Pages:
Author

Topic: Why doesn't every hardware wallet support two-factor seed phrases? (Read 647 times)

sr. member
Activity: 1190
Merit: 469
Heh. No. of course no attacker will believe that. It's a running joke. Unfortunately I am very careless and lose all my bitcoin in a boating accident at least three times a year. Wink
someone would have a better chance of convincing the government they lost their guns than their crypto in a boating accident. Shocked
legendary
Activity: 2268
Merit: 18771
That is quite a careless habit you've developed
Tell me about it! Every time I move some bitcoin to a cold storage wallet, I lose it within 24 hours. Every damn time!

I tend to store my seeds in the same places I store my firearms, so my bitcoin is just as vulnerable.
Might as well save yourself some time here and just engrave your seed phrases directly on to your firearms. Wink

And I haven't even owned a boat in last 4 years.
What a coincidence! I also lost my boat in an unfortunate boating accident.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
Unfortunately I am very careless and lose all my bitcoin in a boating accident at least three times a year. Wink

That is quite a careless habit you've developed, but it seems pretty typical for a red-blooded, freedom-loving American.  I've been losing firearms in unfortunate boating accidents since the early aughts.  I tend to store my seeds in the same places I store my firearms, so my bitcoin is just as vulnerable.  Wink

And I haven't even owned a boat in last 4 years.   Grin
legendary
Activity: 2268
Merit: 18771
well you got all the bases covered.
I certainly hope so! I do think it is important to examine your security set up from every possible angle to protect against loss, disaster, forgetfulness, theft, etc.

you're joking right?  Huh  just don't expect an attacker to believe that...
Heh. No. of course no attacker will believe that. It's a running joke. Unfortunately I am very careless and lose all my bitcoin in a boating accident at least three times a year. Wink
sr. member
Activity: 1190
Merit: 469
Of course I also have a number of wallets which are used on a regular basis with frequent transactions, but such wallets are obviously not my main cold storage wallets and do not contain large amounts of funds. These wallets would be the first to go in the case of a $5 wrench attack. If an attacker is unsatisfied with such wallets and keeps going in search of a cold storage wallet, then I can hand over one or more such cold storage wallets which instead of being filled with regular transactions have the transaction pattern I described above - one or two deposits followed by months or years of inactivity. And as Pmalek said, the compromise of any of my wallets provides absolutely zero clues as to the existence of any other wallets.
well you got all the bases covered. i thought i would be able to find some weakness in your strategy something you weren't doing but seems like you have it all done properly. so congrats.

Quote
And actually I just recently lost all my wallets once again in yet another unfortunate boating accident! Wink
you're joking right?  Huh  just don't expect an attacker to believe that...
legendary
Activity: 2268
Merit: 18771
i don't know if a scenario like that is believable that you would only have bitcoin in cold storage but not a wallet that you use everyday.
Of course I also have a number of wallets which are used on a regular basis with frequent transactions, but such wallets are obviously not my main cold storage wallets and do not contain large amounts of funds. These wallets would be the first to go in the case of a $5 wrench attack. If an attacker is unsatisfied with such wallets and keeps going in search of a cold storage wallet, then I can hand over one or more such cold storage wallets which instead of being filled with regular transactions have the transaction pattern I described above - one or two deposits followed by months or years of inactivity. And as Pmalek said, the compromise of any of my wallets provides absolutely zero clues as to the existence of any other wallets.

And actually I just recently lost all my wallets once again in yet another unfortunate boating accident! Wink
legendary
Activity: 2730
Merit: 7065
i don't know if a scenario like that is believable that you would only have bitcoin in cold storage but not a wallet that you use everyday. anyone that has any common sense would know that you have to have some hot wallet and demand to see that too. hopefully you have some decoy hot wallets too.
o_e_l_e_o has already said that you can't connect any of his multiple wallets through transactions coming in or going out. He mixes his coins to break the links. The discovery that wallet #1 belongs to o_e_l_e_o would therefore not lead you to blockchain evidence proving that wallets #2 and #3 are also o_e_l_e_o's. I am sure he has hot wallets and coins he would give you if you attacked him in his home. But if he did everything correctly, you are never going to know the person you are stealing from is o_e_l_e_o, and you can't possibly know how many other wallets he has and where.   
sr. member
Activity: 1190
Merit: 469
I'm not sure about that. I have a handful of wallets purposefully for long term cold storage that simply have one or two deposits in to them, sometimes years ago, and no further activity since then. That's exactly what a main cold storage would look like. It's not going to be a wallet I'm spending from on a regular basis.
i don't know if a scenario like that is believable that you would only have bitcoin in cold storage but not a wallet that you use everyday. anyone that has any common sense would know that you have to have some hot wallet and demand to see that too. hopefully you have some decoy hot wallets too.

hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
otoh, if they see that there was only a single deposit or two made to this wallet you gave them with no other activity they might begin to suspect you did it for that purpose...
I'm not sure about that. I have a handful of wallets purposefully for long term cold storage that simply have one or two deposits in to them, sometimes years ago, and no further activity since then. That's exactly what a main cold storage would look like. It's not going to be a wallet I'm spending from on a regular basis.
You are both right; some people have a 'cold wallet', note down its first receiving address and dollar-cost-average new coins into it every day, week or month, for instance. Or whenever they have extra money (fiat or Bitcoin) to move to their long-term cold storage investment.

Others buy a lump sum once and don't touch it (or save up more BTC into other wallets).

All this ambiguity is great for plausible deniability, because it means even a single deposit into a decoy wallet could represent the whole stash (as long as it is large enough).
legendary
Activity: 2268
Merit: 18771
I have never looked into what derivation paths Electrum scans
You can find them here: https://github.com/spesmilo/electrum/blob/master/electrum/bip39_wallet_formats.json
Scans 14 in total - all the usual ones you would expect, plus a couple of unusual ones from specific wallets.

but I am guessing the software scans a bunch of paths for change addresses as well, does it?
It does now, after I opened an issue about lost change last year: https://github.com/spesmilo/electrum/issues/7804

Or does change automatically get recovered together with the correctly selected coin type and account number?
The way it works is that it scans the first derivation path on the list above for any transactions on either the first 20 receiving addresses or the first 10 change addresses. If it finds some transaction history, then it will recover the entire wallet, and it will also increment the account number by 1 for that specific derivation path and check that wallet too. It will repeat this process until if finds an empty wallet, and then move on to the next derivation path on the list above.
legendary
Activity: 2730
Merit: 7065
And then you've got software like Electrum, which will scan a bunch of commonly used derivation paths for you if you forget.
I have never looked into what derivation paths Electrum scans, but I am guessing the software scans a bunch of paths for change addresses as well, does it? Or does change automatically get recovered together with the correctly selected coin type and account number? Some non-standard wallets probably customize this as well that Electrum may or may not know about.
legendary
Activity: 2268
Merit: 18771
hopefully the decoy coins amount to enough cash that they don't become wise to what you're doing.  you certainly don't want to be cheap there. it needs to be enough so that they actually believe you don't have a secondary stash somewhere that is bigger. because if they believe that then you got a whole other problem, convincing them that your net worth is that small. oh and here's a free tip: don't have any 2 ways transactions between your decoy and main wallet since when the robbers get home and see that your decoy coins are related to a bigger wallet, they might possibly pay you another visit.
Correct on all counts. I actually said just this in another thread just a few days ago: https://bitcointalksearch.org/topic/m.61679886. You decoy wallets need to plausibly be your entire stash, and there must be no links (physical, electronic, or blockchain) between your decoy wallets and your main hidden stash.

otoh, if they see that there was only a single deposit or two made to this wallet you gave them with no other activity they might begin to suspect you did it for that purpose...
I'm not sure about that. I have a handful of wallets purposefully for long term cold storage that simply have one or two deposits in to them, sometimes years ago, and no further activity since then. That's exactly what a main cold storage would look like. It's not going to be a wallet I'm spending from on a regular basis.
sr. member
Activity: 1190
Merit: 469

This is not a good idea,
i know it's not a good idea i think the point i was trying to make though is by splitting up the passphrase into two parts, it makes it even harder for someone to discover it. so more security right? well, not so fast. there's also the issue of making things more complex for the owner of the wallet. the more complexity equals more possibility for problems to occur.

Quote
People who are trying to make stuff to complex usually end up losing access to stuff they are trying to hide.
 
exactly. that's why i'm not even a huge fan of the additional passhprase but i do understand it has merits. Cheesy
legendary
Activity: 2212
Merit: 7064
notice i was referring to splitting up the passphrase not the seed phrase. two different things. splitting up the passphrase would still provide - could still provide - plausible deniability. you would just need to remember which part came first.
This is not a good idea, and remember that this is not ultimate protection for your assets, that can be brute force attacked, and keeping anything in your brain/memory is highly unreliable thing.
Please don't come up with this ''revolutionary'' splitting techniques for anything, because many security experts say that this is recipe for disaster.
People who are trying to make stuff to complex usually end up losing access to stuff they are trying to hide.
 
sr. member
Activity: 1190
Merit: 469
That's a fair point. But if you check your derivation path, and it is the standard and very common m/84'/0'/0' for example, then I wouldn't feel the need to back that up as well, knowing how ubiquitous such a derivation path is and how easy it will be to recover from it in the future, even if I forget.
i could agree with that.  Cheesy

Quote
Having said that, splitting up a passphrase certainly can provide plausible deniability, especially if you then put some decoy coins on the wallets which were generated from both halves of your passphrase being used individually.
hopefully the decoy coins amount to enough cash that they don't become wise to what you're doing.  you certainly don't want to be cheap there. it needs to be enough so that they actually believe you don't have a secondary stash somewhere that is bigger. because if they believe that then you got a whole other problem, convincing them that your net worth is that small. oh and here's a free tip: don't have any 2 ways transactions between your decoy and main wallet since when the robbers get home and see that your decoy coins are related to a bigger wallet, they might possibly pay you another visit.  Shocked

otoh, if they see that there was only a single deposit or two made to this wallet you gave them with no other activity they might begin to suspect you did it for that purpose...
legendary
Activity: 2268
Merit: 18771
ok but if you never actually check what the derivation path is then how do you know it's not something unexpected? you really don't. that's why i'm always going to see if the expected derivation path is actually the path the funds are on. that's a very important check to do instead of just assuming "oh this is wallet xyz everyone says it uses such and such path so i don't need to check anything".
That's a fair point. But if you check your derivation path, and it is the standard and very common m/84'/0'/0' for example, then I wouldn't feel the need to back that up as well, knowing how ubiquitous such a derivation path is and how easy it will be to recover from it in the future, even if I forget.

notice i was referring to splitting up the passphrase not the seed phrase. two different things. splitting up the passphrase would still provide - could still provide - plausible deniability. you would just need to remember which part came first.
Ahh apologies, I misread. I'm still not a fan of splitting up an individual component of a back up, and much prefer that if you want to set a threshold of multiple back ups to recover your wallet then to use multiple components, such as seed phrase plus passphrase, or multi-sig. Having said that, splitting up a passphrase certainly can provide plausible deniability, especially if you then put some decoy coins on the wallets which were generated from both halves of your passphrase being used individually.
sr. member
Activity: 1190
Merit: 469
I don't think you can reach conclusions about bitcoin based on what some random altcoin is doing. Any worthless altcoin can decide to use completely moronic derivation paths if they want, as can any random piece of terrible wallet software. If you stick to reputable software using known processes, then the derivation paths are largely standardized.
ok but if you never actually check what the derivation path is then how do you know it's not something unexpected? you really don't. that's why i'm always going to see if the expected derivation path is actually the path the funds are on. that's a very important check to do instead of just assuming "oh this is wallet xyz everyone says it uses such and such path so i don't need to check anything".

why not split your passphrase into 2 parts and store one somewhere and the other part somewhere else? that's even more secure right?
Quote
As discussed above, it does not provide any plausible deniability which is one of the main benefits of a passphrase. And talking of human error, there are countless examples of people who have tried to be smart and split up their seed phrase and ended up making a mistake and locking themselves out of their wallet.
notice i was referring to splitting up the passphrase not the seed phrase. two different things. splitting up the passphrase would still provide - could still provide - plausible deniability. you would just need to remember which part came first.

Quote from: Welsh
In most cases, a simple physical backup of a seed phrase or private key is secure enough. As long as it's secured physically. That eliminates online attacks, and realistically you're only at the mercy of your local population.
this is a reasonable point of view. i think the local population is an important concept. that's really who you're most concerned with when you hide a seed phrase. they are the only ones that could possibly discover it thus i don't see the need for a passphrase. that just adds to the risk of something going wrong and you losing one or both. but to each their own. not saying passphrases are bad but i don't think they are for newbies.
staff
Activity: 3304
Merit: 4115
As discussed above, it does not provide any plausible deniability which is one of the main benefits of a passphrase. And talking of human error, there are countless examples of people who have tried to be smart and split up their seed phrase and ended up making a mistake and locking themselves out of their wallet.
I feel like a broken record, because I've said I feel like a broken record before about a similar discussion, but it's the common theme of security vs convenience, and actually convenience is partly security. You make something too complex, and you'll likely forget it or potentially mess up during the creating of it or when verifying it.

In most cases, a simple physical backup of a seed phrase or private key is secure enough. As long as it's secured physically. That eliminates online attacks, and realistically you're only at the mercy of your local population. Depending on how you secure it, will depend how likely it's it'll get compromised. However, let's be honest there's some pretty simple ways of doing it, which which would basically eliminate any common thief that happens to wonder in your house.
legendary
Activity: 2268
Merit: 18771
maybe it is for you but i have experience where the derivation path was m/44'/60'/0'/0 but no one knew that. i spent a long time researching and googling it before i came across it. that's an ethereum wallet but the point still stands.
I don't think you can reach conclusions about bitcoin based on what some random altcoin is doing. Any worthless altcoin can decide to use completely moronic derivation paths if they want, as can any random piece of terrible wallet software. If you stick to reputable software using known processes, then the derivation paths are largely standardized.

why not split your passphrase into 2 parts and store one somewhere and the other part somewhere else? that's even more secure right?
As discussed above, it does not provide any plausible deniability which is one of the main benefits of a passphrase. And talking of human error, there are countless examples of people who have tried to be smart and split up their seed phrase and ended up making a mistake and locking themselves out of their wallet.

When there are standardized methods of doing something, which are tried and tested and provably more secure, then coming up with your own ad hoc system is almost always a recipe for disaster.
sr. member
Activity: 1190
Merit: 469
If you stick to the standard BIP44/49/84 derivation paths, then this step is unnecessary in my opinion. Those paths are so ingrained in the wider bitcoin ecosystem that even if you forget them you will have no problem recovering from them in the future.
maybe it is for you but i have experience where the derivation path was m/44'/60'/0'/0 but no one knew that. i spent a long time researching and googling it before i came across it. that's an ethereum wallet but the point still stands. from that experience i learned about the importance of storing the derivation path because one little change like if you turned m/44'/60'/0'/0 to m/44'/60'/0/0 who would know how to fix that? no one would. you would just be making wild guesses. kind of like a brute force search.



Quote
I'm not denying that, but it is still a mistake to think you are immune to human error.
well yeah i mean i'm not immune to making errors. i need to test things that i'm doing to make sure they are functioning the way they were intended to. i'm just not convinced on the security aspect of an additional passphrase. that's all. why not split your passphrase into 2 parts and store one somewhere and the other part somewhere else? that's even more secure right?
Pages:
Jump to: