Author

Topic: 3 seed words + passphrase - page 2. (Read 875 times)

pawanjain

hero member

Activity: 2702

Merit: 716

Nothing lasts forever

Quote from: alexkrypto on June 05, 2020, 12:51:59 AM

Quote from: pooya87 on June 05, 2020, 12:39:10 AM

these "words" are actually representing the "entropy" that is used to generate the individual private keys. so unless you can come up with a way to generate the same level of security entropy (at least 128-bits) using 3 words, it won't work.

You can do it using https://iancoleman.io/bip39/ and i understand you wont achieve 128 bits, this is where the passphrase with strong password is extremely important.

are you really suggesting that memorizing 3 words + something like

Code:

J\{m^"
is easier than memorizing this:

Code:

legal winner thank year wave sausage worth useful legal winner thank yellow

i'm not convinced!

No, i am not suggesting to create your password like this. you can create something like !Went>P@r!$&be$tmem0ryev_r

Something that you can create that reflect to your experience and easy to remember and hard to crack

To be really honest, even that would be easily guessed since
!c@nwr!t3l!k3th!5f0r3v3r

It is predictable. A nerd wont take longer to crack your seed phrase if he digs up a little.
The current seed phrase though works like a charm since it maintains higher security with the given entropy.

joniboini

legendary

Activity: 2170

Merit: 1789

Quote from: dothebeats on June 05, 2020, 09:47:53 AM

I for one tried to do this and left the text somewhere inside a book and used it as my bookmark for sometime. It works, it's secure, and no one will ever get interested on it due to its nonsensical phrases and purely unconnected sentences.

That's a nice trick. Did that a few times myself but there's still a risk that you can forget you ever do it if you got a stroke or whatever. I think it's nearly impossible to completely eliminate this risk, so making multiple secure backups (and the way you encode it) is always needed.

Btw stop doing multiple posts in a row, it broke forum rules.

alexkrypto

newbie

Activity: 10

Merit: 8

[/quote]

Bank's storage can be a valid place since it may be opened only by you or with your death certificate, afaik.

[/quote]

I thought the whole point of Bitcoin is be your own bank. If you have to store your seed in a bank storage, what is the point of having Bitcoin in the first place?

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Quote from: alexkrypto on June 06, 2020, 12:27:44 AM

They can be achieved. I already gave you an example. I can also give you another example like !Went>P@r!S-Be$tMem0ryEv_r

Go check http://rumkin.com/tools/password/passchk.php

You can. Depending on your method of generating it, it could take a reasonably long time for you to crack it.

Quote from: alexkrypto on June 06, 2020, 12:27:44 AM

Now, do you understand why seed phrase is extremely dangerous?

I highly doubt anyone wold be able to memorize such a confusing passphrase accurately over long periods of time without confusing which of the letters are changed.

BIP39 is actually very useful in terms of the properties that it has. The range of words allows easy correction of the seeds, there is a built in checksum with the seed, it doesn't have to rely on the user's judgement to make a secure password. I bet if people are actually forced to create their own passphrase this way, I would see loads of people asking how to bruteforce their passphrase because they cannot figure out which symbols they inserted. What you've described is basically brainwallet which has been cracked thoroughly and isn't recommended for use. It could be more secure it being salted and it would take a much longer time to bruteforce.

You can certainly keep a passphrase this way, I wouldn't recommend it but it's definitely quite safe if you choose a secure way to generate your private/public keypair.

alexkrypto

newbie

Activity: 10

Merit: 8

Quote from: odolvlobo on June 05, 2020, 01:51:55 AM

"!Went>P@r!$&be$tmem0ryev_r" is a good password, but a 12-word or 24-word random seed is more secure. As @pooya87 stated, a password must be weakened in order to be memorizable. Your idea may work for you, but it cannot be recommended for general use.

That's not true.

!Went>P@r!S-Be$tMem0ryEv_r is more secure than 12-word random seed

alexkrypto

newbie

Activity: 10

Merit: 8

Quote from: hatshepsut93 on June 05, 2020, 03:55:42 AM

Quote from: alexkrypto on June 05, 2020, 12:51:59 AM

And how is it easy to remember? If it's some sort of substitution scheme, like replacing O with 0, then it's easy to crack, if it's truly random (which can only be generated by some rng and not human mind), then it's really hard to memorize and you will forget it unless your repeat it multiple times per day every single day.

Compared to that, mnemonic seeds have guaranteed sufficient entropy and they are easy to remember because our brains are good at remembering natural words in sequences.

Don't you think it is easy to remember such password !Went>P@r!S-Be$tMem0ryEv_r

Well, you're right and wrong at the same time.

Right if you were referring to a traditional way of accessing "username" & "password" on servers, and the hackers can sense your way of creating password is like this.

But with Crypto, it is a different story. First, the hacker needs:

1- to figure out that the public key on blockchain belongs to YOU.
2- then he needs to figure out whether the public key was created based on BIP39 or legacy way (private key only per each public key).
3- then need to know that your way of creating passwords is like this.

You REALLY think it is easier to remember 12 random words (in order) THAN creating a strong password of your choice???

In terms of guaranteed sufficient entropy, you can your own and test it on http://rumkin.com/tools/password/passchk.php

Test for example, !Went>P@r!S-Be$tMem0ryEv_r

alexkrypto

newbie

Activity: 10

Merit: 8

Quote from: pooya87 on June 05, 2020, 01:07:59 AM

Quote from: alexkrypto on June 05, 2020, 12:51:59 AM

Something that you can create that reflect to your experience and easy to remember and hard to crack

then that's another problem. almost always, these two can not be achieved together.
people aren't known to be able to create strong passwords. to be able to remember their passwords they always end up with weak ones that could be guessed in most cases.
and if the password were strong (truly random) then it can't be memorized over long term. they still have to write it down so that they won't forget it (after like in a year), and if they are writing it down then why not use the method that is already tested and is considered safe meaning BIp-39?

They can be achieved. I already gave you an example. I can also give you another example like !Went>P@r!S-Be$tMem0ryEv_r

Go check http://rumkin.com/tools/password/passchk.php

You will see,such password achieve more than 128 bits.

Well, the problem with BIP39 is actually many:

1- losing it
2- confiscating it by government
3- robbed by nagger
4- forgetting where you stored seed phrase
5- not easy to cross board and can be confiscated by airport police officers.
6- extracted by hackers if they get access to your hardware wallet for a few minutes https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/
7- Government seize your hardware wallet and extract your seed phrase. So easy to extract your seed https://donjon.ledger.com/Unfixable-Key-Extraction-Attack-on-Trezor/

I am not referring to Trezor only but also Ledger can have the same issue in the future.

Now, do you understand why seed phrase is extremely dangerous?

AakZaki

legendary

Activity: 2338

Merit: 1084

zknodes.org

Quote from: Darker45 on June 05, 2020, 04:37:13 AM

I have to admit that it came to me a number of times how quite hard it is to be your own bank, especially if you have tens of BTC. I have a little amount myself and created a total of three copies of my seed words and I can only remember the hiding place of a single copy. I cannot remember where I kept the other two, must be somewhere in the pages of one of my books or under files of old papers. If this tiny box I'm living in right now will catch fire while I am away-- God forbid-- I will lose everything of it. And I also don't deem it safe to keep a copy in my wallet.

If my memory serves me right, I think even Andreas Antonopoulos himself ironically mentioned in an interview that he's got a copy of his seed words written on a piece of paper and kept in a bank's storage.

Having a lot of BTC and being a bank for yourself is very difficult, Must be more vigilant and pay attention to the security and confidentiality of the documents that we keep in a place that has been provided. Divide documents in 3 copies must know each place that will be used as storage, not to forget that it is very dangerous if found by someone else. instead of having to keep several copies in your own place, it is better to save in a safer bank deposit and only you open it or there is another power of attorney to open the document besides you.

dothebeats

legendary

Activity: 3542

Merit: 1352

Cashback 15%

Quote from: alexkrypto on June 05, 2020, 12:51:59 AM

Ngl. leet speak paired with symbols and everything is actually a good password maker, but humans aren't really good at creating good passwords that are secure enough to keep them safe from hacks. Also, the 12-word seed IMO is easier to keep/hide in plain sight, and more robust and secure rather than a 3-word, 1-phrase combo that you're suggesting of.

Some people keep their 12-word seed in a rather unconventional yet witty way. Let's use these words for example:

Code:

there wake tomorrow carry cold since lose open practice road shame witch

Quote

"There used to be some sort of blabbering around town. Wake, my child, as he often say to his daughter. Tomorrow, we shall feast with the gods! Carry these cloth round town and try to sell them in the market. Cold feet is attributed to being afraid or nervous of the current situation. Since 1971, the gold standard was no longer in effect. Lose something important and you'll never feel the same again. Open-air stadiums are preferable during viral outbreaks. Practice makes perfect, or so they say. Road trips are fun with your friends and family! Shame that I didn't have the last piece of beef. Witch hunting was a popular activity back in the Victorian era.

joniboini

legendary

Activity: 2170

Merit: 1789

Quote from: Pumuckel21 on June 05, 2020, 04:39:40 AM

So I do think that passphrases are much easier to memorize for the human brain than some kind of random generate password with a combination of numbers and letters.

You are not suggested to do that. Make a backup (as secure as possible) and don't rely on memory. There are dozens of stories where people forget what's their password or seed and lost their coins.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: Darker45 on June 05, 2020, 04:37:13 AM

I have to admit that it came to me a number of times how quite hard it is to be your own bank, especially if you have tens of BTC.

I am on the same page, I don't have a huge problem yet with my private keys, there's no life changing amount to hide

Quote from: Darker45 on June 05, 2020, 04:37:13 AM

I have a little amount myself and created a total of three copies of my seed words and I can only remember the hiding place of a single copy. I cannot remember where I kept the other two, must be somewhere in the pages of one of my books or under files of old papers. If this tiny box I'm living in right now will catch fire while I am away-- God forbid-- I will lose everything of it. And I also don't deem it safe to keep a copy in my wallet.

If my memory serves me right, I think even Andreas Antonopoulos himself ironically mentioned in an interview that he's got a copy of his seed words written on a piece of paper and kept in a bank's storage.

Bank's storage can be a valid place since it may be opened only by you or with your death certificate, afaik.
But back at hiding in plain sight: somebody from the family also needs to know where to look, obviously. Preferably somebody who doesn't know much about computers and bitcoin. (So yes, the suggestion still stands.)

And about catching fire, well.. I see it the same as burglars coming in (so this makes crypto steel useless) : backup at somebody else. And this backup can be made in a way only you can understand it - sealed envelope with a "letter" in a specific format to a password protected USB stick... it's up to one's ingenuity. If Bitcoin gets to 100k-500k a piece I will give it a bigger thought. Wink

Pumuckel21

sr. member

Activity: 868

Merit: 251

Empowering crypto w/ sustainable energy

Quote from: hatshepsut93 on June 05, 2020, 03:55:42 AM

Quote from: alexkrypto on June 05, 2020, 12:51:59 AM

I am totally with you by this point. So I do think that passphrases are much easier to memorize for the human brain than some kind of random generate password with a combination of numbers and letters.

Darker45

legendary

Activity: 2576

Merit: 1860

Quote from: NeuroticFish on June 05, 2020, 02:41:30 AM

Quote from: pooya87 on June 05, 2020, 01:07:59 AM

and if the password were strong (truly random) then it can't be memorized over long term. they still have to write it down so that they won't forget it (after like in a year)

Actually everything has to be written down - seed words and password - even if it's something very simple.

I've seen cases when people got a stroke and forgot even to walk and of course even their kids' names (!).
One has to think / plan for long term and what I've said can happen because of a car or motorcycle crash too, so it's not age related.

If this, then would your suggestion at the bottom still stand?

Quote from: alexkrypto on June 05, 2020, 12:21:04 AM

worrying that the (seed phrase 12 or 24 words) is stolen or lost

You can keep the seed written onto paper buried between many other useful and / or useless papers. Most people will not know what's that and what to use it for.
Or you can write here and there onto the pages of a book your seed words.
I mean that a seed has to be written down and it's not too difficult to hide in plain sight.

hatshepsut93

legendary

Activity: 3024

Merit: 2148

Quote from: alexkrypto on June 05, 2020, 12:51:59 AM

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: pooya87 on June 05, 2020, 01:07:59 AM

and if the password were strong (truly random) then it can't be memorized over long term. they still have to write it down so that they won't forget it (after like in a year)

Quote from: alexkrypto on June 05, 2020, 12:21:04 AM

worrying that the (seed phrase 12 or 24 words) is stolen or lost

odolvlobo

legendary

Activity: 4466

Merit: 3391

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: alexkrypto on June 05, 2020, 12:51:59 AM

Something that you can create that reflect to your experience and easy to remember and hard to crack

alexkrypto

newbie

Activity: 10

Merit: 8

Quote from: pooya87 on June 05, 2020, 12:39:10 AM

Code:

J\{m^"
is easier than memorizing this:

Code:

legal winner thank year wave sausage worth useful legal winner thank yellow

i'm not convinced!

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: alexkrypto on June 05, 2020, 12:21:04 AM

The idea is, people just need to memorise 3 words + passphrase (of their choice) (strong password) rather than worrying that the (seed phrase 12 or 24 words) is stolen or lost. Any reason why this cannot be practical or recommended?

are you really suggesting that memorizing 3 words + something like

Code:

J\{m^"
is easier than memorizing this:

Code:

legal winner thank year wave sausage worth useful legal winner thank yellow

i'm not convinced!

alexkrypto

newbie

Activity: 10

Merit: 8

I want to ask what is the dangerous of creating a seed phrase that generate 3 words only + passphrase (strong password 18 characters)? Is it safe? Is it possible to lose the funds this way? If yes, how?

The idea is, people just need to memorise 3 words + passphrase (of their choice) (strong password) rather than worrying that the (seed phrase 12 or 24 words) is stolen or lost. Any reason why this cannot be practical or recommended?

I understand that seed phrase can easily be guessed by a hacker but then he needs to be able to crack the 18 characters (combination of lower, upper case, number, special characters such as * ? >< !@#}|_-&^%$)

Pages: