Everything You Need To Know About Passphrases
A Brief on Private Keys & Wallets
Before we dive into the subject, let’s go over a brief primer on Bitcoin private key standards and how they have evolved over time. A private key is a 256-bit number, picked at random and defined by an elliptic curve, specifically secp256k1. At the end of this process, you get a very long string of digits (64 hexadecimal digits). Other formats for representing a private key also exist, such as WIF and WIF-Compressed.
In order to make this a bit more convenient to read, Base58 encoding is used to shorten the string of numbers and letters, as well as limit the ones that are used to avoid confusion to the human eye.
You can use any one of the above formats as the representation of your private key. However, there are notable differences in their respective generation and representation of the public key and addresses when it comes to wallets :
Nondeterministic (Random) Wallets
Initially, wallets generated several private keys randomly, each with its own public address. You’d use each address/key once and would generate new ones as needed. You’d have to backup every key, else you’d lose the funds associated with each one. As a consequence, people tend to reuse the same address in order to reduce the amount of effort required to use their Bitcoin, but this then raises privacy concerns. Bitcoin Core includes this type of wallet, however its use is not recommended since there are now better alternatives. This type of wallet is also known as a Type-0 non deterministic wallet.
Deterministic (Seeded) Wallets
This type of wallet allows you to have a single backup (private key) from which you can derive more keys, each with their own Bitcoin address. This means that if your wallet no longer works for whatever reason and you have the initial backup, you can recuperate all of your funds in one go.
HD Wallets (BIP-32/BIP-44)
A Hierarchical Deterministic wallet, introduced through BIPs 32 and 44, also generates multiple keys from a single private key, like the Deterministic wallet stated above. The difference is that each one of those keys can further generate their own subset of keys and so on so forth. Essentially, you have a master or parent key, which can then generate child keys, and they can then generate grandchild seeds.
Throughout all these different wallets, we are still dealing with really long strings of letters and numbers that are difficult for humans to retain and process. Then comes along BIP-39, a proposal which offers as a solution a way to convert those long strings of binary or hexadecimal digits into something that is much easier for humans to read and transport. This is the most popular implementation for private keys and most of you have probably already interacted with it.
Your private key is now represented as a set of words, usually 12 (128 bits of entropy) or 24 (256 bits of entropy) taken from a predefined list of 2048 words.
BIP-39 defines the creation of a mnemonic code and seed as a follows :
- Create a random sequence (entropy) of 128 to 256 bits.
- Create a checksum of the random sequence by taking the first few bits of its SHA256 hash.
- Add the checksum to the end of the random sequence.
- Divide the sequence into sections of 11 bits, using those to index a dictionary of 2048 predefined words.
- Produce 12 to 24 words representing the mnemonic code. (Antonopoulos 2017, ch.4)
What is a Passphrase?
Now that we’ve covered the basics, we can better understand what is a passphrase and how it works when it comes to your Bitcoin wallet.
Thanks to BIP-39, which introduced human-readable words private key standard and is compatible with BIP-32, we can now use passphrases as an additional security measure.
Essentially, the passphrase is a set of characters, words, numbers or even spaces that extends our mnemonic private key. The passphrase can be entirely determined by the user which controls the private key, it’s not something that your wallet generates for you when initially rendering your private key.
When implemented, you can only access funds held within that wallet by entering your passphrase since adding a passphrase to your seed phrase generates an entirely new wallet.
It is not like a password or a PIN, since there is no such thing as an invalid passphrase. Each time you enter a different passphrase, you get a new wallet. If you change a single character, modify an uppercase to a lowercase or even add a space, you will get a new wallet.
So, many seem confused about Bitcoin Passphrases.— DETERMINISTIC OPTIMISM 🌞 (@nvk) September 14, 2021
It is not a “password”, it’s part of your actual secret that we calculate the private key from.
Think this away:
24 words = private key & xpub
24 words + passphrase = different private key & different xpub
It has many uses, which we will explore below.
Why Use a Passphrase?
When used and stored properly (more on this later), your passphrase can help prevent your funds from being compromised. If someone were to come across your seed phrase, normally they would just be able to sweep your wallet and transfer your funds out.
If the passphrase is enabled, the thief won’t be able to get away with it since they would also need to enter this additional string of information in order to access your funds.
Another interesting use case for passphrase is that it can act as a threat detection system. In order for this to work, you should first put a small percentage of your funds in your standard 12 or 24 word wallet with the rest of your funds protected by the passphrase. If your backup were to be compromised, you would notice because you no longer have funds in that wallet, thus giving you a chance to create a new wallet and backups and transfer the remaining funds there.
This system also offers you plausible deniability. If someone were to try and coerce you into giving them your bitcoin, you would just give up your standard wallet and hopefully get away with the majority of your funds and your physical integrity. You can push this even further by having a dummy passphrase that also contains funds, in case your aggressor is technically savvy.
How does a BIP-39 Passphrase work?
BIP-39 works with BIP-32, the proposal allowing for building complex trees of public and private keys. When you add a passphrase to your seed words, you are generating a master BIP-32 wallet key.
This new wallet can be identified by its extended fingerprint (XFP), a short string of letters and numbers. It’s important to note this fingerprint since it’s the only way for you to make sure that you have entered the correct passphrase.
Some Tips on Using a Passphrase
How To Add One?
Implementing a passphrase varies from wallet to wallet. Doing it on the Coldcard is quite simple. You even have the option of adding words from the BIP-39 word list directly instead of adding individual characters. Take a look at the guide here!
When To Use One?
This is recommended if you have an important amount of Bitcoin and want a setup that offers more security than just a standard wallet, but that is much simpler to create, operate and store than a multisignature wallet.
If you are just getting started, then it is best to first become familiar with a regular wallet, and as your Bitcoin stack, knowledge and comfort using Bitcoin increase, then it would be wise to explore this feature. The passphrase option is always available on your Coldcard device home screen, just don’t forget that by adding one, you will get an entirely new wallet and will have to move your funds there!
Passphrases are incredibly handy for augmenting the level of security of your Bitcoin private key. However, there are some important elements to keep in mind when deciding to use one :
- Make sure that it is long enough to not be easily brute-forced. If someone gets their hands on your seed phrase, you don’t want them to easily guess your passphrase.
- It is important to properly safeguard your passphrase, since losing it would effectively lead to the total loss of funds associated with that wallet.
- Don’t store your passphrase in the same place that you would store your seed phrase or wallet PIN or password.
- Don’t tell anyone that you have a passphrase (however, there can be exceptions with a loved one that you trust so that they can recover your funds easily in case anything were to happen to you).
Antonopoulos, Andreas M. 2017. Mastering Bitcoin: Programming the Open Blockchain. N.p.: O’Reilly.