Topic: Why doesn't every hardware wallet support two-factor seed phrases? - page 2. (Read 583 times)

If you stick to the standard BIP44/49/84 derivation paths, then this step is unnecessary in my opinion. Those paths are so ingrained in the wider bitcoin ecosystem that even if you forget them you will have no problem recovering from them in the future. Hell, I would bet the majority of users don't even know what derivation path they use, because if they import their seed phrase in to some other piece of software it will almost certainly find their coins on these standard paths. And then you've got software like Electrum, which will scan a bunch of commonly used derivation paths for you if you forget.

It would only be if I were using a non-standard and custom derivation path for some specific reason that I would also back it up.

I'm not denying that, but it is still a mistake to think you are immune to human error.

well i wrote it down on a piece of 8.5 by 11 inch paper not only the seed phrase but some other important details like the derivation path and what software wallet it uses. i think those things are important. you cannot recover a seed phrase without knowing the derivation path unless you know the software you used...so when all was said and done i had used up about half of the sheet of paper. maybe i write big.

backups that i write on a piece of paper i already admitted i don't think those can be easily hidden. and they stick out like a sore thumb if someone happens to catch a glance of it.

organizations have different attack surfaces than individuals. they have more weaknesses when it comes to protecting sensitive information. the more people that know or have access to the information or could get access to it through someone they do know just multiplies the risk factor. a rogue employee that became unreliable and acted improperly you can have all the security in the world but if you put too much trust into one person then you can be doomed. show me a case where the US government had a 5 of 7 bitcoin wallet and they were able to brute force it because 3 of the 7 people because untrustworthy. organizations have attack surfaces that are vastly different than people like you and me.

A slip of paper is too big?

So you do agree that back ups are not immune to being found by an attacker.

I would suggest that multi-national tech giants like Google and Apple though to US government agencies including the FBI and the Pentagon all have serious security protocols in place, and yet all of these entities have suffered hacks or compromises. Maybe there was some human error involved, but that doesn't mean you are immune to making a mistake either. All the more reason to use a system which mitigates human error. Accidentally reveal your seed phrase? Thankfully you've not lost everything because you are using an additional passphrase.

i wrote down my seedphrase on a piece of paper recently but it didn't make me feel too good. i felt like no matter where i put it, since it is so big it would be easy for someone else to find it too. but i don't want a passphrase. that's just another thing that someone could find and maybe i forget where i put it or something. without both of them i would be screwed too. so if someone found one of them and not the other then they might not be able to get my money but neither would i!



tell me an example of someone that had a serious security protocol in place who "tripped up". that's the person i'm interested in hearing about because ultimately they had to have done something wrong. i'll let you know when i make my microscopic seed phrase backup. 

Once again, you are coming up with fantastical scenarios which are in no way based on reality. It's easy to come up with theoretically immune systems, but I am not aware of a single person who has microscopically engraved their seed phrase on to some object, and I'm guessing you aren't either. People don't do this. People write down their seed phrase on a piece of paper, and store it somewhere with varying amounts of security. Even stored somewhere very secure, it will not be immune to discovery, so an additional passphrase provides useful additional security.

Yes, you should be hiding your back up somewhere very secure, and yes, you can make it very unlikely to be accidentally discovered, but this assumes universally good security practices throughout the entire community (which will never happen), and even then, there is not a 0% chance of compromise. Even one of the bitcoin devs recently lost hundreds of bitcoin through poor security practices. If a bitcoin dev can trip up, then the average user can definitely trip up too.

well if you're going to be stamping your seed phrase onto a honking piece of metal then yeah, i mean anyone could possibly stumble upon it no matter how well you hide it. most people don't have the capability to do it but if you could reduce it to a microscopic size then it does become immune to unintended discovery. that's just the way it is. i suppose you think you could prove me wrong if i hid a microscopic seed phrase somewhere in my house and then give you as long as you want to to search through the entire house. do you really think you're going to find it even then? i think not. that's why i say it is pretty much immune to that issue.

i mean if you're writing your seed phrase down on a big 8.5x11 sheet of paper so that anyone can easily read it then yeah, i mean, that could be discovered quite easily most likely. there's nowhere you can hide that to make it immune to unintended discovery most likely. some people might disagree with even that though...

it's not realistic to think that a microscopic item can be discovered accidentally or even if someone was specifically searching for it. it's too small. you could be looking right at it and not even know what it was. but i know you would say you would lug around a huge magnifying glass that you inspected every single inch of the entire house. good luck. i doubt you would be successful even given unlimited time and resources...

And there is no back up which is is immune to unintended discovery either. So if you want to mitigate this risk, then you need a system where the discovery of said back up does not result in immediate compromise of your wallets.

Strongly disagree. You should be considering every realistic avenue in which your coins can be stolen, not just the most likely one.

there are 2 types of risk when storing a seedphrase on some physical medium as a backup. one is the risk of unintended discovery and the second is the risk of loss. a perfect backup would be immune to both of those. i was referring to unintended discovery not to the loss risk.
  
maybe it is safe from loss but not from unintended discovery. and because of that, it might become unsafe from loss if a powerful enough adversary decided to try and attack it.

if the risk is lower than other risks such as the risk of loss then it makes little sense to worry about the risk of unintended discovery.

Then you would be the first person in world to have a perfect security set up with no risk of compromise. There is no such thing as 100% safe. To quote Gene Spafford:


Maybe your seed phrase back up is "safe enough", but getting complacent and assuming there is no risk of it being discovered is a recipe for disaster. And since there is always a risk of it being discovered, then there is little to lose by mitigating that risk by using an additional passphrase.

the only additional benefit/security i can see from adding on a passphrase is the plausible deniability that MIGHT protect someone if armed bandits held them hostage and demanded their bitcoin. but if someone knows how to store their seedphrase properly then it is really not at risk of being discovered by anyone.

it is nice that you can have one seedphrase and re-use it as many times as you like by just changing the "passphrase".

yeah if it has a balance on it then that makes things much easier to detect if something went wrong on the passphrase entry step.

Every single possible passphrase will create a new, valid wallet. Those will at first all be unfunded, of course, so you can 'find' your wallet again either by noticing there is a balance on it (after having sent some funds to it) or - as Leo said - writing down an address and verifying that when you enter the passphrase for the second & third time, you get the same address again.

Not every time - just the first time. Once you've confirmed that you have definitely entered the correct passphrase the first time, by performing the process twice (or three times) and checking you reach the same set of addresses each time, then presumably you are going to fund the wallet. Every future time you enter the passphrase, you'll know that you entered it correctly because you will reach your wallet containing your coins.

But the chances of your seed phrase being compromised and your coins being stolen are exponentially higher than the chances of both your seed phrase and your passphrase being compromised.

That's the beauty of passphrases. There is no "right" wallet. Your hardware and software has absolutely no idea which wallet is the right wallet, and any string is a valid passphrase. This means it is harder to attack, and it gives you plausible deniability. This is a feature, not a bug.

i guess but anytime you ever have to enter your passphrase, it seems like (as you mentioned) you would have to do some type of additional verification that you have the right wallet. that seems like a real pain. the chances of something going wrong are higher than me not using a passphrase and someone figuring out my seed phrase. i think we could agree on that.

i don't use passphrases so maybe i'm not so knowledgeable on how many times you have to enter it. but maybe just once when you originally set it up? that being the case maybe what you said is feasible mitigation. i just dont like having to rely on some external data such as an address to tell me i have the right wallet. 

I'm not sure I follow you here. Once you've entered the passphrase, your wallet software will use it along with your seed phrase to derive your master keys for that wallet. A salt of that length will make no noticeable difference to the length of time it takes to derive the master keys, and once the master keys are derived, then everything from that point on is identical. The only difference is how long it will take you to enter the passphrase, which I agree on a hardware wallet will take a significant amount of time selecting one character at a time.

What algorithms were being used to assess the entropy? Adding a space might be classed as a "special character", of which there are 33 in ASCII, meaning you go from 26 possibilities for each character (assuming only lower case letters), to up to 59 possibilities for each character, which gives you a falsely elevated entropy result. Different algorithms also make different assumptions about how much knowledge of the password the attacker has.

Which is no different to just writing down the passphrase on paper, as I've been saying all along.

Agreed. It's a drawback, but also an advantage. The mitigation is to enter your passphrase, note down the first address, reset your wallet, enter your passphrase a second time, and check the first address matches what you wrote down from the first round. Repeat a third time if you like to be extra sure.

Then you could also store a seed phrase backup on a piece of paper glued between two pages in any book that you're confident is stored safely..
Or highlight 12/24 words across the book which, read front to back, result in the seed phrase. This has all been discussed over the years, though.

Yeah, that hyphen due to the column width was kind of unexpected. Other online versions don't have that hyphen. But the printed book apparently does.

those things can be dealt with by owning the book and highlighting the passphrase and then storing the book somewhere safe.

well lets say you decide to string together the hashes of the first 3 blocks of the blockchain.


as long as i store instructions about how to perform the above operation then i don't really need to write down all of that on paper. whether that is a suitable approach for a bip39 passphrase is a matter of other discussion but i'm not trying to argue that.

thats one of the serious drawbacks of the bip39 passphrase. there is no checksum for it. so the software has to accept whatever you type in and go with it.
you can have the last word on that.  

oh ok. in that case the argument seems to be reasonable however as you said, it is a rough argument and we don't actually know how many such 24 word seed phrases exist, if any. But according to your logic, it would be very quick to find one...

Very well possible, but what I'm saying is that if he downloads a different version of the (supposedly) same text, it may have different whitespace characters (impossible to tell with the naked eye) or other little changes that will be hard to spot / recognize and fix.

I can only imagine how long you would have to wait to confirm every transaction with this long text...... this is almost impossible to use in real life.
Why don't you simple ask ChatGPT and other AI crap tools to tell you what you should use for passphrase, you can even ask AI to generate 24 seed words for you, I am sure it's safu (not).  

I think that passphrase with spaces is giving much better results compared with same words combined into one.
I tried testing this for different passphrases (for password managers) and I almost always got better entropy results with spaces.
Can anyone explain why this is happening in simple words and does it really matter or not?

Imagine different revisions using different quotation marks..
“ ” " " ‘  ’ ' ' « »

There is also a chance of spaces being replaced with other types of whitespace. I notice that from time to time when copying some code snippets from a website into my editor. It looks like a space on the website, but the editor reveals that it's actually not an ASCII 0x20.

And of course line breaks being in different places and / or types of line breaks; CRLF vs. LF.

Honestly, that's a terrible choice of passphrase.

There is too much formatting which is very prone for error. Did you accidentally include a space before the line break? Did you use ' instead of " without realizing? Did different copies of the text use different formatting, different line breaks, no hyphens, etc.? Does your software parse line breaks in the same way as other software, or indeed at all? It is excessively long, too prone to errors, and too cumbersome to enter, especially on a hardware wallet.

If you can forget your passphrase, then you can just as easily forget which sentence you used or which word you started/end your passphrase with or which edition of the book you used and so on. Passphrases should be backed up on paper, just as seed phrases are.

Of course I do. But many people don't. Which is why we see people falling victim to clipboard malware on a weekly basis.

Unless you entered it wrong the first time without realizing it, sent coins to that wallet, and cannot discover the identical wrong combination to access your wallet again.

A better assumption is that no back up is ever 100% secure.

I was assuming you were only generating valid 24 word seed phrases to begin with.