Question about passphrase or hidden 25th word.

[Solo6R]

I've setup my Cold Card Q with a 24 word seed phrase, and have been learning about passphrases and hidden 25th words. What I'm wondering is if people are picking just a single word for their pass phrase making it a "hidden" 25th word, or are you actually making it a "phrase" All the reading I've done suggests to make it at least 8 words in length. So what's the general consensus on this? Obviously a single 25th word would be easier to remember than an actual "phrase" or series of extra words, but with less security, right? Am I taking the term "Hidden 25th word" too literal here or do we really just need to use a single word for passphrases?

[Jegileman]

This could be misleading in my opinion and it will really affect the maximum security you’re to give to your passphrase. Just think of it as a word that will suit in your other 24 word pass phrase and not a word that is part of it. Best approach that are recommended for your passphrase is that, it should not contain your personal information, the minimum number should be from eight and above and also secure it in a separate place that is safer than anywhere else. The security of your Cold Card Q is very important so you shouldn’t use something that can easily be guessable or cracked by anyone else except you.

[Solo6R]

This could be misleading in my opinion and it will really affect the maximum security you’re to give to your passphrase. Just think of it as a word that will suit in your other 24 word pass phrase and not a word that is part of it. Best approach that are recommended for your passphrase is that, it should not contain your personal information, the minimum number should be from eight and above and also secure it in a separate place that is safer than anywhere else. The security of your Cold Card Q is very important so you shouldn’t use something that can easily be guessable or cracked by anyone else except you.

Sorry I'm a little confused by your response. You say "Just think of it as a word that will suit your other 24 word pass phrase...." and then say "The minimum number should be from eight and above" What does that part mean? minimum number of what? Words or letters? Should we be using 8+ word pass phrases, or just 1 word with 8+ characters?

[OmegaStarScream]

I don't think there is a "rule". I also don't think that whoever manage to gain access to your seedphrase, will think that you've got something else added. He would just assume that you have an empty wallet with no funds. Just add something that's easy to remember, for example "myNameIsOmegastarscream123456" or something. I wouldn't overthink it too much, especially since you're not going to write this down anywhere.

[khaled0111]

I you want a secure passphrase then don't create a one that you can remember easily.
The aim of adding a passphrase is to make it impossible for anyone who gets access to your 24-words seed to access your wallet.
Firstly, the passphrase must not be stored in the same place as the regular seed. Otherwise, it would be pointless to have one.
Secondly, you must use a strong passphrase. Think of it as a password: it shouldn't be easy to guess or to brute force. It doesn't have to be a long phrase, just a combination of random characters should do (8+ upper/lowercase, numbers and symbols).

[Zaguru12]

I've setup my Cold Card Q with a 24 word seed phrase, and have been learning about passphrases and hidden 25th words. What I'm wondering is if people are picking just a single word for their pass phrase making it a "hidden" 25th word, or are you actually making it a "phrase" All the reading I've done suggests to make it at least 8 words in length. So what's the general consensus on this? Obviously a single 25th word would be easier to remember than an actual "phrase" or series of extra words, but with less security, right? Am I taking the term "Hidden 25th word" too literal here or do we really just need to use a single word for passphrases?

There is no consensus on which pass phrase that should be, first situation is never to go for something that you wouldn’t be able to recover, make it long and do not ever store it in the same place as the seed phrase or leave a clue at where the seed phrase is.

In terms of length there is no limitation, in fact you can randomly generate another seed phrase and use it as a pass phrase for the wallet it is not necessary to have it as a single phrase or word because sometimes it is seems weak. Just go for something that it wouldn’t be easily know by anyone except you.

You can also trick any potential attack by having small funds on the original seed phrase without the pass phrase or deceive any attacker from thinking that there is a pass phrase on it

[Jegileman]

Sorry I'm a little confused by your response. You say "Just think of it as a word that will suit your other 24 word pass phrase...." and then say "The minimum number should be from eight and above" What does that part mean? minimum number of what? Words or letters? Should we be using 8+ word pass phrases, or just 1 word with 8+ characters?

The number of words in your passphrase should be nothing less than eight and if you’re using a word like the 25th word hidden character, it shouldn’t be amongst the 24 words you’ve used for your passphrase.

[Solo6R]

Sorry I'm a little confused by your response. You say "Just think of it as a word that will suit your other 24 word pass phrase...." and then say "The minimum number should be from eight and above" What does that part mean? minimum number of what? Words or letters? Should we be using 8+ word pass phrases, or just 1 word with 8+ characters?

The number of words in your passphrase should be nothing less than eight and if you’re using a word like the 25th word hidden character, it shouldn’t be amongst the 24 words you’ve used for your passphrase.

Alright, so for even more clarification here. What does "If you're using a word like the 25th word hidden character" mean? Does that mean just 1 word for a passphrase, or just 1 character? And "it shouldn’t be amongst the 24 words you’ve used for your passphrase." So now you're suggesting I should use a 24 word passphrase? Or do you mean seed phrase here? And what do you mean by "be amongst" them? Like where they're being stored/secured?

[hosseinimr93]

There is no rule. The more complex passphrase you use, the more difficult it would be to brute-force it.
A passphrase including lowercase letter, uppercase letter, number and symbol with 8 characters would provide 53 bits of entopy. If you want your passphrase to be more secure, you can add more characters to it.

[Saint-loup]

It depends what you want to do with your seed and your passphrase. If you want to expose your seed or to share it with someone else, then a single word won't be secure enough for a passphrase. But if you plan to keep your seed as secret as your passphrase then a single word is OK. Because 24 words for a seed is already unbreakable, even 12 words long seeds are already safe. So you don't need to make your seed more complex, less userfriendly and harder to remember.

[Zaguru12]

Alright, so for even more clarification here. What does "If you're using a word like the 25th word hidden character" mean? Does that mean just 1 word for a passphrase, or just 1 character? And "it shouldn’t be amongst the 24 words you’ve used for your passphrase." So now you're suggesting I should use a 24 word passphrase? Or do you mean seed phrase here? And what do you mean by "be amongst" them? Like where they're being stored/secured?

If at all guess what the quoted post meant it would be a single word and not a single character but in his suggestion the word should be a different word which isn’t already part of the words that comprises the seed phrase. You should use either of 24 word seed phrase or 12 word seed phrase both are ok. Although the 24 word seed phrase is more secure due to the bits of entropy which is 256.

It depends what you want to do with your seed and your passphrase. If you want to expose your seed or to share it with someone else, then a single word won't be secure enough for a passphrase. But if you plan to keep your seed as secret as your passphrase then a single word is OK. Because 24 words for a seed is already unbreakable, even 12 words long seeds are already safe. So you don't need to make your seed more complex, less userfriendly and harder to remember.

Although seed phrase either been 24 or 12 is secured enough if at all the owner safe guards it well, the idea for seed phrase which I recommend is to provide a second layer of protection to seed phrase it self just if they seed phrase gets exposed or compromised

[nc50lc]

Am I taking the term "Hidden 25th word" too literal here or do we really just need to use a single word for passphrases?

Just think of it as a 'password' but instead of a "word", it can also be a "phrase".

For example: this is a password: "banana"; then, this is a passphrase: "yellow long banana".
Your BIP39 passphrase can be either of those options.

Technically, it's not an extension but an additional data to the salt when the mnemonic phrase is hashed to compute the wallet's HDSeed.
Given that, it can be any character and could be as short as "A" or as long as you want including spaces and punctuation marks.
And as you know it, the longer and complicated it is, the stronger the security will be if your seed phrase has leaked.

[hosseinimr93]

Although the 24 word seed phrase is more secure due to the bits of entropy which is 256.

It's not.
As long as you keep your seed phrase safe and no one has any information about it, it doesn't really matter whether your seed phrase contains 12 words or 256 words.
As you truly mentioned, a 24 word BIP39 seed phrase provides 256 bit of entropy, but you should note that the maximum security a bitcoin privte key can provide is 128 bits and there is no way to have wallet with more security.

[apogio]

I will probably repeat some info that has already been posted, so excuse me for that.

1. Any 12-words seedphrase provides 128 bits of entropy, whereas any 24-words seedphrase provides 256 bits of entropy. They are both infeasible to be brute-forced, so they are both safe. As hosseinimr93 said, any bitcoin private key offers 128 bits of security against brute-force. Nobody would ever try to brute-force a private key (nor a seedphrase), but they would instead try to solve the ECDLP. They would have on average 128 bits of difficulty in that  case, thus, that's where this 128 bits come from.

2. A passphrase should be backed-up in a separate location from your seedphrase. So technically you should have at least 2 backups (1 for the seedphrase stored in place X and 1 for the passphrase stored in place Z). In my opinion, you should have 4 backups in separate locations (2 backups of the seedphrase and 2 backups of the passphrase).

3. A passphrase should be strong, so if anyone gains access to the seedphrase, they can't brute-force it.

How strong should it be? Let's say as close to 128 bits as possible.
What could be a 128 bits passphrase? Well, it could be a random combination of uppercase, lowercase and numbers. Since this dataset includes 62 characters, you would need 20 characters to approach 119 bits, because ln(62^20) / ln(2) = 119.08 bits. Let's say something like this: LK12spsaiwM238GN76eH
Will it definitely be safe? There is no definitely in math, but there is approximately definitely. So I would argue that if you generate the passphrase in a secure airgapped environment, using a good piece of software, then yeah! It would be safe.

4. I have been very vocal about it, but don't rely on memory! Ever!

5. A passphrase is not a BIP39 exclusive, it's also included as a feature with Electrum, SLIP39, AEZEED and probably more that I am not aware of. I think (at least for BIP39) that there is no invalid passphrase.

[Z-tight]

4. I have been very vocal about it, but don't rely on memory! Ever!

Totally agree, and i would just like to add that if someone extends their seed phrase with a passphrase that they can commit to memory, then it is probably a weak seed extension, and if their seed phrase ever gets compromised, then it would be possible for an attacker to brute-force it and steal their funds.

[Yamane_Keto]

How strong should it be? Let's say as close to 128 bits as possible.
What could be a 128 bits passphrase? Well, it could be a random combination of uppercase, lowercase and numbers. Since this dataset includes 62 characters, you would need 20 characters to approach 119 bits, because ln(62^20) / ln(2) = 119.08 bits. Let's say something like this: LK12spsaiwM238GN76eH
Will it definitely be safe? There is no definitely in math, but there is approximately definitely. So I would argue that if you generate the passphrase in a secure airgapped environment, using a good piece of software, then yeah! It would be safe.

56-bit is enough since the main purpose of the passphrase is to delay access to the wallet seed so you can spend your funds and brute-forcing 56-bit takes a lot of time (several months) If someone can brute-force 56-bit then they have enough resources to physically reach you and force you to tell them.