Seed phrase and passphrase backup

[o_e_l_e_o]

Nope, still a case, because  firstly , your may construct whatever pattern you want, secondly, you may apply hashing as many times as you want and finally SHA256 is not the only hashing function with irreversible feature. You may even construct your own function which is not known to anybody. You have plenty of choices in fact.  

Now you need to remember your pattern, how many times you repeated it, which hash function you used, how many rounds of the hash function you used, and so on. All to end up with a password generated from <30 bits of entropy. And if you use your own function, then you could easily make a mistake rendering your password very insecure and if you don't back up your function then wave your coins goodbye. Plus relying on your memory for passwords is a recipe for disaster, which is why every good wallet tells you to write down your seed phrase with pen and paper.

It seems to me like a massive overcomplication of a very simple process - generate a random passphrase, and write it down.

[satscraper]

Nope, still a case, because  firstly , your may construct whatever pattern you want, secondly, you may apply hashing as many times as you want and finally SHA256 is not the only hashing function with irreversible feature. You may even construct your own function which is not known to anybody. You have plenty of choices in fact.  

Now you need to remember your pattern, how many times you repeated it, which hash function you used, how many rounds of the hash function you used, and so on. All to end up with a password generated from <30 bits of entropy. And if you use your own function, then you could easily make a mistake rendering your password very insecure and if you don't back up your function then wave your coins goodbye. Plus relying on your memory for passwords is a recipe for disaster, which is why every good wallet tells you to write down your seed phrase with pen and paper.

It seems to me like a massive overcomplication of a very simple process - generate a random passphrase, and write it down.

Much easier to remember all that things than  password  from random characters.

However I don't say that random passphrases are bad. In fact I 'm using them in my every day life, generating new passwords   for new services when needed. The method I have described I use for my masters password that encrypts my KeePass.

[Saint-loup]

Assuming you want to have five wallets. Let us say 2 for bitcoin and 3 for altcoins. Having more than one because it is good not to have only just one wallet. Because of that, you split the coins into 5 wallets. I also prefer to use bitcoin only wallet for bitcoin.

For one seed phrase, you can have three backups which is what people are saying on this forum. For 5 wallets, that is 15 backup. If you will keep the backup in different places, that is becoming impossible.

What about having only one seed phrase and backup the seed phrase in three places on a paper. If you want to generate the 5 wallets, you will set different passphrase and have only 1 seed phrase.

Example of the passphrase:

_-\A.bb.ccc&zzz.yy.X/-_

I can make it longer like this if I have the passphrase backup online:

$+$-sbdgsgsgs$+$-362+2;$;_-$:_;$)$+_+$+3+$_-(3shdhrhe3+$-jsjdhrh_+$-#-#ehsh$!$-$-$eudydhdbs$-$&363

That is 23 characters long which will be difficult to brute force. Another thing is that if you have the backup in different places, people that see it will not know that it is passphrase.

Brute forcing a passphrase is possible when you know the seed (if the passphrase is weak) but brute forcing a seed is not possible even when you know the passphrase because a seed is never weak. So exposing a passphrase is less dangerous than exposing a seed.
Thus IMO, it's less risky to have one single passphrase and several different seeds. Because if one people discovers your passphrase he won't be able to brute force your 5 wallets, while here someone discovering your seed will be able to brute force your wallets if your passphrase isn't strong enough.

[nakamura12]

It is never advisable to store key phrase online as it is always prone to hackers. As long as internet is concerned every device with internet connection is prone to hackers. If sophisticated centralised exchanges could be hacked  then why can key phrase not be able to hack by hackers. It Is better avoided than allowed happened OP.

It is a common advice to start with. Most people always say that it is never advisable to store your key phrase online that's why I said that it is common. It is indeed helpful to increase your security when you didn't store your key phrase online. As you have known, there's a possibility that the platform that you are using to store your key phrase might get hacked and even If it didn't get hacked, the platform might have vulnerabilities that will cause problems like leaked data. That's the reason why I prefer using offline storage like USB for example but what I really do is to write it in a piece of paper and cover it with transparent packing tape or to laminate the paper.

[o_e_l_e_o]

Brute forcing a passphrase is possible when you know the seed (if the passphrase is weak) but brute forcing a seed is not possible even when you know the passphrase because a seed is never weak.

There have been plenty of weak seed phrases created in the past, via poor, bugged, or malicious wallets or PRNGs.

Because if one people discovers your passphrase he won't be able to brute force your 5 wallets, while here someone discovering your seed will be able to brute force your wallets if your passphrase isn't strong enough.

I disagree. Just make your passphrase have a minimum of 128 bits of entropy, which is the same as 12 word seed phrases and the same amount of security provided by bitcoin private keys. This means 20 characters if you draw from the full set of 95 printable ASCII characters. The advantage of this is if an attacker finds one of your back ups. Let's say you have 5 seed phrases with 1 passphrase. If an attacker finds a back up, there is a 83.33% chance they find a seed phrase, which is immediately identifiable as a seed phrase, so they know to keep looking for other back ups or to target you specifically. If you have 1 seed phrase and 5 passphrases, if an attacker finds a back up then there is a 83.33% chance they find a passphrase, which could be absolutely anything. Bonus points if you have an encrypted file folding fake "sensitive" data locked by that passphrase which you can unlock to prove the passphrase has nothing to do with bitcoin.

There is also the issue of plausible deniability. Having multiple decoy passphrases you can hand over in the case of a $5 wrench attack to protect your real stash is preferable to only having a single passphrase holding everything.

[mocacinno]

You're probably fine re-using the seed and adding a very long extension word that you keep in a very secure cloud environment

There is no such thing as a very secure cloud environment. Anything on the cloud is at risk.

I agree, but you did cherry-pick this one sentence out of a big text that basically told OP that he was decreasing his security by doing this (the complete context was keeping the seed words offline and saving the very complex extension word you'll need every time you want to spend from, for example, a hardware wallet in an encrypted password safe in the cloud)... I clearly stated that everything except using an unique seed phrase + strong extension word and keeping them completely offline in a safe place and separated from each other was decreasing his security.

I merely stated that for some people, it might be ok to create a seedphrase and keep it 100% offline whilst creating strong extension words and keeping them in an encrypted password vault on a reliable cloud storage *might* be good enough for them... I never said it was the best idea, i even stated i would never do it since it wouldn't feel secure enough for me.

Bottom line is that bitcoin is about personal responsibility and personal choice... If you think you'll lose your seed phrase (and all your funds in the meantime), you might be fine storing your seedphrase in a slightly less secure way so the odds of exposing your seeds rise a very little bit whilst your odds of losing your seed decrease a lot.
If you use a hardware wallet on a daily basis, and you're opting to use the one seed for several wallets using a very long extension 13th (or 25th) word, it might be ok for you to store said extension words in an encrypted keepass safe on a cloud vendor's hardware since you'll need to fetch those words very regularly... Is it the safest option? No, it isn't, but it's the one you might be comfortable with (i wouldn't be).
Who am i to judge... The only thing i can say is that for you personally, and your usecase, the opsec you chose *might* be ok... I can only state that i wouldn't do this, and that it's not the *best* way to store sensitive data... But if this is the way you want to work, i cannot and will not stop you...

The thing does remain: there are always attack vectors... The more attack vectors you eliminate, the bigger the odds of you losing access to your wallet or funds... If you try to make up schemes to make sure you will never lose access to your funds, you'll inevitably open up very small attack vectors for potential thiefs. It's very hard to find a balance.

IMO for people who use a correct cold storage setup or hardware wallet, the accidental loss of seeds/passwords/extension words is a bigger risk than someone carrying out a sophisticated multi-stage attack against them. Do we even have any documented cases of airgap-jumping malware that targets Bitcoin wallets? Yet the stories of people losing their seed words that were written on a piece of paper are quite common.

That was basically what i wanted to say... People do lose their seedprhases from time to time (or their 13th/25th word). The easyer you make it for yourself not to lose access to this sensitive data, the easyer you make it for an attacker... It's about finding a balance... You could potentially store the seedprhase using an ssss that requires 10 out of 10 chunks to restore your seed, then encrypt the passphrase needed for the ssss scheme, then encrypt the 13the/25th word and store all this data in seperated physical places... No hacker will ever be able to rob you, but if you ever need that seed or those extension words, odds are small you'll be able to restore it yourself...

[o_e_l_e_o]

Apologies. I should have prefaced that statement by saying I agree with everything you had written except for that one sentence.

Given the sheer volume of cloud storage hacks which happen on a constant basis, I don't think anyone should ever store anything truly sensitive on the cloud, especially nothing bitcoin related. And while I agree with everything else you said, I would stop short at making that recommendation. Yes, there is a trade off to be had between risk of accidental loss and risk of malicious access, but the risk of a third party accessing something stored on the cloud is so astronomically high that it is unacceptable.

Performing full client side encryption first with a strong algorithm and strong encryption key and so forth is all well and good, but the majority of people using cloud storage do not do this, and the people who are capable of doing this properly probably aren't using cloud storage in the first place. There are countless examples of cloud storage services which claim to encrypt all your files first doing so poorly, or incompletely, or insecurely, or leaking data on transfer, and so on. These services simply cannot be trusted. And if you have somewhere secure to back up your long and random decryption key, then why not just use that place to back up your passphrase in the first place?

If you really feel you cannot safely back up a seed phrase offline, then there are other options which are much preferable to cloud storage, such as a multi-sig distributed between multiple locations or multiple trusted friends or family members.

[Lakai01]

-snip'
Performing full client side encryption first with a strong algorithm and strong encryption key and so forth is all well and good, but the majority of people using cloud storage do not do this, and the people who are capable of doing this properly probably aren't using cloud storage in the first place.
-snip-

In this context, what do you think about cloud vault solutions like the "Personal Vault" on an Office 365 account?
 

OneDrive Personal Vault
Personal Vault in OneDrive is protected by identity verification, so you can store your most sensitive files in the cloud without losing the convenience of anywhere access.

Source

The additional identification barrier should make it much more difficult for hackers to gain access. Not, of course, from attacks via backdoors, which Microsoft employees, for example, could then exploit. However, the fact that the Vault is directly integrated into OneDrive means that even technically unsophisticated crypto owners can use it very easily.

For me personally, using the Vault to store my Mnemonic Code is out of the question, but I would definitely store scanned documents like my passport there.

[o_e_l_e_o]

In this context, what do you think about cloud vault solutions like the "Personal Vault" on an Office 365 account?

It's not about attackers hacking the log in credentials for your individual account, which can be made next to impossible by requiring a hardware 2FA key for example, but rather the security of the entire system.

I assume this Microsoft software is closed source, meaning you are trusting completely that it is encrypting your data properly, with a secure algorithm, with a secure key, without leaking anything, and then transferring it securely, and then storing it securely across multiple servers in multiple countries. You have no idea how good or bad that security is, no idea where these servers are, no idea who has physical access to these servers, and so on.

As I explained above, you can find many examples of failure somewhere in this process and data being leaked. Every big entity has experienced data leaks in the past - Microsoft, Google, Apple, Amazon, Meta, the lot. It would incredibly naive to think they won't experience data leaks again in the future.

I'm not about to trust the safety of my funds to a closed source process designed and implemented by a company which has a record of leaking data.