A seed phrase is not your password number one, not even close. I can give you my password right now and you still wont be able to get into my wallet.
That's a distinction without a difference. A seed phrase is fundamentally a type of password. It's not a biometric ID that checks your eyes or your fingerprints or some other way that you are physically different from everyone else. It's not a physical token that can be physically lost or destroyed and cannot be transferred online. It's a collection of data that plays some role in giving you access to something. Which is to say, it's a password.
That it's chosen by some algorithm and you can't change it doesn't alter the fact that it is fundamentally a type of password. The master password to a password manager system is fundamentally still a password. A very, very long password that consists of many words in the normal English sense of the word "word" is still a password. Some implementations of password systems are relatively better or worse than others, but claiming that you've got a good implementation doesn't mean that it's not still a password.
But if you really want me to ask, what's the difference, then fine. Feel free to explain it however you want.
Lets keep it simple and stay within context of the original post. The victim gave his seed phrase. The attacker did not want his password, because it would have been useless.
The password allows you the ability to sign into the wallet application locally. The seed phrase allows for restoration of the wallet application anywhere.
If I lose my password, I can restore my wallet and make a new password with my seed phrase which is kept secure offline.
When the victim gave his seed phrase, he gave the attacker the ability to restore his wallet onto the attackers system, which was a browser in this case.
There is a certain disticntion between a password and a with a potential dangerous difference.
Let's keep it even simpler: Seed phrase is a password.
The system has two passwords. One of them is meant for everyday use, and then seed password that is like your admin password for when you want to do stuff that is not allowed with just your everyday password.
No sir. Your seed phrase is a representation of your private key. You password is not.
You can call them whatever you want. Let it be known for anyone reading they are two very different things.
A seed phrase is not your password number one, not even close. I can give you my password right now and you still wont be able to get into my wallet.
That's a distinction without a difference. A seed phrase is fundamentally a type of password. It's not a biometric ID that checks your eyes or your fingerprints or some other way that you are physically different from everyone else. It's not a physical token that can be physically lost or destroyed and cannot be transferred online. It's a collection of data that plays some role in giving you access to something. Which is to say, it's a password.
That it's chosen by some algorithm and you can't change it doesn't alter the fact that it is fundamentally a type of password. The master password to a password manager system is fundamentally still a password. A very, very long password that consists of many words in the normal English sense of the word "word" is still a password. Some implementations of password systems are relatively better or worse than others, but claiming that you've got a good implementation doesn't mean that it's not still a password.
But if you really want me to ask, what's the difference, then fine. Feel free to explain it however you want.
Lets keep it simple and stay within context of the original post. The victim gave his seed phrase. The attacker did not want his password, because it would have been useless.
The password allows you the ability to sign into the wallet application locally. The seed phrase allows for restoration of the wallet application anywhere.
If I lose my password, I can restore my wallet and make a new password with my seed phrase which is kept secure offline.
When the victim gave his seed phrase, he gave the attacker the ability to restore his wallet onto the attackers system, which was a browser in this case.
There is a certain disticntion between a password and a with a potential dangerous difference.
Let's keep it even simpler: Seed phrase is a password.
The system has two passwords. One of them is meant for everyday use, and then seed password that is like your admin password for when you want to do stuff that is not allowed with just your everyday password.
No sir. Your seed phrase is a representation of your private key. You password is not.
You can call them whatever you want. Let it be known for anyone reading they are two very different things.
BC is right.
So here's something as well. You can unlock your wallets with biometrics. If you want to go to a wallet on two different phones, or two different web browsers, it asks you to input your password.
But if you've never been on that PC, no matter if you use your biometrics or correct password, it doesn't let you in.
Instead it requests a particular seed phrase.
Sure you could say "well it's just a password, however long"....
And in some ways you could be correct, but, in most cases it's not quite correct.
You have to provide very specific words in a very specific order to enter a seed phrase.
Think of it like a mix between a password and captcha. Even if you know all the words related to the seed phrase, it doesn't mean you'll be able to access the account.
You NEED the seed phrase to access your wallets, etc. You can't change it, and if you lose it, you're pretty much SOL if you haven't already imported the account.
So yeah, I mean if you want to think of it as words = password, that's like saying a skateboard is a car because it has 4 wheels, but it's not exactly true.
I was a UNIX sysadmin in 1977, and wrote a scam like that just for fun. As the admin, I could replace the login program with one of my own. So the sequence was:
login: <user types their login>
password: <user types their password>
Then my program would exit, and invoke the real login program. So the user would try again and it would work. I saved off their username and password.
That was almost 45 years ago.
A more sophisticated version of that would pass the login and password to the real login program so that the user never got a password rejected error message and the whole thing seemed like it just worked. The programming tools were a lot less sophisticated in 1977, though, so I'm not sure how practical it was to do that then.
I could actually have changed the real login program in the first place as the admin and kernel programmer. This was an ARPANET UNIX system, so full C tools, with email, FTP, chat, remote terminal, etc. That's why my signature is being on the net for 44 years.
It amazes me, the hardware has changed dramatically in the last 45 years, but I'm still using Linux at work, meaning I still use almost all the same commands as back then.
Sure you could say "well it's just a password, however long"....
And in some ways you could be correct, but, in most cases it's not quite correct.
You have to provide very specific words in a very specific order to enter a seed phrase.
Think of it like a mix between a password and captcha. Even if you know all the words related to the seed phrase, it doesn't mean you'll be able to access the account.
Even if you know all the symbols of a long password you won't be able to access unless you provide those very specific symbols in a very specific order.
Also on related note, I think it would require really bizarre circumstances to end up in a situation where someone knows all the words of your passphrase/seed phrase but not their order.
Sure you could say "well it's just a password, however long"....
And in some ways you could be correct, but, in most cases it's not quite correct.
You have to provide very specific words in a very specific order to enter a seed phrase.
Think of it like a mix between a password and captcha. Even if you know all the words related to the seed phrase, it doesn't mean you'll be able to access the account.
Even if you know all the symbols of a long password you won't be able to access unless you provide those very specific symbols in a very specific order.
Also on related note, I think it would require really bizarre circumstances to end up in a situation where someone knows all the words of your passphrase/seed phrase but not their order.
Think of it this way, if you were to crack a password, even with say, 10 characters, there are password crackers that run through combinations quickly. Sure you have all letters corresponding to a certain location, and so on, but essentially you're still dealing with 1 box, 1 word, however complex you want to make it.
So an application simply needs to run through all combinations in one specific area of the screen. Unlike a password where it can be reset, guessed based on knowing your history or cracked from another location, then submitting through an unlimited number of login attempts over the course of.. however long, a seed phrase pretty much can't.
You would essentially have to know and crack 12 separate passwords in a specific order to make it work.
And as for knowing the location of the seed phrase words, it's possible, it all depends on how someone would attempt to obtain them, and how the user stores them. Maybe something to think about for people that are just now getting into owning their first wallet.
Sure you could say "well it's just a password, however long"....
And in some ways you could be correct, but, in most cases it's not quite correct.
You have to provide very specific words in a very specific order to enter a seed phrase.
Think of it like a mix between a password and captcha. Even if you know all the words related to the seed phrase, it doesn't mean you'll be able to access the account.
Even if you know all the symbols of a long password you won't be able to access unless you provide those very specific symbols in a very specific order.
Also on related note, I think it would require really bizarre circumstances to end up in a situation where someone knows all the words of your passphrase/seed phrase but not their order.
Think of it this way, if you were to crack a password, even with say, 10 characters, there are password crackers that run through combinations quickly. Sure you have all letters corresponding to a certain location, and so on, but essentially you're still dealing with 1 box, 1 word, however complex you want to make it.
So an application simply needs to run through all combinations in one specific area of the screen. Unlike a password where it can be reset, guessed based on knowing your history or cracked from another location, then submitting through an unlimited number of login attempts over the course of.. however long, a seed phrase pretty much can't.
You would essentially have to know and crack 12 separate passwords in a specific order to make it work.
And as for knowing the location of the seed phrase words, it's possible, it all depends on how someone would attempt to obtain them, and how the user stores them. Maybe something to think about for people that are just now getting into owning their first wallet.
Someone cracking a seed phrase would not need to crack 12 separate passwords. He would just need to crack one horribly long password, for example: "issue flame sample lyrics find vault announce banner cute damage civil goat". This example is taken from wikipedia.
It's true that seed phrases are harder to crack than passwords. For example a 12 word seed phrase using BIP39 english language word list has 5444517870735015415413993718908291383296 possible combinations, whereas 12 symbol password using symbols A-Z, a-z and 0-9 only has 3226266762397899821056 possible combinations. But that's on the merit that the seed phrase is longer. It's basically just a very long password so that thanks to its length it's nearly impossible to crack with brute force, but if you're trying to steal it through phishing attack or some other means it's just a password.
Sure you could say "well it's just a password, however long"....
And in some ways you could be correct, but, in most cases it's not quite correct.
You have to provide very specific words in a very specific order to enter a seed phrase.
Think of it like a mix between a password and captcha. Even if you know all the words related to the seed phrase, it doesn't mean you'll be able to access the account.
Even if you know all the symbols of a long password you won't be able to access unless you provide those very specific symbols in a very specific order.
Also on related note, I think it would require really bizarre circumstances to end up in a situation where someone knows all the words of your passphrase/seed phrase but not their order.
Think of it this way, if you were to crack a password, even with say, 10 characters, there are password crackers that run through combinations quickly. Sure you have all letters corresponding to a certain location, and so on, but essentially you're still dealing with 1 box, 1 word, however complex you want to make it.
So an application simply needs to run through all combinations in one specific area of the screen. Unlike a password where it can be reset, guessed based on knowing your history or cracked from another location, then submitting through an unlimited number of login attempts over the course of.. however long, a seed phrase pretty much can't.
You would essentially have to know and crack 12 separate passwords in a specific order to make it work.
And as for knowing the location of the seed phrase words, it's possible, it all depends on how someone would attempt to obtain them, and how the user stores them. Maybe something to think about for people that are just now getting into owning their first wallet.
Someone cracking a seed phrase would not need to crack 12 separate passwords. He would just need to crack one horribly long password, for example: "issue flame sample lyrics find vault announce banner cute damage civil goat". This example is taken from wikipedia.
It's true that seed phrases are harder to crack than passwords. For example a 12 word seed phrase using BIP39 english language word list has 5444517870735015415413993718908291383296 possible combinations, whereas 12 symbol password using symbols A-Z, a-z and 0-9 only has 3226266762397899821056 possible combinations. But that's on the merit that the seed phrase is longer. It's basically just a very long password so that thanks to its length it's nearly impossible to crack with brute force, but if you're trying to steal it through phishing attack or some other means it's just a password.
I would recommend you create a wallet to understand how the input of seed phrases matters.
In your example of it just being a password, because it's obtained through phishing invalidates any text string based security, including 2 factor authentication. If it's text and/or numerical it can be phished and therefore it's no different than a "password".
True in the simplest sense but not entirely accurate.
A seed phrase is not your password number one, not even close. I can give you my password right now and you still wont be able to get into my wallet.
That's a distinction without a difference. A seed phrase is fundamentally a type of password. It's not a biometric ID that checks your eyes or your fingerprints or some other way that you are physically different from everyone else. It's not a physical token that can be physically lost or destroyed and cannot be transferred online. It's a collection of data that plays some role in giving you access to something. Which is to say, it's a password.
That it's chosen by some algorithm and you can't change it doesn't alter the fact that it is fundamentally a type of password. The master password to a password manager system is fundamentally still a password. A very, very long password that consists of many words in the normal English sense of the word "word" is still a password. Some implementations of password systems are relatively better or worse than others, but claiming that you've got a good implementation doesn't mean that it's not still a password.
But if you really want me to ask, what's the difference, then fine. Feel free to explain it however you want.
Lets keep it simple and stay within context of the original post. The victim gave his seed phrase. The attacker did not want his password, because it would have been useless.
The password allows you the ability to sign into the wallet application locally. The seed phrase allows for restoration of the wallet application anywhere.
If I lose my password, I can restore my wallet and make a new password with my seed phrase which is kept secure offline.
When the victim gave his seed phrase, he gave the attacker the ability to restore his wallet onto the attackers system, which was a browser in this case.
There is a certain disticntion between a password and a with a potential dangerous difference.
Let's keep it even simpler: Seed phrase is a password.
The system has two passwords. One of them is meant for everyday use, and then seed password that is like your admin password for when you want to do stuff that is not allowed with just your everyday password.
No sir. Your seed phrase is a representation of your private key. You password is not.
You can call them whatever you want. Let it be known for anyone reading they are two very different things.
A private key is fundamentally a password. It doesn't matter if it's written as a series of common words or a series of 64 hex nibbles. It's information known only to you that is used to access something. It may be generated in such a way to make it a very secure password, but plenty of password managers will do that to generate more traditional passwords, too. You're trying to split hairs here and create a distinction without a difference.
As Vrika said, in another context, you might do the same thing with a normal password that you use to log in for everyday use, and a separate admin password that can be used to reset your normal password. Or maybe you contact a sysadmin and ask him to use his admin password to reset your normal password. But just because an admin password or root password or whatever is used for special things and can reset a normal password used for everyday use doesn't mean that it's not a password.
I would recommend you create a wallet to understand how the input of seed phrases matters.
In your example of it just being a password, because it's obtained through phishing invalidates any text string based security, including 2 factor authentication. If it's text and/or numerical it can be phished and therefore it's no different than a "password".
True in the simplest sense but not entirely accurate.
2 factor authentication means that user is verified by two means. Usually it's two of: a) Knowledge (eg. knowing a password) b) Possession (eg. a specific device) c) Biometrics (eg. face recognition, fingerprint recognition)
The knowledge -part can be bypassed with phishing since it's normally just a password.
The possession -part is can sometimes be bypassed with simple phishing since it's usually just a code generated by authenticator. But those codes are normally one use only and must be used immediately to work, which limits their usability. Especially if the service provider places additional security by asking a second authentication when you try to do something exceptional.
Also there are some possessions that can't be phished so easily. For example Estonia's eID card is one. Or as another example, my bank sends text message telling info what I'm authenticating, like: "You're trying to authenticate 2000€ transaction. Your code is: 1234".
The biometrics -part would require some creative programming before you're able to phish it.
Sure you could say "well it's just a password, however long"....
And in some ways you could be correct, but, in most cases it's not quite correct.
You have to provide very specific words in a very specific order to enter a seed phrase.
Think of it like a mix between a password and captcha. Even if you know all the words related to the seed phrase, it doesn't mean you'll be able to access the account.
Even if you know all the symbols of a long password you won't be able to access unless you provide those very specific symbols in a very specific order.
Also on related note, I think it would require really bizarre circumstances to end up in a situation where someone knows all the words of your passphrase/seed phrase but not their order.
Think of it this way, if you were to crack a password, even with say, 10 characters, there are password crackers that run through combinations quickly. Sure you have all letters corresponding to a certain location, and so on, but essentially you're still dealing with 1 box, 1 word, however complex you want to make it.
So an application simply needs to run through all combinations in one specific area of the screen. Unlike a password where it can be reset, guessed based on knowing your history or cracked from another location, then submitting through an unlimited number of login attempts over the course of.. however long, a seed phrase pretty much can't.
You would essentially have to know and crack 12 separate passwords in a specific order to make it work.
And as for knowing the location of the seed phrase words, it's possible, it all depends on how someone would attempt to obtain them, and how the user stores them. Maybe something to think about for people that are just now getting into owning their first wallet.
You're basically arguing that a secure password isn't a password.
You're wrong that 10 characters makes a password insecure. If the 10 characters are each uniformly and independently chosen from among the 95 easily typeable characters on an American keyboard, then there are about 60 quintillion passwords possible. Even for a very weak password hash algorithm, that's going to take a lot of running time on some seriously powerful hardware to crack it. If it's a password hash algorithm that is actually good, then having all of the computers in the entire world at your disposal to use until they fail may or may not be enough.
And there's no reason why a password length has to be capped at 10. Any respectable password system will allow massively longer passwords than that. Any good password system will allow you to use 30 or 50 character passwords if you want to. When passwords are insecure, usually the reason is that people choose them stupidly. Picking a random word and repeating it 10 times may make for a very long password, but not a secure one.
I'd be willing to entertain the notion that password-like data stored and access in such a way that it's never manually entered by a human isn't really a password. For example, the long-term key in your cell phone is data like a password, but will probably never be typed or seen by a human, as that's not how it's normally accessed and used. But even with that distinction, a seed phrase is very much still a password.
A seed phrase is not your password number one, not even close. I can give you my password right now and you still wont be able to get into my wallet.
That's a distinction without a difference. A seed phrase is fundamentally a type of password. It's not a biometric ID that checks your eyes or your fingerprints or some other way that you are physically different from everyone else. It's not a physical token that can be physically lost or destroyed and cannot be transferred online. It's a collection of data that plays some role in giving you access to something. Which is to say, it's a password.
That it's chosen by some algorithm and you can't change it doesn't alter the fact that it is fundamentally a type of password. The master password to a password manager system is fundamentally still a password. A very, very long password that consists of many words in the normal English sense of the word "word" is still a password. Some implementations of password systems are relatively better or worse than others, but claiming that you've got a good implementation doesn't mean that it's not still a password.
But if you really want me to ask, what's the difference, then fine. Feel free to explain it however you want.
Lets keep it simple and stay within context of the original post. The victim gave his seed phrase. The attacker did not want his password, because it would have been useless.
The password allows you the ability to sign into the wallet application locally. The seed phrase allows for restoration of the wallet application anywhere.
If I lose my password, I can restore my wallet and make a new password with my seed phrase which is kept secure offline.
When the victim gave his seed phrase, he gave the attacker the ability to restore his wallet onto the attackers system, which was a browser in this case.
There is a certain disticntion between a password and a with a potential dangerous difference.
Let's keep it even simpler: Seed phrase is a password.
The system has two passwords. One of them is meant for everyday use, and then seed password that is like your admin password for when you want to do stuff that is not allowed with just your everyday password.
No sir. Your seed phrase is a representation of your private key. You password is not.
You can call them whatever you want. Let it be known for anyone reading they are two very different things.
BC is right.
So here's something as well. You can unlock your wallets with biometrics. If you want to go to a wallet on two different phones, or two different web browsers, it asks you to input your password.
But if you've never been on that PC, no matter if you use your biometrics or correct password, it doesn't let you in.
Instead it requests a particular seed phrase.
Sure you could say "well it's just a password, however long"....
And in some ways you could be correct, but, in most cases it's not quite correct.
You have to provide very specific words in a very specific order to enter a seed phrase.
Think of it like a mix between a password and captcha. Even if you know all the words related to the seed phrase, it doesn't mean you'll be able to access the account.
You NEED the seed phrase to access your wallets, etc. You can't change it, and if you lose it, you're pretty much SOL if you haven't already imported the account.
So yeah, I mean if you want to think of it as words = password, that's like saying a skateboard is a car because it has 4 wheels, but it's not exactly true.
Functionally the seed phrase operates much like my master password, so the difference is irrelevant.
Just trying to live long enough to play a new, released MMORPG, playing New Worlds atm
Fools find no pleasure in understanding but delight in airing their own opinions. Pvbs 18:2, NIV
Don't just play games, inhabit virtual worlds™
"This is the most intelligent, well qualified and articulate response to a post I have ever seen on these forums. It's a shame most people here won't have the attention span to read past the second line." - Anon
A seed phrase is not your password number one, not even close. I can give you my password right now and you still wont be able to get into my wallet.
That's a distinction without a difference. A seed phrase is fundamentally a type of password. It's not a biometric ID that checks your eyes or your fingerprints or some other way that you are physically different from everyone else. It's not a physical token that can be physically lost or destroyed and cannot be transferred online. It's a collection of data that plays some role in giving you access to something. Which is to say, it's a password.
That it's chosen by some algorithm and you can't change it doesn't alter the fact that it is fundamentally a type of password. The master password to a password manager system is fundamentally still a password. A very, very long password that consists of many words in the normal English sense of the word "word" is still a password. Some implementations of password systems are relatively better or worse than others, but claiming that you've got a good implementation doesn't mean that it's not still a password.
But if you really want me to ask, what's the difference, then fine. Feel free to explain it however you want.
Lets keep it simple and stay within context of the original post. The victim gave his seed phrase. The attacker did not want his password, because it would have been useless.
The password allows you the ability to sign into the wallet application locally. The seed phrase allows for restoration of the wallet application anywhere.
If I lose my password, I can restore my wallet and make a new password with my seed phrase which is kept secure offline.
When the victim gave his seed phrase, he gave the attacker the ability to restore his wallet onto the attackers system, which was a browser in this case.
There is a certain disticntion between a password and a with a potential dangerous difference.
Let's keep it even simpler: Seed phrase is a password.
The system has two passwords. One of them is meant for everyday use, and then seed password that is like your admin password for when you want to do stuff that is not allowed with just your everyday password.
No sir. Your seed phrase is a representation of your private key. You password is not.
You can call them whatever you want. Let it be known for anyone reading they are two very different things.
BC is right.
So here's something as well. You can unlock your wallets with biometrics. If you want to go to a wallet on two different phones, or two different web browsers, it asks you to input your password.
But if you've never been on that PC, no matter if you use your biometrics or correct password, it doesn't let you in.
Instead it requests a particular seed phrase.
Sure you could say "well it's just a password, however long"....
And in some ways you could be correct, but, in most cases it's not quite correct.
You have to provide very specific words in a very specific order to enter a seed phrase.
Think of it like a mix between a password and captcha. Even if you know all the words related to the seed phrase, it doesn't mean you'll be able to access the account.
You NEED the seed phrase to access your wallets, etc. You can't change it, and if you lose it, you're pretty much SOL if you haven't already imported the account.
So yeah, I mean if you want to think of it as words = password, that's like saying a skateboard is a car because it has 4 wheels, but it's not exactly true.
Functionally the seed phrase operates much like my master password, so the difference is irrelevant.
So seed phrase is a master password and a password is a password. A square is a rectangle but a retangle is not a square.
Break your computer or phone. Get a new one. Install you wallet then try to get into your wallet with your password.
At that point you will understand the functional difference between a password and a seed phrase.
We play and mince words all day long on here. I am not playing nor mincing words. This discussion is not the place. Do with my words as you will. I will say no more on this topic.
A seed phrase is not your password number one, not even close. I can give you my password right now and you still wont be able to get into my wallet.
That's a distinction without a difference. A seed phrase is fundamentally a type of password. It's not a biometric ID that checks your eyes or your fingerprints or some other way that you are physically different from everyone else. It's not a physical token that can be physically lost or destroyed and cannot be transferred online. It's a collection of data that plays some role in giving you access to something. Which is to say, it's a password.
That it's chosen by some algorithm and you can't change it doesn't alter the fact that it is fundamentally a type of password. The master password to a password manager system is fundamentally still a password. A very, very long password that consists of many words in the normal English sense of the word "word" is still a password. Some implementations of password systems are relatively better or worse than others, but claiming that you've got a good implementation doesn't mean that it's not still a password.
But if you really want me to ask, what's the difference, then fine. Feel free to explain it however you want.
Lets keep it simple and stay within context of the original post. The victim gave his seed phrase. The attacker did not want his password, because it would have been useless.
The password allows you the ability to sign into the wallet application locally. The seed phrase allows for restoration of the wallet application anywhere.
If I lose my password, I can restore my wallet and make a new password with my seed phrase which is kept secure offline.
When the victim gave his seed phrase, he gave the attacker the ability to restore his wallet onto the attackers system, which was a browser in this case.
There is a certain disticntion between a password and a with a potential dangerous difference.
Let's keep it even simpler: Seed phrase is a password.
The system has two passwords. One of them is meant for everyday use, and then seed password that is like your admin password for when you want to do stuff that is not allowed with just your everyday password.
No sir. Your seed phrase is a representation of your private key. You password is not.
You can call them whatever you want. Let it be known for anyone reading they are two very different things.
BC is right.
So here's something as well. You can unlock your wallets with biometrics. If you want to go to a wallet on two different phones, or two different web browsers, it asks you to input your password.
But if you've never been on that PC, no matter if you use your biometrics or correct password, it doesn't let you in.
Instead it requests a particular seed phrase.
Sure you could say "well it's just a password, however long"....
And in some ways you could be correct, but, in most cases it's not quite correct.
You have to provide very specific words in a very specific order to enter a seed phrase.
Think of it like a mix between a password and captcha. Even if you know all the words related to the seed phrase, it doesn't mean you'll be able to access the account.
You NEED the seed phrase to access your wallets, etc. You can't change it, and if you lose it, you're pretty much SOL if you haven't already imported the account.
So yeah, I mean if you want to think of it as words = password, that's like saying a skateboard is a car because it has 4 wheels, but it's not exactly true.
Functionally the seed phrase operates much like my master password, so the difference is irrelevant.
So seed phrase is a master password and a password is a password. A square is a rectangle but a retangle is not a square.
Break your computer or phone. Get a new one. Install you wallet then try to get into your wallet with your password.
At that point you will understand the functional difference between a password and a seed phrase.
We play and mince words all day long on here. I am not playing nor mincing words. This discussion is not the place. Do with my words as you will. I will say no more on this topic.
Just trying to live long enough to play a new, released MMORPG, playing New Worlds atm
Fools find no pleasure in understanding but delight in airing their own opinions. Pvbs 18:2, NIV
Don't just play games, inhabit virtual worlds™
"This is the most intelligent, well qualified and articulate response to a post I have ever seen on these forums. It's a shame most people here won't have the attention span to read past the second line." - Anon
I tried Discord for abotu ten minutes.....IT was frustrating to me to have to go outside a game to communicate.....If a guild demands we have it, then I find a new guild.....Dont miss it one iota.
I tried Discord for abotu ten minutes.....IT was frustrating to me to have to go outside a game to communicate.....If a guild demands we have it, then I find a new guild.....Dont miss it one iota.
discord is hard to figure out at first lol. I barely know how to move between servers. There's some real functionality there though.
Comments
You can call them whatever you want. Let it be known for anyone reading they are two very different things.
So here's something as well. You can unlock your wallets with biometrics. If you want to go to a wallet on two different phones, or two different web browsers, it asks you to input your password.
But if you've never been on that PC, no matter if you use your biometrics or correct password, it doesn't let you in.
Instead it requests a particular seed phrase.
Sure you could say "well it's just a password, however long"....
And in some ways you could be correct, but, in most cases it's not quite correct.
You have to provide very specific words in a very specific order to enter a seed phrase.
Think of it like a mix between a password and captcha. Even if you know all the words related to the seed phrase, it doesn't mean you'll be able to access the account.
You NEED the seed phrase to access your wallets, etc. You can't change it, and if you lose it, you're pretty much SOL if you haven't already imported the account.
So yeah, I mean if you want to think of it as words = password, that's like saying a skateboard is a car because it has 4 wheels, but it's not exactly true.
------------
2024: 47 years on the Net.
Also on related note, I think it would require really bizarre circumstances to end up in a situation where someone knows all the words of your passphrase/seed phrase but not their order.
So an application simply needs to run through all combinations in one specific area of the screen. Unlike a password where it can be reset, guessed based on knowing your history or cracked from another location, then submitting through an unlimited number of login attempts over the course of.. however long, a seed phrase pretty much can't.
You would essentially have to know and crack 12 separate passwords in a specific order to make it work.
And as for knowing the location of the seed phrase words, it's possible, it all depends on how someone would attempt to obtain them, and how the user stores them. Maybe something to think about for people that are just now getting into owning their first wallet.
It's true that seed phrases are harder to crack than passwords. For example a 12 word seed phrase using BIP39 english language word list has 5444517870735015415413993718908291383296 possible combinations, whereas 12 symbol password using symbols A-Z, a-z and 0-9 only has 3226266762397899821056 possible combinations. But that's on the merit that the seed phrase is longer. It's basically just a very long password so that thanks to its length it's nearly impossible to crack with brute force, but if you're trying to steal it through phishing attack or some other means it's just a password.
In your example of it just being a password, because it's obtained through phishing invalidates any text string based security, including 2 factor authentication. If it's text and/or numerical it can be phished and therefore it's no different than a "password".
True in the simplest sense but not entirely accurate.
"Be water my friend" - Bruce Lee
As Vrika said, in another context, you might do the same thing with a normal password that you use to log in for everyday use, and a separate admin password that can be used to reset your normal password. Or maybe you contact a sysadmin and ask him to use his admin password to reset your normal password. But just because an admin password or root password or whatever is used for special things and can reset a normal password used for everyday use doesn't mean that it's not a password.
a) Knowledge (eg. knowing a password)
b) Possession (eg. a specific device)
c) Biometrics (eg. face recognition, fingerprint recognition)
The knowledge -part can be bypassed with phishing since it's normally just a password.
The possession -part is can sometimes be bypassed with simple phishing since it's usually just a code generated by authenticator. But those codes are normally one use only and must be used immediately to work, which limits their usability. Especially if the service provider places additional security by asking a second authentication when you try to do something exceptional.
Also there are some possessions that can't be phished so easily. For example Estonia's eID card is one. Or as another example, my bank sends text message telling info what I'm authenticating, like: "You're trying to authenticate 2000€ transaction. Your code is: 1234".
The biometrics -part would require some creative programming before you're able to phish it.
You're wrong that 10 characters makes a password insecure. If the 10 characters are each uniformly and independently chosen from among the 95 easily typeable characters on an American keyboard, then there are about 60 quintillion passwords possible. Even for a very weak password hash algorithm, that's going to take a lot of running time on some seriously powerful hardware to crack it. If it's a password hash algorithm that is actually good, then having all of the computers in the entire world at your disposal to use until they fail may or may not be enough.
And there's no reason why a password length has to be capped at 10. Any respectable password system will allow massively longer passwords than that. Any good password system will allow you to use 30 or 50 character passwords if you want to. When passwords are insecure, usually the reason is that people choose them stupidly. Picking a random word and repeating it 10 times may make for a very long password, but not a secure one.
I'd be willing to entertain the notion that password-like data stored and access in such a way that it's never manually entered by a human isn't really a password. For example, the long-term key in your cell phone is data like a password, but will probably never be typed or seen by a human, as that's not how it's normally accessed and used. But even with that distinction, a seed phrase is very much still a password.
"True friends stab you in the front." | Oscar Wilde
"I need to finish" - Christian Wolff: The Accountant
Just trying to live long enough to play a new, released MMORPG, playing New Worlds atm
Fools find no pleasure in understanding but delight in airing their own opinions. Pvbs 18:2, NIV
Don't just play games, inhabit virtual worlds™
"This is the most intelligent, well qualified and articulate response to a post I have ever seen on these forums. It's a shame most people here won't have the attention span to read past the second line." - Anon
Break your computer or phone. Get a new one. Install you wallet then try to get into your wallet with your password.
At that point you will understand the functional difference between a password and a seed phrase.
We play and mince words all day long on here. I am not playing nor mincing words. This discussion is not the place. Do with my words as you will. I will say no more on this topic.
/BCBully
"True friends stab you in the front." | Oscar Wilde
"I need to finish" - Christian Wolff: The Accountant
Just trying to live long enough to play a new, released MMORPG, playing New Worlds atm
Fools find no pleasure in understanding but delight in airing their own opinions. Pvbs 18:2, NIV
Don't just play games, inhabit virtual worlds™
"This is the most intelligent, well qualified and articulate response to a post I have ever seen on these forums. It's a shame most people here won't have the attention span to read past the second line." - Anon
Does that also mean that a master key is not a key?