Pages:
Author

Topic: Passphrase with seed (Read 418 times)

legendary
Activity: 2268
Merit: 18775
May 28, 2020, 06:57:41 AM
#21
Never forget this: https://xkcd.com/936/
This comic can be a bit misleading if people don't understand the reasoning behind it.

The initial password "Tr0ub4dor&3" only has 28 bits of entropy if the attacker knows all the things pointed out in the first panel - you are using a base word, with common substitutions, followed by a single punctuation and a single number, etc. If the attacker doesn't know that and is just trying to bruteforce your password, then it actually has 9511 combinations which is 72 bits of entropy and astronomically more secure than 28 bits.

If the attacker tries a dictionary attack on the second password, then it has an entropy in the range of 170,0004, which is 69.5 bits, so would be marginally less secure than the first password.

If you use a truly random password or passphrase, preferably one generated for you in a secure method and not one you pick yourself, then you can end up with far greater security. 15 random characters has an entropy of 98 bits, which even if someone can try 1 quadrillion possibilities a second, is going to take over 14 million years to crack.
member
Activity: 378
Merit: 53
Telegram @keychainX
May 28, 2020, 01:10:11 AM
#20
Hello,

so i have decided to do it this way:

I diced six words from the BIP-39 word list with this method:
https://github.com/taelfrinn/Bip39-diceware

I have read that six words are largely sufficient for passphrase security here and that
it would take two milleniums to brute-force it even with the most sophisticated attack:
https://coldbit.com/can-bip-39-passphrase-be-cracked/

24-word-mnemonic and passphrase will be engraved in metal and stored at two separate secure locations.

Could you please give me your short thoughts if this is secure
and if the statements about cracking times on the Coldbit website are accurate?

Thank You!

Hackers first rule is to check words from rockyou.txt or bip39, to be completely sure use words not in a dictionary, like slang and make them long. Like DangYallFoolsNigga has a smaller chance of being open than using any public wordlist combination. Remember computer power is increasing so you might find your uncrackable password easy to open in a few years.

Coldbit website will probably downgrade the time each month.
member
Activity: 170
Merit: 58
May 23, 2020, 10:36:22 AM
#19
Never forget this: https://xkcd.com/936/

BTW "random" passwords like "n*Yb9LEAj$" are simpler to crack than expected 95^numberOfCharacters.

newbie
Activity: 7
Merit: 2
May 23, 2020, 09:46:35 AM
#18

OK, great, thank you!
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
May 23, 2020, 08:03:49 AM
#17
Could you please give me your short thoughts if this is secure
That's secure enough, the passphrase is random, though you could've used a wildcard non-BIP39 word.
A very random seed phase alone is safe against "ClassD attacks" (as the link described), what more that you've added a 6-word passphrase.
(I know, in case the seed phrase leaked :D)

and if the statements about cracking times on the Coldbit website are accurate?
Quote from: XMRseed
I have read that six words are largely sufficient for passphrase security here and that
it would take two milleniums to brute-force it even with the most sophisticated attack
It's calculated based from the total number of possible combinations against the total power of the attacker.
So they are talking about "bruteforce" attacks and it's accurate in an approximate way.

Here's one of their example (expanded):
6-words from BIP39 word list entropy: 2048^6 = 73,786,976,294,838,206,464
Class D attacker's power 1,000,000,000 H/s
One millennium in seconds: 31,557,600,000

Then do a simple Division:
73,786,976,294,838,206,464 ÷ 1,000,000,000 H/s = 73,786,976,294.838206464
73,786,976,294.838206464 ÷ 31,557,600,000 seconds = 2.3381681843625055918067280148047 millennium

take note that it's based from PBKDF2-HMAC-SHA512 as the article described to check if the passphrase will derived the correct seed,
but it takes more effort than that to check each of the candidate seed's private keys/addresses
newbie
Activity: 7
Merit: 2
May 23, 2020, 05:41:55 AM
#16
Hello,

so i have decided to do it this way:

I diced six words from the BIP-39 word list with this method:
https://github.com/taelfrinn/Bip39-diceware

I have read that six words are largely sufficient for passphrase security here and that
it would take two milleniums to brute-force it even with the most sophisticated attack:
https://coldbit.com/can-bip-39-passphrase-be-cracked/

24-word-mnemonic and passphrase will be engraved in metal and stored at two separate secure locations.

Could you please give me your short thoughts if this is secure
and if the statements about cracking times on the Coldbit website are accurate?

Thank You!
HCP
legendary
Activity: 2086
Merit: 4363
April 26, 2020, 06:04:03 PM
#15
The English language Wiktionary contains thousands of entries which are not words. Look for example at its list of "English nouns": https://en.wiktionary.org/wiki/Category:English_nouns. The Oxford English Dictionary has 171,476 entries.
Well there you go then... another reason not to trust anything on Wikipedia Tongue


So of all the "picking words" options, picking from a full dictionary rather than from BIP39 is a better option, but random characters (even just letters are no numbers or symbols) is better still.
Bad maths aside... this was kind of the point of my post... using dictionary words is not a great idea for creating (short) passwords. By choosing only "6" words, you are, effectively[1], creating a 6 character password (albeit with a much larger "alphabet"... ~5000 "chars")...

and I think we'd both agree that that is a "Bad Idea"™



[1] not exactly the same, but in the realm of these large numbers it's fairly simliar...
legendary
Activity: 3472
Merit: 10611
April 25, 2020, 11:37:49 PM
#14
find out how to create a good memorizable passphrase,

technically if a password is strong you shouldn't be able to memorize it because it would be very random and it is hard to make any association between each character of the password in your head to be able to remember them. keep in mind that you have to remember it after a long time like a couple of years not just for a couple of days.
an example of a strong password (16 char long):
Code:
as:}4S_9s.V:j2rK
legendary
Activity: 2268
Merit: 18775
April 25, 2020, 03:22:52 PM
#13
Really? Huh "Wikipedia" seems to think we have ~500,000... https://en.wikipedia.org/wiki/List_of_dictionaries_by_number_of_words
The English language Wiktionary contains thousands of entries which are not words. Look for example at its list of "English nouns": https://en.wiktionary.org/wiki/Category:English_nouns. The Oxford English Dictionary has 171,476 entries.

If you assume at least one of the letters has to be either a vowel or "y", there are only 6*26*26*26 = 105,456 possible combinations, so there is no way there are 150,000 four letter words. There are 4994 four letter words in the Linux dictionary file: https://www.quora.com/How-many-4-letter-words-exist-in-English/answer/Nick-Gorbikoff

1. I would generate a seed and would take the first five words as the passphrase
2048^5, which is 3.6*1016

2. I pick myself randomly six 4-character words from the 2048-word-list and use them as my passphrase.
There are only 442 four character words in BIP39, so this would be 442^6 which is 7.5*1015

Assuming 5000 four letter words, picking 6 randomly is 1.6*1022
Picking 24 random single case letters is 9.1*1033
Picking 24 random lower or upper case letters is 1.5*1041

So of all the "picking words" options, picking from a full dictionary rather than from BIP39 is a better option, but random characters (even just letters are no numbers or symbols) is better still.
newbie
Activity: 7
Merit: 2
April 25, 2020, 10:26:25 AM
#12
All right,
i will dig deeper in the matter and find out how to create a good memorizable passphrase, maybe with lower or upper case letters.
I´ll return here for further questions.
HCP
legendary
Activity: 2086
Merit: 4363
April 25, 2020, 08:55:19 AM
#11
I have heard that you can mess up security exponentially with playing with the features but i also want to be able to retrieve my coins and not lock myself out.
Yes... and that is what I was alluding too... by "abusing" these functions and using them for things they were not designed for, you can adversely affect the overall security of your setup.

Without getting into the complicated maths, you're effectively reducing your security to that of a "simple brainwallet" by using dictionary words as your passphrase, should your seed become compromised.



I'm going to question HCP's maths here though. There are only somewhere in the region of 170,000 words in the entire English language. The internet tells me there are less than 5000 four letter words. 5000^6 is ten times smaller than 2048^7 - in other words, not very secure. You need to either pick more words or use random characters.
Really? Huh "Wikipedia" seems to think we have ~500,000... https://en.wikipedia.org/wiki/List_of_dictionaries_by_number_of_words
Websters is apparently at ~470,000...

And this website seems to think we have nearly 150,000 "4 letter words": https://www.thefreedictionary.com/4-letter-words.htm

I don't know for sure, but either way... it's not a "big" number (relatively speaking)... so it's still not a "Good Idea"™


Why 86? I thought passphrases were compatible with the full printable ASCII character set, which is 95 characters.
I will admit that this was a completeeducated guess tho... my "napkin" math was 52 chars + 10 numbers + ? symbols... I thought it would be around 20-25 symbols... apparently there are more Wink Tongue
newbie
Activity: 7
Merit: 2
April 25, 2020, 07:04:54 AM
#10
Hello, i know there would be safer passphrases and on the Ledger Nano X you can enter maximum 100 characters but my set up is this:

24-Word-Seed "written" on Cryptosteel and deposited in a secure place and memorized in my head.
Now i want to add a passphrase "written" in Cryptosteel , deposit that in another secure place and also memorize it in my head.
To memorize it it can not be so difficult and to fit it in a Cryptosteel it should have not more than 24 characters.

If the seed would be found, how much time would i have before the passphrase could be brute forced if?

1. I would generate a seed and would take the first five words as the passphrase ( I would create multiple seeds and take the words from the one
that have maximum 24 characters. )

2. I pick myself randomly six 4-character words from the 2048-word-list and use them as my passphrase.

I have heard that you can mess up security exponentially with playing with the features but i also want to be able to retrieve my coins and not lock myself out.

Many thanks for your help!
legendary
Activity: 2268
Merit: 18775
April 25, 2020, 06:16:54 AM
#9
if it were then it should have used a much safer key derivation function with a much higher iteration (basically cost).
Maybe it should have, but we are stuck with what we have. If OP is dead set on having a 24 character passphrase, then as HCP has said, 24 random characters will be many orders of magnitude more secure than 6 four letter words.

I'm going to question HCP's maths here though. There are only somewhere in the region of 170,000 words in the entire English language. The internet tells me there are less than 5000 four letter words. 5000^6 is ten times smaller than 2048^7 - in other words, not very secure. You need to either pick more words or use random characters.

in which case the search space would be 86^24
Why 86? I thought passphrases were compatible with the full printable ASCII character set, which is 95 characters.
legendary
Activity: 3472
Merit: 10611
April 24, 2020, 10:49:30 PM
#8
the passphrase used in BIP-39 is not meant for security (although it could add a tiny bit of security to it). if it were then it should have used a much safer key derivation function with a much higher iteration (basically cost). the purpose of this passphrase is to let you create some sort of hidden set of keys that could be derived from the same mnemonic for plausible deniability.

if you want to secure your mnemonic then encrypt it using AES-256.
HCP
legendary
Activity: 2086
Merit: 4363
April 24, 2020, 07:08:56 PM
#7
I'm not really sold on the idea of using dictionary words for a passphrase, tbh. While it's true you are generating a "24 char" passphrase, you're limiting the effective search space to 26^24 (or 52^24, if you use some uppercase as well)... and, in actual fact, because you're using dictionary words... it's more like 150000^6 (there are only around 150,000 four letter words in the english language)! That is a pretty small number... relatively speaking Undecided

Compared with using a random mix of lowercase, uppercase, numbers and symbols... in which case the search space would be 86^24

It's the same with using the first 6 words from a generated seed mnemonic... you're really lowering the search space to just 2048^6.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
April 24, 2020, 02:28:18 PM
#6
As long as it shows on the device and not on the screen then you're good!
newbie
Activity: 7
Merit: 2
April 24, 2020, 02:24:19 PM
#5
If you can verify the download of the iso before it's run then you will be fine running tails on a machine with a generator, unless you can devise a way to use an unbiased dice with the standard list.
OK, thank you!
My TAILS system is sometimes online. But i have 2 Ledger devices and will create the seed on the one i don't use.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
April 24, 2020, 01:34:48 PM
#4
Ahh yeah I'd suggest the 4 words of 4-6 characters...

If you can verify the download of the iso before it's run then you will be fine running tails on a machine with a generator, unless you can devise a way to use an unbiased dice with the standard list.
newbie
Activity: 7
Merit: 2
April 24, 2020, 01:28:22 PM
#3
Is there a reason you only wanted 6 character words from a dictionary? If you use a 5 or 6 character word base you'll include quite a lot more if you go down that route.
My idea was to take six 4-character words from a dictionary "randomly" picked by me so that i can put them in a Cryptosteel/Billfodl in one row.
That would be easier to memorize for me than to create a 6-word-seed and use the first 4 letters of each word. 
If the words are also not from the 2048-word list it would be easier for my heirs to find out that it is a passphrase and not a seed.

Alternatively i could use just four or five seed words as long as they don't have more than 24 characters together and fill the rest of the row of the Cryptosteel with blank tiles. Is a mnemonic code converter used with TOR browser in an offline TAILS Linux system on a USB-stick safe enough?
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
April 24, 2020, 12:30:16 PM
#2
I have and would recommend using another seed as the password (the first 4 to 6 words will work just fine).

Is there a reason you only wanted 6 character words from a dictionary? If you use a 5 or 6 character word base you'll include quite a lot more if you go down that route.
Pages:
Jump to: