to talk of 5 BTC but have five different wallets. For people that deals with bitcoin and altcoins, there may be different reason they have up to five wallets. Not until when they have up to 5 BTC. That should just be your personal preference. But likely that as someone is having more online wallets, he may want to have the coins on different wallets.

Example is to have a wallet for bitcoin saving, bitcoin spending, altcoins saving, altcoins spending and altcoin staking. That is five wallets already.

[CryptSafe]

It is never advisable to store key phrase online as it is always prone to hackers. As long as internet is concerned every device with internet connection is prone to hackers. If sophisticated centralised exchanges could be hacked  then why can key phrase not be able to hack by hackers. It Is better avoided than allowed happened OP.

As for wallets, excessive opening of wallets compound  more key phrase for storage. I believe it would be nice for one  narrow down  the rate at which one uses multiple wallets as I can result to loss of funds and assets in most cases due to misplaced key phrase as a result of mix-ups.

[satscraper]

User can easily remember that message as it is patterned but for attacker it will be inaccessible to like a sealed book.

My point being only if an attacker has no idea how you generated the passphrase. And given that you've just shared this method on a public forum, that's no longer the case.

Nope, still a case, because  firstly , your may construct whatever pattern you want, secondly, you may apply hashing as many times as you want and finally SHA256 is not the only hashing function with irreversible feature. You may even construct your own function which is not known to anybody. You have plenty of choices in fact.  

The point to use this technique is easy remembering message for digesting and, at the same time, to have unbreakable password in outcome.