Important question on Passphrase

Hi, I have a Trezor Model T, and have a couple of times, typed my passphrase in to my computers keyboard to access my hidden wallet via Trezor Suite and Metamask.

My concern is, that having typed in my passphrase on my computers keyboard rather than on my Trezor Model T’s touch-screen when I had the option to do so, that I may have exposed my 12 word recovery seed and private keys held on my Trezor device to risk.

Does the typing of my passphrase in to my computer keyboard expose my 12 word recovery seed and private keys?

Hi @shtumshtum,

No, typing your Passphrase on your computer keyboard won’t expose your Recovery seed and private keys held on your Trezor device.

In case you have a keylogger virus or similar, the Passphrase you type may be exposed though. So my advice is to install an anti-virus package, if you haven’t already, and scan your computer regularly.

@Petosiris thank you for your reply. Anti-virus is in place and active.

Just to delve in to this a little deeper… if the recovery seed phrase is not exposed when passphrase is typed in to keyboard on pc, then how and where ( in Trezor device, Trezor Suite or Metamask?) is the validity of the recovery seed/private key + passphrase ‘confirmed for access’ or ‘denied’?

The Private Key is calculated from the Recovery seed + Passhrase (if any) inside the Trezor device and your seed never leave the device. I’m no expert on the details of this, but you can read more here:

It is important to understand there is no such thing as an “incorrect passphrase” that should be denied, so whatever you provide as your input will be used in the process of deriving a wallet and its accounts (1 unique passphrase = 1 wallet). If you enter a different passphrase, Trezor Suite will generate a completely new wallet with a different (empty) set of addresses and private keys.

Due to this feature, it is crucial to enter the passphrase exactly the way you typed it when setting up the wallet for the first time in order to access the same wallet including the same accounts having the same addresses in the same order. The public-key cryptography ensures it generates always the same result.

You can read more about passphrase here:
and also in this post on our Trezor Blog: Passphrase — the Ultimate Protection for Your Accounts | by SatoshiLabs | Trezor Blog

@radekP @Petosiris understood.

Technically speaking, it would be ok to save both the recovery seed phrase and PIN digitally, so long as the passphrase for a hidden wallet is remembered with no digital or written record of it. In any case, the only way to get crypto out of the wallet would be by knowing the passphase even if the recovery seed phrase and PIN are known by a bad actor.

Is my interpretation correct?

@shtumshtum to my understanding technically YES

But I would Never do it…

Unless you store it with encryption… But still…

Technically speaking, yes; you can move the security of your wallet solely to the passphrase.

In practice this is somewhat problematic because the seed phrase itself is (1) guaranteed to be difficult to brute-force (as long as it is generated on Trezor and not by hand), and (2) easy to write down and restore without mistakes.

On the other hand, humans are notoriously bad at choosing secure passphrases; and even if you generate something random, it’s going to be a blob like UWwe8vehAGC3PrFwP8reQCxgVR that is difficult to remember and easy to make mistakes in.

Still, if you pick your passphrase with something akin to Diceware, that is a perfectly valid choice.

1 Like

Even if you could do that, and the software allowed it, it’d not be a good idea. Because of the reasons @matejcik said above, plus you’d actually reduce the the level of security, since both seed and PIN could be retrieved digitally by a third party and a passphrase is typically much easier to brute force than a seed. Besides, the method only works for Hidden wallets and not the Standard wallet.

@Petosiris @radekP @rimaS @matejcik

Thank you all for your replies…

Is a 50 character ‘long’ passphrase possible?
If yes, how long would it technically take for a bad actor to brute force a 50 character ‘long’ passphrase?

Your insights are much valued.

See @radekP’s answer above and his link to passphrases and hidden wallets.

Excerpt from that article:

  • A passphrase, as implemented in Trezor devices, can be any character or set of characters, a word, or a sentence up to 50 bytes long (~50 ASCII characters).
  • Characters from the extended ASCII character set cannot be entered using the Trezor device itself. If you create a passphrase including characters from the extended ASCII character set - i.e., decimal 128 (€) to 255 (ÿ) - these can only be entered when using Trezor Suite on a trusted computer.
  • Moreover, these characters may not be rendered correctly on the Trezor display.

It depends mainly on the characters you use, if you select characters from all groups (0-9, A-Z, a-z, logograms, extended ASCII, and so on), and how you use them (ie. words or not words, birthdate or not, etc.). I don’t know how long it would take to brute force in the different scenarios. I’m pretty sure Google knows though.

1 Like

Just to give you an ideia @shtumshtum here is an article from bitwarden blog…

1 Like