Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Technical Support
Re: Bitcoin Wallet & Seed Storage Question?
by
o_e_l_e_o
on 25/06/2019, 20:18:35 UTC
Quote from: Hal9900 on June 25, 2019, 07:59:35 PM
So let’s say my first word is, “OUT”. There are robots that scan for phrases that start with, “OUT”. Then let’s say my second word is also, “OUT”. The robot will immediately have narrowed down the likely phrases from the first word and intuit my second word which is also, “OUT”. Then I’m done for because the robot will know my seed phrase is from Shakespeare
Kind of, but not really.

It's not that a brute force attacker could figure out your words one at a time, and "narrow things down" as you put it. They would have to figure out all the words/the entire phrase in one go. If they used a slightly different phrase, it would still generate a valid wallet, just not your wallet. However, if you pick a phrase that appears pretty much anywhere else in the English language (song lyrics, movie quotes, book or poem passages, famous sayings/quotes/idioms/speeches), it's like to be broken anywhere between a matter of seconds to minutes. There are many attackers constantly scanning such phrases for coins to steal. Even if you pick some words or characters you think are random, chances are they aren't, and even if they are, anything that you can remember probably contains far, far less entropy than the 256 bits of entropy contained within a properly generated 24 word mnemonic phrase. The general advice is let your Ledger generate your wallet for you, write down the 24 words it gives you on paper (never store these words electronically!), and securely store the paper somewhere.

Now, I don't want to overload you with information here, but since you have said you have concerns regarding storing your seed phrase, the other option you could explore with a Ledger is adding on a passphrase. There are details on how to do this here: https://support.ledger.com/hc/en-us/articles/115005214529-Advanced-passphrase-security. Essentially, in addition to your 24 word phrase that Ledger generates for you, you can add on your own passphrase to the end. This passphrase could very well be the opening line to your favorite poem. With this in place, an attacker would need both your 24 word phrase and your secret passphrase to steal your coins. This can be quite complicated process, so I would make sure you try creating, accessing, and restoring a wallet with only a very small amount of bitcoin first, to ensure you fully understand how it works and know how to set it up properly. You don't want to send all your bitcoin to a wallet you later discover you have set up incorrectly and can no longer access.