Why doesn't every hardware wallet support two-factor seed phrases? - page 4.

Welsh

staff

Activity: 3248

Merit: 4110

Quote from: o_e_l_e_o on January 28, 2023, 04:06:21 PM

1 - Most good hardware wallets do.

I'd say, any worth their while have at least an option to have two factor authentication. While, that shouldn't be the determining reason of what a good, and bad hardware wallet is, I'd expect any of them that are at least somewhat security conscious, would have it as an option. Now, depending on how it's implemented that could mean additional risk as pointed out before, and that won't immediately be obvious to all users. So, I'd like to see warning messages on enabling or disabling any security feature on a hardware wallet through their software.

However, that's really only possible with software, since the actual hardware itself is limited usually, and I believe some operate without much software at all these days. Also, just to clarify what I mean by software is traditional software run on a separate computer to the actual hardware wallet itself, obviously the hardware wallet itself will have its own software running, but due to limits in size they usually can't include much documentation or information through that device.

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Quote from: Titanium99 on January 28, 2023, 02:41:40 PM

Why doesn't every hardware wallet support the use of a seed phase + password? It seems like a really simple way to add a layer of protection in case the seed phrase you've written down is discovered. Right now, written seed phrases are like writing your bank account and log-in credentials on a piece of paper and hoping nobody finds it.

All hardware wallets I know are supporting passphrase that is acting like salt to seed phrases, and that is not stored anywhere on device.
Password is something different and that is usually stored in device, that means there is a chance for getting extracted and device hacked.
You can also use multisig setup to make seed words much more secure, and some hardwre wallets have new methods of protection.

Quote from: Titanium99 on January 28, 2023, 02:41:40 PM

Do modern hardware wallets like the Ledger Nano S Plus, Nano X, Trezor, etc. already support applying a password to seed phrases? Is it just a feature that's hidden and not promoted that much?

Hardware wallets you mentioned are not that modern like you think, and password in not as secure as you think.
Ledger have pin when you power on device and you can add additional passphrase later that is connected with pin.
Don't mix password with pin and passphrase.

One interesting new concept is used by Cypherock X1 hardware wallet device, they are not storing anything on device, and keys are split in multiple secure cards.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: larry_vw_1955 on January 29, 2023, 09:28:51 PM

when something is a single word, it is a password. if it consists of multiple words separated by spaces in between then it becomes a passphrase. so i guess in general it is a passphrase but it could just be a password...

BIP39, which defines the standard for using a passphrase in an HD wallet, calls it a passphrase. For the sake of avoidance of confusion it is better to call it a passphrase and not a password, regardless of its actual length or composition, in order to differentiate it from the local passwords you use to unlock your wallets.

Further, calling it a passphrase helps to make it clear that it shouldn't just be a single word. Ideally you want it to be long and complex enough so that if your seed phrase is compromised, the passphrase still provides enough of a barrier against brute force attacks to keep your wallet safe. A single word does not achieve this.

larry_vw_1955

sr. member

Activity: 1036

Merit: 350

Quote from: o_e_l_e_o on January 29, 2023, 04:15:37 AM

Quote from: larry_vw_1955 on January 28, 2023, 10:17:58 PM

so everyone really has a password then even if they don't think they do. Shocked

Passphrase, not password, but essentially yes. If you don't enter a passphrase for a BIP39 wallet, the string "mnemonic" is still used as a salt for PBKDF2.

when something is a single word, it is a password. if it consists of multiple words separated by spaces in between then it becomes a passphrase. so i guess in general it is a passphrase but it could just be a password...

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: Titanium99 on January 28, 2023, 05:22:40 PM

As I get deeper into this, I'm realizing there's so much bad and/or only partially accurate information out there...I'm going to make an effort to spend more time here learning from this community going forward.

I've certainly found the technical boards on this forum to be one of the best sources for accurate information. Stackexchange is another good resource. Reddit is very hit or miss, and often completely wrong posts are upvoted to the top. Youtube and other platforms used by crypto "influencers" are just a complete mess and should be completely avoided, except for one or two notable exceptions such as Andreas Antonopoulos.

Quote from: HeRetiK on January 28, 2023, 05:38:47 PM

Trezor used to mainly advertise this feature as a way to hide wallets. They actually still mention it as a security feature on their homepage too.

Since the revelation that an attacker with physical access to a Trezor hardware wallet is able to extract the seed phrase, it should be mandatory to use a strong passphrase on every wallet you are using on a Trezor device.

Quote from: HeRetiK on January 28, 2023, 05:38:47 PM

I just looked this up because I found it interesting. The word "mnemonic" is prepended regardless of whether an additional passphrase is defined, so if you use the passphrase "satoshi" a strictly BIP39 compliant wallet will use the phrase "mnemonicsatoshi".

Correct. This is defined in the original BIP39 documentation: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#from-mnemonic-to-seed

Quote from: larry_vw_1955 on January 28, 2023, 10:17:58 PM

so everyone really has a password then even if they don't think they do. Shocked

Passphrase, not password, but essentially yes. If you don't enter a passphrase for a BIP39 wallet, the string "mnemonic" is still used as a salt for PBKDF2.

ranochigo

legendary

Activity: 2954

Merit: 4158

Quote from: HeRetiK on January 28, 2023, 05:38:47 PM

The reason I'm pointing this out is because there is (was?) a way to set up two-factor (2FA) wallets with Electrum, but this requires the involvement of a third party which I wouldn't recommend. Just a heads up so you don't mix these things up.

Barring privacy concerns, there isn't much issues with using TrustedCoin as 2FA. But even that is a pretty weak argument; using Electrum alone already means sacrificing a huge part of your privacy. It still does provide some security to your wallet, albeit not as significant as a cold wallet.

Most people associated 2FA with a rotating token which narrows the window for your attackers to act with that window. None of the wallet allows this without the participation of the third-party. Additional passphrase doesn't really work because no one should be required to remember anything related to their seeds, potential risks includes $5 wrench attacks, loss of memory, etc. If you want to secure your seeds properly, consider splitting them up into multiple locations. This would prevent the attacker from being able to get your entire seed without going through multiple barriers.

larry_vw_1955

sr. member

Activity: 1036

Merit: 350

Quote from: o_e_l_e_o on January 28, 2023, 04:06:21 PM

If a passphrase is not present, PBKDF2 does not use an empty string. It uses the word "mnemonic" in the case of BIP39, or the word "electrum" in the case of Electrum.

so everyone really has a password then even if they don't think they do. Shocked

HeRetiK

legendary

Activity: 2912

Merit: 2066

Cashback 15%

Quote from: Titanium99 on January 28, 2023, 02:41:40 PM

https://en.bitcoin.it/wiki/Seed_phrase

[...]

The password can be used to create a two-factor seed phrase where both "something you have" plus "something you know" is required to unlock your bitcoins.

[...]

These days two-factor is usually referring to the usage of a separate device in addition to a password, with "something you have" being e.g. a mobile phone with an app or a dedicated hardware dongle and "something you know" being the password. The reason I'm pointing this out is because there is (was?) a way to set up two-factor (2FA) wallets with Electrum, but this requires the involvement of a third party which I wouldn't recommend. Just a heads up so you don't mix these things up.

Quote from: Titanium99 on January 28, 2023, 02:41:40 PM

2. Do modern hardware wallets like the Ledger Nano S Plus, Nano X, Trezor, etc. already support applying a password to seed phrases? Is it just a feature that's hidden and not promoted that much?

Trezor used to mainly advertise this feature as a way to hide wallets. They actually still mention it as a security feature on their homepage too. Not sure why Ledger doesn't seem to advertise it as much.

Quote from: o_e_l_e_o on January 28, 2023, 04:06:21 PM

If a passphrase is not present, PBKDF2 does not use an empty string. It uses the word "mnemonic" in the case of BIP39, or the word "electrum" in the case of Electrum.

I just looked this up because I found it interesting. The word "mnemonic" is prepended regardless of whether an additional passphrase is defined, so if you use the passphrase "satoshi" a strictly BIP39 compliant wallet will use the phrase "mnemonicsatoshi".

Quote from: https://github.com/trezor/python-mnemonic/blob/master/src/mnemonic/mnemonic.py

Code:

@classmethod
def to_seed(cls, mnemonic: str, passphrase: str = "") -> bytes:
mnemonic = cls.normalize_string(mnemonic)
passphrase = cls.normalize_string(passphrase)
passphrase = "mnemonic" + passphrase
mnemonic_bytes = mnemonic.encode("utf-8")
passphrase_bytes = passphrase.encode("utf-8")
stretched = hashlib.pbkdf2_hmac(
"sha512", mnemonic_bytes, passphrase_bytes, PBKDF2_ROUNDS
)
return stretched[:64]

Titanium99

newbie

Activity: 11

Merit: 20

Thank you for your thoughtful reply, o_e_l_e_o.

As I get deeper into this, I'm realizing there's so much bad and/or only partially accurate information out there...I'm going to make an effort to spend more time here learning from this community going forward.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

I've not read that particular wiki page before, but it is very poorly written.

It interchangeably uses the words password and passphrase. Better to define them and then keep them separate. When talking about extra words added to your seed phrase, most people would call that a passphrase, and reserve the word password to mean the password you type in to your wallet software to unlock it.

Also, passphrases do not encrypt your seed phrase in any way. Your seed phrase remains entirely unencrypted and readable in plain text. What they do is change the process by which you derive your root seed number and then the rest of your wallet from that seed phrase.

"Something you know" is just plain bad advice. You should not rely on remembering any passphrases you use. You should back them up on paper separately to your seed phrase.

If a passphrase is not present, PBKDF2 does not use an empty string. It uses the word "mnemonic" in the case of BIP39, or the word "electrum" in the case of Electrum.

But on to your questions:

1 - Most good hardware wallets do.

2 - Yes. Both Ledger and Trezor devices support the use of passphrases.

It is a very good feature and I make use of it on almost all of my wallets.

Titanium99

newbie

Activity: 11

Merit: 20

There are definitely tradeoffs to consider. Losing your password is one more vector to lose your coins, but then again having someone find your seed phrase without a password protecting it leads to the same outcome. I've just never hear anyone talk about adding a password to your seed phrase when dealing with hardware wallets.

That said, I did come across this thread that shows it's possible to add a 25th word on the Nano S, for example. Maybe it's just an issue of discoverability/promotion...

https://bitcointalksearch.org/topic/--5283562.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Titanium99 on January 28, 2023, 02:41:40 PM

1. Why doesn't every hardware wallet support the use of a seed phase + password?

The question doesn't make sense. Different manufacturers can make different choices.

Quote

It seems like a really simple way to add a layer of protection in case the seed phrase you've written down is discovered.

It also adds an additional risk factor: forgetting the password means losing your money.

I see two main reasons for using a password on top of your seed words:

To ensure the data can't be hacked by someone who gains physical access to your hardware wallet.
To have plausible deniability in case of a $5 wrench attack.

Titanium99

newbie

Activity: 11

Merit: 20

As I've been trying to get more educated on bitcoin, I came across this wiki link on seed phrases.

https://en.bitcoin.it/wiki/Seed_phrase

Seed phrases, like all backups, can store any amount of bitcoins. It's a concerning idea to possibly have enough money to purchase an entire building with the key just sitting on a sheet of paper without any protection. For this reason many wallets make it possible to encrypt a seed phrase with a password.

The password can be used to create a two-factor seed phrase where both "something you have" plus "something you know" is required to unlock your bitcoins.

This works by having the wallet creating a seed phrase and asking the user for a password. Then both the seed phrase and extra word are required to recover the wallet. Electrum and some other wallets call the passphrase a "seed extension", "extension word" or "13th/25th word". The BIP39 standard defines a way of passphrase-protecting a seed phrase. A similar scheme is also used in the Electrum standard. If a passphrase is not present, an empty string "" is used instead.

Warning! Forgetting this password will result in the bitcoin wallet and any contained money being lost. Do not overestimate your ability to remember passphrases especially when you may not use it very often. Also, the seed phrase password should not be confused with the password used to encrypt your wallet file on disk. This is probably why many wallets call it an extension word instead of a password.

It got me thinking...

1. Why doesn't every hardware wallet support the use of a seed phase + password? It seems like a really simple way to add a layer of protection in case the seed phrase you've written down is discovered. Right now, written seed phrases are like writing your bank account and log-in credentials on a piece of paper and hoping nobody finds it.

2. Do modern hardware wallets like the Ledger Nano S Plus, Nano X, Trezor, etc. already support applying a password to seed phrases? Is it just a feature that's hidden and not promoted that much?

Topic: Why doesn't every hardware wallet support two-factor seed phrases? - page 4. (Read 583 times)