Keep in mind that most wallets are scanning only 20 addresses ahead. If there is more than 20 unused addresses, the wallet will stop scanning and you will not be able to see the amounts of the remaining addresses. The easiest solution is to fill the gap by sending a small amount of satoshis to ~10th unused address.
This and your previous video are Gold! I love bip39, because I'm just not comfortable having a physical backup of my private keys without the additional protection of a high entropy secret passphrase or password. On the other hand I'm not comfortable without having physical backups of my private keys. Damned if I do, damned if I don't. This is why I love keepass and keepass2android. I can make 3 physical backups of my seed on paper Etc, and store them in different locations. Then use keepass to store and synchronize the passwords in the cloud. Protected by a master password and a key file that is only stored on my devices. As part of a testament for a loved one you could append a simple password to the high entropy passphrase. Then whisper the word in their ear. Or write it on a piece of paper, and burn it afterwards. It doesn't even have to be an English word. It could be Swahili. For me this scenario is one conceivable sweet spot. It's simple, and the probability of anyone but the intended getting all three pieces is highly improbable. Feel free to rip this scenario to pieces. When it comes to security, or life and death, there is no pride or shame..😀
You also need to know what character the address begins with. Whether it begins with "1", with "3" or with "bc1". The wallet generates a completely different set of addresses for the same seed, depending on what kind of wallet you choose, and the choice is not obvious, for instance in Electrum the "bc1" addresses are called "SegWit native". Make sure that the addresses you wallet generates look the same as the original address, otherwise change wallet type.
Please help me!!! I reput my seedphrase into my ledger that I had reset and now my funds are showing 0 I believe it is a derivation path problem !!! Can u help me!!!! Please
I think it should be mentioned here that revealing the master public key and just ONE PRIVATE KEY from an HD wallet account compromises ALL PRIVATE keys from that account!!! Meaning that if you have 0BTC at address #1 and 100BTC at address #2 and you reveal the master public key and the private key of the address #1, the private key of all derived addresses including the address containing 100BTC are compromised.
The derivation does privkey(n) = k + h(xpub, n), where h() is the hash function. If you know the xpub, you can calculate h(xpub, n) for any n. If you also know e.g. privkey(2), then you can calculate k = privkey(2) - h(xpub, 2), and knowing k you can calculate privkey for any other n.
See also BIP32: github.com/bitcoin/bips/blob/master/bip-0032.mediawiki "One weakness that may not be immediately obvious, is that knowledge of a parent extended public key plus any non-hardened private key descending from it is equivalent to knowing the parent extended private key (and thus every private and public key descending from it). This means that extended public keys must be treated more carefully than regular public keys."
When I tested my ledger seed on samourai it showed zero balance. Then I asked it to show the XPUB, YPUB, and ZPUB. That's when it found all the deposits. It's default is legacy addresses, not segwit.
Hello aantonop, you are the best expert I saw about mnemonics and watch only Wallet. PLEASE : I sent my funds from Trust Wallet to the wrong address (but my adress from Coinbase) and I managed to create a watch Only Wallet on Trust Wallet I see that my money’s still here. Is there something I can do to recover my funds for real ? 🙏🏼🙏🏼 Coinbase can’t do anything and Trust Wallet Support don’t answer
Andreas I think the bip39 protocol is excellent. But I would like to see the addition of a Deep Freeze protocol added to the bip39 protocol, for use with the user-defined extra passphrase or password option. In essence I would like to have the option of 3 Factor Authentication. Which would result in three levels of Bitcoin storage ( hot, cold and Deep Freeze). Currently bip39 is set to 2048 rounds of iteration. Which is a value that Gregory Maxwell has criticized as being insufficient and meaningless. I propose that the rounds of iteration be user-selectable based on the character lengths of the user-defined passphrase or password. The range of iterations could go from the current default of 2048, all the way up to the range of brute force impossibility. Moore's Law could be used as a guide for the range of iteration choice. For example, a passphrase or password of less than 25 characters could default to the current 2048 iterations. Over 25 characters would progressively increase the rounds of iteration all the way to brute force impossibility. In fact at a greater than 25 character passphrase or password length Argon2 could kick in with its extra ASIC resistance. See, I don't care if it takes 30 minutes for my laptop or HW to create or unlock my private keys stored in Deep Freeze. It won't be accessed that often. The option of the added security is worth the small user inconvenience to me. That's my story, and I'm sticking to it..😀 cc.. Gregory Maxwell
It's where the wallet does not control the private keys of the address it's watching. Meaning the watch only wallet cannot spend, it can only watch. Hope this helps!
Hi Andreas, It could be a stupid theory of conspiracy but... I wonder if the 2 or 3 biggest miners could work together and orchestrate an attack of 51% just hacking the number of miners left necessary to win. My point is: Miners are a pool of computers connected to the internet and I guess most of them are physically in the same place, therefore the hacking could be simply cutting out the internet connection with the world. In this case, the 3 biggest miners would be the majority. Is it possible? Thanks!
I know you didn't ask me but, win what? A reorganization of the blockchain only minimizes their profits. If they are that big, they should benefit from the system being as fair as possible
The master.
Keep in mind that most wallets are scanning only 20 addresses ahead. If there is more than 20 unused addresses, the wallet will stop scanning and you will not be able to see the amounts of the remaining addresses.
The easiest solution is to fill the gap by sending a small amount of satoshis to ~10th unused address.
This and your previous video are Gold! I love bip39, because I'm just not comfortable having a physical backup of my private keys without the additional protection of a high entropy secret passphrase or password.
On the other hand I'm not comfortable without having physical backups of my private keys. Damned if I do, damned if I don't. This is why I love keepass and keepass2android.
I can make 3 physical backups of my seed on paper Etc, and store them in different locations. Then use keepass to store and synchronize the passwords in the cloud. Protected by a master password and a key file that is only stored on my devices.
As part of a testament for a loved one you could append a simple password to the high entropy passphrase. Then whisper the word in their ear. Or write it on a piece of paper, and burn it afterwards. It doesn't even have to be an English word. It could be Swahili.
For me this scenario is one conceivable sweet spot. It's simple, and the probability of anyone but the intended getting all three pieces is highly improbable.
Feel free to rip this scenario to pieces. When it comes to security, or life and death, there is no pride or shame..😀
You also need to know what character the address begins with. Whether it begins with "1", with "3" or with "bc1". The wallet generates a completely different set of addresses for the same seed, depending on what kind of wallet you choose, and the choice is not obvious, for instance in Electrum the "bc1" addresses are called "SegWit native". Make sure that the addresses you wallet generates look the same as the original address, otherwise change wallet type.
so watch only wallets can receive funds?
Please help me!!! I reput my seedphrase into my ledger that I had reset and now my funds are showing 0 I believe it is a derivation path problem !!! Can u help me!!!! Please
I think it should be mentioned here that revealing the master public key and just ONE PRIVATE KEY from an HD wallet account compromises ALL PRIVATE keys from that account!!! Meaning that if you have 0BTC at address #1 and 100BTC at address #2 and you reveal the master public key and the private key of the address #1, the private key of all derived addresses including the address containing 100BTC are compromised.
This is incorrect. You cannot determine the path, index and root key from a single address in an HD wallet.
The derivation does privkey(n) = k + h(xpub, n), where h() is the hash function. If you know the xpub, you can calculate h(xpub, n) for any n. If you also know e.g. privkey(2), then you can calculate k = privkey(2) - h(xpub, 2), and knowing k you can calculate privkey for any other n.
See also BIP32: github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
"One weakness that may not be immediately obvious, is that knowledge of a parent extended public key plus any non-hardened private key descending from it is equivalent to knowing the parent extended private key (and thus every private and public key descending from it). This means that extended public keys must be treated more carefully than regular public keys."
When I tested my ledger seed on samourai it showed zero balance. Then I asked it to show the XPUB, YPUB, and ZPUB. That's when it found all the deposits. It's default is legacy addresses, not segwit.
Hello aantonop, you are the best expert I saw about mnemonics and watch only Wallet.
PLEASE : I sent my funds from Trust Wallet to the wrong address (but my adress from Coinbase) and I managed to create a watch Only Wallet on Trust Wallet I see that my money’s still here. Is there something I can do to recover my funds for real ? 🙏🏼🙏🏼
Coinbase can’t do anything and Trust Wallet Support don’t answer
Andreas I think the bip39 protocol is excellent. But I would like to see the addition of a Deep Freeze protocol added to the bip39 protocol, for use with the user-defined extra passphrase or password option.
In essence I would like to have the option of 3 Factor Authentication. Which would result in three levels of Bitcoin storage ( hot, cold and Deep Freeze).
Currently bip39 is set to 2048 rounds of iteration. Which is a value that Gregory Maxwell has criticized as being insufficient and meaningless.
I propose that the rounds of iteration be user-selectable based on the character lengths of the user-defined passphrase or password.
The range of iterations could go from the current default of 2048, all the way up to the range of brute force impossibility. Moore's Law could be used as a guide for the range of iteration choice.
For example, a passphrase or password of less than 25 characters could default to the current 2048 iterations. Over 25 characters would progressively increase the rounds of iteration all the way to brute force impossibility.
In fact at a greater than 25 character passphrase or password length Argon2 could kick in with its extra ASIC resistance.
See, I don't care if it takes 30 minutes for my laptop or HW to create or unlock my private keys stored in Deep Freeze. It won't be accessed that often. The option of the added security is worth the small user inconvenience to me.
That's my story, and I'm sticking to it..😀
cc.. Gregory Maxwell
I want you to be my teacher and mentor 😇😎
What is a watch only wallet?like on trust wallet for instance
It's where the wallet does not control the private keys of the address it's watching. Meaning the watch only wallet cannot spend, it can only watch. Hope this helps!
Hi Andreas,
It could be a stupid theory of conspiracy but... I wonder if the 2 or 3 biggest miners could work together and orchestrate an attack of 51% just hacking the number of miners left necessary to win. My point is: Miners are a pool of computers connected to the internet and I guess most of them are physically in the same place, therefore the hacking could be simply cutting out the internet connection with the world. In this case, the 3 biggest miners would be the majority. Is it possible? Thanks!
I know you didn't ask me but, win what? A reorganization of the blockchain only minimizes their profits. If they are that big, they should benefit from the system being as fair as possible
Andreas, would you invest in ETH or only BTC?