Topic: Passhprase strength - page 2. (Read 468 times)
hi
Its same as other wallet like electrum, you are able to recover with only seed. You don't need passphras to recover fund. So, Do not share your seed phrase with anybody
That's not quite accurate.If someone has your mnemonic phrase, then yes, they can derive your seed, from that your private keys, and steal all your coins within your main wallet.
However, if you use a passphrase in addition to the mnemonic phrase, then it generates an entirely different seed and entirely different private keys. Just having your mnemonic phrase isn't enough to steal these coins - an attacker also needs to know the passphrase in addition to the mnemonic phrase.
You can have one set of addresses in your main wallet, protected only by your mnemonic phrase, but you can also have a second (or third, or fourth, or as many as you want) set of addresses, also protected by the same mnemonic phrase with an additional passphrase. You can use as many different passphrases with the same mnemonic phrase as you want, and each passphrase will generate an entirely separate set of keys and addresses. Furthermore, there is no way to prove that one or more passphrase protected wallet(s) even exist (except I suppose if you have obviously linked them via blockchain analytics). This is part of the reason for using one or more passphrases - plausible deniability. If someone attacks you, you can hand over your mnemonic phrase and they can empty out your main addresses, but they can't access (or even be sure they exist) any additional passphrase protected addresses.
I think you might be confusing a BIP39 passphrase (with acts like an additional 25th word to your mnemonic phrase), and the Ledger Nano's PIN to unlock the device. Have a read of this for some more info: https://support.ledger.com/hc/en-us/articles/115005214529-Advanced-passphrase-security
I'm not sure about Ledger, but Trezor can accommodate 35 characters for a passphrase. That might be the standard for Bip39, so I imagine it's the same with any hardware wallet that supports Bip39 passphrases.
The max passphrase length on a Trezor is actually 50 characters (https://wiki.trezor.io/Passphrase), whilst on a Ledger it is 100 characters (https://support.ledger.com/hc/en-us/articles/115005214529-Advanced-passphrase-security).There is theoretically no limit to how long a passphrase can be. The passphrase is simply used as a salt for the PBKDF2 function, which turns mnemonic phrase in to seed. (You can read more here: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki) As a quick test, I just created and then recovered an Electrum wallet with a passphrase of 20,000 characters.
My question is: what if I publicly post my 24-word seed, how safe would my funds behind the passphrase then be?
Ok. Well first of all, obviously don't do that. 
The answer to your question depends on a couple of things. If the attacker knows nothing about your passphrase, and is going to simply have to brute force every combination of 48 characters (6 words * 8 characters each), drawing from a full 95 character ASCII set, this would give 95^48, which is approximately equivalent to 315 bits of entropy. This will never be hacked, and is significantly more entropy than a 24 word mnemonic phrase (256 bits).
If the attacker knows that you have joined 6 dictionary words together, assuming an English word list of around 200,000 words, you are now looking at 200,000^6 combinations, which is around 105 bits of entropy, which although much less, is almost certainly still going to be plenty.
If the attacker knows that you have joined 6 names together, then the number of combinations is far, far smaller. However, if the attack doesn't know any of that, and is just going to blindly bruteforce, then the chances are they would still start with a straightforward dictionary attack.
hi
So let me rephrase: if my 24-words are known, would 6 random words as a passphrase on top of my 24-words protect me against a bruteforce attack? I dont need exchange level security because im not rich, but just wondering 
Yes, the BIP39 passphrase protects the entire wallet by changing the derived master private key depending on your passphrase;but each private key (if you've exported), aren't safe when stored in an unsecured storage.
I got a feeling that you're mixing up the terms: private key, keys and seed.
I understand your point that my idea was more safe before I told anyone. That's why I created a new account for this question.
-snip-
But the second half of DannyHamilton's post remains valid because anyone can access the paired address' funds if its private key was leaked.-snip-
But then again, there's no known hardware that can bruteforce private keys without any "hint".
What do you mean by "bruteforce attack", [1] getting the seed using the private key(s) or [2] bruteforcing the BIP39 mnemonic phrase or private key?
1: IDK if that "gossip" is even possible. But if ever, the passphrase wont help as it's not the "BIP39 seed" (mnemonic phrase) that will be bruteforced, it's the "seed" (where your private keys were derived).
2: Almost impossible.
So let me rephrase: if my 24-words are known, would 6 random words as a passphrase on top of my 24-words protect me against a bruteforce attack? I dont need exchange level security because im not rich, but just wondering
Thanks for the help!
Thanks for the help!
Yes. Your passphrase essentially becomes an extension of your seed phrase. Anyone who has your seed phrase would find an empty wallet, unless they also know your passphrase. Six random words is a pretty safe bet. I'm not sure about Ledger, but Trezor can accommodate 35 characters for a passphrase. That might be the standard for Bip39, so I imagine it's the same with any hardware wallet that supports Bip39 passphrases.
HI guys
I am seeing too many horror posts regarding BTC being stolen so I am going to protect my coins by a passphrase.
Would 6 names of family members would be secure enough? Because I prefer my passphrase to be memorized.
I realize that 6 names of family members isn't as secure as completely random words but not having to write anything down or store anything has many security benefits too.
My keys are safely stored offline already.
I am seeing too many horror posts regarding BTC being stolen so I am going to protect my coins by a passphrase.
Would 6 names of family members would be secure enough? Because I prefer my passphrase to be memorized.
I realize that 6 names of family members isn't as secure as completely random words but not having to write anything down or store anything has many security benefits too.
My keys are safely stored offline already.
It was safer before you asked.
Now that you've told the entire world that you plan to use "6 names of family members", an attacker can just take the time to learn who all of your family are and then use that information to take your bitcoins.
Would 6 random names be safe enough as passhprase against brute force attacks if my private key is known?
NO.
A password is useless once your private key is known. A password is to keep someone from gaining access to your private keys.
If you do not have exclusive access to your private keys, then you do not exclusively control your bitcoins.
hi
Jump to: