Ninjastic
PostEdited versionsQuotes to this post
Post was edited
 1 month ago (view)
Post
Topic
Board Hardware wallets
Re: Creating seed phrase, addresses. Broadcasting all addresses?
by
mocacinno
on 19/06/2025, 05:33:56 UTC
Quote from: btc-freedom-money on June 18, 2025, 09:44:01 PM
Quote from: Cookdata on June 17, 2025, 12:59:18 PM
--snip

Quote from: mocacinno on June 18, 2025, 05:00:27 AM
I wanted to chip in because i don't feel like enough emphasis has been put on the answer of this question...

If you'd extend your seed phrase with a long passphrase and share said seedphrase (minus the passphrase) online, you'd go from having a wallet that would require trillions and trillions of years using a whole server farm to bruteforce to a wallet that could be bruteforced in a couple of days/months/years by somebody who has a couple GPU's laying around.
It's not just "not adviseable", it's really "not done". It's the equivalent of securing your physical gold by laying it on a public bus seat with a "do not touch" stuck to it while you're away versus storing it in for knox.

I asked mostly to understand better the strength of the passphrase. Are you sure it's really as weak as you make it sound? If I use a password manager to generate a random passphrase that is extremely strong with 200+ bits of entropy, you think it can be brute forced in 2-3 years with a couple GPU?
--snip--

you are right, if you create a passphrase with that much entropy, it would be hard to crack it. You do know that if you use all characters from a common keyboard, if my calculations are correct you'd need a password that's at least 31 characters long?
I was more or less talking about "common" passwords... Most people tend to make passwords that are between 8 and 12 characters long, often times not using ALL characters on their keyboards (usually a combo of lower case, upper case, numbers and a small subset of special characters). Most of these can be cracked with a couple of years if you have a (small) GPU farm.

This being said, i still would never share my seed phrase... The seed extension passphrase comes on top of the seed phrase itself. Somebody trying to bruteforce your seed phrase would have to try each combination of seed words with each combination passphrase in order to rob you. In case one of them gets leaked the other one should be able to protect you, but this won't be the case if you give away your seed phrase willingly.

Personally, i'd advice you not to let your seedphrase touch any machine that will ever be online. Certainly don't keep the seed phrase extension password together with the seed.