Topic: If someone steals your seed words, but does not know your passphrase... (Read 221 times)

Not necessarily. They can be easily used by any who wants the additional security that they bring.

It is entirely appropriate to use different set ups for different reason. I use simple single sig set ups for funds that I need to be easily accessible, and I use more complex multi-sig set ups for long term cold storage.

It's entirely up to you and your individual risk profile. Not keeping everything in the same wallet is a good start.

Having a seed phrase with multiple different passphrases is one option, as you say. This can provide some plausible deniability as you can split your coins across the multiple passphrases (making sure that there is also no blockchain link between these wallets). You need to have the seed phrase and each passphrase all backed up separately. You could also have one or more multi-sig wallets, but each multi-sig also requires multiple separate back ups and some people can struggle to find multiple separate safe locations for these back ups.

Hello,

Thank you for your answers. I hadn't thought about the single point of failure ...
Nevertheless, multisig wallets seem to me more adapted to companies than to individuals, no?

It seems to me that, if a reinforced security is necessary, it is also necessary that the funds remain easily accessible for the owner. We see it regularly on the forum or elsewhere, some people can no longer access their funds.

After the theft that Luke Dashjr suffered (+200 bitcoins!), I wonder what are the most appropriate solutions finally. (I did not really understand how he could be stolen with the skills he has ....)

So finally, what do you recommend for a lambda user? If he has several bitcoins, wouldn't it be better to have several wallets with passphrases for example? And if he has millions, a multisig but with passwords that he would have hidden himself? Wouldn't this be complicated for his heirs?

I thank you again for your answers, explicit and detailed

Have a nice day

A multi-sig wallet will generally be safer than a single sig seed phrase plus passphrase combination due to the absence of a single point of failure.

To recover a seed phrase plus passphrase wallet, I have to input that seed phrase and the passphrase in to a single device, be it a phone, computer, hardware wallet, whatever. That device therefore becomes a single point of failure, and if that device is compromised, then I lose everything. With a multi-sig wallet with a threshold number of signers of 2 or more, then I can recover each signing wallet to a different device, and pass partially signed transactions between these devices to be signed by each device individually. This means that if one device is compromised, my coins remain safe.

In terms of backing up, then it depends on the exact multi-sig numbers you are using. A 2-of-3 multi-sig for example will be more resistant to loss than a seed phrase/passphrase combination (which requires 2 of 2 back ups to restore), but will equally be more vulnerable to being discovered (since you require 3 separate back ups instead of just 2 (or ideally 6 instead of 4)).

A 12 word BIP39 seed phrase provides 128 bits of entropy. Since a private key provides 128 bits of security, a 12 word seed phrase is enough.
If you want to have more security, you can add a passphrase and keep it is a separate safe place. In this way, even if someone steals your seed phrase can't steal your fund, unless your passphrase is weak and can brute-forced.

If you make a 2 of 2 multi-signature wallet and you keep your seed phrases in separate places, both of seed phrases are required for accessing the fund.
This would provide a same security as a wallet with a seed phrase extended by a passphrase (assuming the passphrase is kept in a separate place, it's chosen completely random and provides enough entropy.)

So to summarize, a wallet of 24 words + strong passphrase is as secure as a multisig wallet?
And so it is possible to make a decoy wallet with a few satoshis (in case the 24 words are compromised), but, if there is no clue, the thief can't know that there is another wallet with passphrase.

In addition to the posts above it is important to ensure that you save your seed backup in a secure environment that is not accessible to anyone else. A sample is by placing your paper backup in a vault. Everything is possible even if you have a strong passphrase there is still a chance that it can be brute-force since the technology is developing and maybe in the future hackers can develop a tool that is faster than the previous brute-force tool. So the very important thing you need to do is to save the seed phrase in a safe and secure location so that no one can able to steal it and you're the only one who can protect it from theft.

This is correct, but also dependent on your passphrased wallet having a strong enough passphrase.

Let's say an attacker steals your seed phrase and empties that wallet. You have an additional hidden wallet which uses this seed phrase along with a weak passphrase. You passphrase might be a single word, or just a couple of characters, or something related to you personally such as your name or birthday or whatever. An attacker could either guess your passphrase or simply bruteforce it. There is plenty of software which will allow an attacker to attempt millions of possible passphrases a second and check the corresponding wallets for funds.

For that reason, you should ensure any passphrase you do use is strong enough to protect your wallet on its own, in the event that your seed phrase is compromised. This usually means either a long and random string of characters and symbols as might be generated by a good password manager, or a further string of words not dissimilar to your seed phrase itself. Your passphrase should also obviously be backed up on paper separately to your seed phrase. And as soon as an attacker has your seed phrase, you should consider your passphrased wallets at risk, and move all the coins within to a new seed phrase +/- passphrase.

The possibility of brute force is the main problem here. If your seed is compromised you should move your coins as fast as possible. The passphrase can give you the time that is necessary to do that. If you dont move your coins then your password can be brute forced now or in a few month. You can never know and will loose your coins at some point.

Right. Take note that you should move the fund from that wallet to a new wallet with a new seed phrase as soon as possible.
With your seed phrase being compromised, your wallet isn't as secure as before, especially if you have used a weak passphrase. It's possible that the thief can brute-force the passphrase and access the fund.

ty

Yes. The victim's wallet is not compromised as long as the thief do not have access to the passphrase. But it is good to use a strong passhrase that would be difficult to brute force.

Yes OK, thanks for clarifying... the wallet with passphrase is independent... still accessible even if the wallet without passphrase is recovered/stolen.

Take note that the two wallets (the one without passphrase and the one with passphrase) are two different wallets with completely different addresses. Anything that happens to each of these wallets doesn't affect the other wallet.
Someone who has access to your seed phrase and doesn't know the passphrase can't have access to the wallet that is protected with a passphrase. You will be able to import your seed phrase and the passphrase in another wallet and access the fund.

There's some confusing terminology that might or might not protect you in this case.

Your seed is composed out of 12 or 24 seed words (usually). Allmost all hardware and software wallet vendors give you the opportunity to encrypt your master private key which gets derived out of these 12 or 24 words.
If with "passphrase" you mean such an encryption password, the hacker can steal your funds even without knowing your passphrase, since the passphrase was only used to encrypt the master private key, but the hacker can just derive said unencrypted master private key if he has your 12 or 24 words... In this case, you are not safe at all!!! If he physically steals your hardware wallet, the code might or might not protect you for a while (at least, untill the attacker bruteforces your code, which is sometimes not as easy as it sounds).

Some hardware vendors also offer to add a 13th or 25th word to your seed (extend your key with an extra word). In this case, if a hacker steals your seed, he'll also have to brute force this 13th (or 25th) word before he can derive your master private key. In this case, you're better off, but certainly NOT as safe as without having your key compromised. The hacker just has to brute force one word, which is plausible...
On top of this 25th word, the vendor usually asks you to also add a pincode (or password), this password (or pincode) has the same function as the first part of this reply (just encrypting the master private key...).
If the hacker steals your physical device, he'll have to bruteforce the password encrypting your mpk AND bruteforce the 13th (or 25th) word... It'll take him longer, but i personally wouldn't rest comfortably before my funds were moved to a new (clean) wallet.

OK thank you for the reply.
Let's just say for the sake of the scenario... the robber  has a few hardware wallets back at his pad.

I guess it doesn't matter, I mean he could create a new wallet with Electrum or Sparrow.

I was just having trouble wrapping my mind around this concept....

... so he would recover the non-passphrase wallet, but by doing so, it does not mean the passphrase wallet is now inaccessible to the victim ( who still knows the passphrase + 24 words )



I guess I am just worried that if someone stole my seed words, it would kill my wallet+passphrase coins...

Passphrase are not stored on hardware wallets that I know as of now, if the robber was able to see the seed phrase, he can not be able to have access to the passphrase, if the robber do not have access to the passphrase, he is not going to be able to steal the coins.

I think in reality, the robber may not have hardware wallet, and he can not be that patient to first buy hardware wallet, he will follow the unsafe way which is the use of online wallet, but the passphrase will protect the coins as long as the thief do not have access to the passphrase.

The victim can just move his coins to another hardware wallet or a safe and properly generated cold wallet.

Can someone help me with this scenario...

Lets say a user owns a hardware wallet. They add a passphrase.

Some robber steals their backup words ( 24 seed words )

The robber goes home, and creates a new wallet with his own new hardware wallet ( it gives him the option to recover using the 24 words )

The robber enters the victim's 24 words... therefore recovering the victim's wallet.

....
so what I am wondering is... can the victim still enter the 24 words into a new wallet, AND enter the passphrase to recover the funds on the passphrase wallet?

or, when the robber entered the 24 words, does that make the wallet, and passphrase wallet, unaccessable?

Thanks for the help!