Replying to Avatar StackSats ⚡️

Who can explain me this? #asknostr

nostr:npub17u5dneh8qjp43ecfxr6u5e9sjamsmxyuekrg2nlxrrk6nj9rsyrqywt4tp evaluates passphrase backups as "mediocre" and considers SeedXOR the superior alternative. He argues that passphrases are flawed due to their 2-2 setup, posing a risk of losing funds if one part is lost. Nevertheless, the same vulnerability exists for SeedXOR (2-2, 3-3, …). I don’t see any downside as long as the passphrase has a 256 bit entropy. Multiple backups are essential for both solutions.

Lopp on Passphrase backup:

„This gives you a security model that's the same as a 2 of 2 multisig setup. Do you know why 2 of 2 multisig isn't popular? Because it has 2 single points of failure - if you lose either part, you're screwed. I've seen quite a few people over the years get locked out of their funds because they forgot or lost the passphrase that accompanied their seed phrase.“

Lopp on SeedXOR backup:

„Seed XOR is, in my opinion, a superior way to achieve the properties that folks try to get with a "25th word passphrase" or via naive seed splitting, while decreasing the complexity and improving plausible deniability. Note that this is essentially an N of N (2-of-2 / 3-of-3 / etc) split backup, so you're going to want multiple sets of XOR'd backups to ensure that losing a single plate doesn't cause catastrophic loss.“

Source: https://blog.lopp.net/how-to-back-up-a-seed-phrase/

Avatar
Rob 2y ago

Not using a passphrase decreases the complexity and points of failure of the setup, which he values more than outright security, since a complex (secure) setup is useless if you forget or lose access to the details, and is best left to advanced users, or the company he works for - wink.

He's writing to the masses, where an XOR'd set of seed words lets you have a simpler setup, easy to restore, and also includes plausible deniability since each of the XOR seed plates is a valid set of words by itself. An attacker has to know it's one of a set to know there's a larger wallet elsewhere.

The seed+passphrase setup is similar, in that you can load funds onto the seed-only wallet, and you keep the passphrase safe for the "real" wallet. But an attacker now has your entire seed phrase.

Reply to this note

Please Login to reply.

Discussion

Avatar
StackSats ⚡️ 2y ago

Thank you for your response. Here my comments to that:

1) Passphrase and SeedXOR have similar complexity. I understand the point, that more complex solutions increase the risk of loss due complexity. Anyhow, that has nothing do to with my question.

2) Why is a SeedXOR easier to restore? Please explain.

In my opinion Passphrase is easier to restore and supported by most wallets.

Furthermore the seed phrase of a passphrase secured wallet has the same deceive feature as the seed of a SeedXOR. You can load both with „ready to lose funds“ to deceive an attacker. The attacker doesn’t know that a bigger wallets exists in both cases.

3) what is the difference in the attacker having the seed phrase of a 256 bit passphrase wallet or a seed phrase of a SeedXOR wallet. Please explain.