LTEX-AUR edited this page Mar 20, 2016 · 1 revision

Passphrase & PIN

What is a passphrase?

Your passphrase is a random combination of 12 words (including spaces in-between), generated from a list of 2048.

For example: spoon lobster chronic hybrid empty artist prison clean rude bus burden domain

Your passphrase is the human readable form of your master private key. Make sure that you save it securely somewhere. Your passphrase is all you need to access/restore your wallet (yes, even if you forget your PIN). If you lose your passphrase, you lose your wallet and all the funds in it. Do not show your passphrase to anybody, because if they have your passphrase, they can spend your money.

Is using a passphrase secure?

Because words from the passphrase list can be repeated and put in any order, this means there are an exponential number of potential passphrases.

Each word in your passphrase can be any word in the 2048 words, so the chance of generating the same passphrase is 1 in 5,444,517,870,735,015,415,413,993,718,908,291,383,296. (~10^39)

This post on Reddit should help you visualise the astoundingly small probability of ending up with the same passphrase as someone else.

Why do I need a passphrase and a pin?

Your passphrase is the unique key which can open your HD wallet anywhere, on any device. 12 words are easy to copy and paste but it'd take a while to type on a mobile device. We don't want to ask you to type it every time you want to buy coffee with Bitcoin. Therefore we ask you to set a 4-digit PIN.

We understand that 4-digit PIN is easy to brute-force, so we don't use your PIN to encrypt your master key directly. Instead, your PIN is sent to our server in exchange for a long token, which is used to decrypt your encrypted master key stored locally in your browser. If the PIN is entered incorrectly 5 times, the long token on the server is erased, which renders the locally encrypted version of the master key useless. The only way to access your wallet then will be using your 12-word passphrase.

When do I need my passphrase?

You will be asked to enter your passphrase when:

  1. You want to access an existing wallet from a device different from the one that you set up the wallet with
  2. You clear the browser cache/data
  3. Your PIN is entered wrongly 5 times

In all other situations, you will only be asked for your PIN.

Why am I asked for a PIN when I log in to an existing wallet on a new device?

It's because you set up the wallet somewhere else with a pin. The pin is needed to exchange the long token with the server so that your personal details get synced on the device you want to open your wallet on.

How should I store my passphrase?

Because your passphrase can open your wallet without any additional security checks, it should be stored somewhere no one else has access. Whether it be digitally (using a program such as 1Password), or written and stored in a safe deposit box, you should ensure that it is not accessible by anyone else.

Wallet backup

How do I backup my wallet?

All you need to do is to keep your passphrase safe. That's the only backup you need.

Hive web implements BIP39 and BIP32. BIP39 defines how your passphrase can be translated to your master private key. BIP32 is also known as the Hierarchical Deterministic wallet specification. This specifies how the chain of child keys can be derived in a deterministic manner from the master key. It means that you could use your passphrase to unlock your wallet with any wallet service that implements the same protocol. Theoretically, backups of individual child keys are not necessary.

How can I export the private key(s) of my wallet?

Hive Web, Hive iOS and Hive Android do not provide a direct way of displaying or exporting the private key associated with one of your Bitcoin addresses. However, all your keys are derived from your BIP39 passphrase, which means you can use any wallet that supports this standard. We believe that the upcoming Multibit HD wallet will be able to read your passphrase and provide individual private key export.

Hive Android Legacy also does not support private key export. In theory you can try to extract keys from the backup file, which is an OpenSSL-encrypted protocol buffers file, but this is definitely advanced tinkering - see this README for hints.

Hive Mac supports private key export starting with version 1.4.1 by accessing Wallet > Export Private Key… from the top menu.


Why does my address change?

Your wallet updates your address whenever it detects an address has been used to receive funds. We made it so to protect your privacy. For example, my salary is paid in Bitcoins. If I use the same address for every transaction, anyone who I transact with only needs to inspect my address on the blockchain to deduce exactly what my salary is.

How do I generate a new address?

You don't. Your wallet does this for you when it detects that an address has been used to receive funds.

What happens to my old addresses?

All of your previous wallet addresses are still monitored by Hive Web and any funds they receive will contribute to your total balance.

Can I still use my old addresses?

You may use the old addresses but address reuse is not considered safe for your privacy.


What is Waggle?

Waggle is a geo-location feature that allows you to listen and broadcast your position to other Aurora Web (and Android) users in your area.

How does it work?

Enabling Waggle in the Receive tab of your wallet sends your device's latitude and longitude, along with your wallet details, to a secure server. This is now discoverable only to others who search via Waggle in their Hive Web (or Android) wallet.

Over what distance will Waggle work?

Waggle broadcasts & searches within a perimeter of 1km of your location. This might seem quite large, but it helps to account for inaccuracies on devices that do not have access to WiFi.

Is this safe?

Waggle never displays your exact location on a map to other users. Instead, you simply appear on a list if the person searching for you is within the same area.

What happens to my location data?

It is deleted from the server as soon as you turn Waggle off.

I tried to use Waggle but I get an error saying "We couldn't connect you to Waggle, please check your internet connection"

Once you have confirmed that you are connected to the internet, check if your browser has permission to access your current location data.

For Apple devices:
Go to Settings > General > Location Services.
Make sure Location Services is switched to On.

For Android devices:
Go to Menu > Settings > Location & security.
Make sure Use wireless networks is checked.

If location services are switched on, but you still cannot connect - then you may need to clear your location settings.

For Safari (iOS):
From your Home screen, go to Settings > General > Reset.
Tap Reset Location Warnings. This will reset your location warnings for all sites and applications.

For Browser (Android):
Go to Menu > More > Settings.
In Settings, go to Website settings > Hive Web > Clear location settings

Further Instructions

Transaction fee

How much is transaction fee?

Transaction fees for Hive Web and iOS depends on the transaction size similar to Bitcoin-qt. Usually it will cost .0001 BTC if it will be under 1KB size transaction. We are still having a discussion on allowing users to set the fee : https://github.com/hivewallet/hive-osx/issues/148


Will I still be able to get my coins if Aurora Web shuts down?

YES. You will definitely be able to get your funds out if ever Aurora Web closes. If you need a detailed discussion about it, check these links:

http://www.reddit.com/r/Bitcoin/comments/2d6ax6/is_the_restore_keychainbackup_generated_by_hive/ https://bitcoin.stackexchange.com/questions/29964/what-happens-if-hive-web-shuts-down

The first comment on the first link has the best and clear explanation about it. You may also view our team mate's response on the second link.


What is a Gravatar?

Gravatar stands for Globally Recognised Avatar. Your Gravatar is an image that follows you from site to site appearing beside your name when you do things like comment or post on a blog. Having a Gravatar is a great way of personalising your account and make it recognisable to people who know you.