In the world of crypto and blockchain, it’s important to understand the difference between two fundamental terms: seed phrases and passphrases. Seed phrases and passphrases might sound similar but their use and significance are very different from each other. Seed phrases generated during wallet setup, are your lifeline to recovering and accessing your digital assets. In contrast, passphrases are an optional layer of security, adding an extra dimension of protection to your wallet. This article explores the nuances of seed phrases and passphrases, highlighting their roles, differences, and the impact they have on cryptocurrency security in depth.
Before delving into the concepts of seed phrases and passphrases, it is very important to know and understand the underlying principles of BIP-39 (Bitcoin Improvement Proposal 39) and its operational intricacies.
BIP-39 is a standard that describes how cryptocurrency wallets generate mnemonic or “seed” phrases (seed, mnemonic phrase/sentence all the same thing). BIP-39’s core objective revolves around crafting a phrase or sentence that is human readable and user-friendly, diverging from the utilization of raw binary or hexadecimal representations of a wallet seed. Simply, to map or replace computer-generated randomness with human-readable words. For this mapping a predefined wordlist is used, the English-language wordlist comprises 2048 unique words.
So how does BIP-39 work? How is your precious seed phrase generated? For this a TRNG (True Random Number Generator) source is used, in case of a hardware wallet this could be the microcontroller. This TRNG generates an entropy (ENT) whose size would be 128-256 bits depending on the number of words in the seed phrase (a seed phrase could have 12-24 words). Something known as a checksum (CS) would be calculated and concatenated with the entropy and this whole string of bits, that is ENT + CS would be split into groups of 11, each encoding a number from 0-2047, serving as an index to a wordlist. Once these numbers are converted into words they are joined to create a seed phrase or mnemonic sentence.
It is crucial to emphasize that a seed phrase, while essential for security and wallet recovery, is insufficient for executing transactions and managing cryptocurrency. To enable the signing and transfer of coins, as well as the receiving of coins, a set of private and public keys must be derived from the 12-24 word mnemonic sentence. And yes, your seed phrase and private key are not the same.
Once your seed phrase is generated, it is fed as an input to the PBKDF2 (Password-Based Key Derivation Function 2) and HMAC-SHA512 functions along with the string “mnemonic” + an optional passphrase which the user can choose. This passphrase would be like the 25th word of your mnemonic sentence; by default an empty string ” ” is used. The output hash (output of HMAC-SHA512) is the wallet’s 512-bit “seed”.
This 512-bit seed is in fact your master “keys” or extended key, it is divided into two 256-bit parts, one part is the master private key and the other part is the master chain code. A master public key will be derived off the master private key cryptographically and these are the keys used for sending and receiving coins. The private key is used for signing transactions and sending coins, while the public key is used for generating account addresses and receiving coins.
Now we know how your mnemonic sentence or seed phrase is generated and how it is important for enabling you to send and receive coins. We also came across the term passphrase. Now let’s dive deep into what seed phrases and passphrases are and how they’re fundamentally different.
What does your seed phrase really signify?
You must know plenty about seed phrases now from the above section. A seed phrase is a randomly generated 12-24 word sentence created during the initial wallet setup. It is also known as the recovery phrase or backup phrase because it contains all the necessary information required to access the cryptocurrency funds associated with the corresponding wallet. This makes seed phrases essential for wallet recovery and security. As long as you have access to your seed phrase, you’ll be able to access all the crypto associated with the wallet or seed, even if you delete your software wallet or lose your hardware wallet. Therefore, it’s crucial to keep them safe. Wallets that follow the BIP-39 standard are interoperable, which enables you to switch wallets easily. You only need to enter your recovery phrase into the new wallet, and your funds and assets associated with the seed will be available there.
Seed phrases are used to create wallets. Wallets for multiple or different cryptocurrencies, such as Bitcoin, Etherium, and Solana, can be derived from a single seed phrase. Each of these coin types will have a unique wallet derivation path. One seed phrase can be used to generate wallets or accounts for any coin, whether it’s Bitcoin or an alternative coin, any number of times (n number of wallets/accounts for the same cryptocurrency). Standardized wallet generation streamlines the process and improves convenience.
Both software and hardware wallets can use a single starting point to derive all the private keys, public keys, and addresses (which is the hash of a public key). This unique starting point is our ‘mnemonic sentence’ or ‘seed phrase.’ Essentially, from one single master key, multiple child keys can be derived or generated, depending on factors such as your coin type.
What is a passphrase? How is it different from a seed phrase?
We’ve already encountered the concept of a passphrase when discussing BIP-39. Unlike seed phrases, which are generated for you, a passphrase is an optional word or phrase that you can choose for yourself once your wallet has generated its 12-24 word seed phrase. This additional word or phrase effectively acts as a 25th word of the seed, and it is never saved on the device. For this reason, you’ll need to enter the passphrase every time you run your wallet to access your cryptocurrency. This provides an extra layer of security, ensuring that even if there were a known or unknown vulnerability in your wallet that gets exploited, and even if your seed phrase gets exposed, your passphrase cannot be extracted and without the passphrase, the seed phrase would be obsolete and useless.
However it is very important to know how using a passphrase with your seed phrase would affect your wallet. Suppose you initially set up your wallet with just the seed phrase, and as a result, seed or master keys are generated. If you later decide to use the same seed phrase but include a passphrase, the generated 512-bit seed and the corresponding master keys will be different. This means that each time you use a unique passphrase with your seed phrase, you’re creating a completely new and distinct wallet. You can use any number of passphrases or “salt” with your seed phrase to generate multiple distinct wallets
Because the passphrase functions as the “25th seed word,” it’s essential to understand that your entire wallet, including key pairs and addresses (all the sensitive information), is generated from the passphrase as well. Think of the passphrase as that extra puzzle piece required to complete the picture. Without the passphrase, you won’t be able to access your wallet, as it becomes a necessary component of your seed, if enabled.
Like so, the wallet passphrase can provide additional layer of security and they can serve different purposes :
Protection from Seed Exposure : When your wallet is set up with a passphrase, even if your seed phrase becomes exposed, a thief or attacker won’t be able to access your funds because both the seed phrase and the passphrase are required. This is advantageous, especially in the case of physical attacks on hardware wallets, as only the seed phrase might be exposed.
Ability to Create Hidden Wallets : Multiple wallets can be created by using different passphrases. Even if someone gains unauthorized access to your wallet, they won’t be able to access your funds as the wallets containing coins are hidden without the passphrase. Passphrases also give users the ability to create dummy or decoy wallets with low balances, which can be beneficial in scenarios like the $5 wrench attack.
Ability to Create Multiple Wallets : Multiple wallets can be created from the same seed phrase. Typically, a wallet can handle one seed at a time, but by using multiple passphrases, you can set up multiple wallets from a single seed. This provides flexibility and organization for managing different aspects of your cryptocurrency holdings.
Understanding the distinctions between seed phrases and passphrases is vital for protecting your digital assets. The primary difference between seed phrases and passphrases lies in the purposes they serve. Seed phrases are primarily used for wallet recovery in case of loss or damage, while passphrases are employed to enhance the security of your wallet.
It’s evident that passphrases offer added security and convenience for storing crypto funds and assets. However, this added security comes with the responsibility of safeguarding passphrases, as losing a passphrase can lead to the permanent loss of your cryptocurrency. Ultimately, the choice between using a seed phrase and a passphrase depends on your specific security requirements and backup capabilities.