Author

Topic: Derivation Path as A Mitigation of Loss of Funds (Read 264 times)

member
Activity: 162
Merit: 65
September 26, 2022, 11:09:55 PM
#10
great explanation. the community is prospering just because of you guys.
legendary
Activity: 2268
Merit: 18711
I thought having a complex and deep derivation path may add the 3rd layer(1st layer being good entropy, 2nd layer being a good passphrase) of protection from funds being stolen. and apparently, I seemed to be very wrong.
You're not wrong. Having a deep and complex derivation path does add additional difficulty for an attacker. Derivation paths can be up to 255 levels, and each level can have any value between 0 and 232 (231 for unhardened paths and 231 for hardened paths). This allows for a huge number of possibilities, a number which is many orders of magnitude higher than the number of possible seed phrases or possible private keys. If I told you my 12 word seed phrase, but had hidden coins on a derivation path along the lines of the code I've given below, I can be relatively certain you will never find them.

Code:
face chef napkin quick logic bottom panda symptom devote torch script pioneer sniff spray spray
Code:
m/345354933'/356031280'/252932887/1347505127/351115139'/1677270943'/1067497044/88310333'/1236917726/168863012'/1486189243/889669617'/874958513'/1697843361'/807359198/1297439610/2048655698/1237654270/1899547945'/598497816/690677434'/789120427/1705407426/1711201892'/1859714494'/1427499750'/684739053/1159864119/287196434/1850139717'/1225218744/982589830'/667332022/938488273/689387253'/739528954'/890376207'/2064198005'/1403645991/245910409/1988417'/1786139031'/1635078370/810481855'/1227817942/1230030854/1670099597'/170811987/27337552'/1488942210/259376689'/1308219396'/1922696310/1962600203/287197218'/1017886553'/1398017907'/1389687277/776021328'/2098291377'/1689353412/661821084'/528591856/141123332/1369290193'/392184845/2089963707'/1720777275/1814027200/1826237966'/1106050564/2030630508'/1629367557/1161659757'/990535187'/1103073575'/1344654688/915472460'/639137958/157803872'/1944781511/4152626'/1767706254'/230451587/1049454063'/1955099799'/1616495657'/480757815/1329513657/600689227'/870683146/1932171054'/1665227915/1457438043/1694207749'/875589181'/46812638

However, look at that number above. Compare it to the seed phrase given above. How easy do you think that number is to back up? How easy would it be to make a mistake while backing that up? There is no checksum, and no possibility to brute force or figure out a mistake. So a single missed digit, a single 1 read as a 7 or a 0 read as a 8, a single extra ' or extra number, and so on, will mean your coins and permanently and irretrievably lost. The risk of doing something like this is incredibly high and simply not worth it when there are better methods available.

If you are envisaging a scenario where both your seed phrase and passphrase have been stolen by an attacker, then your time would be much better spent figuring out better ways to secure your back ups of these things. If you want yet more layers of security on top of that, then you should use a multi-sig approach.

Incidentally, the address generated from the above would be bc1q690uf3jhzm7sjrhavdckk4jr44wxfy779gnuq8 Tongue
member
Activity: 162
Merit: 65
Ok. thank you, guys.
I thought having a complex and deep derivation path may add the 3rd layer(1st layer being good entropy, 2nd layer being a good passphrase) of protection from funds being stolen. and apparently, I seemed to be very wrong.
sr. member
Activity: 1064
Merit: 382
Hurrah for Karamazov!
Like witcher_sense already said, it won't be difficult to bruteforce the correct path if someone has your seed making the process of creating custom DP pointless. Anyone can just loop through the paths.

You are just making your funds hard to recover for yourself. Better to use a default compatible DP, so that you can easily recover your wallet.

Focus on keeping your seed safe(with added methods which have already been suggested by other users before me) and don't overcomplicate it with custom DP.

legendary
Activity: 2268
Merit: 18711
As pooya says, a complex derivation path does not help you in the scenario that someone steals your wallet file. It may help you in the scenario that someone steals your seed phrase back up, if your derivation path is long and complex enough to be difficult for an attacker to find. However, any derivation path which is long and complex enough to be difficult must also be backed up on paper separately. And if you are going to need to back up something separately, why not do something standard and easy to recover from such as an additional passphrase or multi-sig, rather than something nonstandard and which much software will not support?
legendary
Activity: 2450
Merit: 4415
🔐BitcoinMessage.Tools🔑
Hi, Honey badgers,

how are you doing.
I wanna ask a stupid question: how having an arbitrary derivation path makes my wallet more secure? let's say under m84, i set a really deep path. So situations like someone steals my seed and eventually finds nothing is sitting there?
It all depends on which software they (hackers) are using to figure out the location of your funds. Assuming they are inexperienced enough to employ standard wallets for this task, it is safe to assert that the chances they will find something are very slim. Standard software wallets like Electrum have a particular gap limit, which is basically a number of addresses they will be checking after each funded address. For example, they check for the first 20 addresses: if address 3 is funded, they check up to address 23, and so on. Electrum allows you to change this standard gap limit, but it barely helps if your goal is to brute force very deep derivation paths. Actually, some malicious wallets (especially closed-source ones) adore non-standard derivation paths because that makes their customers more loyal (once you create a wallet using unknown derivation paths, it becomes impossible to restore your funds to another software, which naturally kind of binds you to a malicious wallet). I'd recommend anyone using non-standard derivation paths because it is very dangerous - if you lose your backup or forget which derivation path you did use to generate an address, your funds are gone forever, and your seed phrase is practically useless.
legendary
Activity: 3472
Merit: 10611
how having an arbitrary derivation path makes my wallet more secure?
It does not. Your wallet has to store the derivation path alongside your seed so that it can derive new keys when you need them. If you wallet is compromised, everything inside it is also compromised including your derivation path.
If you want real security, you must find a way to prevent your wallet becoming compromised. The solution is to use "cold storage". The most user friendly way is to buy a hardware wallet as a semi-cold-storage.

P.S. extending your mnemonic with extra words is the same too. You wallet has to store that or your master private key.
hero member
Activity: 1106
Merit: 912
Not Your Keys, Not Your Bitcoin
Hi, Honey badgers,

how are you doing.
I wanna ask a stupid question: how having an arbitrary derivation path makes my wallet more secure? let's say under m84, i set a really deep path. So situations like someone steals my seed and eventually finds nothing is sitting there?

It's not a silly question, you're just trying to be clever, which will wind up costing you money and burning your hands. While some wallets do manually allow you to enter your derivation path, you can still set it the way it suits you. However, if you forget how the path was set, you will have to start searching for each corresponding private key for every wallet address you sent and received bitcoin, and this is not a healthy way for privacy and security. By default, most wallets will likely follow a standard derivation part to help you locate where your bitcoin is situated in any of the addresses.

As suggested above, extend your seed phrase with any word you can remember, it is easier to remember than a complicated derivation path that may be difficult for you to locate the trees of your wallet address.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Why wouldn't you just extend your nmemonic with custom words stored somewhere else?

I don't think this makes it that much harder to crack, if it's worth cracking as you could just check the first few addresses of quite a lot of derivation paths quickly - unless you make one that's so ridiculously long it can't be recovered, but then you could probably multisig for better security and easier recoverability.

member
Activity: 162
Merit: 65
Hi, Honey badgers,

how are you doing.
I wanna ask a stupid question: how having an arbitrary derivation path makes my wallet more secure? let's say under m84, i set a really deep path. So situations like someone steals my seed and eventually finds nothing is sitting there?
Jump to: