Working with a hidden password for the wallet

Good afternoon.
I read the article “Passphrases and hidden wallets” from Trezor and I’m a little bit unclear how these hidden wallets are created with a passphrase and how they are attached to my seed phrase.
From the article I learned that having access to the seed phrase without a passphrase, no one will have access to funds.
But how is it possible? As far as I know, every wallet is created with a seed phrase, so if I create a hidden wallet, it also should be tied to a seed phrase?
If this hidden wallet is somehow connected with another seed phrase, will they be able to take away my money if they compromise it?
I apologize if my question is stupid, but I could not find an answer on any resource.
Have a nice day!

No questions are stupid here, @Babiba, only the questions you don’t ask. :slight_smile:

A Passphrase attaches to your Recovery seed as an extra “word”. If you have a Trezor Model One with 24 english words in your seed, then the Passphrase will become your 25th. If you have a Trezor Model T with 12 english words then a passphrase will become the 13th.

In addition, you can have multiple Hidden wallets in your Trezor device, all with different Passphrases attached to your Recovery seed.

The Passphrase(s) you create should not be too easy/short. And remember to write it/them down on a piece of paper. If you forget your Passphrase then your funds are lost in that Hidden wallet.

Also note that your Trezor device doesn’t contain any coins or tokens, they’re stored in their respective blockchains. Your Trezor is only a key to access your funds in the blockchain(s).

Yes, I am aware of what you wrote.
I read that the passphrase is like an extra word, but what does it look like in blockchain?
I just don’t quite understand how it’s implemented that I can have a bunch of different wallets to one seed phrase.
That’s why I was afraid that maybe the hidden wallet that is created somehow belongs to another seed phrase and by getting it they will get access to the funds

I’m not sure. The seed words and Passphrase are converted to numbers and I think they’re written to every transaction for that coin’s blockchain.

You can only use a Passphrase on one Hidden wallet. If you have multiple Hidden wallets then each one requires its own unique Passphrase.

No fear, that’d never happen. :slight_smile:

So I didn’t get the main answer to my questions xD
1.On one seed phrase can there be only one wallet?
2.How is the codeword for the blockchain implemented? How does the codeword belong to my seed phrase?
I understand that every new password = new wallet, I’m worried that these hidden wallets belong to some separate seed phrase

No, you can have multiple Hidden wallets with one seed, just with different Passphrases. The Standard wallet is not possible to have a Passphrase connected.

A developer like @matejcik should know that better than me.

The Hidden wallets use the same Recovey seed that your Standard wallet use, just with an added Passhrase.

Is there any way I can get answers from @matejcik ?
Because it is still not clear how it works in terms of functionality in the blockchain and how is this implemented in the blockchain at all these passphrases
I can be sure that the hidden wallet can be accessed only by using the seed phrase + passphrase?

It does not look or work any different on the blockchain then any other wallet.

It is just a new wallet with the new addresses that works exactly same, just the addresses are derived from seed+passphrase, instead of just the seed as in the standard wallet.

When first initialized, a Trezor device generates a random number which is converted into a mnemonic sentence (recovery seed) and stored in the memory. Subsequently, whenever the device is used, it derives a cryptocurrency wallet from a magical formula; mnemonic+passphrase (extremely simplified).

If the user did not input any passphrase (default setting), an empty string "" is used. When the feature is activated, the user is prompted to enter the passphrase which is then combined with the recovery seed on the device, and a new wallet is generated.

For you, the user, this means:

Once the passphrase feature is activated on the device, you can provide any input of your choosing and it will be used to generate a completely new wallet. To access this hidden wallet repeatedly, you will have to use the exact same passphrase in combination with the recovery seed on the device. Using the same seed with a different passphrase will generate a different wallet. Using a different seed with the “correct” passphrase will generate a different wallet.

1 Like

And how does it work as well on the blockchain as any other wallet, but the functional side has more features?
I mean how a wallet is created not just with 12 words, but with 12 words + passphrase, if it is impossible to make changes in the blockchain.

There’s a trick to the whole thing:

The blockchain doesn’t know nor care about seeds!

The blockchain only understands cryptographic keys.

A big part of what Trezor does is, it takes your seed and optionally a passphrase, and applies some Math & Algorithms ™ to get out the keys that you actually need to interact with the blockchains.

Same seed + same passphrase = same keys.

Same seed + different passphrase = different keys.

There is another trick that you seem to be missing:

The blockchain has no registration step.

““Creating”” a wallet is not like creating an account on the Trezor Forum. You generate the seed and that’s it. That’s your wallet from then on. No data is sent or received from the internet for this to happen. You could create a thousand wallets in a hut in the middle of a forest, and only bring back a slip of paper with your address.

Your typical blockchain will accept transactions to any address that is “valid”, i.e., has the right number of characters and has a valid checksum. You give out an address and people send funds to it, and it accumulates balance, and for all the validators care, the keys to it might never have existed. It could be a burn address.

Only when you want to spend funds, you need to provide matching keys. The spend operation contains a public key and a signature. The validators check that (a) an address you get from that public key is the right one, an (b) the signature is valid for the transaction and the specified public key.

hope this clears up the confusion

1 Like

So it’s okay for me to have multiple keys per seed?
Just the whole point of my appeal is to understand how it is possible to have several addresses on one seed + have hidden wallets
Is there such a functionality to have a bunch of addresses for one seed?

What do you mean, “okay for me”? Like, yes, you are allowed, the blockchain police won’t come after you for doing it :wink:

There’s this whole thing about using a fresh receive address for every Bitcoin transaction. So that would be a yes, which you can see yourself in Suite: you can generate as many addresses as you like and you don’t have to write down a new seed for each one.

If you’re interested in technical details, read up on the BIP-32 specification.

Well, in terms of whether it’s okay for me to have many addresses on one seed

I was just afraid of the situation that the so-called “hidden wallet” was being created on some other seed than mine

There is no “okay” about it. You have many addresses based on one seed. That’s like asking whether it’s “okay for you” to have fingers on your hand.

I couldn’t understand what you mean until I went back to the very start…

This is not true at all.

A “wallet” is generally a set of keys (and each key matches exactly one address). For example, old-school paper wallets, or wallets that you get in a Bitcoin ATM, have just one key. There is no seed phrase: the wallet is that one key.

BIP-39 style wallets, such as Trezor, use a seed phrase + passphrase combo to generate a wallet that has an effectively unlimited number of keys in it.

The standard wallet uses an empty passphrase – so it looks like it’s just the seed phrase alone. It’s not. In all cases it is a seed phrase and a passphrase. But you are allowed to leave the passphrase blank.
(Like filing your tax report by hand: “here you copy over the value from line 39; here you add up lines 45, 46, 47”. The “value from line 39” is part of the whole computation, even if there isn’t anything there.)

And if I want to avoid BIP-39, I can go with, e.g., Shamir. Which gives me a set of shares, plus, again, a passphrase. And that is a basis of a wallet.

This pops up every now and then so I’m saying this a lot:
Even if there was a seed that happens to perfectly match your seed + passphrase (there isn’t), they won’t compromise it. You can’t randomly find a seed with funds on it. You can’t deliberately find a seed with funds on it. The only way to get seed with funds on it is (a) put money on it yourself, or (b) take the seed from someone who already has money on it.

I’m sorry I’m so bad at explaining things.)
After reading your posts I want to take out what I understand and ask you to correct me if I am wrong somewhere.

  1. On one seed phrase you can own many addresses, not just one
    2.If I keep money in a hidden wallet, the person knowing only the seed phrase can not have access to it
    3.A hidden wallet is created on my seed phrase and the only way to access it is to enter seed + passphrase

Multiple Hidden wallets, several Accounts in each Hidden wallet. Adresses are used with transactions in one of the Accounts.

No. It’s not certain the person who knows your seed cannot find out your Passphrase, it depends on how long and complicated you’ve made your Passphrase. If it’s too easy then it’s also easy to break. Don’t confuse the Recovery seed – often called a Backup seed or just Backup – with a Passphrase by calling it “seed phrase”.

No. You enter only your Passphrase to get access to your Hidden wallet. The Recovery seed is already entered and stored in your Trezor device.

You should read up about these things in the Learning Knowledge Base to get a better understanding how they work. Also you’d get some answers by searching and reading this forum, where most of these issues have been answered many times.

1 Like

1.It was not just about hidden wallets, but also about regular wallets. There is a functionality that allows you to create a lot of addresses for deposit

2.I ask you one question, and you answer another.
The question was straightforward: “Knowing only the recovery seed a person cannot access a hidden wallet”.
I didn’t ask if he can guess the passphrase, it’s clear to me that it must be secure.

Response to your last reply (I am not allowed to highlight it in my reply and because of the limitation in posting the link)
3.Again, you are not answering at all what I am asking.
I was talking about a third party who wants access to my wallet and for this he will need recovery seed + passphrase
I use a hidden wallet and I know I don’t have to enter the recovery seed every time I want to access a hidden wallet


Correct. If you use passphrase and your seed gets compromised/stolen, it is NOT enough to recover the wallet, the person needs a passphrase

  1. Yes, correct.

Thank you for your responses and your time with me.
I appreciate it