Secure Seed and Passphrase/PIN

[tread93]

With the recent Ledger vulnerability zero day exploit that hit some unfortunate ledger users today using Dapps is a reminder that you have to be extra careful using this technology, and it really got me thinking to the roots of your Seed.

Long Term is the 12 word seed going to really always protect your funds?  is a 24 word seed secure with the rate of AI and Quantum advancements? Even with a passcode and a pin. And then what about a physical attack?

I also like to Sha passwords that can be split up to 16 different ways but that is too complex I feel, but much more secure and capable of many more words that can be used. What is the best practice here and what do you guys do for extra extra security???

[1714247343]

1714247343

[1714247343]

1714247343

[1714247343]

1714247343

[Yamane_Keto]

From the moment that ledger announced the possibility of extracting the private key, they were providing false or questionable security, or you were relying primarily on the expertise of their programming team.

This reminds me that Ledger has laid off a number of employees, which is an additional challenge to prevent misuse of the information they know.

https://www.ledger.com/blog/a-message-from-pascal-gauthier-chairman-ceo-at-ledger

Long Term is the 12 word seed going to really always protect your funds?  is a 24 word seed secure with the rate of AI and Quantum advancements? Even with a passcode and a pin. And then what about a physical attack?

Yes, It is impossible to brute force both 12 and 24 word seed phrases even though 12 words generate 128 bits of entropy which is 2^128 = 3.4028237e+38 while 24 words generate 256 bits of entropy which is 2^256 = 1.1579209e+77. In all cases, 128 bits of entropy is considered safe.

The problem with the 24 words is that it adds a new complexity, as it increases the possibility of forgetting several words or changing their order, which increases the possibility of losing your money, while it does not enhance your security because 12 words are safe.

12 word vs 24 word seed topic has been discussed many times, just search for the word on the forum or Google.

And then what about a physical attack?

In case of physical access to the hardware wallet (physical attacks), your seed phrase is only protected by a digit PIN. Some hardware wallets enhance their security with one or more secure elements against some physical attacks and to ensure that your encryption uses a much larger number of bits than what the digit PIN provides, in addition to preventing data leakage from RAM.

[Zaguru12]

The recent ledger vulnerability actually points at one importance of an offline wallet. You will read that the attack or hackers couldn’t get their hands on to the seed phrase which simply had your funds secure except you did interact with DApps had it been an online wallet it could gotten access to something like a key or seed phrase.

Fro now there is no quantum computer that can crack or brute for the algorithm for seed phrase so the security now is how you personally safeguard yours. First I will say if you tired or hardware companies getting compromised then setup your own cold storage with wallets like electrum to avoid this problems. You can then add a second layer or protection to your seed phrase by adding a passphrase which should be stored separately from the seed phrase itself.

Then the most secured method at the moment is setting up a multi sig wallet with an each co-signer having its own device. This multi sig will help to protect funds from been stolen when one of the seed phrases or keys becomes either physically stolen or even through phishing attacks or hack.

An example of how to back a 2-3 multi sig wallet is given below.

No need of doing something like this. You can backup your 2-of-3 multisig seed phrase/private key and public key in this order in three different locations:

Seed 1, MPK 2 (location 1)
Seed 2, MPK 3 (location 2)
Seed 3, MPK 1 (location 3)

In this way, if you lose one backup, you will still be able to recover back your coins and there is no need for any fourth backup, especially in what is not recommended like phone or online.

Backup should be completely  offline.

This way even one of the devices gets compromised it will be hard to move the funds on that wallet without getting access to the other co-signers and before the hacker does the wallet owner would moved out those funds.
But this is possible or more secure if each co-signer is on different devices as a single device defeats the purpose of multi sig wallet

[Meuserna]

From the moment that ledger announced the possibility of extracting the private key, they were providing false or questionable security, or you were relying primarily on the expertise of their programming team.

This reminds me that Ledger has laid off a number of employees, which is an additional challenge to prevent misuse of the information they know.

It should be noted that Ledger is blaming a FORMER employee for getting hacked.  And, yeah, they've fired a lot of employees this year.

Crypto Custody Firm Ledger Cuts 12% of Staff
"The Paris-based company has 734 employees, according to LinkedIn, so a 12% cut would mean the elimination of roughly 88 jobs."

--Coindesk, Oct 5, 2023

Ledger hasn't explained how former employees have access to their code.  This is the 2nd major security breech at Ledger.  The first was in fall, 2020, when Ledger leaked their entire customer database, including customer names, email addresses and home addresses.  It only makes sense that giving hackers access to customers coins was the next logical step.

I do not understand why anyone still uses Ledger wallets.  That's crazy.

[Charles-Tim]

Long Term is the 12 word seed going to really always protect your funds?  is a 24 word seed secure with the rate of AI and Quantum advancements? Even with a passcode and a pin. And then what about a physical attack?

I also like to Sha passwords that can be split up to 16 different ways but that is too complex I feel, but much more secure and capable of many more words that can be used. What is the best practice here and what do you guys do for extra extra security???

Do not split your seed, it is not recommended. If you want to make your seed phrase to be secure offline, use passphrase along with it while generating your keys and addresses. With passphrase, different keys and addresses are generated. If someone have access to your seed phrase but not your passphrase, the person still will not be able to have access to your coins. Use a strong passphrase. Backup your seed phrase and passphrase differently in different locations. If seed phrase or passphrase backup is lost, your coin is lost. Do like 2 or 3 backups each.

For multisig, it is well explained above by Zaguru12.

[Synchronice]

Long Term is the 12 word seed going to really always protect your funds?  is a 24 word seed secure with the rate of AI and Quantum advancements? Even with a passcode and a pin. And then what about a physical attack?

At the moment 12 word seeds are super secure and at the moment we can say that it is going to always protect our funds but if somehow computers get so advanced in the next decades that we will be in danger (still sounds something unbelievable), believe me, before any hack, we will have enough time to fix the problem and move on a different methods. Worrying about the hack of 12 word seed phrase, for me, looks like worrying about Earth getting run out of water.
Please, don't worry about the made up problem that doesn't exist.

I would worry about buying and using Ledger and similar wallets. Just buy a Coldcard or Passport.

[Charles-Tim]

I would worry about buying and using Ledger and similar wallets. Just buy a Coldcard or Passport.

It is worth knowing that Coldcard hardware wallets are not open source. The only recommended hardware wallet for bitcoin that you mentioned between the two is Passport which is open source.

Ledger Nano wallets are among the worst hardware wallets so far.

[satscraper]

Long Term is the 12 word seed going to really always protect your funds?  is a 24 word seed secure with the rate of AI and Quantum advancements? Even with a passcode and a pin.

The entropy  of 12 word seed is roughly 128 bits while  that one of 24 word seed  ~ 256 bits.

To crack those seeds one should flip 2¹²⁸ and 2²⁵⁶ bits respectively.

Flipping  a single bit at room temperature requires 2.9×10⁻²¹ J of energy.

The sun produces " 1.23 x 10 ^ 35 Joules of energy in one year".

Thus it requires around 2 10⁷³ years for the sun to shine to secure energy needed to crack 128 bits which is much much less then age of the Universe. (may have made a mistake by couple orders of magnitude  in my calculations, but in this case it doesn’t matter.

Try to calculate the same for 256 bits.

As to quantum advancements. There is an experimental evidence that  heat generation occurs also at  changing states of qubits.


 

[FatFork]

Long Term is the 12 word seed going to really always protect your funds?  is a 24 word seed secure with the rate of AI and Quantum advancements? Even with a passcode and a pin.

Despite its rapid advancement, generative AI algorithms will never be able to crack the true randomness used to generate seed phrases, regardless whether you have 128-bit, or 256-bit entropy.  So, the choice of the length of your seed phrase, whether it's 12 or 24 words, doesn't impact its security much. As for quantum computers, one of the biggest concerns is that one day these machines could crack the widely used RSA and Elliptic Curve Cryptography algorithms, which are the backbone of online banking, and sensitive financial and data transfers, not just Bitcoin.  But there's nothing you as individuals can do about it, as the entire internet will need to adapt to this new reality.

And then what about a physical attack?

What about it? Physical attacks have always been a concern, and they aren't going anywhere. Yet, I still think it's much easier to protect digital assets from such attacks than it is to protect physical assets like your wallet, or smartphone.

[apogio]

A private key in Bitcoin is 128 bits, no matter how many words you choose to use as a seed phrase. This is because Bitcoin uses Secp256k1.

In fact, every measure you take (24 words instead of 12, multisig, passphrase etc) only help in case the seed phrase backup is exposed. No matter what measure you take, the private key in Bitcoin will offer 128 bits of security.

The best explanation you can find is here (conversation with o_e_l_e_o): https://bitcointalk.org/index.php?topic=5393030.msg63258028#msg63258028

[Synchronice]

I would worry about buying and using Ledger and similar wallets. Just buy a Coldcard or Passport.

It is worth knowing that Coldcard hardware wallets are not open source. The only recommended hardware wallet for bitcoin that you mentioned between the two is Passport which is open source.

Ledger Nano wallets are among the worst hardware wallets so far.

You can view every single line of Coldcard's code on Github. You can't just copy their code to build a new one. You can review source and verify code. To my mind, that's all that matters for users, it's not a closed-source project and we can't make it stand next to Ledger. By the way, Passport is also based on Coldcard too. I don't see anything wrong with using Coldcard, as I don't see anything wrong with using Passport either. Both of them are very good and I recommend both of them to everyone.

[o_e_l_e_o]

Long Term is the 12 word seed going to really always protect your funds?  is a 24 word seed secure with the rate of AI and Quantum advancements? Even with a passcode and a pin. And then what about a physical attack?

A 12 word seed phrase gives you 128 bits of entropy. Bitcoin private keys give you 128 bits of security. If 12 words isn't safe, then the entirety of bitcoin isn't safe. So yes, 12 words are fine.

The 4 digit PIN on your bank card gives ~13 bits of entropy. The 15-60 digit bank card itself gives ~50 bits of entropy. The password on the vast majority of online accounts gives less than 80 bits of entropy. 128 bits are more than enough.

And quantum computing does not provide any meaningful speed up when it comes to raw brute forcing of seed phrases. Quantum computing poses a risk to the ECDLP (i.e. calculating a private key from a known public key), which is why at some point bitcoin will likely fork to a quantum resistant algorithm.

The problem with the 24 words is that it adds a new complexity, as it increases the possibility of forgetting several words or changing their order

You shouldn't be remembering your seed phrase at all. Write it down.

Then the most secured method at the moment is setting up a multi sig wallet with an each co-signer having its own device. This multi sig will help to protect funds from been stolen when one of the seed phrases or keys becomes either physically stolen or even through phishing attacks or hack.

Note that a multi-sig only provides additional security when it comes to your back ups - it does not generate addresses which are more secure than 128 bits. In fact, if you use old style P2SH multi-sig instead of P2WSH segwit multi-sig, then you actually create weaker (but still entirely safe) addresses.

No matter what measure you take, the private key in Bitcoin will offer 128 bits of security.

I would slightly modify that to say a private key will offer a maximum of 128 bits of security. There are plenty of ways to generate private keys with much less security.

[tread93]

Long Term is the 12 word seed going to really always protect your funds?  is a 24 word seed secure with the rate of AI and Quantum advancements? Even with a passcode and a pin. And then what about a physical attack?

A 12 word seed phrase gives you 128 bits of entropy. Bitcoin private keys give you 128 bits of security. If 12 words isn't safe, then the entirety of bitcoin isn't safe. So yes, 12 words are fine.

The 4 digit PIN on your bank card gives ~13 bits of entropy. The 15-60 digit bank card itself gives ~50 bits of entropy. The password on the vast majority of online accounts gives less than 80 bits of entropy. 128 bits are more than enough.

And quantum computing does not provide any meaningful speed up when it comes to raw brute forcing of seed phrases. Quantum computing poses a risk to the ECDLP (i.e. calculating a private key from a known public key), which is why at some point bitcoin will likely fork to a quantum resistant algorithm.

The problem with the 24 words is that it adds a new complexity, as it increases the possibility of forgetting several words or changing their order

You shouldn't be remembering your seed phrase at all. Write it down.

Then the most secured method at the moment is setting up a multi sig wallet with an each co-signer having its own device. This multi sig will help to protect funds from been stolen when one of the seed phrases or keys becomes either physically stolen or even through phishing attacks or hack.

Note that a multi-sig only provides additional security when it comes to your back ups - it does not generate addresses which are more secure than 128 bits. In fact, if you use old style P2SH multi-sig instead of P2WSH segwit multi-sig, then you actually create weaker (but still entirely safe) addresses.

No matter what measure you take, the private key in Bitcoin will offer 128 bits of security.

I would slightly modify that to say a private key will offer a maximum of 128 bits of security. There are plenty of ways to generate private keys with much less security.

Thanks for the clarification and layout of questions answered here. I'm sure that this is a very redundant conversation but probably dug way down in the forum. It's good to know that even 12 word phrases are generally extremely secure.