Protecting the Seed phrases by extending it

apogio

hero member

Activity: 560

Merit: 1060

Quote from: goldkingcoiner on December 08, 2024, 07:03:33 PM

Sure you can extend it, and that will make it harder for someone to get into your wallet, but at the end of the day you still need to memorize/write both the passphase and seed down.

Exactly! Both the seed phrase and the passphrase must be saved on physical media.
The way to protect yourself is to save these backups in separate locations and not to memorize anything.
If life has tought us anything so far, is not to trust the human brain. Memory is not to be trusted and can fail us anytime.

Quote from: alexeyneu on December 19, 2024, 03:20:32 AM

what a blond girl mindset.

Such a low quality characterization.

nc50lc

legendary

Activity: 2618

Merit: 6452

Self-proclaimed Genius

Quote from: alexeyneu on December 20, 2024, 12:47:44 AM

-snip- where my scheme is used in electrum and other wallets like this

For other non-BIP39 wallets maybe, but Electrum does the same except it uses a different standard in generating the mnemonic from the entropy.
For mnemonic-to-seed, it's basically the same as BIP39 except the salt is "electrum+passphrase" instead of "mnemonic+passphrase".

Reference: https://github.com/spesmilo/electrum/blob/692a777da8c079011c82a875a2aa68ba8f4f7c88/electrum/mnemonic.py#L175

alexeyneu

member

Activity: 351

Merit: 37

Quote from: Forsyth Jones on December 19, 2024, 06:38:24 PM

Quote from: alexeyneu on December 19, 2024, 03:20:32 AM

Quote from: hosseinimr93 on December 13, 2024, 04:22:19 PM

As you know, the master private key is derived from the seed phrase

what a blond girl mindset. wallet soft doesn't generate words , it generates 32 random bytes . based on this it then makes both key and phrase .

He wasn't wrong in his statement "As you know, the master private key is derived from the seed phrase".

As for your statement, first the wallet generates entropy, it can use 32 random alphanumeric bytes as a base, based on this, it creates the BIP39 recovery phrase and then the normal flow.

https://learnmeabitcoin.com/technical/keys/hd-wallets/mnemonic-seed/

yeah it turns out they're literally use words as hash source in bip39. like in brainwallet before. So that what i've told applied to them not to that guy. where my scheme is used in electrum and other wallets like this

Forsyth Jones

hero member

Activity: 1120

Merit: 540

Duelbits - Play for Free | Win for Real

Quote from: alexeyneu on December 19, 2024, 03:20:32 AM

Quote from: hosseinimr93 on December 13, 2024, 04:22:19 PM

As you know, the master private key is derived from the seed phrase

what a blond girl mindset. wallet soft doesn't generate words , it generates 32 random bytes . based on this it then makes both key and phrase .

He wasn't wrong in his statement "As you know, the master private key is derived from the seed phrase".

As for your statement, first the wallet generates entropy, it can use 32 random alphanumeric bytes as a base, based on this, it creates the BIP39 recovery phrase and then the normal flow.

https://learnmeabitcoin.com/technical/keys/hd-wallets/mnemonic-seed/

alexeyneu

member

Activity: 351

Merit: 37

Quote from: hosseinimr93 on December 13, 2024, 04:22:19 PM

As you know, the master private key is derived from the seed phrase

what a blond girl mindset. wallet soft doesn't generate words , it generates 32 random bytes . based on this it then makes both key and phrase .

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: Saint-loup on December 13, 2024, 03:50:30 PM

You mean unlike BIP39 master private keys, on Electrum master private keys are reversible?

No. My point was just that contrary to what Hatchy said, you don't need to have the seed phrase if you have the wallet file (+ password, if it's encrypted).

As you know, the master private key is derived from the seed phrase and the private keys are derived from the master private key.
So, either you have the master private key or the seed phrase, you can calculate your private keys.

In my previous post, I said "the wallet file contains the master private key and that can generate all the private keys" and not "the wallet file contains the seed phrase and that can generate all the private keys", because the wallet file doesn't contain the seed phrase, if you have generated it by importing a BIP39 seed phrase and I wanted the statement to cover such wallets too.

Saint-loup

legendary

Activity: 2604

Merit: 2353

Quote from: hosseinimr93 on December 08, 2024, 08:08:08 AM

Quote from: Hatchy on December 08, 2024, 08:01:08 AM

I don't think that's fisible. By just copying your wallet file the hacker would still need to input your seedphrase or keys to access your wallet. So always make sure to store your keys offline and not in your computer even if it's a cold storage..

This is wrong.
Anyone who has access to your wallet file (and knows the password, if it's encrypted) can steal your fund without any need to your seed phrase.
Take note that the wallet file contains the master private key and that can generate all the private keys.

Generally, for accessing your fund, you need to have either the wallet file (+ password, if it's encrypted) or the seed phrase (+ passphrase, if there's any).

You mean unlike BIP39 master private keys, on Electrum master private keys are reversible? That is to say they allow to calculate the Electrum seed? Because the seed is usually available in Electrum software wallets (through Wallet > Seed drop-down menu or getseed() command), so if the wallet file only cointains the master private key actually it means the wallet is able to calculate the mnemonic seed from this key.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: FatFork on December 08, 2024, 01:15:43 PM

If someone gains access to your PC, they can potentially access your wallet and coins as well. Think about it: you don't need to enter your seed phrase every time you want to use your wallet, right? Similarly, a hacker who has access to your PC can use your wallet without needing your seed phrase.

That's because the keys are saved within the wallet file, which can be encrypted or unencrypted. And that's why using Electrum with a good hardware wallet is a security upgrade and beginners should seriously consider it. Electrum creates wallet files when you use it as the companion app for your hardware wallet as well, but these files don't contain the signing keys. The seed and private keys are only stored on the physical hardware wallet, requiring manual confirmation to send transactions. If someone got remote access to your computer, they wouldn't be able to steal your coins. They could create other havoc, though.

Chikito

legendary

Activity: 2366

Merit: 2054

Quote from: UmerIdrees on December 08, 2024, 07:54:19 AM

Secondly, i have already a seed phrase of my wallet, can i add extend the seed with custom words later or this option only available while creating wallet ?

If you want create a different address then you could add an extended or passphrase from your electrum wallet. (just click menu on top > create new wallet > already have electrum seed > then click extended seed )

Extended seed or passphrase is a a sensitive case, if you write dot (.) then you will get different address created. You can write word that is easy to remember without regulation like we write password: uppercase, number and symbol. you can write your name, your birthday, or anything that easy to remember (if you want memorize without write it on paper)

goldkingcoiner

legendary

Activity: 2254

Merit: 2003

A Bitcoiner chooses. A slave obeys.

I prefer memorizing, but there are dangers to that and some people would rather write it down or store it somewhere safe than risk forgetting it.

Sure you can extend it, and that will make it harder for someone to get into your wallet, but at the end of the day you still need to memorize/write both the passphase and seed down.

you could write it down and store it in such a way that nobody except you will know how to retrieve the seed phrase/passphrase. Or at least they will have a harder time finding out. Have any of you guys seen the movie Sherlock Holmes? Remember the scene where Moriaty kept a notebook in his pocket which was actually a encoded ledger? That could be a better method than tacking on more and more 'passwords'.

PX-Z

hero member

Activity: 1554

Merit: 880

Notify wallet transaction @txnNotifierBot

Quote from: Pmalek on December 08, 2024, 11:45:18 AM

Don't rely solely on your memory without making physical backups. A head injury can change everything. Age and health problems can also. Not to mention that you can pass away suddenly or die in an accident. In that case, the passphrase dies with you unless you told you heirs about it. Multiple separate backups of your seed and passphrase is the way to go.

I always use my memories in terms of security except my word phrases and then i realized this is very possible especially accidents, so yeah writing most of the important notes, stuff about security is always a must.

Forsyth Jones

hero member

Activity: 1120

Merit: 540

Duelbits - Play for Free | Win for Real

Quote from: virasog on December 08, 2024, 08:18:34 AM

Quote from: UmerIdrees on December 08, 2024, 07:54:19 AM

While creating the new electrum wallet, is it recommended to extend the seed phrases and memorize the extended ones only. I mean write the 12 word seed phrases on a piece of paper and remember the extend phrase, this way even if someone sees your seed phrases on the piece of paper, he or she cannot access the wallet as the extended phrases is not known. Increase in security, isn't ?

Just be careful when you extend the seed phrase. I once did this and later I was not able to recover my wallet for some time. The mistake I was doing was that I was putting the correct extended seed phrase but there was a capital letter and I was entering small ones.

These extended seed phrases are case-sensitive.

Wait, are you saying that you created a passphrase one way, but when restoring it you only got one character wrong and that character was lowercase, when in fact, the character should have been uppercase to correctly calculate the BIP32 root key where your funds were allocated?

You were probably using a BIP39 seed and not an electrum seed, because electrum seeds are not case-sensitive, even if you extend your electrum seed with an uppercase character, you can type the same character in lowercase and it will calculate the same private key, it is good to pay attention to this.

Summary:

BIP39 seeds: They are case-sensitive, a single "wrong" character or even if it is correct, but one of them is used in uppercase or lowercase, results in a different private key.

Electrum seeds: do not have this differentiation.

There is a discussion about this in this thread.

FatFork

legendary

Activity: 1820

Merit: 2700

Crypto Swap Exchange

Quote from: UmerIdrees on December 08, 2024, 07:54:19 AM

2nd Question:- If someone get into my PC and get the wallet file from this location (C:\Users\Umer\AppData\Roaming\Electrum\wallets), can he access my wallet (on another computer) without the seed phrase ?

If someone gains access to your PC, they can potentially access your wallet and coins as well. Think about it: you don't need to enter your seed phrase every time you want to use your wallet, right? Similarly, a hacker who has access to your PC can use your wallet without needing your seed phrase.

To protect your wallet, use strong, unique passwords. But, even a password-protected wallet with a strong password isn't foolproof and can be compromised if your computer is infected with malware. Malicious software can secretly record your keystrokes or capture screenshots, compromising your sensitive information. So, if you have any indication that your computer might be infected, consider your wallet compromised as well. The best course of action is to move your coins to a new, securely generated wallet as soon as possible.

Pmalek

legendary

Activity: 2730

Merit: 7065

You can add a passphrase to your seed anytime, but that doesn't influence the coins you sent to addresses before adding the new passphrase. They will remain as they were - on addresses accessible with the seed phrase only. To take advantage of the added layer of security you gain after adding a passphrase, send your coins to those new addresses.

Don't rely solely on your memory without making physical backups. A head injury can change everything. Age and health problems can also. Not to mention that you can pass away suddenly or die in an accident. In that case, the passphrase dies with you unless you told you heirs about it. Multiple separate backups of your seed and passphrase is the way to go.

Findingnemo

hero member

Activity: 2366

Merit: 793

Bitcoin = Financial freedom

Quote from: UmerIdrees on December 08, 2024, 07:54:19 AM

I mean write the 12 word seed phrases on a piece of paper and remember the extend phrase, this way even if someone sees your seed phrases on the piece of paper, he or she cannot access the wallet as the extended phrases is not known. Increase in security, isn't ?

Technically, yeah, but I would say never trust your memory with your life savings. Even a small error can give you a different set of wallets, which means you can potentially lose all your life savings. An alternative option is to store the seed and passphrase in different locations with each other, and to increase the security further, try something like a secret word combination that only you can crack.

Other questions were answered but I want to add that if your wallet file is not password protected then you are taking a big risk too since anyone who can access the wallet can simply load the same wallet in a different device but with password encrypted it's not possible.

Zaguru12

hero member

Activity: 868

Merit: 952

Quote from: UmerIdrees on December 08, 2024, 07:54:19 AM

While creating the new electrum wallet, is it recommended to extend the seed phrases and memorize the extended ones only. I mean write the 12 word seed phrases on a piece of paper and remember the extend phrase, this way even if someone sees your seed phrases on the piece of paper, he or she cannot access the wallet as the extended phrases is not known. Increase in security, isn't ?

Secondly, i have already a seed phrase of my wallet, can i add extend the seed with custom words later or this option only available while creating wallet ?

Firstly the idea of actually keeping your bitcoin phrases even extended or custom word is not a great form of storage, treat your passphrase just like you will treat your seed phrase don’t just keep them on same storage place, keep the Separate.

Yes you can extend the seed phrase you have created its wallet before but just be aware that it is a whole new and different wallet and you will to send the coins on the wallet seed phrase without extended word to the newly added extended seed phrase. You can even leave small funds on the first wallet as decoy.

But becareful the seed phrase you’re extending if it is an already exposed or compromised wallet then there can be a way the hacker can maybe use brute force if he senses the wallet has been extended which will be easier to brute force than a new wallet

Quote from: UmerIdrees on December 08, 2024, 07:54:19 AM

2nd Question:- If someone get into my PC and get the wallet file from this location (C:\Users\Umer\AppData\Roaming\Electrum\wallets), can he access my wallet (on another computer) without the seed phrase ?

Yes he can import this file into same wallet and then recover it, recovery is done in two ways either through keys/phrases or using file. That’s why a wallet is been passworded

virasog

legendary

Activity: 3136

Merit: 1172

Leading Crypto Sports Betting & Casino Platform

Quote from: UmerIdrees on December 08, 2024, 07:54:19 AM

While creating the new electrum wallet, is it recommended to extend the seed phrases and memorize the extended ones only. I mean write the 12 word seed phrases on a piece of paper and remember the extend phrase, this way even if someone sees your seed phrases on the piece of paper, he or she cannot access the wallet as the extended phrases is not known. Increase in security, isn't ?

Just be careful when you extend the seed phrase. I once did this and later I was not able to recover my wallet for some time. The mistake I was doing was that I was putting the correct extended seed phrase but there was a capital letter and I was entering small ones.

These extended seed phrases are case-sensitive.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Leading Crypto Sports Betting & Casino Platform

Best not to trust your memory. Backup your seed phrase and passphrase in separate locations which is better.

You can always add passphrase to seed phrase. Each passphrase will result to the generation of different keys and addresses. Which means it is possible but leading to generation of different wallets.

Quote from: UmerIdrees on December 08, 2024, 07:54:19 AM

2nd Question:- If someone get into my PC and get the wallet file from this location (C:\Users\Umer\AppData\Roaming\Electrum\wallets), can he access my wallet (on another computer) without the seed phrase ?

If your wallet password is known, the attacker can know your private key which can be used to get access to your coins. If the wallet is not encrypted, the attacker do not need the password to get access to your coins. That is why it is good to password your wallet.

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: Hatchy on December 08, 2024, 08:01:08 AM

I don't think that's fisible. By just copying your wallet file the hacker would still need to input your seedphrase or keys to access your wallet. So always make sure to store your keys offline and not in your computer even if it's a cold storage..

This is wrong.
Anyone who has access to your wallet file (and knows the password, if it's encrypted) can steal your fund without any need to your seed phrase.
Take note that the wallet file contains the master private key and that can generate all the private keys.

Generally, for accessing your fund, you need to have either the wallet file (+ password, if it's encrypted) or the seed phrase (+ passphrase, if there's any).

Hatchy

sr. member

Activity: 336

Merit: 365

The Alliance Of Bitcointalk Translators - ENG>PID

The pass phrase or extended words adds an additional later of security to your wallet making it difficult for hackers to login directly to your main wallets. You should know that this can only be done upon creation of a new wallet. You can't extend your seed phrase after the Wallet has already been created that because all the addresses and private keys will be unique to that seed phrase.

Quote

2nd Question:- If someone get into my PC and get the wallet file from this location (C:\Users\Umer\AppData\Roaming\Electrum\wallets), can he access my wallet (on another computer) without the seed phrase ?

I don't think that's fisible. By just copying your wallet file the hacker would still need to input your seedphrase or keys to access your wallet. So always make sure to store your keys offline and not in your computer even if it's a cold storage..

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: UmerIdrees on December 08, 2024, 07:54:19 AM

While creating the new electrum wallet, is it recommended to extend the seed phrases and memorize the extended ones only. I mean write the 12 word seed phrases on a piece of paper and remember the extend phrase, this way even if someone sees your seed phrases on the piece of paper, he or she cannot access the wallet as the extended phrases is not known. Increase in security, isn't ?

Right. If you have extended your seed phrase with a passphrase, anyone who has access to your seed phrase needs the passphrase too.
Just note that if you forget your passphrase, you won't be able to access your wallet. So, you may want to consider writing your passphrase some where separated from your seed phrase and not trusing your memory.

Quote from: UmerIdrees on December 08, 2024, 07:54:19 AM

Secondly, i have already a seed phrase of my wallet, can i add extend the seed with custom words later or this option only available while creating wallet ?

With adding a passphrase to your seed phrase, you generate a different wallet with completely different addresses.

Quote from: UmerIdrees on December 08, 2024, 07:54:19 AM

2nd Question:- If someone get into my PC and get the wallet file from this location (C:\Users\Umer\AppData\Roaming\Electrum\wallets), can he access my wallet (on another computer) without the seed phrase ?

If your wallet is encrypted, the thief will need the password too.

UmerIdrees

hero member

Activity: 2464

Merit: 877

While creating the new electrum wallet, is it recommended to extend the seed phrases and memorize the extended ones only. I mean write the 12 word seed phrases on a piece of paper and remember the extend phrase, this way even if someone sees your seed phrases on the piece of paper, he or she cannot access the wallet as the extended phrases is not known. Increase in security, isn't ?

Secondly, i have already a seed phrase of my wallet, can i add extend the seed with custom words later or this option only available while creating wallet ?

2nd Question:- If someone get into my PC and get the wallet file from this location (C:\Users\Umer\AppData\Roaming\Electrum\wallets), can he access my wallet (on another computer) without the seed phrase ?

Topic: Protecting the Seed phrases by extending it (Read 219 times)