A Test on Self Custody | Bitcointalksearch.org

Plaguedeath

hero member

Activity: 910

Merit: 680

I will back up my seed phrase with steel plate without the passphrase and it's only contain small amount.

I also have a back up + seed phrase inside something that doesn't look fancy, so I don't need to worry to carry it to anywhere.

The passphrase is easy to remember, but if I got amnesia or dementia which I can't remember the passphrase, then it's what it's. I don't want to tell my seed phrase to my family too.

Even though I invest most of my money in Bitcoin, but wealth isn't only in Bitcoin. If you have a house, a car and emergency funds, these are enough to inherit to your wife and kids.

Quote from: suzanne5223 on January 15, 2025, 04:25:53 PM

I will go for the use of the safety deposit box while I split the wallet seed phrase into 2 to 3 places.

Read the point 6, you have no way to access safe deposit box.

Quote

By law, if the agent sweeps the key they have no right to take or move the Bitcoin since it is not something accumulated through illegal means.

The agent won't care if your coins accumulated through legal or illegal, if they have the chance, they will take your coins and accuse you for doing illegal means.

suzanne5223

hero member

Activity: 2786

Merit: 657

Want top-notch marketing for your project, Hire me

I like the old-fashioned way and I believe everything that goes through the internet can never be safe. Something happens to writing the seed phrase on paper which could fall into the wrong hands.
I will go for the use of the safety deposit box while I split the wallet seed phrase into 2 to 3 places. By law, if the agent sweeps the key they have no right to take or move the Bitcoin since it is not something accumulated through illegal means.

Amphenomenon

hero member

Activity: 700

Merit: 470

Hope Jeremiah 17vs7

Quote from: hosseinimr93 on January 15, 2025, 03:40:40 PM

Quote from: Amphenomenon on January 15, 2025, 03:23:30 PM

Yes I did discover this feature recently on bluewallet, whereby you differentiate the wallet based on the password you enter and so in the point of being force, you show the false wallet containing fewer funds.

Passphrase, not password.
Your password encrypts your wallet locally and that's different from a passphrase. If someone has your seed phrase (+ passphrase, if there's any) can steal your fund without any need to your password.
Passphrase is added to the seed phrase and with adding a passphrase to your seed phrase, you generate a completely different wallet.

Yeah I do get this aspect but in the scenario where one is forced to open their wallet thier device, bluewallet has a feature where you enter a password set by you that's different from your main wallet password, where you can add smaller funds and then this is used as a disguise wallet.

I just gave the scenario you gave earlier was different from mine. Yours spoke of having a wallet of same seed phrase with one having a passphrase and the other without. Just got that now, sorry for the misinterpretation. Though I haven't thought earlier this method was possible may give it a try and understand better.

Ambatman

sr. member

Activity: 518

Merit: 433

Playbet.io - Crypto Casino and Sportsbook

Quote from: hosseinimr93 on January 15, 2025, 01:13:58 PM

If you don't want your heirs have access to your bitcoin before your death, one solution is to follow the guide provided by LoyceV.

Nice addition I must say but this interest me the most.
I have been learning on OP script for quite sometime but haven't really tried the Locktime script.
Scared of locking my coins for eternity of wrongly
Will check the Thread on my free time.

Quote from: aoluain on January 15, 2025, 03:10:16 PM

Very interesting ideas/questions, these I would have to consider. I would also say
that some of the points may not be relevant to the majority of us but I suppose
we never know what lies ahead.

I also think there has to be a compromise between security and quick access.
Having something so secure doesnt necessarily mean its easy to grab and go.

I will be interested to see what others add to this.

Yeah majority of them ain't my current problem
Hence why is an hypothetical scenario.
About security and quick access
I don't really think so
Your pocket might be more secure than your house depending on the situation (not talking about seedphrase here).

Sometimes making something harder to access makes it less secure because it would be more attractive to prying eyes.

Take an hypothetical scenario for example.
You hid something from your wife, say her favorite ear rings.
It would be harder for her to find it you hid it in her room than in a safe in your room with a password.

Note all this are not absolute. Quite sometime Easy access compromises security.
Like it's quite safer if the word of a seed phrase is scattered but harder than access.

mcdouglasx

member

Activity: 239

Merit: 53

New ideas will be criticized and then admired.

Quote from: Amphenomenon on January 15, 2025, 03:23:30 PM

Quote from: mcdouglasx on January 15, 2025, 02:12:14 PM

Of all the possible ways to store your bitcoins, I believe storing them in plain text will always be insecure, regardless of whether it's recorded on paper, wood, or metal. It's best to never admit you have bitcoins and to use encryption methods. For example, you can take a picture of your cat and combine the hash of the image with a passphrase, then send the image via email. This way, it will be secure.

The fact that you are going to store this in an email makes it not entirely secure for me, to be frank the email might be comprised and when a flaw can be found on the encryption method then your funds are gone. While the passphrase add more security if it's not entirely secure in order of using various characters and symbols then brute forcing won't be that difficult or impossible.

The encryption with passphrase is a great idea but what's lacking here is the fact that you're still storing it online where there are more opportunities for attackers to get their hands on it rather than offline.

If you use an easy passphrase, it will be insecure, but if you use, for example, the entire page 120 of a specific book written in reverse, I assure you no one will decipher it.

You could even choose another type of hash, and the attacker would literally have to be a mind reader.

The point is that insecurity always goes hand in hand with human errors.

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: Amphenomenon on January 15, 2025, 03:23:30 PM

Yes I did discover this feature recently on bluewallet, whereby you differentiate the wallet based on the password you enter and so in the point of being force, you show the false wallet containing fewer funds.

Passphrase, not password.
Your password encrypts your wallet locally and that's different from a passphrase. If someone has your seed phrase (+ passphrase, if there's any) can steal your fund without any need to your password.
Passphrase is added to the seed phrase and with adding a passphrase to your seed phrase, you generate a completely different wallet.

coolcoinz

legendary

Activity: 2814

Merit: 1192

3 is not a problem. I live in a pretty secure location. There's just a single roar to my hose that the attackers would have to drive, me and all my neighbors have cameras facing that road. My closest neighbor owns a dog that runs along my fence and barks at everyone he doesn't know. The fence itself is 2m high and you can't drive up to my house if the gate is closed. They'd have to leave the car on the road and start cutting a hole in the fence all in the open while me and my neighbors see them and dogs bark at them. Also, people who live nearby don't know that I own bitcoin and the house doesn't look wealthy from the outside. It's actually one of the smallest in the community.

2, and 5 are a problem.
2 because I keep a lot of backups in different form, but all of them are in the house. If everything got destroyed, for instance in a nuclear explosion that would vaporize the whole house, I'd lose everything. But is that really something we should worry about?
5 is also a problem because the government owns you. Agents don't have to look for your wallet. If they get you they'll make you give it up, like they made Ross. They'll find ways to threaten you, for instance by putting you in a cell with a gay rapist and after a few days you'll give up everything. So that's also not something I'd lose sleep over.

Amphenomenon

hero member

Activity: 700

Merit: 470

Hope Jeremiah 17vs7

Quote from: hosseinimr93 on January 15, 2025, 01:13:58 PM

Do you worry about a theif stealing your backup?
Consider having a multi-signature wallet or a seed phrase extended by a passphrase.

One wallet, that gives users the chance of adding up a passphrase during their wallet set up is the Ginger wallet.
A passphrase is something that's highly important and one has to be careful not to forget because once it's gone your bitcoins are gone though you have your recovery phrase.
The truth here there's a high responsibility for security one has to take on this, in order to carelessly lost their bitcoins.

Quote from: hosseinimr93 on January 15, 2025, 01:13:58 PM

Do you worry about attackers forcing you to reveal your seed phrase?
Don't keep all your fund in a single wallet. Create two wallets with a single seed phrase. One with passphrase and the other one without passphrase. Keep a small fund which you can afford to lose in the wallet without passphrase.

Yes I did discover this feature recently on bluewallet, whereby you differentiate the wallet based on the password you enter and so in the point of being force, you show the false wallet containing fewer funds.

Quote from: mcdouglasx on January 15, 2025, 02:12:14 PM

Of all the possible ways to store your bitcoins, I believe storing them in plain text will always be insecure, regardless of whether it's recorded on paper, wood, or metal. It's best to never admit you have bitcoins and to use encryption methods. For example, you can take a picture of your cat and combine the hash of the image with a passphrase, then send the image via email. This way, it will be secure.

The fact that you are going to store this in an email makes it not entirely secure for me, to be frank the email might be comprised and when a flaw can be found on the encryption method then your funds are gone. While the passphrase add more security if it's not entirely secure in order of using various characters and symbols then brute forcing won't be that difficult or impossible.

The encryption with passphrase is a great idea but what's lacking here is the fact that you're still storing it online where there are more opportunities for attackers to get their hands on it rather than offline.

aoluain

legendary

Activity: 2464

Merit: 1387

Quote from: Ambatman on January 15, 2025, 11:52:47 AM

I took the Test too and realised my coins ain't as secured as I expected.
I know some will be nonchalant about it. Not My Key Not My Bitcoin
Corrections and improvement are appreciated
Thank you. [/left]

Very interesting ideas/questions, these I would have to consider. I would also say
that some of the points may not be relevant to the majority of us but I suppose
we never know what lies ahead.

I also think there has to be a compromise between security and quick access.
Having something so secure doesnt necessarily mean its easy to grab and go.

I will be interested to see what others add to this.

mcdouglasx

member

Activity: 239

Merit: 53

New ideas will be criticized and then admired.

Of all the possible ways to store your bitcoins, I believe storing them in plain text will always be insecure, regardless of whether it's recorded on paper, wood, or metal. It's best to never admit you have bitcoins and to use encryption methods. For example, you can take a picture of your cat and combine the hash of the image with a passphrase, then send the image via email. This way, it will be secure.

example:

Code:

import hashlib
import os
import typing as t
import unicodedata
from PIL import Image
import io

PBKDF2_ROUNDS = 2048

class ConfigurationError(Exception):
   pass

class Mnemonic:
   def __init__(self):
   self.radix = 2048
   self.language = "english"
   d = os.path.join(os.path.dirname(__file__), "english.txt")
   if os.path.exists(d) and os.path.isfile(d):
   with open(d, "r", encoding="utf-8") as f:
   wordlist = [w.strip() for w in f.readlines()]
   else:
   raise ConfigurationError("Language not detected")

   if len(wordlist) != self.radix:
   raise ConfigurationError(f"Wordlist must contain {self.radix} words.")

   self.wordlist = wordlist
   self.delimiter = " "

   @staticmethod
   def normalize_str(txt: t.AnyStr) -> str:
   if isinstance(txt, bytes):
   utxt = txt.decode("utf8")
   elif isinstance(txt, str):
   utxt = txt
   else:
   raise TypeError("String value expected")

   return unicodedata.normalize("NFKD", utxt)

   def mnemonic(self, data: bytes) -> str:
   if len(data) not in [16, 20, 24, 28, 32]:
   raise ValueError(
   f"Data length should be one of the following: [16, 20, 24, 28, 32], but it is not {len(data)}."
   )
   h = hashlib.sha256(data).hexdigest()
   b = (
   bin(int.from_bytes(data, byteorder="big"))[2:].zfill(len(data) * 8)
   + bin(int(h, 16))[2:].zfill(256)[: len(data) * 8 // 32]
   )
   result = []
   for i in range(len(b) // 11):
   idx = int(b[i * 11 : (i + 1) * 11], 2)
   result.append(self.wordlist[idx])
   return self.delimiter.join(result)

def img_hash(image_path: str) -> str:
   with Image.open(image_path) as img:
   buffer = io.BytesIO()
   img.save(buffer, format="PNG")
   img_bytes = buffer.getvalue()
   return hashlib.sha256(img_bytes).hexdigest()

img_path= "flow.png"
img_sha256= img_hash(img_path)
print(f"Image hash: {img_sha256}")

passphrase = "Flow is a beautiful cat, meow"
comb_data = (img_sha256+ passphrase).encode("utf-8")
comb_hash = hashlib.sha256(comb_data).hexdigest()

mnemonic = Mnemonic().mnemonic(bytes.fromhex(comb_hash))
print(f"Mnemonic phrase: {mnemonic}")

hosseinimr93

legendary

Activity: 2380

Merit: 5213

From this point of view, the best thing we can do is to avoid owning bitcoin. That's the only way to make sure we will never lose bitcoin. Otherwise, whatever we do, it's still possible to lose our bitcoin.

Do you worry about a wildfire destroying your backup?
Keep your seed phrase in a safe or use metal sheets. It's also recommended to keep multiple copies of your seed phrase in different places.

Do you worry about a thief stealing your backup?
Consider having a multi-signature wallet or a seed phrase extended by a passphrase.

Do you worry about your heirs not being able to get access your bitcoin after your death or in the case of some illness?
Instruct them now.
If you don't want your heirs have access to your bitcoin before your death, one solution is to follow the guide provided by LoyceV.

Do you worry about attackers forcing you to reveal your seed phrase?
Don't keep all your fund in a single wallet. Create two wallets with a single seed phrase. One with passphrase and the other one without passphrase. Keep a small fund which you can afford to lose in the wallet without passphrase.

Ambatman

sr. member

Activity: 518

Merit: 433

Playbet.io - Crypto Casino and Sportsbook

This is not an original post by me. I came across it on twitter and felt it would be great to share so those interested can give it a try.

The fire incident on LA showed the importance on how seedphrase are kept.
A Tweet was made there that I also liked

A seed phrase doesn’t belong in a safe.

Putting it in a safe implies it has value to be investigated.
Source

I believe it's in alignment with the notion that a Person wearing a mask in a bank would be more suspicious than one dressing normal despite protecting identity.

Enough of my Rambling. These below are the test and the source would be placed at the bottom.

1. Tell your next of kin to retrieve your coins as if you had died. They are only allowed to use the info they have now. No new note or instructions allowed- if you died today they wouldn’t have those instructions either. See how the test works.

2: Put your phone down and pretend that it, your PC and every single thing in your home / office is destroyed. Now retrieve your coins. Remember - no use of your phone or anything from your home - no paper, notes, nothing.

3. Stop what you are doing & assume 2 or more armed attackers are now at your main premises. Assume they have disabled means for help & assume they will find a safe if you have one. If they threaten violence against you how exactly do you deal with this? What can they get?

4. Assume that over a period of 3 weeks you suffer from illness, amnesia, dementia or extreme trauma which causes you to forget everything about your current setup. How do you or your loved ones / living assistants rebuild and understand your storage system?

5. You speak “misinformation”, are a political enemy or are accused of a crime. The government gets a search warrant for your office, home, bank & safe deposit box. Assume they will find any 12 or 24 word pass phrase or private key on the premises. Can an agent sweep it?

6. There is extreme political turmoil in your country and you have 24 hours to pack your bags & move to another country. Assume banks/ safe deposit locations are closed. You won’t be able to return to your country. Can you bring your coins and access them in a new country? Source.

Other ideas could be added since I'm well aware the OP isn't all knowing.
On a side note
I would add some post I came across about securing your seedphrase.

Recommendations to store my seed phrase!! By Hatchy ( A question perse but most answers there are worth checking out)

Securing Your Seed Phrase with Washers By fillippone updated last year.

I took the Test too and realised my coins ain't as secured as I expected.
I know some will be nonchalant about it. Not My Key Not My Bitcoin
Corrections and improvement are appreciated
Thank you.

Topic: A Test on Self Custody (Read 109 times)