Passphrase with seed | Bitcointalksearch.org

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: math09183 on May 23, 2020, 10:36:22 AM

Never forget this: https://xkcd.com/936/

This comic can be a bit misleading if people don't understand the reasoning behind it.

The initial password "Tr0ub4dor&3" only has 28 bits of entropy if the attacker knows all the things pointed out in the first panel - you are using a base word, with common substitutions, followed by a single punctuation and a single number, etc. If the attacker doesn't know that and is just trying to bruteforce your password, then it actually has 95¹¹ combinations which is 72 bits of entropy and astronomically more secure than 28 bits.

If the attacker tries a dictionary attack on the second password, then it has an entropy in the range of 170,000⁴, which is 69.5 bits, so would be marginally less secure than the first password.

If you use a truly random password or passphrase, preferably one generated for you in a secure method and not one you pick yourself, then you can end up with far greater security. 15 random characters has an entropy of 98 bits, which even if someone can try 1 quadrillion possibilities a second, is going to take over 14 million years to crack.

keychainX

member

Activity: 378

Merit: 53

Telegram @keychainX

Quote from: XMRseed on May 23, 2020, 05:41:55 AM

Hello,

so i have decided to do it this way:

I diced six words from the BIP-39 word list with this method:
https://github.com/taelfrinn/Bip39-diceware

I have read that six words are largely sufficient for passphrase security here and that
it would take two milleniums to brute-force it even with the most sophisticated attack:
https://coldbit.com/can-bip-39-passphrase-be-cracked/

24-word-mnemonic and passphrase will be engraved in metal and stored at two separate secure locations.

Could you please give me your short thoughts if this is secure
and if the statements about cracking times on the Coldbit website are accurate?

Thank You!

Hackers first rule is to check words from rockyou.txt or bip39, to be completely sure use words not in a dictionary, like slang and make them long. Like DangYallFoolsNigga has a smaller chance of being open than using any public wordlist combination. Remember computer power is increasing so you might find your uncrackable password easy to open in a few years.

Coldbit website will probably downgrade the time each month.

math09183

member

Activity: 170

Merit: 58

Never forget this: https://xkcd.com/936/

BTW "random" passwords like "n*Yb9LEAj$" are simpler to crack than expected 95^numberOfCharacters.

XMRseed

newbie

Activity: 7

Merit: 2

OK, great, thank you!

nc50lc

legendary

Activity: 2534

Merit: 6080

Self-proclaimed Genius

Quote from: XMRseed on May 23, 2020, 05:41:55 AM

Could you please give me your short thoughts if this is secure

That's secure enough, the passphrase is random, though you could've used a wildcard non-BIP39 word.
A very random seed phase alone is safe against "ClassD attacks" (as the link described), what more that you've added a 6-word passphrase.
(I know, in case the seed phrase leaked :D)

Quote from: XMRseed on May 23, 2020, 05:41:55 AM

and if the statements about cracking times on the Coldbit website are accurate?

Quote from: XMRseed

I have read that six words are largely sufficient for passphrase security here and that
it would take two milleniums to brute-force it even with the most sophisticated attack

It's calculated based from the total number of possible combinations against the total power of the attacker.
So they are talking about "bruteforce" attacks and it's accurate in an approximate way.

Here's one of their example (expanded):
6-words from BIP39 word list entropy: 2048^6 = 73,786,976,294,838,206,464
Class D attacker's power 1,000,000,000 H/s
One millennium in seconds: 31,557,600,000

Then do a simple Division:
73,786,976,294,838,206,464 ÷ 1,000,000,000 H/s = 73,786,976,294.838206464
73,786,976,294.838206464 ÷ 31,557,600,000 seconds = 2.3381681843625055918067280148047 millennium

take note that it's based from PBKDF2-HMAC-SHA512 as the article described to check if the passphrase will derived the correct seed,
but it takes more effort than that to check each of the candidate seed's private keys/addresses

XMRseed

newbie

Activity: 7

Merit: 2

Hello,

so i have decided to do it this way:

I diced six words from the BIP-39 word list with this method:
https://github.com/taelfrinn/Bip39-diceware

I have read that six words are largely sufficient for passphrase security here and that
it would take two milleniums to brute-force it even with the most sophisticated attack:
https://coldbit.com/can-bip-39-passphrase-be-cracked/

24-word-mnemonic and passphrase will be engraved in metal and stored at two separate secure locations.

Could you please give me your short thoughts if this is secure
and if the statements about cracking times on the Coldbit website are accurate?

Thank You!

HCP

legendary

Activity: 2086

Merit: 4361

Quote from: o_e_l_e_o on April 25, 2020, 03:22:52 PM

The English language Wiktionary contains thousands of entries which are not words. Look for example at its list of "English nouns": https://en.wiktionary.org/wiki/Category:English_nouns. The Oxford English Dictionary has 171,476 entries.

Well there you go then... another reason not to trust anything on Wikipedia Tongue

Quote from: o_e_l_e_o on April 25, 2020, 03:22:52 PM

So of all the "picking words" options, picking from a full dictionary rather than from BIP39 is a better option, but random characters (even just letters are no numbers or symbols) is better still.

Bad maths aside... this was kind of the point of my post... using dictionary words is not a great idea for creating (short) passwords. By choosing only "6" words, you are, effectively^[1], creating a 6 character password (albeit with a much larger "alphabet"... ~5000 "chars")...

and I think we'd both agree that that is a "Bad Idea"™

[1] not exactly the same, but in the realm of these large numbers it's fairly simliar...

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: XMRseed on April 25, 2020, 10:26:25 AM

find out how to create a good memorizable passphrase,

technically if a password is strong you shouldn't be able to memorize it because it would be very random and it is hard to make any association between each character of the password in your head to be able to remember them. keep in mind that you have to remember it after a long time like a couple of years not just for a couple of days.
an example of a strong password (16 char long):

Code:

as:}4S_9s.V:j2rK

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: HCP on April 25, 2020, 08:55:19 AM

Really?

"Wikipedia" seems to think we have ~500,000... https://en.wikipedia.org/wiki/List_of_dictionaries_by_number_of_words

The English language Wiktionary contains thousands of entries which are not words. Look for example at its list of "English nouns": https://en.wiktionary.org/wiki/Category:English_nouns. The Oxford English Dictionary has 171,476 entries.

If you assume at least one of the letters has to be either a vowel or "y", there are only 6*26*26*26 = 105,456 possible combinations, so there is no way there are 150,000 four letter words. There are 4994 four letter words in the Linux dictionary file: https://www.quora.com/How-many-4-letter-words-exist-in-English/answer/Nick-Gorbikoff

Quote from: XMRseed on April 25, 2020, 07:04:54 AM

1. I would generate a seed and would take the first five words as the passphrase

2048^5, which is 3.6*10¹⁶

Quote from: XMRseed on April 25, 2020, 07:04:54 AM

2. I pick myself randomly six 4-character words from the 2048-word-list and use them as my passphrase.

There are only 442 four character words in BIP39, so this would be 442^6 which is 7.5*10¹⁵

Assuming 5000 four letter words, picking 6 randomly is 1.6*10²²
Picking 24 random single case letters is 9.1*10³³
Picking 24 random lower or upper case letters is 1.5*10⁴¹

So of all the "picking words" options, picking from a full dictionary rather than from BIP39 is a better option, but random characters (even just letters are no numbers or symbols) is better still.

XMRseed

newbie

Activity: 7

Merit: 2

All right,
i will dig deeper in the matter and find out how to create a good memorizable passphrase, maybe with lower or upper case letters.
I´ll return here for further questions.

HCP

legendary

Activity: 2086

Merit: 4361

Quote from: XMRseed on April 25, 2020, 07:04:54 AM

I have heard that you can mess up security exponentially with playing with the features but i also want to be able to retrieve my coins and not lock myself out.

Yes... and that is what I was alluding too... by "abusing" these functions and using them for things they were not designed for, you can adversely affect the overall security of your setup.

Without getting into the complicated maths, you're effectively reducing your security to that of a "simple brainwallet" by using dictionary words as your passphrase, should your seed become compromised.

Quote from: o_e_l_e_o on April 25, 2020, 06:16:54 AM

I'm going to question HCP's maths here though. There are only somewhere in the region of 170,000 words in the entire English language. The internet tells me there are less than 5000 four letter words. 5000^6 is ten times smaller than 2048^7 - in other words, not very secure. You need to either pick more words or use random characters.

Really?

"Wikipedia" seems to think we have ~500,000... https://en.wikipedia.org/wiki/List_of_dictionaries_by_number_of_words
Websters is apparently at ~470,000...

And this website seems to think we have nearly 150,000 "4 letter words": https://www.thefreedictionary.com/4-letter-words.htm

I don't know for sure, but either way... it's not a "big" number (relatively speaking)... so it's still not a "Good Idea"™

Quote from: o_e_l_e_o on April 25, 2020, 06:16:54 AM

Why 86? I thought passphrases were compatible with the full printable ASCII character set, which is 95 characters.

I will admit that this was a ~~complete~~educated guess tho... my "napkin" math was 52 chars + 10 numbers + ? symbols... I thought it would be around 20-25 symbols... apparently there are more Wink

XMRseed

newbie

Activity: 7

Merit: 2

Hello, i know there would be safer passphrases and on the Ledger Nano X you can enter maximum 100 characters but my set up is this:

24-Word-Seed "written" on Cryptosteel and deposited in a secure place and memorized in my head.
Now i want to add a passphrase "written" in Cryptosteel , deposit that in another secure place and also memorize it in my head.
To memorize it it can not be so difficult and to fit it in a Cryptosteel it should have not more than 24 characters.

If the seed would be found, how much time would i have before the passphrase could be brute forced if?

1. I would generate a seed and would take the first five words as the passphrase ( I would create multiple seeds and take the words from the one
that have maximum 24 characters. )

2. I pick myself randomly six 4-character words from the 2048-word-list and use them as my passphrase.

I have heard that you can mess up security exponentially with playing with the features but i also want to be able to retrieve my coins and not lock myself out.

Many thanks for your help!

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: pooya87 on April 24, 2020, 10:49:30 PM

if it were then it should have used a much safer key derivation function with a much higher iteration (basically cost).

Maybe it should have, but we are stuck with what we have. If OP is dead set on having a 24 character passphrase, then as HCP has said, 24 random characters will be many orders of magnitude more secure than 6 four letter words.

I'm going to question HCP's maths here though. There are only somewhere in the region of 170,000 words in the entire English language. The internet tells me there are less than 5000 four letter words. 5000^6 is ten times smaller than 2048^7 - in other words, not very secure. You need to either pick more words or use random characters.

Quote from: HCP on April 24, 2020, 07:08:56 PM

in which case the search space would be 86^24

Why 86? I thought passphrases were compatible with the full printable ASCII character set, which is 95 characters.

pooya87

legendary

Activity: 3472

Merit: 10611

the passphrase used in BIP-39 is not meant for security (although it could add a tiny bit of security to it). if it were then it should have used a much safer key derivation function with a much higher iteration (basically cost). the purpose of this passphrase is to let you create some sort of hidden set of keys that could be derived from the same mnemonic for plausible deniability.

if you want to secure your mnemonic then encrypt it using AES-256.

HCP

legendary

Activity: 2086

Merit: 4361

I'm not really sold on the idea of using dictionary words for a passphrase, tbh. While it's true you are generating a "24 char" passphrase, you're limiting the effective search space to 26^24 (or 52^24, if you use some uppercase as well)... and, in actual fact, because you're using dictionary words... it's more like 150000^6 (there are only around 150,000 four letter words in the english language)! That is a pretty small number... relatively speaking Undecided

Compared with using a random mix of lowercase, uppercase, numbers and symbols... in which case the search space would be 86^24

It's the same with using the first 6 words from a generated seed mnemonic... you're really lowering the search space to just 2048^6.

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

As long as it shows on the device and not on the screen then you're good!

XMRseed

newbie

Activity: 7

Merit: 2

Quote from: jackg on April 24, 2020, 01:34:48 PM

If you can verify the download of the iso before it's run then you will be fine running tails on a machine with a generator, unless you can devise a way to use an unbiased dice with the standard list.

OK, thank you!
My TAILS system is sometimes online. But i have 2 Ledger devices and will create the seed on the one i don't use.

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Ahh yeah I'd suggest the 4 words of 4-6 characters...

If you can verify the download of the iso before it's run then you will be fine running tails on a machine with a generator, unless you can devise a way to use an unbiased dice with the standard list.

XMRseed

newbie

Activity: 7

Merit: 2

Quote from: jackg on April 24, 2020, 12:30:16 PM

Is there a reason you only wanted 6 character words from a dictionary? If you use a 5 or 6 character word base you'll include quite a lot more if you go down that route.

My idea was to take six 4-character words from a dictionary "randomly" picked by me so that i can put them in a Cryptosteel/Billfodl in one row.
That would be easier to memorize for me than to create a 6-word-seed and use the first 4 letters of each word.
If the words are also not from the 2048-word list it would be easier for my heirs to find out that it is a passphrase and not a seed.

Alternatively i could use just four or five seed words as long as they don't have more than 24 characters together and fill the rest of the row of the Cryptosteel with blank tiles. Is a mnemonic code converter used with TOR browser in an offline TAILS Linux system on a USB-stick safe enough?

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

I have and would recommend using another seed as the password (the first 4 to 6 words will work just fine).

Is there a reason you only wanted 6 character words from a dictionary? If you use a 5 or 6 character word base you'll include quite a lot more if you go down that route.

XMRseed

newbie

Activity: 7

Merit: 2

Hello,

i´m fairly new into Bitcoin but have now a hardware wallet with a 24-word seed. Seed is stored securely. Now i´d like to add an additional passphrase to my seed and move my funds from the seed-only account to the seed-passphrase account.

Now to the passphrase: Is six english words with 4 characters chosen from an English dictionary secure enough for the passphrase?
I thought about 4-characters words because i want the passphrase not only to write down but to use a Cryptosteel/Billfodl type of metal device to store it. With those devices i could put six words in a row and leave the other rows empty.

Or should i create 6 random words with a BIP39 mnemonic converter offline and use those as a passphrase? Then i would have to engrave them into metal which i think is more complicated than using a Cryptosteel device. Passphrase will be stored in a different place as the 24-word seed.

Thank you in advance for your advice!

Topic: Passphrase with seed (Read 397 times)