Topic: Passhprase strength (Read 468 times)

OP must have his own reason to edit the post (most likely serious privacy concern) and it's understandable.

But almost all of his posts are quoted by other members, so you should able to get important part of the information.

I'm a bit late since you've edited everything out. It's not difficult to use diceware to generate an additional 4 to 8 words and then memorize those words in order, as opposed to using names of your family.

Here are a few I found online, if you really don't want to use physical dice:

https://www.rempe.us/diceware/ = says here 8 words will take 15x the age of the universe to crack
https://diceware.dmuth.org/ = has a fun dice animation

There's a few more you can find if you do a search.

But dice are cheap. 100 six sided dice are less than $20 shipped. Even so called Casino Grade dice are less than $25 for a stick of 5. I might get some casino dice to play with.

I did indeed remove some of my own posts for privacy reasons, but you can still see most of it in quotes

Honestly, the thread contains some interesting information that I would prefer to read and learn but inside the thread, OP made so many "Hi" posts (edited ones), that should be avoided and deleted.

OP should go in further detailed explanation on his/ her need and ask for further help/ clarifications from knowledgeable users if need more supports.

Sure, I take your point. It's generally a good idea to not brag about your wealth regardless of what form of money or other assets it is in.

6 names (~40 characters) is already going to be unbreakable from a brute force point of view. The concern is not from brute forcing but from dictionary or other word list attacks.

You can see my post earlier, but your passphrase can be as long as you want. There is a limit to what a Ledger or Trezor will accept, but not most software wallets.

There is probably a maximum character length that has to be respected so that will not work. Someone mentioned that the passphrase can have up to 35 characters in a previous post if I remember correctly.

The resistance of password to brute force attack depends solely on its length. Repeat your all  six random names  5 - 10 times in row and it will become unbreakable.

I understand what you are saying and it makes sense. But I would like to make a difference between talking about the technology, use cases, adoption or teaching people about Bitcoin, and talking about the new car you just bought with Bitcoins and the new house you are planning to purchase next month thanks to bitcoin. People can know that you have some, that you use it from time to time but not how good you are doing because of it. 

On the pure basis of password strength against brute force attacks and using the 6 of the most common male names from the UK: OliverJacobNoahJackOscarHarry

It would take the following amount of time to brute force using am average computer: 46 NONILLION YEARS / 6130 CENTURIES

Without capitalizing the first letter of each name, it's still pretty good: 86 SEXTILLION YEARS / 10000+CENTURIES

Sources: 1, 2

Looks fine, as long as nobody knows who are right now 

That's kind of my point. If we only talk about bitcoin to other people who already use bitcoin, then how is it going to grow? Long term growth of bitcoin (including sustainable price growth as opposed to speculation driven fluctuations) depends on adoption. Adoption will only increase with people who don't use bitcoin starting to use bitcoin. Merchants won't go to the effort of starting to accepting bitcoin unless they know there is a demand for it. If nobody ever talks to merchants/vendors/retailers/tradesmen/whoever about bitcoin, then they won't know there is a demand, they won't ever start accepting it, and adoption will never come.

The future of bitcoin depends on people being vocal about bitcoin and its use, particularly to people outside the "bitcoin family". I'm just not sure the best way to balance that with your own safety.

Nothing wrong with that. Dealing with merchants, tradesmen and other bitcoin enthusiasts is good as long as you keep it inside the 'Bitcoin family'. That is why I asked in my previous post what kind of people know that OP owns Bitcoin and what exactly do they know about him. People you trade with, buy or sell to are OK but I would not brag about owning Bitcoin in the public and how safe my hardware wallet is.

HI

I agree - I think there is a very important difference between being enthusiastic about the BTC and taking to shop owners, friends, family members about the possibilities, freedom BTC has to offer and to making people jealous by saying stuff that they can interpret as you having lots of BTC. I think jealous people are dangerous in general and this should be avoided in general, not only with BTC.

I get asked a lot how many coins I got or at what price I bought my first coin. I usually say that I sold all my BTC years ago for a small amount and that it was biggest mistake ever. I am now slowly collecting and hodling/using, but no crazy amounts.

It is very hard because I love talking about BTC with people but I do not want to give them financial advice or making them jealous. That's why I just stick to the technology side and long-term view.

HI

This is something that I often think about. On one hand, obviously keeping your involvement with bitcoin private is good for you own personal security, but on the other hand, I want to be able to spend bitcoin in person, and I not infrequently talk to local merchants, vendors, tradesmen, etc., about accepting bitcoin (with some success, but that's another story). If no one ever told anyone else that they want to spend/use bitcoin, then there would be no adoption and consequently the price would stagnant and fall.

I don't think simply owning bitcoin makes you a particularly attractive target for scammers, hackers, or thieves. They need to know you are holding enough bitcoin to make it both worth their time and worth the risk. If you have a number of different unconnected wallets, with your main holdings separated, well hidden and not publicized, I think you are relatively safe.

The set up Nunuface is describing is good from this point of view, I think. If his wallet was to be hacked or he was subjected to a $5 wrench attack, he could give away the holdings in his main wallet without it being too big a deal, knowing that his main holdings are safe behind a passphrase.

People as in your family and closest friends or all your colleagues at work or in school including the junkies and alcoholics hanging out at your street corner? Do you see where I am going with this? The more people know you own Bitcoin the bigger the possibility that someone might try steal it from you.
Don't put yourself in that position and brag about having loads of Bitcoin. You don't need the attention.

hi

hi gets under water, then I would be screwed.

In addition to the points made by Welsh above, the thing that jumped out at me was "password protected USB sticks". USB sticks which come with in built software to password protect them can be very variable in their security. I think a better method would be to encrypt your 24 words using a trusted program such as Veracrypt, and store the encrypted file on the USB. You must also take extra care to ensure that your mnemonic phrase never comes close to a computer with internet access. The laptop you are using shouldn't just have the internet turned off for the duration of making the USB sticks - it should have the WiFi card removed and should never go online again.

I also always advise people against remembering things as a sole way of storing information. There are a million and one things that can happen to anyone at any time without warning which can result in memory loss. If someone else knows your passphrase as well, that goes a long way to mitigating the risk, but you might want to also consider physically backing up your passphrase(s). Whether that is storing them on a Cryptosteel in a different location, or also encrypting them and placing them on different USBs, or something else entirely, is up to you.

We couldn't possibly answer this question as there are multiple factors to consider, and at the end of the day its you that has to be comfortable with keeping a large amount of Bitcoin in your own home. I wouldn't even keep my life savings in one place let alone in one wallet, but then you have to consider if putting it in multiple locations is any safer. An option you have is splitting the passphrase up into multiple pieces, and storing them in multiple locations. Thus rendering each bit useless without the other. However, that might be going a little bit overboard if you're comfortable enough with the setup.

Some of the things to consider, and ask yourself:

- Likelihood of your house being burgled
- Likelihood of where your coins are stored from damage (flooding etc)
- Whether anyone knows you own Bitcoin
- If your house was burgled, how easy is it to access where the wallet is stored
- Considering the fact that your house has documents, and pictures the thief might be able to identify you, and your family members, and potentially guess that.

Probably more that I'm failing to remember to as of right now. However, despite all of this your setup is likely more secure than the majority of users on here. Although, all of this is subjective some users here will pick a bone with sharing with family members in case of death or they might be worried that the USB you intend on using might be compromised, but its all down to your personal comfort level, and trust.

Are there security issues with your proposed setup? Yeah, definitely. However, its a better setup than average.