I've seen too many stories like this that end tragically. It's why I don't recommend passphrases: they result in a brittle 2-of-2 key architecture.
Login to reply
Replies (50)
What do you recommend one to do then?
To me, is easier to backup and restore a multisig wallet.
Wait, I am confused and concerned. When I set up my trezor I recorded the 24 words but did I screw myself not getting a 25th?
Disagree.
12/24 with a passphrase is probably the best overall setup for a pleb.
What do you think of Bitkey?
Ok, I will not panic. Thank you! But I will be looking into this more once I finish my work π
Lopp is just trying to use fear to sell his products imo
I would say it's even worse than that: breaking the passphrase is not difficult to an attacker, and basically impossible to the legitimate owner. The only thing a passphrase can do is help you lose funds
What's that paraphrase getting you? If I have your seed, I can pop your passphrase offline
Just save the passphrase in your password manager. Without the seed phrase its useless anyway.
If I have your seed phrase, brute forcing your passphrase is not difficult, and gets easier every year. All I need is the UTXO set and cheap compute. There is no rate limiting, and the difficulty of testing a phrase is too low
Thank you for this detailed explanation!
A passphrase can be another twelve words.
If you've lost your seed phrase, what are the chances you haven't also lost your passphrase? And if you know how to protect your passphrase, why didn't you protect your seed phrase?
I'm not doubting that this setup isn't right for most people. But surely you can imagine a scenario where, given the right person and skills, it's beneficial?
I don't. The most generous situation is where someone had "some words" and "some more words", an attacker stole the first set, and not the second. First, why were they able to steal one and not the other, and you are somehow able to recall both? Second, you can do the same thing by using a 24 word seed phrase and storing half in one place and half in another.
In the end, "some words" plus "some more words" is indistinguishable from "some words", so why do we expect them to behave differently?
i'd argue that this is still an education issue.
View quoted note β
I don't want to go into my personal circumstances for obvious reasons, but I can confirm that you haven't thought about this from all angles. I'm not looking to argue, though. I agree with your overall sentiment. I'm merely saying, there are some very specific life variables out there that can make certain setups preferable over others. But for most people 12 words is enough.
A mnemonic seed phrase without a pass phrase would mean its game over if an evil maid finds a seed QR or stamped metal back up. I teach noobs to use a passphrase and keep multiple copies, then hide their seed diligently and securely. @Jameson Lopp surely even device PINs need to be stored effectively?
The same kind of backup shortfall and misunderstanding can occur with multisig also, don't see how this is an inherent fault with passphrases.
ANY set up should be tested before using it for funds.
1. Set up wallet with passphrase
2. Put a small amount in wallet
3. *Wipe wallet and then recover from backup
Doing this is essential and will expose any problems with the setup, backup, and or user understanding.
Back up passphrase and seed on separate steel plates and keep them geographically separated if possible.
*Do the wipe and recovery directly from these same steel plates.
You know all this Mr. Loop.
This makes no sense.
A proper passphrase is not hackable, it has legitimate uses, like decoy wallets; it's an useful advanced feature that should be handled carefully..
A passphrase is rarely 128 bits, so it can be bruteforced
Nah
Use the real chain. Make mistakes. Learn.
Don't ape 100m dollars into a seed, but don't fret if you ape 100 into a seed, lose it, and learn a generational lesson. Embrace that lesson.
Manage your family's risk apporpriately.
Agreed. Multi-sig and seed xor are more useful, with better options for backup and inheritance planning.
Everyone thinks of theft as a risk, or obviously leaving funds on exchanges, but another very real and likely risk is simply losing access to a wallet, making it too complicated for themselves or their heirs to access.
Full responsibility with no safety net is very new to most people in our day. But worth learning.
A decoy wallet... for when someone gets your seed phrase? It's unlikely that someone will make their paraphrase long enough to prevent someone from brute forcing it. If you want a decoy seed phrase, why not change a few words and fix the checksum? At least then it's less obviously a decoy... "25 words" + low balance = decoy that you should run a dictionary attack on. 24 words with low balance is a wallet
Obviously you have make it long enough! π
Don't try to make βyour own cryptography"
Passphrase alone doesn't give you the wallet, you would need to brute force the seed too.
A passphrase adds entropy to your seed. Two things need to be broken, not just one. (seed and passphrase too)
Yes, but the seed has enough range already. If they didn't know your seed, they're not going to find it
Right....but I think the point is a passphrase will not weaken it.
The upsides are minimal, but that's okay because you might lose all your funds? π€£
The Bitcoin equivalent of "we lose a little on each transaction but make up for it in volume"
You are right, it is always possible to lose a passphrase but what makes it more losable than a seed?
Thinking that it's a device specific passphrase and not an essential part of the seed
Not sure what you mean.....a passphrase is not device specific and is not part of the seed but added to the seed. Any passphrase added to the seed makes a new wallet.
Not if its actually a strong passphrase lmao. Maybe a weak password
> It's unlikely that someone will make their paraphrase long enough to prevent someone from brute forcing it
Reality check: for the casual user that doesn't have a life changing amount in Bitcoin, it is more likely that the seed is found by a roommate or some random guy that works in their property, instead of being the target of a determined, informed and well-equipped attacker.
So even a medium simple and high memorable passphrase can be effective in many situations as additional security layer.
You can even store it in a password manager or your computer.
Sure. But casual users don't use password managers, and if they do probably they don't have sufficient opsec and backup procedures in place.
A memorable (easy to transcribe and store as well) passphrase seems a good starting point.
Re-read the original post - the Bitcoin mantra is that you only need your 12/24 words
if you are using singlesig without a passphrase you are vulnerable to an attack where if anyone can sweep your funds if they physically find your seed. I see passphrase as a physical two factor without going down the full complexity of a 2of2 multisig wallet.
I talked about stolen *seeds*.
A passphrase can be memorizable, you can always store it securely in a password manager, and offline backup are safer since the format is not easily identifiable as is the case with seeds.
Even with the best UI, storing many seeds (an well know format, easy to spot) is more complex than having one seed with a customizable additional layer of security. I repeat, for advanced setups, not the casual user.
Splitting a 24-word seed does not create two valid 12-word seeds, the checksum fails.
And even if it were the case:
its not hard to memorize 24 words + seed phrase,people have no idea how good memory is
although funny enough I can't mention this without a swarm of bitcoiners who say iTs NoT a GoOd iDeA tO mEmOriZE tHiNgs.
like bruh you do you if you don't want extra backups that can't be confuscated, but I lived through an era where police in Canada confuscated multisig wallets and they lost access to it.
I thought the same until I tried it. its incredibly easy. you just do a memory palace / story technique.
this is a very misunderstood thing about humans
Exactly.
Method of loci - Wikipedia
Easy π
And you completely loose the resilient benefits of seeds.
The OP was about the pitfalls with added complexity in a setup, passphrases specifically.
I am saying it is maybe more correct to educate people on the importance of testing/proving recovery and good backup practices, and to not blame lost funds on something other than common user sloppiness.