Topic: Seed phrase and passphrase backup - page 2. (Read 330 times)

It depends.

You may take easy-remember-pattern, repeat it say n-times, hash it and get literally unbreakable password.

For instance SHA256[^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(^&*(] =  1CC3DDE752FF34619AE8AAF7403DBF5EDFA6185FF23FE62ECCFA503BBD0DEF79

requires ~ 10⁶⁰centuries to break assuming 10¹¹ guesses/sec.

P.S. Could have been 10⁹ times wrong in above calculation, made in a hurry,  but  10⁹ compared to 10⁶⁰centuries   doesn’t matter  

Declaimer: don't use above password.

If you have 5 wallets and want strict security measures for each of them I hope you have at least 5 Bitcoin or their equivalent between Bitcoin and altcoins, otherwise it seems to me that you are too paranoid. It's a problem I see with Bitcoin, if I have $100K in the bank, hypothetically authorities can seize it, or freeze it, or make it difficult for me to move it if I want to move to another country, but I am not at risk of losing them due to a $5 wrench attack.

Since you don't give more data, what I would do would be:

1. Have fewer wallets.
2. Consider that some of the wallets should be multisig.
3. Have fewer backups.

And I would never store anything online neither seeds nor passphrase.

There is no such thing as a very secure cloud environment. Anything on the cloud is at risk.

I would point out that this passphrase could be better. There is no need to use repeating characters, no need to use a pattern, no need to have the second half an invert of the first half, and so on. Each of these things decreases the security. A better 23 character passphrase would look something like this:

L(9Nm>&@dn;+Ej_:e>!fnpd
k@T(4zadT:A~(aU'*[+nWk}
)d3}cx>c#'95g{\Q&Kp"~$Y

23 characters or 500 characters - if you are saving it online it makes no difference. It is at the same risk of being compromised, and is only as safe as the security of wherever you are storing it (which will likely be much less than the security of 23 random characters).

If you must back up something electronically, then I would suggest using an airgapped device, encrypting it, and storing it on a USB drive or SD card which will only ever be plugged back in to the same airgapped device. But then of course you now have the problem of where you back up your encryption key.

You may have BIP 85 compliant wallet which is capable to generate bunch of child-seeds from master SEED. In this case it is sufficient to have one single  backup of  master-Seed.

The list of hardware wallets with above feature can be found here.  

AFAIK, the only software wallet which supports BIP 85 is AirGap Vault. Being installed on Android cellular it turns the latter phone  into device with security comparable to dedicated hardware wallets.

It's ok but just believe that not everyone will definitely have a take on using this kind of method, we have individual preference when it comes to securing the seed phrase backup techniques.


They both have their advantages and disadvantages, backing up seedphrase in different locations could serve it own danger if you're unable to have access to the second location where the remaining seeds were backed up, using this kind of method could also be somewhat risky in the sense that if you get attacked by someone who is highly intelligent in cryptography, coding and many of these machines language, they can decrypt your code by any means if they wish to, these are rare genius.


As for me, NO
I don't trust anything online backup system.

Very bad idea to store it online. Because if even one person gets a hold of your password hash, they can simply upload it and similar hashes to a website such as hashkiller.io (a site that specializes in cracking passwords) and the distributed network of hackers with GPUs and CPUs will be able to smash it in no time.

There is no reason to back up the password anyway, since if you lose the wallet file, its game over. That's one of the advantages of backing up the mnemonic phrase instead of the password, because you can actually restore the wallet from a mnemonic.

I think people will know that I am talking about BIP39 passhrase, which you can also call extended word.


Thank you for this reply. I will go for the short 23 character passphrase can contain character like this ._- numbers and alphabets in lower and upper case like this:

_-\A.bb.ccc&zzz.yy.X/-_

I wish to go longer if I save it online, but offline is always safer. 23 characters will not be hard to put down on paper.

It is also good to mention that the passphrase should be backup in different places offline and not with seed phrase.

there's a big difference between a passphrase and an extension word...

In case of a password/passphrase/pin =>  If you have the same seedphrase and use it on different wallets and use a different passphrase (or pin, or password), you're undermining your security. If one of those wallets is vulnerable and the attacker is able to get his hands on either the seed or the mpk, the attacker is able to rob all 5 wallets since the password merely encrypts the mpk, so it doesn't matter if you used different passwords to encrypt said mpk (since he'll steal the unencrypted version anyways... Or the encrypted version which only needs to be bruteforced once, not 5 times).

If you're extending your seed with a 13th or 25th word, things are a bit different... This being said, if for some reason an attacker exploits a weakness in the wallet that allows him to capture the first 12 or 24 (or whatever number) of seedwords, he only has to bruteforce this extension word 5 times, which is far easyer than bruteforcing the complete seed + extension word (which is impossible). Offcourse, a long extension word makes this a lot harder (if not practically impossible). This is basically my setup, but i keep no unencrypted version of my seedphrase and i only use hardware wallets to store my funds.

For your next question: keeping the password or the extension word in an online password manager decreases your security... If an attacker is able to exploit an attack vector that lets him get his hands on your seed phrase he no longer needs your password. Keeping an extension word in an online password manager will require him to steal your seed + brute force his way into your password manager, which is hard (but certainly not as safe as keeping everything offline).

Basically, the "ideal" way to create the wallets is completely offline seed creation + completely offline extension word. The best way to store the seeds are 5 different seeds + 5 different extension words saved in at least 2 safe places, and never store seed + extension word @ the same place... All other things described in your post decrease your security.. This being said: you might be fine willing to decrease your secutiy in order to increase your redundancy of backups, but that's very hard for a thirth party to decide... You're probably fine re-using the seed and adding a very long extension word that you keep in a very secure cloud environment using a very hard passphrase for encryption, but I would never do this since for me it wouldn't feel secure enough (but maybe for you it does?).

Personally, i have one 24 word seed phrase + several extension words. I use this seed on my 2 hardware wallets, and i keep said 2 hardware wallets in two safe places. I have different wallets on both hardware wallets by using the different extension words. I then used ssss to split the seed up into 3 parts using a 2 out of 3 scheme with passphrase encryption and i stored the 3 slices in 3 very safe places. I did not keep several copy's of the seed phrase, since i have 2 physical wallets + one encrypted copy of the seed phrase split in 3 parts using a 2/3 ssss scheme. Odds of me losing both hardware devices and 2 out of 3 slices are negligible (since the storage spots are physically far apart... It would basically need an atomic bomb nuking half my country in order for me to lose access to my wallets).

If an attacker:

• gets his hands on one slice: he can't do anything since he needs 2
• gets his hands on two slices: he needs to bruteforce the passphrase of the ssss scheme + the extension words
• gets his hands on a physical hardware wallet and bruteforce the pin + the extension words

The thing does remain: there are always attack vectors... The more attack vectors you eliminate, the bigger the odds of you losing access to your wallet or funds... If you try to make up schemes to make sure you will never lose access to your funds, you'll inevitably open up very small attack vectors for potential thiefs. It's very hard to find a balance.

Assuming you want to have five wallets. Let us say 2 for bitcoin and 3 for altcoins. Having more than one because it is good not to have only just one wallet. Because of that, you split the coins into 5 wallets. I also prefer to use bitcoin only wallet for bitcoin.

For one seed phrase, you can have three backups which is what people are saying on this forum. For 5 wallets, that is 15 backup. If you will keep the backup in different places, that is becoming impossible.

What about having only one seed phrase and backup the seed phrase in three places on a paper. If you want to generate the 5 wallets, you will set different passphrase and have only 1 seed phrase.

Example of the passphrase:

_-\A.bb.ccc&zzz.yy.X/-_

I can make it longer like this if I have the passphrase backup online:

$+$-sbdgsgsgs$+$-362+2;$;_-$:_;$)$+_+$+3+$_-(3shdhrhe3+$-jsjdhrh_+$-#-#ehsh$!$-$-$eudydhdbs$-$&363

That is 23 characters long which will be difficult to brute force. Another thing is that if you have the backup in different places, people that see it will not know that it is passphrase.

These are my questions:
Is the method good?
Is this better than having just seed phrase backup in different locations?
Can you have the passhrase backup encrypted on online password manager so far the seed phrase backup are offline

The proper way is to have different seed phrase and passhrase. But the backup is getting difficult for me because I do not have safe places to keep the backup anymore because the seed phrase are getting plenty.

If I have three backup for just one seed phrase, I can use my memory for the fourth backup and have the passphrase online encrypted and protected on a password manager.

I do not want posts like do not memorize seed phrase. We all know that. I depend on my backup, the fourth is just for emergency purpose.