Picking a Good BIP39 Passphrase (25th Word) or avoiding a bad one. For Trezor, Ledger, & Keepkey

Поділитися
Вставка
  • Опубліковано 27 гру 2024

КОМЕНТАРІ • 143

  • @asteriskesque
    @asteriskesque 2 роки тому +10

    Your channel is a giant timesuck, and I mean that in the best possible way. Wow. I learned so much in this video, and I came here from another one of your videos. Seriously... thank you so much for taking the time to explain all of this, and the fact that you explain everything so simply and clearly... awesome. Thank you so much!

  • @uhu4677
    @uhu4677 2 роки тому +1

    A lot of really valuable content on this channel.
    Thx for your videos!

  • @reclee8333
    @reclee8333 10 місяців тому

    What are the pros/cons between using a passphrase(with existing seed phrase) to create multiple coin/token accounts, vs new seed phrase to create a new wallet (in effect also giving you another set of accounts for some coins/tokens)?
    How/when do you choose one over the other?

    • @CryptoGuide
      @CryptoGuide  10 місяців тому

      Most hardware wallets only support using one seed at all time. :)

  • @mrprfct7069
    @mrprfct7069 3 місяці тому +1

    Thanks for this video. When creating a paraphrase. How about creat a wallet with 12 seed words. Take the first 8 words from that wallet. Destroy the wallet. Create another wallet with 24 words seed and use the first 8 words from the previously destroyed wallet as your passphrase instead of dice rolling 8 times using the eff short word list. Would that work ?

    • @CryptoGuide
      @CryptoGuide  3 місяці тому +1

      Yea that would work. The main reason that I suggest the EFF list is that I sometimes hear of situations where folk get mixed up about which words are part of their passphrase and which are part of the mnemonic, so using words from a different list makes it harder to get them mixed up :)

    • @mrprfct7069
      @mrprfct7069 3 місяці тому

      @@CryptoGuidethanks for your response. That’s completely possible and I would test login in multiple times before sending any BTC to the wallet. Another thought I had was using an online dice roll site. Roll 7 times and write that number. Roll 7x again and write that number. Do this 6 more times for a total of 8 numbers. But you rolled that dice 56x online. Now take those 8 sets of numbers and use the eff list. You can also roll the online dice 3x, 8x or 10x before writing a number on paper. As you can tell, we can go down a rabbit hole real fast. 😅 but I think I’ll just take the first 8 words as previously stated and write that on paper with specific instructions. I am security engineer and tend to over think processes

    • @CryptoGuide
      @CryptoGuide  3 місяці тому

      As long as your documentation and testing is sufficient to avoid mixing yourself up then it's a great idea ;)

    • @mrprfct7069
      @mrprfct7069 3 місяці тому

      @@CryptoGuidedo you recommend having all your BTC in one wallet address or splitting it? I am aware of utxos and their cost. But say $1k per address or $2500 etc. anything below $1k I think will cost a lot to move in the future when prices skyrocket

    • @CryptoGuide
      @CryptoGuide  3 місяці тому

      How many wallet addresses you use isn't actually related to how you manage UTXOs, as you can still have funds spread over multiple UTXOs that are all associated with a single address.
      Honestly I think the simplest approach is to just use your wallet and take the opportunity to consolidate periodically when fees are low. (Like they are now) As long as you aren't just sending endless dust transactions, it shouldn't be a problem.

  • @Btree33
    @Btree33 Місяць тому

    Very good advice per usual

  • @gabriel.giorno
    @gabriel.giorno 2 роки тому

    Eu havia elaborado uma passphrase de 48 caracteres, usando quase todos os símbolos do teclado (maiúsculas, minúsculas e especiais), seguindo desenhos lógicos no teclado, parecia um texto criptografado. Mas percebi que é loucura e desnecessário contra hackers. Grato mesmo, bom vídeo, abraços

  • @copycatt2579
    @copycatt2579 Рік тому

    In the very end you say if you use the diceware short list it’s resistant to you making mistakes. What do you mean by this?

    • @CryptoGuide
      @CryptoGuide  Рік тому

      Basically it means that you are avoiding things like special characters and if you make a typo in transcription of you backup, you can look at the word list and see what it should be

  • @Erictraiven
    @Erictraiven 16 днів тому

    How much is hard to crack s password made by the user with 15 character, including simbols upper case numbers etc...

    • @CryptoGuide
      @CryptoGuide  15 днів тому

      Completely impractical

    • @Erictraiven
      @Erictraiven 15 днів тому

      @CryptoGuide even if the password is not truly random?

    • @CryptoGuide
      @CryptoGuide  15 днів тому

      @@Erictraiven If it is made up of other tokens that you have a reasonable idea of then you have a chance with a tokenlist.

    • @Erictraiven
      @Erictraiven 15 днів тому

      @@CryptoGuide it's made by random characters chosen by me

    • @CryptoGuide
      @CryptoGuide  14 днів тому

      Then it's likely unrecoverable

  • @BillyJakeBulda
    @BillyJakeBulda Рік тому

    So even if your seed phrase is in public they cant open the wallet becuase they need the last word which is pass phrase?????if they enter my seed phrase and incorrect passphrase they will open brandnew wallet????

    • @CryptoGuide
      @CryptoGuide  Рік тому

      That's correct. If someone has your seed and not the passphrase (or an incorrect passphrase) all they will see is an empty wallet with no balances, transactions, etc.

  • @serviciosfjp
    @serviciosfjp Рік тому

    Thanks for the video, quick question, what determines the number of words in your 25th word passphrase, is it the spaces between words? If you don't use spaces is it only one very long word and reduces the security? thanks.

    • @CryptoGuide
      @CryptoGuide  Рік тому +2

      It's determined by how many words you choose. Spaces are actually a valid character and part of your passphrase, same as every other character. (So it's one very long word no matter what)

    • @fpico1972
      @fpico1972 Рік тому

      @@CryptoGuide So there is no way to know how many words, neither the number or length in characters. It becomes a long string of characters. thanks.

    • @CryptoGuide
      @CryptoGuide  Рік тому

      That's right

  • @iamintractable1805
    @iamintractable1805 3 роки тому +1

    If I am creating a phrase I think multiple words(5+) is important. I would type it in with spaces between the words. Are these spaces stored or stripped out? Do you have any thoughts on Ledger storing the passphrase on the device. People argue is perfectly safe, but I think it defeats the purpose of using a passphrase.

    • @CryptoGuide
      @CryptoGuide  3 роки тому +2

      The space is a valid character like anything else, so I would suggest that you don't include any spaces...

    • @iamintractable1805
      @iamintractable1805 3 роки тому

      @@CryptoGuide If its an actual phrase, then the spaces need to be included. Thats the point of a phrase you can remember, I think Ledger can create pins that either ask for or dont ask for a phrase without actually storing the passphrase on the device. I think Trezor can do the same. In my opinion, this soles the problem for Trezor and Ledger

    • @CryptoGuide
      @CryptoGuide  3 роки тому

      Don't rely on memorising it, you will lose all your funds. Be sure to include a physical or digital backup of the BIP39 passphrase in your backup process...

    • @iamintractable1805
      @iamintractable1805 3 роки тому +1

      @@CryptoGuide You and I have different views of the definition of a phrase. If I use a phrase I know well, then its not an issue. For example: all dogs go to heaven is a phrase that I can remember as it has meaning to me. Whereas, GuhyYGih137$hsd5%jsdfgf%hwgnq is not a phrase that anyone will remember.

    • @CryptoGuide
      @CryptoGuide  11 місяців тому

      .

  • @Emrico35
    @Emrico35 6 місяців тому

    do you think trezor model t still reliable? or better buy new cold wallet which as secure chip element

    • @CryptoGuide
      @CryptoGuide  6 місяців тому

      Trezor T is fine and continues to protect against remote attacks, though physical security of the device itself is better on the newest Trezor models.

  • @mkeith328
    @mkeith328 10 місяців тому

    I used a coin flip and then rolled 4 dice to get my six words. Did not want to use Dice Ware... What are your thoughts?

    • @CryptoGuide
      @CryptoGuide  10 місяців тому

      So what did you use to go from dice+coin to words?

  • @kotgc7987
    @kotgc7987 3 роки тому

    So, passphrase is to obfuscate your mnemonic phrase or to access the hardware wallet?
    How do you obfuscate the mnemonic phrase in physical storage, encryption?

    • @CryptoGuide
      @CryptoGuide  3 роки тому

      Passphrase can do both.

    • @kotgc7987
      @kotgc7987 3 роки тому

      @@CryptoGuide Thx, but if a 25th word is a passphrase protecting the mnemonic phrase, then a stolen mnemonic phrase with 24 words only needs the thief to search the BIP-39 word list for 1 25th word?

    • @CryptoGuide
      @CryptoGuide  3 роки тому

      Passphrase can be any string, the whole "25th word" thing is what mixes people up with this.

    • @kotgc7987
      @kotgc7987 3 роки тому

      @@CryptoGuide Ahh, I just clicked, thank you 🙂
      So, just storing the '25th word' passphrase somewhere then might be my final wonder. 1. Physical cold/hardware wallet; 2. Physical metal capsule mnemonic phrase; 3. '25th word' passphrase stored digitally or physically somewhere? Digitally might be ok if the passphrase is only for the mnemonic phrase recovery and not for regular wallet access. I don't know if hardware wallets have that feature.

    • @CryptoGuide
      @CryptoGuide  3 роки тому

      Passphrase support is included in my hardware wallet feature comparison here cryptoguide.tips/hardware-wallet-comparisons/
      You could store the passphrase digitally (though keep the seed non-digital) or you could store a physical copy with a cryptosteel capsule. ua-cam.com/video/CtrZ8_rp2hs/v-deo.html

  • @molinaridiego
    @molinaridiego 4 роки тому +1

    I'm a little lost. You have to choose (if you like so) a 25th word. But in diceware you choose 8 words? That means your entire seed is now 32 words?

    • @CryptoGuide
      @CryptoGuide  4 роки тому +5

      When it comes to your passphrase, if you decide to use a space, then the space is a valid character like any other. You can also just put the words together with no space :)

    • @molinaridiego
      @molinaridiego 4 роки тому

      Crypto Guide thanks!

    • @Tom-bn5zd
      @Tom-bn5zd 2 роки тому

      @@CryptoGuide what if I use one word but with spaces? for example "d o g 3 c o 1 n", Is it safe? Thanks in advance.

    • @CryptoGuide
      @CryptoGuide  11 місяців тому

      .

  • @eg8568
    @eg8568 Рік тому

    Is a weak pass phrase better than no pass phrase? Or does it actually present an additional risk?

    • @CryptoGuide
      @CryptoGuide  Рік тому

      It depends on what you want to achieve with the passphrase, but adding a passphrase does add additional complexity and increase the risk of you messing up your backups

  • @budgetingstrategies6240
    @budgetingstrategies6240 2 роки тому

    Hi there and thank you for your content.
    How does a passphrase generate a new key? If I made a passphrase from trezor, lose it, and set it up again with ledger, how does ledger know the key from trezor's passphrase I made?

    • @CryptoGuide
      @CryptoGuide  2 роки тому +2

      Passphrase is part of the BIP39 standard, so works across wallets that implement it. (Both Trezor and Ledger do)
      In terms of how does a new device know to use a passphrase, it doesn't... You will need to enable it and enter it manually.
      Once you have done that and have the same seed+passphrase on the new device, you will be able to access your funds.

    • @budgetingstrategies6240
      @budgetingstrategies6240 2 роки тому

      Thank you for your reply, I liked your video :). This is the Bitcoin rabbit 🐇🐰 hole they're talking about.

    • @CryptoGuide
      @CryptoGuide  2 роки тому

      Glad it helped, the rabbit hole goes down pretty deep so best of luck :)

  • @deathangels8217
    @deathangels8217 2 роки тому

    Hello, If my Ledger nano is stolen/lost with activated Passphrase, do i have to enter the passphrase too to restore my wallet? If so, I cant restore it unless use Hardware wallet that support 24 phrase seed + Passphrase right?

    • @CryptoGuide
      @CryptoGuide  2 роки тому

      Yep, your passphrase will be required too. (Though this isn't an issue, as all decent hardware wallets support passphrase too)

  • @MrGurujohnny
    @MrGurujohnny 3 роки тому

    So what has become clearer to me is that I could say store my 24 seed word phase in one two or three locations offline including giving it to someone I trust and with the extra layer of the passphase protection this person I trust could not access my crypto without the passphase and this passphase I could store it online in a few locations if needed. Have I understood this correctly? Would appreciate any thoughts of that security plan if you had any. Thank you for these videos

    • @CryptoGuide
      @CryptoGuide  3 роки тому +5

      That's right. Using a passphrase in this way allows you to have distributed seed backups without having the fully trust the people holding the seeds... The passphrase can then be stored separately, even in a digital medium. (Though I would still suggest having a physical backup for the passphrase somewhere too, just not stored with any of the seeds, just incase you lose access to the digital service, etc.)

    • @MrGurujohnny
      @MrGurujohnny 3 роки тому +1

      Thank you :)

    • @CryptoGuide
      @CryptoGuide  11 місяців тому

      .

  • @SuperDesignguy
    @SuperDesignguy 3 роки тому

    So for the purpose of plausible deniabiity, let's assume the a person wants to distribute crypto assets to multiple hardware wallets. All of them use the same 24 word seed, the only difference is that each will have a 25th password as to work with having two pin setup. Is a 24 word standard setup more secure in some way than a 25th word setup assuming that the 25th word is not complex. Say 12 characters? I'm trying to find a system that works for me assuming the following issues a) told too many people about crypto years ago before I knew the risks b) someone could rob me at gunpoint and force the handing over of said wallet and seed phrases c) I have 25th word setup with alternate pin as someone would have no idea about the 25th - in this scenario I could generate 4 different live ledgers hardware wallets and all of them could use the same 24 word seed, and the only differences would by the easy to remember 25th password that I don't need to worry so much about (digital backup, paper, phone, brain). I know you answered a similar question in a different video but since I have zero clue about how the tech works, am I creating some kind of security loophole by having a weak 25th password that is less safe Than a standard 24 word seed?

    • @CryptoGuide
      @CryptoGuide  3 роки тому

      Adding a BIP39 passphrase doesn't decrease the security from the base seed at all. (Even a weak one)
      The main loophole that would potentially weaken your security would be if you had two pins on the Ledger devices and one of them was extremely short and obvious, while the "real" pin was longer and more complex. (An attacker who knew the weak pin could then do things like install apps on the Ledger, have as many attempts at the longer pin, etc, though the main thing is that Ledger devices don't even advertise that a BIP39 passphrase is being used, so the attacker might not even know to look for any secondary pin...)

    • @SuperDesignguy
      @SuperDesignguy 3 роки тому

      @@CryptoGuide You bring up some very valid points. stuff I didn't think of at all. Thanks for helping me out. Valuable channel you have here!

    • @CryptoGuide
      @CryptoGuide  11 місяців тому

      .

  • @Ben-499-y3q
    @Ben-499-y3q 4 роки тому

    what if you add 16 words of the 1226 word? And is it random enough to role a dice when picking a word?

    • @CryptoGuide
      @CryptoGuide  4 роки тому +1

      So you are just picking one word and repeating it many times? This is quite a low entropy approach, just add more rolls and have more words.

  • @ytvyskiduxaru5455
    @ytvyskiduxaru5455 3 роки тому

    Do you think it's too much to go with 8 words from the EFF 2.0, or should I stick with 7 words? Also, do you write down only the first 3 characters?

    • @CryptoGuide
      @CryptoGuide  3 роки тому

      The first question depends on your hardware wallet, as devices like a Trezor limit you to 50 characters in a passphrase.
      In terms of backup, it also depends on what you are using to hold the backup. If something like a cryptosteel capsule, then full words, if something like a cryptosteel cassette then it would be first four letters of each.

  • @blissss0
    @blissss0 2 роки тому

    Excellent content, thank you!
    Re: the warning that adding a passphrase wallet is risky, is this due to people losing the passphrase?
    Or are there other issues? Does a passphrase wallet affect the security of the main wallet, or your ability to access the main wallet?
    Is it a good idea to set up a passphrase wallet with $10 or less, to get familiar with?
    Thanks again!

    • @CryptoGuide
      @CryptoGuide  2 роки тому +1

      Basically it's due to the passphrase not having any built-in error checking, so if you make a typo entering it in, you won't get as much as a warning. Some hardware wallets also implementat it in confusing ways, eg: Trezor.

    • @Fjri3jfsw2
      @Fjri3jfsw2 2 роки тому

      @@CryptoGuide Which is why you test it out before sending crypto into the wallet?

    • @CryptoGuide
      @CryptoGuide  11 місяців тому

      .

  • @HtPt
    @HtPt 3 роки тому

    Nice video , may be talk to fast but is ok . you have my LIKE . i recovery my nano x on other hard wallet . all good , now i want to set up the 25 seed phrase word in my Nano x. with 2nd pin, will it show in my other wallet if i need to recovery other than my Nano X? .

    • @CryptoGuide
      @CryptoGuide  3 роки тому

      A BIP39 passphrase is just like a seed in that if you set the same passphrase on two devices, it will produce the same accounts.

  • @i3bet
    @i3bet 3 роки тому

    Great video. So if I make a passphrase and a seperate pin for login am I am to check what that passphrase is to make sure it's correct in settings? Like when you do a recovery check with your seed. Is that possible?

    • @CryptoGuide
      @CryptoGuide  3 роки тому +1

      It depends on your hardware wallet, but things like a Ledger allow you to use a temporary passphrase to verify that the one you have assigned to a PIN is working correctly. (I run through this on my video for reset, recover and verify Ledger Nano)

    • @i3bet
      @i3bet 3 роки тому

      @@CryptoGuide Got ya, thank you. Is there a way to recover a pin for a passphrase? For some reason my passphrase pin isn't working. I know my passphrase but I just want to double check before I have to reset my ledger so I will do what you said to do in the video.. It's very strange though b/c I use the same passphrase pin for both Ledger devices and it works on my Nano X but not my Nano S. I just did a firmware update the other day so wondering if that has anything to do with it?? Or not a chance lol

    • @CryptoGuide
      @CryptoGuide  3 роки тому +1

      The best way to check it is to just unlock it with your normal pin and then assign the passphrase in the "temporary" mode. You can then go to one of the existing accounts that you have in Ledger Live, click "recieive" and if it shows you the address on the Ledger you are good to go. You can also re-set the passphrase assigned pin without wiping the device, if you just do the "assign to pin" process again, it will overwrite the old one.

  • @MrGurujohnny
    @MrGurujohnny 3 роки тому

    Thank you very in-depth

  • @Quantris
    @Quantris 4 роки тому

    What do you think about periodically (yearly? every decade?) rekeying everything?

    • @CryptoGuide
      @CryptoGuide  4 роки тому +3

      I think that it is worth reviewing how you are holding your crypto annually.
      This might include:
      >What cryptos you hold on different wallts
      >What you are keeping on exchanges
      >ensuring that you have backups for all wallets
      >Reviewing vulnerabilities, news, etc, of your wallets
      >Reviewing the security settings for exchanges, your primary email account, etc.
      If you review these things, you may determine that you need to move to a new wallet, what you have might be fine. (You or the community may have learned something new in terms of best-practice, a wallet you are using may have a weakness that was discovered, etc) If you rekey, I would suggest that it is worth keeping a copy (even an electronic copy) of your old seed, as sometimes you may find that either you or others may send some funds there)
      The challenge with everyone re-keying all the time is that some people may end up stuffing this up and losing their funds. Saw someone just the other week who decided to reset their wallet, but basically they accidentally sent the funds back to the same wallet, reset it and thought they had lost everything. (In the end they found their seed after finding a new level of motivation to seach for it) That said, if you have never reset a wallet, or moved to a new one, it is worth testing it out with a software wallet and some BTC testnet coins.

    • @rimworldlover
      @rimworldlover 4 роки тому

      @@CryptoGuide what do you guys mean by rekeying everything? Making a new seed and moving all the funds over?

    • @CryptoGuide
      @CryptoGuide  11 місяців тому

      .

  • @kev4412
    @kev4412 4 роки тому

    If you enable the 25th word passphrase, what is the Max length of passphrase ? 40 or 50 Characters ? or is it different from each hardware wallet vendor? Is there a max length standard set for merchant hardware interoperability if a passphrase is enabled as the 25th word? thank you

    • @CryptoGuide
      @CryptoGuide  4 роки тому +2

      There is no maximum other than the limits chosen by each hardware wallet vendor. Trezor went with 50, Ledger, Coldcard chose 100
      You can read the BIP 39 spec here github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#From_mnemonic_to_seed

  • @memecoinmafia2732
    @memecoinmafia2732 3 роки тому

    i don't understand why you don't recommend using special characters ?

    • @CryptoGuide
      @CryptoGuide  3 роки тому

      Resilience to errors and avoiding entropy shortcuts...

    • @memecoinmafia2732
      @memecoinmafia2732 3 роки тому

      @@CryptoGuide ''avoiding entropy shortcuts'' sorry I don't understand what this means ?
      cheers

    • @memecoinmafia2732
      @memecoinmafia2732 3 роки тому

      @@CryptoGuide you mean using special chars is a quick way of achieving entropy? .......if so why is that bad ?

    • @CryptoGuide
      @CryptoGuide  3 роки тому

      Why would you not just add some extra diceware words? (As opposed to using special characters)

    • @memecoinmafia2732
      @memecoinmafia2732 3 роки тому

      @@CryptoGuide I'm trying to understand why special chars are a bad idea ...?

  • @everestathletics8660
    @everestathletics8660 2 роки тому

    How do you add this?

    • @CryptoGuide
      @CryptoGuide  2 роки тому

      It depends on your wallet. Which hardware/software are you using?

    • @everestathletics8660
      @everestathletics8660 2 роки тому

      @@CryptoGuide both ledger and trezor

    • @CryptoGuide
      @CryptoGuide  2 роки тому

      Just follow my video on reset/recover/verify then, I have them for both Trezor models and ledger too.

  • @TruthBounty
    @TruthBounty 3 роки тому

    im lost.. passphrase vs seed ? are they the same?

    • @CryptoGuide
      @CryptoGuide  3 роки тому

      No, a BIP39 passphrase is different from a mnemonic. Check out my video on Passphrase, Pin, seed and password.

  • @fonebook
    @fonebook 4 роки тому +1

    I think as soon as you somehow document the passphrase, you're back to square 1 where you're susceptible to an evil maid attack again, might as well split up the seed in a way that it can't be bruteforced.

    • @CryptoGuide
      @CryptoGuide  4 роки тому +1

      Yea I disagree. You might store the passphrase electronically, you might store it offline but seperate to your seed. Passphrase gives you plausible deniability, the ability to have multiple wallets behind different passphrases and depending on how you store you passphrase, the ability to remotely rekey without messing with your 24 word seed backups.
      Seed splitting is a terrible idea that can always be done better via other means.

    • @fonebook
      @fonebook 4 роки тому +1

      fair enough, I was comparing it from a strictly physical security point of view and yes, seed splitting is not something I would do (although it can be done properly).

    • @dustindewind_
      @dustindewind_ 4 роки тому +1

      ​@@CryptoGuide Why is seed splitting a terrible idea? Doesn't it save you from some amateur or common thief "accidentally" finding your seed phrase? Many crypto enthusiasts are familiar with mnemonics but extremely few would know what to do if some words are missing.

    • @CryptoGuide
      @CryptoGuide  4 роки тому +3

      @@dustindewind_ a few reasons. Firstly, if you have a shorter seed, 12 words, and do so something like split it across 3 cards, someone with 8/12 words could conceivably brute force it just using BTCRecover. (Less bad if you do the same with a 24 word seed)
      Unlike a passphrase, someone will also know if there is more to find. If you have a passphrase, someone will find a valid seed, but there is no way to know if a passphrase is being used. Likewise, a passphrase let's you re-key your wallet while keeping the same seed...
      If you want to do seed splitting, Trezor implementat something called Shamirs Secret Sharing, which lets you split stuff in a more robust and flexible way.

  • @JohnSmith-zl8rz
    @JohnSmith-zl8rz Рік тому

    diceware (all the words are known, a computer can take that words and guess the passphrase) I prefer create my own words

    • @CryptoGuide
      @CryptoGuide  Рік тому +2

      The words being know or unknown isn't related to the security of a passphrase, that is a function of entropy. (This is precisely why BIP39 mnemonics use a set word list)

  • @GEO_75X
    @GEO_75X 4 роки тому

    My passphrase Is Tachyonfasterthanlight

  • @noleftturns
    @noleftturns 2 роки тому

    Let's say you find 24 words in a trash can somewhere.
    You try to recreate a wallet by typing them in to your favorite wallet and you get "Invalid"
    now what?
    Well unless you have supercomputers and are willing to wait billions of years you throw the list away
    you have no idea what is wrong, and wasting your time is something you try to avoid.
    So what's wrong with the 24 mnemonic keywords? Simple the owner of the wallet simply
    swapped the 24th word - the check word with another word like the word in #13, his lucky number
    that's all you need to do to safely store your list on your cell phone or heck pay for a billboard and plaster it along the roadside - nobody is going to try to figure out what's wrong with the list.
    If you are a billionaire and think this is not secure enough then swap #24 with #13 ad #13 with #7
    you get the idea - something that makes sense to you and just swapping a few words means a supercomputer is going to have to try 24! combinations which would take 20 million years at guessing 1 billion combinations per second.

    • @CryptoGuide
      @CryptoGuide  2 роки тому +1

      This is a terrible idea, just use a BIP39 passphrase...

    • @noleftturns
      @noleftturns 2 роки тому

      @@CryptoGuide That's just another item that will be foggy 20 years from now.
      I have 15 hardware wallets for the family and kids and I've eMailed the shuffled list to the kids and parents - passphrases would be a nightmare.

    • @CryptoGuide
      @CryptoGuide  2 роки тому +1

      And scrambling seeds is even worse... (And simply swapping a couple isn't secure) If you want to add a layer of protection to your seed backups, use a passphrase and be sure to keep a physical copy of it. (Just not stored with your seed backup)

    • @noleftturns
      @noleftturns 2 роки тому

      @@CryptoGuide Well it's working for our family and I don't have to worry about a grandkid's spelling of their passphrase or the reverse. You'd have to supply some math to backup the claim that swapping words is not secure - I sure don't see it that way.

    • @CryptoGuide
      @CryptoGuide  2 роки тому +2

      Swapping words is computationally very simple to check, as opposed to completely scrambling. BTCRecover just with all the defaults will pick up a single swap in seconds and there are only 24^2 possible single word swaps, you would need to swap at least four pairs of words to get something that is even minimally secure and would take about a week to brute-force with about 24^8 possible seeds. (Never mind that you then need to keep track of what you have swapped and could also introduce additional transcription errors very easily)
      Bering your own bank is hard, so best of luck and I hope you don't lose everything. (You won't really know whether it was any good for about 10 years)

  • @Ovalrapture
    @Ovalrapture 11 днів тому

    Old

    • @CryptoGuide
      @CryptoGuide  11 днів тому

      It is, but it's still relevant