Passphrasen, vorgeschlagene Zeichenlänge?
Home › Foren › Trezor Wallet › Passphrasen, vorgeschlagene Zeichenlänge?
- Dieses Thema hat 7 Antworten und 1 Teilnehmer, und wurde zuletzt aktualisiert vor 4 Wochen von brianddk.
-
AutorBeiträge
-
-
1. April 2024 um 12:59 Uhr #3691652root_s2yse8vtAdministrator::
*aus den Docs: Eine Passphrase, wie sie in Trezor-Geräten implementiert ist, kann ein beliebiges Zeichen oder eine Reihe von Zeichen, ein Wort oder ein Satz mit einer Länge von bis zu 50 Bytes sein (\~50* [*ASCII*](https://ascii.cl/) *Zeichen).*
* Ich wette, die Eingabe (auf dem Gerät) einer Passphrase auf dem Trezor kann aufgrund der winzigen Buchstaben und Tasten (One und Safe3) schmerzhaft sein.
* Ich habe auch über einen Fehler gelesen, der nicht mehr als 21 Zeichen anzeigt (auf dem Gerät), wenn man die Passphrase aufdeckt, um zu bestätigen, was man eingegeben hat, noch nicht behoben?Also, vorgeschlagene Zeichenlänge für eine sichere Passphrase, vielleicht 15 Zeichen oder 20 ist genug?
-
1. April 2024 um 12:59 Uhr #3691653Yodel_And_Hodl_ModeGast::
> maybe 15 characters or 20 is enough?
It depends. I don’t think about my wallet in terms of what it’s worth today. I think about what it could be worth someday, and I try to give it that level of security now… because the only way to make sure I still have my coins someday is to make sure they’re secure now, y’know?
For passphrases, I always use 7 words or more with a space between each word. I’m sure that sounds like a lot, but I’m pretty hardcore about my Bitcoin security.
Use words with spaces, not wacky character strings.
For example… this is easy to screw up:
> FgO5l3qEJ6
This is easy to get right every single time:
> correct horse battery staple
But obviously, don’t use **[that](https://xkcd.com/936/)** passphrase 🙂
Crypto Guide on youtube is a channel by a guy who does an excellent job of explaining pretty much everything. No hype ever. Just rock solid info. I’m a big fan of his channel & recommend it highly.
[Here’s his advice](https://www.youtube.com/watch?v=nhjq_1J0EbU&t=583s).
-
1. April 2024 um 12:59 Uhr #3691654brianddkGast::
For me… the simplest answer is to use a (unique) BIP39 seed-mnemonic as your passphrase. BIP39 is four-char-unique, meaning that everything after the 4th character is just “extra” and can be discarded. For three-char words, the space behind it IS the 4th character.
So a 12-word seed-mnemonic requires 12*4 = 48 characters and provides tons of security. Best part is you can use your Trezor to generate 12-word seed mnemonics so you don’t need to rely on website or anything to generate it.
-
1. April 2024 um 12:59 Uhr #3691655ArmchairCryptologistGast::
Depends. How much security do you want, and how bothered can you be when it comes to memorizing and entering it every time you want to access the wallet?
For reference, for a passphrase to have around 128 bits of security, making it as hard to bruteforce as a 12-word seed or the ECDSA signature itself (considered to be infeasible), you would need ~27 same-case letters (26^27 = ~127 bits) or ~21 mixed-case alphanumerical characters (62^21 = ~125 bits), and since humans are a horrible source of randomness, you need to generate it with a secure random generator.
I strongly recommend the former, since it’s much easier to type/remember “vvkzccjsfzhjkczuhyekncpdeyu” than “WQ5RNqaMWrdighqbeoLAX”.
*Keep in mind that if you lose/forget a strong passphrase like this, literally no one can help you to get your funds back.*
-
1. April 2024 um 12:59 Uhr #3691656
-
1. April 2024 um 12:59 Uhr #3691657Glum-Departure-8912Gast::
I personally think that just the simple fact of having a passphrase is a massive improvement in security.
There are quite a few online tools you can use that will tell you how long it would take to brute force a password. I’d check out one of those and find a balance of crack time and reasonability to type.
It’s also to keep in mind that a 10 character “good” passphrase can be harder to crack than a 50 character “bad” passphrase.
-
1. April 2024 um 12:59 Uhr #3691658
-
1. April 2024 um 12:59 Uhr #3691659brianddkGast::
> Also I read about some bug that don’t show more than 21 characters (on the device) when you reveal the passphrase to confirm about what you type, still not fixed?
Is this what you mean? If so, that was fixed LONG ago
-
-
AutorBeiträge
- Du musst angemeldet sein, um auf dieses Thema antworten zu können.