We are all interested on how to maximize our funds security and privacy. This starts from little things in setup and managing wallets and internet security. We are going to see what we can do on a BIP39 wallet (HD wallet) like ledger nano S, to increase security of your bitcoins deposit.
BIP39 standard supports the passphrase into the seed creation procedure. Infact if no passphrase is specified, the system takes the constant word “mnemonic” as a salt when producing a 512bits seed.
Otherwise you can specify your own passphrase. In this case, the stretching function produces a different seed from the same mnemonic. Infact different passphrases give different seeds when the mnemonic remains the same.
In this way (specifying a passphrase) is then possible to define a wide range of seeds (so totally different wallets) with same mnemonic. The maximum number of wallets we can define in this way on the same mnemonic is 2^512.
Specifying a passphrase thus gives the following advantages:
- You can define multiple BIP39 compatible wallets in the same device (for example a ledger nano S) but also coldcard and others;
- Your security is increased, because the seed is unuseful alone without the passphrase generating the address containing the funds;
- You can create a specific wallet to be associated to a device pin, with a little part of your funds in case you are forced to unlock your device;
In order to set passphrase on your ledger nano S, you should check to have the latest firmware installed and then you can go on the following menu item:
Settings → security → passphrase → set temporary
The passphrase so set, will last for all the session. In the same menu there is also the possibility to associate it to a specific PIN so that when you use that pin to unlock the device, that specific passphrase is automatically issued while unlocking and logging the session device.
Consider also using this technique on the most airgapped secure wallet: the coldcard wallet
More infos on this video, with captions in english