Topic: I lose my btc if I forget my 24 word password for ledger (Read 298 times)

With wallet you are referring to the password manager file, right?




In a perfect world (where you password manger doesn't have a vulnerability (and never will have) and the encryption is chosen ight), yes. It is safe.
The problem is.. once you are uploading it.. it may be (somehow) read  / accessed by an attacker (who at this time can't read it because its encrypted).
But if in the future someday a vulnerability would be found (e.g. encryption algorithm implemented wrong), then he may be able to access your file, abusing the flawed implementation.




If its not encrypted, this is possible. Either by Man-in-the-Middle attacks or through accessing the server of your storage provider.
Storing/sending files unencrypted can definetly lead to a loss of your funds.




The probability of an attacker accessing your file + vulnerability found and used itself is pretty low.
But this can't be excluded.
This all depends on how much you trust the devs from your password manager and of course the 'level' of security you want to reach.

While this may work well in most cases.. the risk still exists.

It is still a bad practice, as long as you are relying on a third party to hold your seed, in this case keepass or lastpass. Both are good password managers but that is all, they don't do wonders.

The true purpose of the hardware wallet is to do every transaction from the built in chip of this wallet without leaving it so you don't get hacked even if your computer have a thousand viruses. You need to set it up as first time use in a Linux envorinment to be 100% safe.

Then you have to keep your 24 words seed in the letter that comes with your wallet, or in a paper and put it in your personal cabinet or drawer at your home. If you happen to have more than 50 bitcoins you can store your seed in a bank deposit small safe box.

This is the best practice of how to keep a seed of a hardware wallet.

Hi there.  I meant like this


You use lastpass or keepass.  You store all your passwords there such as gmail, banking and any other site.  Thus only thing you need to remember is your password or master password.  Now if you log into lastpass or keepass, then say you store your seed in that wallet.  Now when you log into say dropbox or say gmail, then go to your google drive account, upload their lastpass or keepass file into it... and the lastpass or keepass is encrypted since you cannot open it without the password, that is safe or not?  Because assuming you don't encrypt the lastpass or keepass file, by that you mean encrypt it, then its not safe?  Thus someone could read the lastpass or keepass file?



Well you have a copy of lastpass or keepass in your computer and most likely a usb stick or external hard drive.  So when you say why would you upload a copy to your email or dropbox etc, well its a digital copy in case something happens to your laptop or usb stick or external hard drive.  Thus if you lost all these items, you could still log into your dropbox or gmail and then open your lastpass or keepass as long as you remember the password for both.  So that is bad idea?  Again im not talking about you typing out your seed in gmail and then sending it to yourself and anyone who hack your password can read it.  That would be a very bad idea etc. 

This is the (theoretically) maximum amount of possible combination.
But due to the fact that the last word is partially a checksum (a few bits from the last word), the actual amount of valid seeds is lower than 2048^24.




It just doesn't take 'a long time', it is also not possible to compute all possibilities within a few hundred/thousand years.

No, Let probability science speak  :
There are 2048 words to be chosen in the seed and you have 24 words to create your seed.
2048^24= 2.9642775e+79.
You need a supercomputer to do the processing that takes a long time as well as the electricity bill.
Your money (0.1 BTC or 700$) will look slim if compared to the cost of restoring your seed.
Sorry for your loss

If you are putting the seed into a password manager (which itself is as secured as the passwordmanager (encryption implementation, ..) is), why are you then storing something in your email?
Is your idea to store the encrypted file in your email account?

Or are you talking about storing your gmail password in a password manager and then store the seed (encrypted/unencrypted ?) in your gmail account?

As i have already mentioned.. email is broken!


Any (unencrypted) email you send, can be read by anyone who cares to read your emails. I hope you know this.
So, no. An attacker would not need your gmail password to 'receive' your mails. He simply just 'copies them on the way to the mail server'.
Note that it is not that trivial as i have described. But for an attacker with medium knowledge this is pretty easy to accomplish.

For more information about how broken email is: https://en.wikipedia.org/wiki/Email#Privacy_concerns

---

No, only passwordmanager encryption.
Since an attacker (who does target you) can read/intercept all of your (unencrypted) emails.

---

An attacker could use a proxy, faking an IP address near from your location.
This is a security measurement which can easily be bypassed.

---

No.

---

Well, as long as there is no vulnerability found (e.g. mistake in the implementation in the password manager) it is safe to store your seed inside kepass.
But keep in mind that an attacker might have your encrypted file once you attach it to an email.

So he has quite some time (assuming you don't change your seed frequently) to bruteforce all easy passwords.
And once a vulnerability might be found, your seed can definetely get compromised.

Overall, it is 'pretty safe' to store your encrypted seed in your email account regarding the possibility of someone cracking the encryption.
But note that there are way more secured storage possibilities than an email account.

Additionally you don't have any control over 1) who gets access to your encrypted file and 2) how long your file will stay there.
One morning the email service provider might have a failure with their servers, resulting in a loss of data.. or whatever..


I would not suggest to use email as a storage for ANY confidential information.

write to technical support, and specify in detail your problem!

Most probably...

I highly doubt that someone memorizes this 24 recovery phrase already. Instead, save this confidential information in a safe place offline that only you knows.

Could you tell us if the address above is the currently used on your ledger? or not? if not then those funds are forever lost, just sorry for your loss this should be served as a lesson to you.

i'm sorry, i didn't understand what happened. DO you really have tried to memorize your seed? Or you just lose it?

As others already mentioned, its a really bad idea to store the seed digitally (and even worse to store it online).

But i also want to add that email is a broken protocol! Its a 45+ year old outdated protocol.

People tend to think that email works as it should because its used everywhere.

Emails can be spoofed, intercepted, manipulated, etc. ... and emails are not encrypted!
I would advise to never use (unencrypted) emails for ANY sensitive information which you don't want to get intercepted by someone who is not supposed to see them.

So what is the whole point of purchasing a Ledger Nano S hardware wallet? You advised him to save his 24 word recovery phrase on a google email account by emailing his main email with another email account? That is a very bad piece of advice, because any hacker who are able to get hold of that 24 word recovery phrase can just easily steal his bitcoin out from his wallet, email account is one of the most horrible place to store any private keys or important information as it is online and you does not have any main control over it in security.

This is quite possibly the WORST advice ever given to anyone regarding security of their seed mnemonic

It should NEVER be stored digitally and certainly not in a gmail account. It should be kept offline, or you are defeating the entire purpose of the hardware wallet.

Well that's too bad sir, there is definitely no way of recovering if you forgot the 24 word password from your ledger account which is why it is advisable that you safely write in a physical components like in a piece of paper or save it on your google mail account like emailing the 24 word password account. Based on what I have read sir there is clearly no way to recover your bitcoin if you forgot both of your PIN and 24 word password.

If you forget the 24 words that the ledger has given you when setting up the device, you lose the address. Never ever forget the 24 words. As far as I know, there is no way to recover it.

This is the wallet that I need to help me recover

1KspTTfAdQoPEB5fExvdTgTnghX1CCquuP


https://blockchain.info/es/address/1KspTTfAdQoPEB5fExvdTgTnghX1CCquuP?filter=5

Dirección de Bitcoin 1KspTTfAdQoPEB5fExvdTgTnghX1CCquuP
blockchain.info
Transacciones enviadas y recibidas desde la dirección bitcoin 1KspTTfAdQoPEB5fExvdTgTnghX1CCquuP.


by mistake I created 2 accounts in the nano s ledger since I did not understand its operation and I kept the wrong security key now I have that money that I do not know how to recover it

Could you help me