Restoring empty wallets when wrong passphrase (custom words) is given

[bodorb11]

Last time when I was restoring my wallet, I had my seed, but I forgot my passphrase. Since there is a small number of passwords that I usually use, eventually I was able to guess the right one. However this took me unnecessarily long. (On Electrum these passphrases are not called "passphrases", they are called "custom words" that you can add to the seed.)

The problem is that even if you enter a wrong a passphrase some wallet is "recovered". Now in most cases this wallet is empty (meaning that there is no incoming or outgoing transaction from any of the addresses), since most likely no one was using a wallet with your seeds. On the other hand, if you want to recover your own wallet, it is probably not empty.

So my suggestion would be to add some feature that when you are about to recover a wallet, then the app checks whether it is empty or not, and sends a warning if it is (or by default it does not recover such wallets).

Remark: this problem is also present at many other wallets, so I contacted them as well.

[SomberNight]

There is no such thing as a wrong passphrase... :)

So your suggestion is to start recovering a wallet in the background while still in the wizard, and warn the user if no history was found? What exactly would this gain the user? That he would not need to retype his seed? Is that all?

Note that there is no difference between "creating" a new passphrase and "recovering" one, and when creating, you do expect to find no history.

[bodorb11]

There is no such thing as a wrong passphrase... :)

There is. Every password that is not yours is wrong. The fact that you can "recover" a non-existent wallet with it does not change that. :)

So your suggestion is to start recovering a wallet in the background while still in the wizard, and warn the user if no history was found?

Yes. Although technically as soon as at least one transaction is found, it can load the wallet immediately. :)

What exactly would this gain the user? That he would not need to retype his seed? Is that all?

Yes, that is all. But this might be a bigger deal than you would think. Typing in the same 12 words over and over again is very time-consuming, and inconvenient (unless you copy your seed to the clipboard what you really should not do). I'm talking from experience. Also note that if you are using a regular BIP39 seed (without extra words), then you don't have this problem since it has a built-in checksum, so if one of the words is not correct, the wallet can see it immediately. Unfortunately there is no checksum for extra words, so there is no way to detect a wrong passphrase immediately.

Note that there is no difference between "creating" a new passphrase and "recovering" one, and when creating, you do expect to find no history.

[ecdsa]

This would require quite some development effort for little benefit. I do not think such a feature is strategically important and should be our focus right now.

Also, I don't understand your point about BIP39. You are essentially saying that if you do not use extra words, then you don't need to bruteforce extra words! Besides the fact that your statement is a tautology, it also applies to electrum seeds.

[bodorb11]

This would require quite some development effort for little benefit. I do not think such a feature is strategically important and should be our focus right now.

Ok. I agree that this is not one the most important issues, but it is still an issue.

Also, I don't understand your point about BIP39. You are essentially saying that if you do not use extra words, then you don't need to bruteforce extra words! Besides the fact that your statement is a tautology, it also applies to electrum seeds.

This is not what I wrote. If you make any mistake when typing in your seed words (typo, swap 2 words, whatever), then it is recognized immediately. This is very convenient, and there is a reason for that. This is what is missing when you are using extra words. If you type in just one character incorrectly, not only is it not seen by the wallet, but you have to restart the whole process again. Also, the argument that "there is no wrong password" is not valid. Please, anyone tell me one real world scenario when you want to recover an empty wallet.

[AbdussamadA]

I think he's asking for a checksum for the seed extension :)

@bodorb11 seed extension is arbitrary and chosen by the user so how can there be a checksum added to it?

If you have forgotten your seed extension and you need to bruteforce it then the sane way to do it is to automate the process. You don't use the GUI for that. You use a script like btc recover.

[bodorb11]

I think he's asking for a checksum for the seed extension :)

No. Of course that would be the best, but that would require a change in the BIP39 standard which is not possible to implement in a wallet. :) Please read my first comment, my suggestion is there.

[AbdussamadA]

Please, anyone tell me one real world scenario when you want to recover an empty wallet.

The main usecase for seed extensions (what you're calling passphrases) is to be able to create multiple wallets using the same seed. This makes backups easier. The extension can be something trivial like 1, 2, 3. So if you are using it like this you want to be creating empty wallets every time you restore using a new seed extension.

[bodorb11]

You can do that of course, but it does not mean it is the main usecase. (I'm also not really sure why would anyone want to have several wallets with the same seed, but whatever.) Nevertheless the fact that it is called "seed extension" or in other cases "passphrase" (for instance in the Samourai wallet) kind of suggests that you should not choose a single-digit number for it.

[SomberNight]

I'm also not really sure why would anyone want to have several wallets with the same seed

https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#Account