Picking a Good BIP39 Passphrase (25th Word) or avoiding a bad one. For Trezor, Ledger, & Keepkey
Вставка
- Опубліковано 22 лип 2019
- Securely Backup your seed and passphrase
ColdTI: www.amazon.com/TopHat-Technol...
CryptoSteel: www.amazon.com/Cryptosteel-MN...
Keep all your crypto safe & upgrade to a Ledger Nano X Hardware Wallet shop.ledger.com/pages/ledger-...
Alternatively, if you prefer a 100% Open Source wallet, a Trezor One is also a great value wallet shop.trezor.io/product/trezor...
Notes and spreadsheet on GitHub: github.com/3rdIteration/BIP39...
Further Reading:
www.eff.org/deeplinks/2016/07...
ledger-donjon.github.io/Unfix...
blog.trezor.io/is-your-passph...
coldbit.com/can-bip-39-passph...
---------------------
If you are new to Crypto, my suggestion is that you start with buying ~$150 worth of Bitcoin, Ethereum, Litecoin @ Coinbase and get familiar with storing it, moving it around, etc.
For your first purcahse, just stick with CoinBase: www.coinbase.com/join/5691c9d...
For Trading, just start with Binance: www.binance.com/?ref=18111926
By sticking with large, reputable exchanges for your first purchase (Coinbase) and first trade (Binance) you can avoid getting scammed right at the start by purchasing a non-existing coin off a scammy exchange. (You would be surprised how many people fall into this trap)
Don't have a hardware wallet?
Be safe and buy them direct from the manufacturer. (Not just through some random on eBay, Amazon, etc)
Get a Ledger: shop.ledger.com/?r=5243ecbb8427
(If you are just starting out, I would just recommend a Ledger Nano S)
If this was helpful, feel free to send me a tip:
BTC: 37hiiSB1Poj6Shs8WawPS2HjT2jzHkFSQi
BCH: qr9qenlgjh0xlyz802h70ul69rpdj8z6qyuh7m79ah
LTC: MRWnUcsyofisVp5GvX7nxMog5caneycKZ6
ETH: 0xCe41d43349E1c8C53E02631650E236d94A899a95
VTC: vtc1qxauv20r2ux2vttrjmm9eylshl508q04uju936n
ZEN: znUihTHfwm5UJS1ywo911mdNEzd9WY9vBP7
Selecting a BIP39 Passphrase (or 25th Word or two-factor seed phrase)
Or at least avoiding a bad one...
Plenty of FUD and paranoia out there...
Some key things to understand to help you make an informed decision...
Assumptions to Avoid
1) The tools/process/etc to crack a BIP39 password are hard to come by and hard to use
1a) A potential adversary has access to the same tools I do...
2) I have a Ledger, not a Trezor, so key extraction isn't something I need to worry about...
3) An 8 character password works for "online service name" so it is ok for this too...
4) My memory is reliable...
5) A passphrase that is secure today will be secure in 10 years' time...
6) I need a 37 character long, fully randomized passphrase...
7) Everyone needs a passphrase...
At the end of the day it's about clearly understanding the risks and taking steps to manage them in light of your particular circumstances...
Points to Consider when Selecting a Passphrase
1) Clearly understand what your objective of using a BIP39 passphrase actually is.
2) Pick something that you won't forget, most important point of all :)
2a) Include consideration of your passphrase in your backup process
2b) Know that your passphrase doesn't have rules or limits that make it robust to mistakes like your 24 word seed does...
(EFF Diceware Short 2.0, unique 3 characters)
3) Don't reuse a password from somewhere else, especially an online service
4) Don't use something short (6 chars or less) unless its for plausible deniability
5) Check lists like RockYou.txt, phpbb.txt to make sure your passphrase isn't on there :)
6) If you are using stuff like diceware, understand the different advantages that the long list provides (security) vs the EFF 2.0 short list (robust backups). Make sure you use enough words...
7) Assume that anything which could be recovered within a year via BTCRecover could be recovered via someone with proprietary tools, GPU tool, etc, in under a month.
8) Review annually
Suggestions for...
To balance...
*Security (Passphrase length)
*Robust backups (only diceware words, no upper case, symbols, etc), *Randomness (diceware)
Assuming
10x CPU - GPU performance vs 48 vCore Linode...
1000x GPU - ASIC performance vs 1080ti
Taking seriously probabiliy to break, not full computation time.
Plausible Denyiability (1% chance of finding within a month):
Securing Backup (1% chance within of finding within 5 years):
Paranoia (1% chance finding within 100 years) :
Backups: Crypto Steel
#bitcoin #btc #ethereum #eth #cryptocurrency #crypto #ledger #trezor #security - Наука та технологія
Your channel is a giant timesuck, and I mean that in the best possible way. Wow. I learned so much in this video, and I came here from another one of your videos. Seriously... thank you so much for taking the time to explain all of this, and the fact that you explain everything so simply and clearly... awesome. Thank you so much!
Glad it helped :)
A lot of really valuable content on this channel.
Thx for your videos!
Thanks :)
Thank you very in-depth
Glad it was helpful!
Eu havia elaborado uma passphrase de 48 caracteres, usando quase todos os símbolos do teclado (maiúsculas, minúsculas e especiais), seguindo desenhos lógicos no teclado, parecia um texto criptografado. Mas percebi que é loucura e desnecessário contra hackers. Grato mesmo, bom vídeo, abraços
Good to hear :)
Nice video , may be talk to fast but is ok . you have my LIKE . i recovery my nano x on other hard wallet . all good , now i want to set up the 25 seed phrase word in my Nano x. with 2nd pin, will it show in my other wallet if i need to recovery other than my Nano X? .
A BIP39 passphrase is just like a seed in that if you set the same passphrase on two devices, it will produce the same accounts.
Excellent content, thank you!
Re: the warning that adding a passphrase wallet is risky, is this due to people losing the passphrase?
Or are there other issues? Does a passphrase wallet affect the security of the main wallet, or your ability to access the main wallet?
Is it a good idea to set up a passphrase wallet with $10 or less, to get familiar with?
Thanks again!
Basically it's due to the passphrase not having any built-in error checking, so if you make a typo entering it in, you won't get as much as a warning. Some hardware wallets also implementat it in confusing ways, eg: Trezor.
@@CryptoGuide Which is why you test it out before sending crypto into the wallet?
.
Thanks for the video, quick question, what determines the number of words in your 25th word passphrase, is it the spaces between words? If you don't use spaces is it only one very long word and reduces the security? thanks.
It's determined by how many words you choose. Spaces are actually a valid character and part of your passphrase, same as every other character. (So it's one very long word no matter what)
@@CryptoGuide So there is no way to know how many words, neither the number or length in characters. It becomes a long string of characters. thanks.
That's right
What are the pros/cons between using a passphrase(with existing seed phrase) to create multiple coin/token accounts, vs new seed phrase to create a new wallet (in effect also giving you another set of accounts for some coins/tokens)?
How/when do you choose one over the other?
Most hardware wallets only support using one seed at all time. :)
Great video. So if I make a passphrase and a seperate pin for login am I am to check what that passphrase is to make sure it's correct in settings? Like when you do a recovery check with your seed. Is that possible?
It depends on your hardware wallet, but things like a Ledger allow you to use a temporary passphrase to verify that the one you have assigned to a PIN is working correctly. (I run through this on my video for reset, recover and verify Ledger Nano)
@@CryptoGuide Got ya, thank you. Is there a way to recover a pin for a passphrase? For some reason my passphrase pin isn't working. I know my passphrase but I just want to double check before I have to reset my ledger so I will do what you said to do in the video.. It's very strange though b/c I use the same passphrase pin for both Ledger devices and it works on my Nano X but not my Nano S. I just did a firmware update the other day so wondering if that has anything to do with it?? Or not a chance lol
The best way to check it is to just unlock it with your normal pin and then assign the passphrase in the "temporary" mode. You can then go to one of the existing accounts that you have in Ledger Live, click "recieive" and if it shows you the address on the Ledger you are good to go. You can also re-set the passphrase assigned pin without wiping the device, if you just do the "assign to pin" process again, it will overwrite the old one.
Hi there and thank you for your content.
How does a passphrase generate a new key? If I made a passphrase from trezor, lose it, and set it up again with ledger, how does ledger know the key from trezor's passphrase I made?
Passphrase is part of the BIP39 standard, so works across wallets that implement it. (Both Trezor and Ledger do)
In terms of how does a new device know to use a passphrase, it doesn't... You will need to enable it and enter it manually.
Once you have done that and have the same seed+passphrase on the new device, you will be able to access your funds.
Thank you for your reply, I liked your video :). This is the Bitcoin rabbit 🐇🐰 hole they're talking about.
Glad it helped, the rabbit hole goes down pretty deep so best of luck :)
Do you think it's too much to go with 8 words from the EFF 2.0, or should I stick with 7 words? Also, do you write down only the first 3 characters?
The first question depends on your hardware wallet, as devices like a Trezor limit you to 50 characters in a passphrase.
In terms of backup, it also depends on what you are using to hold the backup. If something like a cryptosteel capsule, then full words, if something like a cryptosteel cassette then it would be first four letters of each.
In the very end you say if you use the diceware short list it’s resistant to you making mistakes. What do you mean by this?
Basically it means that you are avoiding things like special characters and if you make a typo in transcription of you backup, you can look at the word list and see what it should be
If you enable the 25th word passphrase, what is the Max length of passphrase ? 40 or 50 Characters ? or is it different from each hardware wallet vendor? Is there a max length standard set for merchant hardware interoperability if a passphrase is enabled as the 25th word? thank you
There is no maximum other than the limits chosen by each hardware wallet vendor. Trezor went with 50, Ledger, Coldcard chose 100
You can read the BIP 39 spec here github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#From_mnemonic_to_seed
what if you add 16 words of the 1226 word? And is it random enough to role a dice when picking a word?
So you are just picking one word and repeating it many times? This is quite a low entropy approach, just add more rolls and have more words.
So what has become clearer to me is that I could say store my 24 seed word phase in one two or three locations offline including giving it to someone I trust and with the extra layer of the passphase protection this person I trust could not access my crypto without the passphase and this passphase I could store it online in a few locations if needed. Have I understood this correctly? Would appreciate any thoughts of that security plan if you had any. Thank you for these videos
That's right. Using a passphrase in this way allows you to have distributed seed backups without having the fully trust the people holding the seeds... The passphrase can then be stored separately, even in a digital medium. (Though I would still suggest having a physical backup for the passphrase somewhere too, just not stored with any of the seeds, just incase you lose access to the digital service, etc.)
Thank you :)
.
What do you think about periodically (yearly? every decade?) rekeying everything?
I think that it is worth reviewing how you are holding your crypto annually.
This might include:
>What cryptos you hold on different wallts
>What you are keeping on exchanges
>ensuring that you have backups for all wallets
>Reviewing vulnerabilities, news, etc, of your wallets
>Reviewing the security settings for exchanges, your primary email account, etc.
If you review these things, you may determine that you need to move to a new wallet, what you have might be fine. (You or the community may have learned something new in terms of best-practice, a wallet you are using may have a weakness that was discovered, etc) If you rekey, I would suggest that it is worth keeping a copy (even an electronic copy) of your old seed, as sometimes you may find that either you or others may send some funds there)
The challenge with everyone re-keying all the time is that some people may end up stuffing this up and losing their funds. Saw someone just the other week who decided to reset their wallet, but basically they accidentally sent the funds back to the same wallet, reset it and thought they had lost everything. (In the end they found their seed after finding a new level of motivation to seach for it) That said, if you have never reset a wallet, or moved to a new one, it is worth testing it out with a software wallet and some BTC testnet coins.
@@CryptoGuide what do you guys mean by rekeying everything? Making a new seed and moving all the funds over?
.
Hello, If my Ledger nano is stolen/lost with activated Passphrase, do i have to enter the passphrase too to restore my wallet? If so, I cant restore it unless use Hardware wallet that support 24 phrase seed + Passphrase right?
Yep, your passphrase will be required too. (Though this isn't an issue, as all decent hardware wallets support passphrase too)
do you think trezor model t still reliable? or better buy new cold wallet which as secure chip element
Trezor T is fine and continues to protect against remote attacks, though physical security of the device itself is better on the newest Trezor models.
If I am creating a phrase I think multiple words(5+) is important. I would type it in with spaces between the words. Are these spaces stored or stripped out? Do you have any thoughts on Ledger storing the passphrase on the device. People argue is perfectly safe, but I think it defeats the purpose of using a passphrase.
The space is a valid character like anything else, so I would suggest that you don't include any spaces...
@@CryptoGuide If its an actual phrase, then the spaces need to be included. Thats the point of a phrase you can remember, I think Ledger can create pins that either ask for or dont ask for a phrase without actually storing the passphrase on the device. I think Trezor can do the same. In my opinion, this soles the problem for Trezor and Ledger
Don't rely on memorising it, you will lose all your funds. Be sure to include a physical or digital backup of the BIP39 passphrase in your backup process...
@@CryptoGuide You and I have different views of the definition of a phrase. If I use a phrase I know well, then its not an issue. For example: all dogs go to heaven is a phrase that I can remember as it has meaning to me. Whereas, GuhyYGih137$hsd5%jsdfgf%hwgnq is not a phrase that anyone will remember.
.
Is a weak pass phrase better than no pass phrase? Or does it actually present an additional risk?
It depends on what you want to achieve with the passphrase, but adding a passphrase does add additional complexity and increase the risk of you messing up your backups
diceware (all the words are known, a computer can take that words and guess the passphrase) I prefer create my own words
The words being know or unknown isn't related to the security of a passphrase, that is a function of entropy. (This is precisely why BIP39 mnemonics use a set word list)
So even if your seed phrase is in public they cant open the wallet becuase they need the last word which is pass phrase?????if they enter my seed phrase and incorrect passphrase they will open brandnew wallet????
That's correct. If someone has your seed and not the passphrase (or an incorrect passphrase) all they will see is an empty wallet with no balances, transactions, etc.
So, passphrase is to obfuscate your mnemonic phrase or to access the hardware wallet?
How do you obfuscate the mnemonic phrase in physical storage, encryption?
Passphrase can do both.
@@CryptoGuide Thx, but if a 25th word is a passphrase protecting the mnemonic phrase, then a stolen mnemonic phrase with 24 words only needs the thief to search the BIP-39 word list for 1 25th word?
Passphrase can be any string, the whole "25th word" thing is what mixes people up with this.
@@CryptoGuide Ahh, I just clicked, thank you 🙂
So, just storing the '25th word' passphrase somewhere then might be my final wonder. 1. Physical cold/hardware wallet; 2. Physical metal capsule mnemonic phrase; 3. '25th word' passphrase stored digitally or physically somewhere? Digitally might be ok if the passphrase is only for the mnemonic phrase recovery and not for regular wallet access. I don't know if hardware wallets have that feature.
Passphrase support is included in my hardware wallet feature comparison here cryptoguide.tips/hardware-wallet-comparisons/
You could store the passphrase digitally (though keep the seed non-digital) or you could store a physical copy with a cryptosteel capsule. ua-cam.com/video/CtrZ8_rp2hs/v-deo.html
I'm a little lost. You have to choose (if you like so) a 25th word. But in diceware you choose 8 words? That means your entire seed is now 32 words?
When it comes to your passphrase, if you decide to use a space, then the space is a valid character like any other. You can also just put the words together with no space :)
Crypto Guide thanks!
@@CryptoGuide what if I use one word but with spaces? for example "d o g 3 c o 1 n", Is it safe? Thanks in advance.
.
So for the purpose of plausible deniabiity, let's assume the a person wants to distribute crypto assets to multiple hardware wallets. All of them use the same 24 word seed, the only difference is that each will have a 25th password as to work with having two pin setup. Is a 24 word standard setup more secure in some way than a 25th word setup assuming that the 25th word is not complex. Say 12 characters? I'm trying to find a system that works for me assuming the following issues a) told too many people about crypto years ago before I knew the risks b) someone could rob me at gunpoint and force the handing over of said wallet and seed phrases c) I have 25th word setup with alternate pin as someone would have no idea about the 25th - in this scenario I could generate 4 different live ledgers hardware wallets and all of them could use the same 24 word seed, and the only differences would by the easy to remember 25th password that I don't need to worry so much about (digital backup, paper, phone, brain). I know you answered a similar question in a different video but since I have zero clue about how the tech works, am I creating some kind of security loophole by having a weak 25th password that is less safe Than a standard 24 word seed?
Adding a BIP39 passphrase doesn't decrease the security from the base seed at all. (Even a weak one)
The main loophole that would potentially weaken your security would be if you had two pins on the Ledger devices and one of them was extremely short and obvious, while the "real" pin was longer and more complex. (An attacker who knew the weak pin could then do things like install apps on the Ledger, have as many attempts at the longer pin, etc, though the main thing is that Ledger devices don't even advertise that a BIP39 passphrase is being used, so the attacker might not even know to look for any secondary pin...)
@@CryptoGuide You bring up some very valid points. stuff I didn't think of at all. Thanks for helping me out. Valuable channel you have here!
.
I used a coin flip and then rolled 4 dice to get my six words. Did not want to use Dice Ware... What are your thoughts?
So what did you use to go from dice+coin to words?
My passphrase Is Tachyonfasterthanlight
Yea, UA-cam comments probably not a good place to store a backup ;)
@@CryptoGuide Made my day :D
.
im lost.. passphrase vs seed ? are they the same?
No, a BIP39 passphrase is different from a mnemonic. Check out my video on Passphrase, Pin, seed and password.
How do you add this?
It depends on your wallet. Which hardware/software are you using?
@@CryptoGuide both ledger and trezor
Just follow my video on reset/recover/verify then, I have them for both Trezor models and ledger too.
i don't understand why you don't recommend using special characters ?
Resilience to errors and avoiding entropy shortcuts...
@@CryptoGuide ''avoiding entropy shortcuts'' sorry I don't understand what this means ?
cheers
@@CryptoGuide you mean using special chars is a quick way of achieving entropy? .......if so why is that bad ?
Why would you not just add some extra diceware words? (As opposed to using special characters)
@@CryptoGuide I'm trying to understand why special chars are a bad idea ...?
I think as soon as you somehow document the passphrase, you're back to square 1 where you're susceptible to an evil maid attack again, might as well split up the seed in a way that it can't be bruteforced.
Yea I disagree. You might store the passphrase electronically, you might store it offline but seperate to your seed. Passphrase gives you plausible deniability, the ability to have multiple wallets behind different passphrases and depending on how you store you passphrase, the ability to remotely rekey without messing with your 24 word seed backups.
Seed splitting is a terrible idea that can always be done better via other means.
fair enough, I was comparing it from a strictly physical security point of view and yes, seed splitting is not something I would do (although it can be done properly).
@@CryptoGuide Why is seed splitting a terrible idea? Doesn't it save you from some amateur or common thief "accidentally" finding your seed phrase? Many crypto enthusiasts are familiar with mnemonics but extremely few would know what to do if some words are missing.
@@dustindewind_ a few reasons. Firstly, if you have a shorter seed, 12 words, and do so something like split it across 3 cards, someone with 8/12 words could conceivably brute force it just using BTCRecover. (Less bad if you do the same with a 24 word seed)
Unlike a passphrase, someone will also know if there is more to find. If you have a passphrase, someone will find a valid seed, but there is no way to know if a passphrase is being used. Likewise, a passphrase let's you re-key your wallet while keeping the same seed...
If you want to do seed splitting, Trezor implementat something called Shamirs Secret Sharing, which lets you split stuff in a more robust and flexible way.
Let's say you find 24 words in a trash can somewhere.
You try to recreate a wallet by typing them in to your favorite wallet and you get "Invalid"
now what?
Well unless you have supercomputers and are willing to wait billions of years you throw the list away
you have no idea what is wrong, and wasting your time is something you try to avoid.
So what's wrong with the 24 mnemonic keywords? Simple the owner of the wallet simply
swapped the 24th word - the check word with another word like the word in #13, his lucky number
that's all you need to do to safely store your list on your cell phone or heck pay for a billboard and plaster it along the roadside - nobody is going to try to figure out what's wrong with the list.
If you are a billionaire and think this is not secure enough then swap #24 with #13 ad #13 with #7
you get the idea - something that makes sense to you and just swapping a few words means a supercomputer is going to have to try 24! combinations which would take 20 million years at guessing 1 billion combinations per second.
This is a terrible idea, just use a BIP39 passphrase...
@@CryptoGuide That's just another item that will be foggy 20 years from now.
I have 15 hardware wallets for the family and kids and I've eMailed the shuffled list to the kids and parents - passphrases would be a nightmare.
And scrambling seeds is even worse... (And simply swapping a couple isn't secure) If you want to add a layer of protection to your seed backups, use a passphrase and be sure to keep a physical copy of it. (Just not stored with your seed backup)
@@CryptoGuide Well it's working for our family and I don't have to worry about a grandkid's spelling of their passphrase or the reverse. You'd have to supply some math to backup the claim that swapping words is not secure - I sure don't see it that way.
Swapping words is computationally very simple to check, as opposed to completely scrambling. BTCRecover just with all the defaults will pick up a single swap in seconds and there are only 24^2 possible single word swaps, you would need to swap at least four pairs of words to get something that is even minimally secure and would take about a week to brute-force with about 24^8 possible seeds. (Never mind that you then need to keep track of what you have swapped and could also introduce additional transcription errors very easily)
Bering your own bank is hard, so best of luck and I hope you don't lose everything. (You won't really know whether it was any good for about 10 years)