(TL:DR at the bottom)The ProblemEvery time you create a new BTC wallet, you’ll get a 12 word 'recovery phrase' that needs to be noted down and hidden somewhere, which - to me at least -
seems like a pretty gaping security gap. It doesn’t matter whether you write the words down and hide them in your attic, or stamp them on metal and bury them in your garden, the ‘master key’ to your wallet is still just sat somewhere, hoping that no-one finds it. If someone does find it, they can empty your account, and there’s no way you can stop them.
A Quick Definition, for the Uninitiated:A
seed phrase, seed recovery phrase or backup seed phrase is a list of words which store all the information needed to recover Bitcoin funds on-chain. Wallet software will typically generate a seed phrase and instruct the user to write it down
*on paper*. If the user's computer breaks or their hard drive becomes corrupted, they can download the same wallet software again and use the paper backup to get their bitcoins back. (From:
https://en.bitcoin.it/wiki/Seed_phrase, with my emphasis)
My InspirationA friend of mine told me about his ingenious technique for storing his recovery phrase, as I will detail below:
The ‘key’ here was that the notation he actually 'stored' referred to a favourite book of his, which was *unknown* and *not written down*, neither along with the recovery phrase ‘key’ (which I’m going to call ‘keynote’ to save time from now on) nor anywhere else.
For the purposes of the example, let’s say the book was Moby Dick, 1987 edition by Penguin House. Critically, no-one knew the book, so it would be close to impossible for a stranger to crack the code.
His keynote looked as follows:
17, 12, 4
48, 6, 8
174, 8, 1
...and so on…
Each line in this key was formed of a triplet that referred to the page, line and word-number of a specific word, which, when looked up (using the exact correct book), was in fact the relevant ‘recovery word’. In 12 lines, he’d noted all 12 of the words in his recovery phrase without actually giving anything away to a casual reader/attacker. So long as the attacker didn’t know the book it referred to, the recovery phrase would be secure.
In my mind, this seemed pretty impressive. Feel free to use it, substituting his book (which I in fact made up) for your own. BUT don’t forget it needs to refer to a *specific edition & publisher & date*, because each edition will be different, and will give wildly different outputs for any given keynote.
The downside to this method is, you’ll have to spend some time actually *finding* each of your keywords in your favourite book, and you might have to cross your fingers that the book in fact does contain the word *at all*. It probably will, but it might not, and it might take you a while to actually find it. Either way, it’s a bit of a ball-ache. As you can see, the method still has some weaknesses.
A New SolutionI created a secret, unknown Github persona, and this persona has uploaded the *entire* bank of 2048 potential Bitcoin recovery phrase words,
in randomised order, in 256 rows of 8, to a repo. *I* know the name of this account, and the name of the specific repo, but an attacker wouldn’t. My keynote now looks something like this:
13, 7
24, 0
…and so on…
Each line refers to the ‘line’ and ‘word number’ referring to my unique words in my recovery phrase. This seems pretty secure to me.
BUT we’re not quite finished.
Firstly, given that I think I might be the only person who’s done this, it probably wouldn’t be too hard for a smart person to find my ’secret’ account and, if they had access to my keynote, steal my Bitcoin.
So Why the Post?I want to scale this concept so that everyone can use it *and* improve security even further - for all of us. There’s a couple of ways we could do it:
1 - Anyone and everyone could do the same as I did, creating their own repo and pushing a randomised list of recovery words. They could then note their own recovery phrase, in the form of a keynote as described above, secretly referencing their own Github repo. Please feel free to go ahead and do that if you want 🙂.
OR, even easier (but maybe less secure?!), I could do the following:
I could link my not-so-secret account below, and anyone and everyone - hopefully lots of people - could fork the repo and make their *own* randomised version of the 2048 seed word list.
It would literally just be:
* Fork my repo
* Run something like ‘randomised_seed_words.shuffle’ locally
* Push your new randomised list to your repo
That way, we each wouldn’t necessarily need to use our own account as our personal ‘referent’. In fact, you could pick a random forker and use *their* repo as your referent. No-one would ever know which repo you eventually chose as a referent, so it would make it *pretty damn secure*.
NEXT LEVEL SHITHere’s where it could get really cool.
I’m sure there’s someone out there in the community who could help build this, as I don’t think it’s particularly complicated technically. Sadly, however, it’s a little above my technical competence.
We could extend my repo in the following way:
* Have it spin up a micro cloud instance on something like AWS/Google Cloud/Heroku etc (it would need to be free so that lots of people fork it and create their own version without having to spend any money)
* Every day, say at midday UTC, the cloud instance would awaken, create a new, randomised version of the 2048 bank of ‘recovery’ words, and push it to my Git repo.
Ideally, it would be even further extended so that *anyone* could fork it, and just add their own unique details (their Github name, unique repo address, login details for Git & whichever cloud provider we choose).
In this way, we could (hopefully!) have thousands of people all providing their own version of the randomised recovery words, *AND* a new version would be posted to *each* account *every day*, creating *lots* of potential ‘referents’.
What this would mean would be that, for *even higher* levels of security, not only could you choose a random account as your referent, you could also choose a random *day* too, so that there would only be 2 ‘keys’ for you to remember - a Github ID and a date, the ‘day of push’ - which you would memorise, never write down, and keep as your truly ‘secret' keys.
I hope I’m making sense.
If this existed, my secret phrase notes might look very similar as they do now:
13, 7
24, 0
…and so on…
BUT what the attacker would have a *super* hard time discerning would be that, in fact, this ‘keynote’ refers to ShiftyDude6102’s ‘BTC_randomised_recovery_words' repo, and specifically to the push that was made on the 5th April 1975
.
I’m not sure it could get much securer than that.
The only risk I can see is that the person whose account/repo/date-of-push you rely on might delete their account, thus making your keynote refer to a non-existent push. I guess we should therefore ask plebs to only fork the code if they commit to never deleting their account.
In short, if someone could help me with the cloud infrastructure bit, and we could get just a slice of the users of this forum to fork a version to their own repo, add their own personal account details (git and whatever Cloud service we choose to use) and have it make daily pushes of the randomised bank of recovery words, we’d all have a huge set of potential dictionaries from which to derive our security / to which our keynotes could refer, making it possible to close what *I* believe to be the biggest, most insanely broad attack vector of *how and where to store your recovery phrase*.
And, finally, even the people stamping things on metal could take advantage of this, since they could just stamp number pairs instead of entire words onto their thingy-mabobs.
I hope that makes sense. Sorry if it was a bit long. Feedback, as always, very welcome.
If you got this far, thanks for reading! 🙂
--------------------------------------------------------------------------------------------------
TL:DR* Rather than store your BTC wallet’s ‘seed recovery phrase’ as brute words, which seems insanely insecure to me, you could pick your favourite book and store 12 triplets of [page, line, word-number], thus massively improving your security
* Rather than using a book, you could push a randomised list of the 2048 recovery words to git. In 'real life' you would only need to store 12 number pairs in the format [line, word-number]. It would be even better if you did this with a secret, pseudonymous Github account.
* If someone could help me make this into a simple forkable ‘product', that could spin up a micro cloud instance and have it push a new bank of randomised recovery words to the associated repo *every day*, and possibly even allow others to fork it and do the same using their own unqiue credentials, it could become a super secure, broad resource that all Bitcoiners could use as a referent when storing the 12 words of their recovery phrase.