Topic: Why doesn't every hardware wallet support two-factor seed phrases? - page 3. (Read 647 times)

I'm talking about using something like this:

that comes out of the actual book apparently. other copies you might find online do not hypenate the word "advantages". why would they?


the only real benefit of them is you're probably not going to lose them. there's always a copy somewhere. how many people come onto bitcointalk who forgot their passphrase or only remember part of it or their dog ate half the piece of paper they wrote it down on? they would give anything to just pickup a copy of the great gatsby and recover their money...

don't you double check who you're sending your btc too and the address you're giving to someone to send btc to you before you hit the send button? i do. with regard to passphrase entry, if you get it wrong the first time, just enter it again and pay attention a bit more. you have as many tries as you need. unlike with some other things which i wasn't referring to.



i assume it will remain secret. maybe that is a bad assumption but we have to start from somewhere.

you have to also add in the 8 bit checksum for the entire 24 words. so that's another factor of 2^8. So 16*16*256=65536. So maybe only 1 in that many would work. that's not a very large reduction in entropy. Basically reducing entropy by 16 bits from 256 to 240. not a huge deal.


I've seen this video before. Andreas is a really smart guy.

No one can argue with that. If you want the best security then that's the way to do it  

The video from Andreas Antonopoulous that I shared in post #15 explains very clearly why both of these are overly cute solutions that actually reduce your security. It's worth the 14 minutes to watch, IMO: https://www.youtube.com/watch?v=jP7pEgBpaO0

In a nutshell:

- Common phrases, book passages, quotes, etc. are easier to crack than 6 to 8 randomly picked words.

- Making things overly complex by choosing longer passages increases your odds of incorrectly entering data (on creation and/or recovery), forgetting where the passage starts and stops and details on how it was entered, and ultimately losing access to your crypto.

- Splitting your 24 words into two lists may help some, but not as much as you might think. If an attacker finds half of your word list, the other half is much easier to crack. 24 words provides 256 bits of entropy. 12 words gives you 128 bits of entropy (which is still good), but that something like 10^35 less complex to crack, and not 1/2 as difficult to crack as you might think.

- According to Andreas, the best option is to safeguard your words and apply a 6-8 random word passphrase to provide a 2nd layer of protection. Store the seed phrase and pass phrase securely and separately and you've got a good measure of protection that balances solution complexity and security while reducing the risk of permanent loss due to human error. Towards the end of the video, he gives some cautionary examples of how overly complicating the solution can cause you to forever lose access to your crypto.

Sure, but that's a sentence, not a paragraph. A unique sentence of 100 characters is perfectly reasonable as a passphrase.

A sentence from a popular book is not a particularly good choice of passphrase. Neither are song lyrics, famous quotes, lines from movies, etc. You also need to back up exactly which sentence you used, and in which edition of the book you drew it from.

Again, you are assuming everyone has 100% perfect security at all time. If it was easy as just telling people to just double check and verify things properly, then clipboard malware would never be successful and malicious wallet software would not exist. This is just not how the world works.

But you can not be certain it will remain secret for the rest of your life.

Twelve word seed phrases have a four bit checksum, meaning for any random twelve words there is an average one in sixteen chance that the checksum is valid. Given that you want two valid checksums in this system, then a very rough calculation would be that only one out of every 256 twenty four word seed phrases would meet this criteria.

not necessarily. not everyone needs a hardware wallet. plus if you only transact very occasionally then it's no inconvenience at all really. not much of one. but i didn't say 1000+ characters maybe a hundred or two hundred though would be fine.

no, where people go wrong is they forget their passphrase completely or store it somewhere where it gets lost or partially damaged. and they can't go download the novel to look it up. but i could if use my method. but yeah i'm not storing the paragraph of text on any computer. no need to. i would think that most popular novel is readily avaiable for viewing and download on the internet from multiple sources. surprising that more people dont utilize this obvious technique of adding extra security to their seed phrase without having to do extra storage.

then you just double check your data entry. very simple.

well when i create a seed phrase i am sure it is secret so i don't really need a passphrase for extra security. you even admitted that. now for plausible deniability and being able to use the same seedphrase with multiple different passphrases, it offers more use out of a single seed phrase so that's a different consideration in my opinion. 

yeah i mean it would have to meet the checksum on the first 12 words, second 12 words and then all 24 words overall. not sure how many such 24 word seedphrases like that exist. 

Big and obvious difference is that you can't use half of your words for anything if you lose second half, and your coins are lost forever.
Passphrase is optional, and without passphrase I can still access funds that are stored on my seed words, and I can have multiple passphrases.
Again, if you want to act smarter than security experts who created seed words than go for it, but first listen what Andreas Antonopoulos has to say about this:
https://www.youtube.com/watch?v=p5nSibpfHYE

Still preferable to an entire paragraph of text with 1000+ characters.

No, you aren't. People make mistakes writing down 12 word seed phrases. People will definitely make mistakes copying an entire paragraph.

Making it harder to read and more likely that you make an error

You are approaching this as if everyone in the world has perfect and unbreakable security at all times. This is simply not how things work. Yes of course you should keep your seed phrase safe and secure, but having a contingency plan is just common sense.

Or instead of lowering the entropy of your seed phrase by manually picking one which fulfills this very niche criteria, just use a passphrase. Additionally, your set up only provides one hidden wallet. With passphrases you can have as many hidden wallets as you like.

Yes, I'm 99% sure that all of them support a 25th / 13th word / passphrase. The word is passphrase. Not 'two-factor'.
Before putting your question like that, you should verify if the claim ('not all hardware wallets support it') is even correct, and maybe provide some links and numbers. For instance: '25% of hardware wallets do not have it'.

If you do not know how many support it, that's something else you can ask (but preferred that you do it on your own and post your results instead).

Wallets, all the way down!

yes.
I didn't think about that but maybe there exists 24 word seed phrases whose first 12 words (and 2nd 12 words) pass checksum so if you need plausible deniability just generate one of those type.

what's the difference between that and storing your seedphrase in one place and the passphrase somewhere else? none as far as i can see. to spend funds you need to recover both parts. only have one part, then you are SOL.

You should never do this with your seed phrase, and certainly not if that is your only copy, this way you are creating single point of failure and recipe for disaster.
I heard many scary stories of people trying to act smart, mixing words, splitting words and losing all bitcoin they had with extra complexity.
If you want to split something up than you should create multisig setup, or use inferior Secret Shamir Sharing scheme, that is still much better than what you suggested.

A second wallet is of course part of the "plausible deniability"-plan. Or even a third wallet.

You could, but there are significant drawbacks to doing so. Are you going to type out the entire paragraph every time you want to recover the wallet? On a hardware wallet which takes 10-20 seconds to input a single character, this could take you a very long time. Or on a computer, are you going to get lazy and just save the paragraph as a text file for easy access in the future? And are you certain that the paragraph is identical? Even an extra space, or an uppercase switched to a lowercase, or a missing comma, etc., is enough to generate a completely different wallet.

If your seed phrase is kept secret, maybe, but if you are sure your seed phrase is always going to be kept secret, then you don't need a passphrase at all. A passphrase should be kept secret and be strong enough to protect you wallet in the event that your seed phrase is compromised.

That's not accomplishing the same thing at all. Passphrases provide plausible deniability. Half a seed phrase does not.

Probably, here it is necessary to sacrifice one for the benefit of the other. Either you increase the protection with a password, but at the same time increase the risks of losing access, or leave everything as it is, but at the same time increase the chances of hacking your wallet physically. As happens in such cases, there is no universal solution and the choice will have to be made based on personal goals.

When a $5 wrench attacking, the password will not help in any way if life and health are dear to him. Everyone will remember the password, even if they really forgot it. Only the 2nd wallet with a small amount can help here to distract the attacker from the main wallet. I guess, plausible deniability is a weak argument against a $5 wrench attack.


Some models still have support for several seed-phrases at once. It seems that ledger had such a function when you enter different pins, you get access to different wallets.

Well, if you already type the password, then what is the point of the seed phrase, since you can just decrypt the databases that hold the private key?

And similarly, if you type the seed phrase, you don't need the password anyway and this is already the case when you recover a wallet.

What is probably better, is a way to type two different passwords at different types, where a wallet becomes "half-unlocked" when you type the first password, and fully unlocked when the second one is entered. ECC & hashing stuff don't have an algorithm for this, so you and I will have to look around and research such a process to get more info about how it can be done.

What if someone uses a paragraph out of a novel? They don't have to back anything up. yes, it is theoretically public knowlege but what good does it do anyone since they likely will not have access to the 12 or 24 seed phrase that goes along with it. So in a sense, I tend to disagree with you that a passphrase needs to be a total secret never seen before by anyone.


If you're using a 24 word seed phrase, you can just split it in half and let 12 of them be your "extended passphrase". As long as you hide the two halves in different places, it's accomplishing the same thing. If that's how you think of passphrases.  

Which brings us back to the question of why not just split up your 24 word seed into two groups of 12 and use one of those groups as your "extended passphrase". That's a question  

Ledger devices allow 100 characters. I'm not sure about other hardware wallets, but Electrum will only be limited by the hardware in your computer. (The actual limit on a passphrase is any message of length 2¹²⁸ - 1 bits, since it is being fed in to HMAC-SHA512. For reference, this works out to anything up to around 40 million billion zettabytes. )

Still, I would caution against using an excessively long passphrase. Something with 128 bits of security is more than enough. The longer you make it, the more risk of you incorrectly entering it, incorrectly backing it up, losing part of it, and so on.

I would never manually select words, but if you used a good wallet to generate another seed phrase properly, then you can be certain your passphrase has at least 128 bits of entropy.

You aren't meant to remember your passphrase. You are meant to back it up on paper just as you do with your seed phrase, although entirely separately. Obviously there is no point storing your seed phrase and passphrase back ups together.

i'm not using one because for one thing they are too expensive and #2 i dont like people putting limitations on something that restricts how i can set my passphrase. it's just annoying you would think that something that costed as much as it did could afford at least a kilobyte for a lengthy passphrase but i guess not  

why would i use the bip39 wordlist to select words to construct my passphrase out of?  

well i mean i'm not thinking about how many bits. i'm thinking about how convenient my passphrase is for me to memorize. if i have a 20 word passphrase that i can't forget and it is 120 characters in length then what's the problem with that? maybe that is the simplest thing for me. so it's necessary for me. maybe not for you.

but when you do that, you're kind of destroying the ability to memorize your passphrase...so time to get out the old titanium metal plate and start stamping letters... here's an idea though, if you're not against tatoos is you can get your passphrase tatooed on to you. in a private area no less. wonder if anyone ever did that. they won't lose it that way that's for sure.

Even if that's somewhat true, I'm not much of a fan of passphrases in the first place, and believe that every single passphrase should have some sort of password element to it, i.e a randomly generated sequence of characters. Otherwise, you're effectively making it less secure by using a non random set of phrases, especially if well known. I only say this, because of course a passphrase could actually be a good way of doing it, but most humans wouldn't go for a random passphrase, and come up with commonly thought of passphrases, which is obviously problematic.

Although, I do agree generally there shouldn't be any limitations on what characters can be used or the length. While, this isn't for hardware wallets, I've come across websites including banks which limited characters like "*", "(" and "@" which is totally unacceptable in my opinion.

You can't really judge the concept based on how one particular hardware wallet implements it. If you want more than 50 characters, then don't use a Trezor.

Having said that, a 12 word seed phrase, which can be encoded in at most 48 characters using the unique first four characters of each word, is more than strong enough to use as a passphrase. And 50 random ASCII characters would be in excess of 328 bits of security.

As I mentioned above, you want your passphrase to be strong enough to protect your coins should your seed phrase be compromised, at least for long enough until you can move them to a new wallet. I would say 80 bits should be a minimum, but ideally aim for 128. Any more than that is unnecessary.

I came across a comprehensive Q&A from Andreas Antonopoulos about using optional passphrases. I'm posting it here for reference in case it's of interest:

https://www.youtube.com/watch?v=jP7pEgBpaO0

Andreas provides a clear and approachable explanation of how passphrases work, things to avoid, how long it would take to brute force them, and best practices for using them. He recommends using a passphrase that's comprised of six to eight random words (!) to balance security and complexity.    

Thanks to o_e_l_e_o for introducing me to Andreas' work! It's really accelerating my learning.

a passphrase should be able to be more than 50 characters though. but if you're using a Trezor then you only have 50 characters to use for it. other hardware wallets probably has their own limitations on the length too so it's not unlimited, you can't just use any string of words you want of any length you want.

imagine you want to import your seed and passphrase into your new trezor but it won't work because your passphrase is too long. even though the BIP has no restriction on the length...

i don't see how 50 characters is sufficient to come up with a good "passphrase". maybe a good "password" but not a passphrase.