A Test on Self Custody | Bitcointalksearch.org

apogio

hero member

Activity: 686

Merit: 1360

✔️ CoinJoin Wallet

Quote from: nullama on January 30, 2025, 03:06:36 AM

Everything looks great in your digital backed up keys until you mistakenly format that PC, wiping the forgotten backup.

And everything looks great at your paper seed (or platinum etched ones), until your house is hit with a natural disaster like a flood and your seeds are never to be seen again...

The best approach is to:

1. never have online backups.
2. always have two backups on physical media, in two different locations.

Just do that and you 'll be better than 90% of users who still keep money on exchanges. Tongue

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: nullama on January 30, 2025, 03:06:36 AM

I think it's also a good idea to repeat this testing procedure, say recover your coins, at least once a year.

What's your take on this?

Quote from: theymos on December 02, 2019, 05:01:06 PM

- Taking a private key out of cold storage always has some amount of risk.

If enough people open up their cold storage, chances are some of them mess up and compromise their keys.

nullama

hero member

Activity: 1008

Merit: 960

I think it's also a good idea to repeat this testing procedure, say recover your coins, at least once a year.

January 3rd is Proof of Keys Day, so I'm expecting that everyone here still has it fresh in their minds...

Another good thing to mention is that you should definitely have alternative ways of restoring your coins.

Everything looks great in your digital backed up keys until you mistakenly format that PC, wiping the forgotten backup.

And everything looks great at your paper seed (or platinum etched ones), until your house is hit with a natural disaster like a flood and your seeds are never to be seen again...

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: apogio on January 30, 2025, 02:54:54 AM

I don't know if he was just messing around though. But most probably yes.

I called it "an even crazier idea" Tongue

Besides, Dutch gardens aren't big enough to need 257 planks for a fence.

apogio

hero member

Activity: 686

Merit: 1360

✔️ CoinJoin Wallet

Quote from: satscraper on January 29, 2025, 10:54:36 PM

BTW. Did you encode your SEED on the fence around your house? ^{I recollect you was going to do this.}

Haha, I remember that (here is the link), with:

1. the different wooden plank sizes meaning 0 or 1 in binary format.
2. being securely stored as a background in a family photo for coverage.

I don't know if he was just messing around though. But most probably yes.

satscraper

hero member

Activity: 714

Merit: 1298

Quote from: LoyceV on January 21, 2025, 07:22:22 AM

As for seed phrases, I've suggested to stamp them at the back of the safe

ho! ho! ho! But I would suggested to stamp them at the external bottom of the cast iron bath with volume not less than ~ 264 gal.

The external sides of the safe^{back included} are the first place to look for SEED unless the weight of the given box is around 2200 pounds and, besides, it is built into concrete wall.

BTW. Did you encode your SEED on the fence around your house? ^{I recollect you was going to do this.}

Wiwo

hero member

Activity: 1260

Merit: 765

Top Crypto Casino

Can we stop assuming that all our fear of losing our Bitcoin holdings will go away, I know how bad an incident of losing your coins feels so for that we can only try our best by applying the necessary safety measures to protect our assets, in the end, if we are meant to lose them no matter how careful and protective we are we still lose the coins.

For that reason, we need to make sure that we put every necessary security protection and procedure to secure our wallet and at the same time be personally carful while online, and giving our wallet seed phrase to one or two of our close love ones.

Yes, indeed the need for those you gave your wallet to try it while you are available to know whether or not they can gain access to the funds in them, instead of risking to wait until you are no more to recover the wallet for the first time.

kryptqnick

legendary

Activity: 3332

Merit: 1404

Join the world-leading crypto sportsbook NOW!

Interesting test. I have pretty high marks (based on self-assessment), but I also know the way I store my seed phrase would be frowned upon by most in this community (because it's digital storage).

I don't have next of kin, but I believe I have someone close to me who'd figure out access to my coins in case something happens.
I also know how to access my coins without my PC/phone, anything in my home or office.
If attackers threaten with violence, I don't think it's time to be hiding information. I wouldn't bring up having cryptos unless they know I have cryptos. If they know, I won't hide anything.
The next one is interesting, but I suppose it's related to how well point 1 is.
Good question on a sweep, I think they wouldn't find it.
Packing bags and not going back is covered.

tbct_mt2

hero member

Activity: 2366

Merit: 838

Quote from: Despairo on January 21, 2025, 10:28:36 AM

There's always a single point of failure, if you increase the way you backup, it will increase your chance to access your address, at the same time it will increase the risk of getting compromised.

I don't want to make it complicated, I back up my seed phrase wihout the passphrase in many places, I only need to remember the passphrase, it just one word.

You can use many back up methods and your methods need to be secure and safe enough. It won't increase your risk of compromised and lose your bitcoin.

The point at the end is access your wallet and its inside private keys, not addresses. You won't get access to your bitcoin with public addresses, as you can easily import public addresses and create watch only wallets, that are unspendable.

Increase complexity of backup method is different than using multiple backup methods.
Complicated like seed splitting for example. Why is Seed Splitting a Bad Idea?

How to back up a seed phrase? It has many good warnings and advice for wallet backups.

Despairo

hero member

Activity: 1064

Merit: 843

There's always a single point of failure, if you increase the way you backup, it will increase your chance to access your address, at the same time it will increase the risk of getting compromised.

I don't want to make it complicated, I back up my seed phrase wihout the passphrase in many places, I only need to remember the passphrase, it just one word.

Quote from: Zoomic on January 17, 2025, 09:35:35 AM

Some people are taking the concept of self-custody too far. Ordinarily, having a secure wallet where only you control your private keys is enough. However, some individuals are so cautious that they are unwilling to pass on their self-custodied Bitcoins to even their heirs, regardless of whether they trust them or not, maybe going to the grave with the keys is enough. We must understand that there are certain things we cannot control, such as natural disasters and even death. For this reason, it is essential to educate ourselves on best practices and use secure tools too.

Some people might even think storing in centralized exchanges is safer because if they lost everything, they might still able to recover using their identity. If their identity got burned by fire, they can recover it by asking a new one from the government.

apogio

hero member

Activity: 686

Merit: 1360

✔️ CoinJoin Wallet

Quote from: mcdouglasx on January 15, 2025, 02:12:14 PM

Of all the possible ways to store your bitcoins, I believe storing them in plain text will always be insecure, regardless of whether it's recorded on paper, wood, or metal. It's best to never admit you have bitcoins and to use encryption methods. For example, you can take a picture of your cat and combine the hash of the image with a passphrase, then send the image via email. This way, it will be secure.

Although you seem to have good knowledge regarding computers etc, I think you shouldn't suggest complicated solutions.

BIP38 is a very good way to protect your private keys using encryption.

It's not a good idea to over-complicate things.

Most people should try to eliminate single points of failure using multisig or singlesig+passphrase.

Just back up your seed phrase and your passphrase twice in separate locations and you will be good. Nobody will ever access your bitcoins if they gain unauthorized access to a backup and there is no chance that you will lose coins because of extreme complications. The only thing that you need to remember is where the backups are.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Ambatman on January 15, 2025, 11:52:47 AM

Putting it in a safe implies it has value to be investigated.

That can be applied to literally anything. People buy safes because they're strong and hard to open. As for seed phrases, I've suggested to stamp them at the back of the safe

suzanne5223

hero member

Activity: 2786

Merit: 657

Want top-notch marketing for your project, Hire me

Quote from: ABCbits on January 17, 2025, 03:12:52 AM

Quote from: suzanne5223 on January 16, 2025, 05:55:28 PM

Quote from: Plaguedeath on January 15, 2025, 10:00:29 PM

Quote from: suzanne5223 on January 15, 2025, 04:25:53 PM

By law, if the agent sweeps the key they have no right to take or move the Bitcoin since it is not something accumulated through illegal means.

The agent won't care if your coins accumulated through legal or illegal, if they have the chance, they will take your coins and accuse you for doing illegal means.

No one is above the law buddy.
Unless if you don't know your rights, you're a tax offender, or somehow into shady business dealings there's no way you won't get back your holding.

But how many people know and remember all of their right? Besides, we don't live in ideal world where some agent or guard act as if they above the law[1-2].

[1] https://www.aclu.org/news/immigrants-rights/border-patrols-abusive-practice-of-taking-migrants-property-needs-to-end
[2] https://viewfromthewing.com/justice-department-stops-deas-airport-searches-after-3-2-billion-seized-from-passengers-without-charges/

You have a point and I agree with what you used as an example but it is not the same situation.
I believe every Bitcoiner knows that the department in charge of passengers at the airport, or the seaport always seizes from passengers everything that has to do with cryptocurrency, and if I remember correctly about 2-3 years ago this issue was discussed in this forum.
This is why legal advice is always important in this type of situation.

Quote from: Kelward on January 17, 2025, 04:46:51 AM

Quote from: suzanne5223 on January 15, 2025, 04:25:53 PM

I like the old-fashioned way and I believe everything that goes through the internet can never be safe. Something happens to writing the seed phrase on paper which could fall into the wrong hands.
I will go for the use of the safety deposit box while I split the wallet seed phrase into 2 to 3 places. By law, if the agent sweeps the key they have no right to take or move the Bitcoin since it is not something accumulated through illegal means.

I agree with your strategy to split your seed phrase into 2 or 3 different deposit boxes, even if one is compromised your Bitcoin will not be stolen. No option of hiding your seed phrase is totally safe as seen in the OP so holders can take the lesser risk and that is keeping them in deposit boxes. This doesn't mean that other options can not be included to hide seed phrase but let the deposit boxes be among the top choices.

Hiding seed phrase in secured locations is the biggest challenge of decentralized self custody, when you're in total control of your coins that means that it's security solely depends on you. Whatever strategy a holder wants to adopt in securing their seed phrase it's most important that it should be stored in more than one location.

That's a fact buddy. I also believe the best way to keep something safe is to go for the lesser-risk method and never use a single method. This is something I learned from my grandpa.
Even though keeping a safe wallet seed phrase can be problematic at some point, the old-fashioned method will always be the safety method.

Saint-loup

legendary

Activity: 2604

Merit: 2353

Quote from: mcdouglasx on January 16, 2025, 06:14:25 PM

By combining a SHA-256 hash of an image with a passphrase to generate the mnemonic phrase, we're providing an additional layer of entropy and security. If your passphrase is unique and sufficiently complex to avoid brute-force attacks, it should be sufficient. Sending it via email is one of many examples, and if you're afraid of losing the passphrase, you can engrave it on metal. No one will know it is linked to your Facebook profile picture or a photo from an album stored on a USB drive, for example.

If you need to use a complex and unique passphrase resisting to brute-force attacks that you can't remember easily, you don't need to use a script in the end because you can just generate a mnemonic seed normally and use the SHA-256 hash of the picture as the passphrase. But since a mnemonic seed commonly generated is strong enough, it's not mandated to use an unique passphrase. So it's certainly more convenient to use a picture, a text or any file widely available on internet for the hash, you would be sure to never lose it at least.
The disadvantage would be to have to type a boring SHA-256 value each time you need to use your passphrase though.

Zoomic

sr. member

Activity: 630

Merit: 277

Some people are taking the concept of self-custody too far. Ordinarily, having a secure wallet where only you control your private keys is enough. However, some individuals are so cautious that they are unwilling to pass on their self-custodied Bitcoins to even their heirs, regardless of whether they trust them or not, maybe going to the grave with the keys is enough. We must understand that there are certain things we cannot control, such as natural disasters and even death. For this reason, it is essential to educate ourselves on best practices and use secure tools too.

There are many practices we can adopt to secure our Bitcoins, whether it’s splitting our seed phrase and storing the pieces in different locations, placing it in a metal safe, or adopting partial custody. The key is to choose a method we are comfortable with and relax. After all, there are some things we simply cannot control

Kelward

sr. member

Activity: 630

Merit: 352

Quote from: suzanne5223 on January 15, 2025, 04:25:53 PM

I like the old-fashioned way and I believe everything that goes through the internet can never be safe. Something happens to writing the seed phrase on paper which could fall into the wrong hands.
I will go for the use of the safety deposit box while I split the wallet seed phrase into 2 to 3 places. By law, if the agent sweeps the key they have no right to take or move the Bitcoin since it is not something accumulated through illegal means.

I agree with your strategy to split your seed phrase into 2 or 3 different deposit boxes, even if one is compromised your Bitcoin will not be stolen. No option of hiding your seed phrase is totally safe as seen in the OP so holders can take the lesser risk and that is keeping them in deposit boxes. This doesn't mean that other options can not be included to hide seed phrase but let the deposit boxes be among the top choices.

Hiding seed phrase in secured locations is the biggest challenge of decentralized self custody, when you're in total control of your coins that means that it's security solely depends on you. Whatever strategy a holder wants to adopt in securing their seed phrase it's most important that it should be stored in more than one location.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: Ambatman on January 16, 2025, 02:54:50 PM

Quote from: ABCbits on January 16, 2025, 04:43:54 AM

This is one of few scenario where brainwallet could be good idea. While you can bring hardware wallet or put wallet file on your electronic device, there's risk malicious border guide would steal it under some pretense.

I really thought Brainwallet was like every other wallet until I saw your quote it was the human brain.
About the option 6, some users gave quite interesting ideas on how they move their phrase across borders.
Best Way to Carry Your Seed When Traveling Or Moving Abroad?.

Almost no one talks about Brainwallet these days, so it's not surprising you had such assumption. That thread you mentioned is helpful, although it's when you have time and resource to spare.

Quote from: suzanne5223 on January 16, 2025, 05:55:28 PM

Quote from: Plaguedeath on January 15, 2025, 10:00:29 PM

Quote from: suzanne5223 on January 15, 2025, 04:25:53 PM

By law, if the agent sweeps the key they have no right to take or move the Bitcoin since it is not something accumulated through illegal means.

The agent won't care if your coins accumulated through legal or illegal, if they have the chance, they will take your coins and accuse you for doing illegal means.

No one is above the law buddy.
Unless if you don't know your rights, you're a tax offender, or somehow into shady business dealings there's no way you won't get back your holding.

But how many people know and remember all of their right? Besides, we don't live in ideal world where some agent or guard act as if they above the law[1-2].

[1] https://www.aclu.org/news/immigrants-rights/border-patrols-abusive-practice-of-taking-migrants-property-needs-to-end
[2] https://viewfromthewing.com/justice-department-stops-deas-airport-searches-after-3-2-billion-seized-from-passengers-without-charges/

kotajikikox

sr. member

Activity: 2632

Merit: 259

Quote from: aoluain on January 15, 2025, 03:10:16 PM

I also think there has to be a compromise between security and quick access.
Having something so secure doesnt necessarily mean its easy to grab and go.

It is difficult to find that balance between secured and safe and also easily accessed if ever necessary.

It is hard to trust someone right now with your coins not knowing what they could do with it even if the time does not call for their assistance yet. But it is impossible to teach them when you are gone so where do you go from here. I think the closest kind of system that would satisfy security and accessibility is smart contracts which is not inherent with bitcoin but is still possible through other system almost similar to it.

Text

hero member

Activity: 2618

Merit: 612

Quote from: Ambatman on January 16, 2025, 02:54:50 PM

Quote from: NotATether on January 16, 2025, 03:47:42 AM

Well in the future I plan to purchase a gun to deal with this.

Okay this never crossed my mind. Getting a licensed gun in my country isn't quite easy.

I hadn’t considered physical self-defence as a part of crypto security. Legal hurdles aside it’s a valid point in high-risk areas though not universally practical.

Well this really made me think while I'm still learning and exploring different methods these scenarios underline a vital truth, custody of digital assets comes with responsibility and trade-offs. Even if we can't achieve perfect security refining our strategies incrementally ensures we're as prepared as possible for the unexpected.

mcdouglasx

member

Activity: 239

Merit: 53

New ideas will be criticized and then admired.

Quote from: Saint-loup on January 16, 2025, 05:36:15 PM

How do you know that pictures PNG formatted are an entropy source good enough for a seed?
On top of that it doesn't say anything about what you should do with the passphrase unfortunately. You need to memorize it? But what will happen if you forget it one morning after you wake up?
In addition it's dangerous to only keep the picture used for the hash in just one single email box, because if the email provider shutdown or close your account you will lose all your cryptos.

By combining a SHA-256 hash of an image with a passphrase to generate the mnemonic phrase, we're providing an additional layer of entropy and security. If your passphrase is unique and sufficiently complex to avoid brute-force attacks, it should be sufficient. Sending it via email is one of many examples, and if you're afraid of losing the passphrase, you can engrave it on metal. No one will know it is linked to your Facebook profile picture or a photo from an album stored on a USB drive, for example.

suzanne5223

hero member

Activity: 2786

Merit: 657

Want top-notch marketing for your project, Hire me

Quote from: Plaguedeath on January 15, 2025, 10:00:29 PM

I will back up my seed phrase with steel plate without the passphrase and it's only contain small amount.

I also have a back up + seed phrase inside something that doesn't look fancy, so I don't need to worry to carry it to anywhere.

Based on what the OP explained about if there's a physical attack that involves making your loved one go through pains it will be easy for you to give out the wallet seed phrase.

Quote from: Plaguedeath on January 15, 2025, 10:00:29 PM

Quote from: suzanne5223 on January 15, 2025, 04:25:53 PM

I will go for the use of the safety deposit box while I split the wallet seed phrase into 2 to 3 places.

Read the point 6, you have no way to access safe deposit box.

According to what I know, safety deposit boxes are easier to access, and despite all the previous political turmoil, we have some safety deposit box providers that have been in existence since 1896 and are still in operation.

Quote from: Plaguedeath on January 15, 2025, 10:00:29 PM

Quote from: suzanne5223 on January 15, 2025, 04:25:53 PM

By law, if the agent sweeps the key they have no right to take or move the Bitcoin since it is not something accumulated through illegal means.

The agent won't care if your coins accumulated through legal or illegal, if they have the chance, they will take your coins and accuse you for doing illegal means.

No one is above the law buddy.
Unless if you don't know your rights, you're a tax offender, or somehow into shady business dealings there's no way you won't get back your holding.

Saint-loup

legendary

Activity: 2604

Merit: 2353

Quote from: mcdouglasx on January 15, 2025, 02:12:14 PM

Of all the possible ways to store your bitcoins, I believe storing them in plain text will always be insecure, regardless of whether it's recorded on paper, wood, or metal. It's best to never admit you have bitcoins and to use encryption methods. For example, you can take a picture of your cat and combine the hash of the image with a passphrase, then send the image via email. This way, it will be secure.

example:

Code:

import hashlib
import os
import typing as t
import unicodedata
from PIL import Image
import io

PBKDF2_ROUNDS = 2048

class ConfigurationError(Exception):
   pass

class Mnemonic:
   def __init__(self):
   self.radix = 2048
   self.language = "english"
   d = os.path.join(os.path.dirname(__file__), "english.txt")
   if os.path.exists(d) and os.path.isfile(d):
   with open(d, "r", encoding="utf-8") as f:
   wordlist = [w.strip() for w in f.readlines()]
   else:
   raise ConfigurationError("Language not detected")

   if len(wordlist) != self.radix:
   raise ConfigurationError(f"Wordlist must contain {self.radix} words.")

   self.wordlist = wordlist
   self.delimiter = " "

   @staticmethod
   def normalize_str(txt: t.AnyStr) -> str:
   if isinstance(txt, bytes):
   utxt = txt.decode("utf8")
   elif isinstance(txt, str):
   utxt = txt
   else:
   raise TypeError("String value expected")

   return unicodedata.normalize("NFKD", utxt)

   def mnemonic(self, data: bytes) -> str:
   if len(data) not in [16, 20, 24, 28, 32]:
   raise ValueError(
   f"Data length should be one of the following: [16, 20, 24, 28, 32], but it is not {len(data)}."
   )
   h = hashlib.sha256(data).hexdigest()
   b = (
   bin(int.from_bytes(data, byteorder="big"))[2:].zfill(len(data) * 8)
   + bin(int(h, 16))[2:].zfill(256)[: len(data) * 8 // 32]
   )
   result = []
   for i in range(len(b) // 11):
   idx = int(b[i * 11 : (i + 1) * 11], 2)
   result.append(self.wordlist[idx])
   return self.delimiter.join(result)

def img_hash(image_path: str) -> str:
   with Image.open(image_path) as img:
   buffer = io.BytesIO()
   img.save(buffer, format="PNG")
   img_bytes = buffer.getvalue()
   return hashlib.sha256(img_bytes).hexdigest()

img_path= "flow.png"
img_sha256= img_hash(img_path)
print(f"Image hash: {img_sha256}")

passphrase = "Flow is a beautiful cat, meow"
comb_data = (img_sha256+ passphrase).encode("utf-8")
comb_hash = hashlib.sha256(comb_data).hexdigest()

mnemonic = Mnemonic().mnemonic(bytes.fromhex(comb_hash))
print(f"Mnemonic phrase: {mnemonic}")

How do you know that pictures PNG formatted are an entropy source good enough for a seed?
On top of that it doesn't say anything about what you should do with the passphrase unfortunately. You need to memorize it? But what will happen if you forget it one morning after you wake up?
In addition it's dangerous to only keep the picture used for the hash in just one single email box, because if the email provider shutdown or close your account you will lose all your cryptos.

Ambatman

sr. member

Activity: 518

Merit: 433

Playbet.io - Crypto Casino and Sportsbook

Quote from: ABCbits on January 16, 2025, 04:43:54 AM

This is one of few scenario where brainwallet could be good idea. While you can bring hardware wallet or put wallet file on your electronic device, there's risk malicious border guide would steal it under some pretense.

I really thought Brainwallet was like every other wallet until I saw your quote it was the human brain.
About the option 6, some users gave quite interesting ideas on how they move their phrase across borders.
Best Way to Carry Your Seed When Traveling Or Moving Abroad?.

Quote from: NotATether on January 16, 2025, 03:47:42 AM

Well in the future I plan to purchase a gun to deal with this.

Okay this never crossed my mind. Getting a licensed gun in my country isn't quite easy.

Quote from: davis196 on January 16, 2025, 02:25:59 AM

Edited

Recall they are all hypothetical situation to serve as a test. I guess I understand your number one answer. Can't quote everything so will break it little by little and share my view.

Quote

How can you use crypto without a phone and PC? We live in the digital age, so having a phone and PC is a must. Paper cryptocurrencies would never become popular.

The test was about Bitcoin not crypto. And the test wasn't about making transactions but securing your seedphrase. And what the F is paper cryptocurrency?

Quote

I live in a pretty safe town, where the crime rates are extremely low.

Countries in war Now were relatively safe before and again hypothetical.

I don't want to even comment on your number 4 or 5

Quote

In conclusion, I realize that there's no 100% safety for my BTC, but I don't care

I guess you might be very wealthy not to care and if not
Then either you own little to no Bitcoin or it's in an exchange which is worse.
I know nothing is 100% safe doesn't mean I won't try to get close .
Well I understand if you too fixated on a thing, you loss The beauty of the surrounding.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Based on 6 tests you mention, it's hard to imagine many Bitcoiner can pass more than half of the test without using one of Bitcoin wallet/service which have inheritance feature.

Quote from: Ambatman on January 15, 2025, 11:52:47 AM

6. There is extreme political turmoil in your country and you have 24 hours to pack your bags & move to another country. Assume banks/ safe deposit locations are closed. You won’t be able to return to your country. Can you bring your coins and access them in a new country? Source.

This is one of few scenario where brainwallet could be good idea. While you can bring hardware wallet or put wallet file on your electronic device, there's risk malicious border guide would steal it under some pretense.

Quote from: https://en.bitcoin.it/wiki/Brainwallet

Brainwallets are not recommended to be used in general because of fallible human memory. But in special situations they could be very useful, for example when fleeing a country as a refugee with only the clothes on your back.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: Ambatman on January 15, 2025, 11:52:47 AM

1. Tell your next of kin to retrieve your coins as if you had died. They are only allowed to use the info they have now. No new note or instructions allowed- if you died today they wouldn’t have those instructions either. See how the test works.

Unrecoverable. (As it should be with those people.) I haven't given it much thought to be honest.

Quote from: Ambatman on January 15, 2025, 11:52:47 AM

2: Put your phone down and pretend that it, your PC and every single thing in your home / office is destroyed. Now retrieve your coins. Remember - no use of your phone or anything from your home - no paper, notes, nothing.

Based on these rules my coins would be unrecoverable as I don't memorize my seed phrase but have it written down somewhere on paper.

Quote from: Ambatman on January 15, 2025, 11:52:47 AM

3. Stop what you are doing & assume 2 or more armed attackers are now at your main premises. Assume they have disabled means for help & assume they will find a safe if you have one. If they threaten violence against you how exactly do you deal with this? What can they get?

Well in the future I plan to purchase a gun to deal with this.

Quote from: Ambatman on January 15, 2025, 11:52:47 AM

4. Assume that over a period of 3 weeks you suffer from illness, amnesia, dementia or extreme trauma which causes you to forget everything about your current setup. How do you or your loved ones / living assistants rebuild and understand your storage system?

The mnemonic phrase is right there, with no 13th word or anything.

Quote from: Ambatman on January 15, 2025, 11:52:47 AM

5. You speak “misinformation”, are a political enemy or are accused of a crime. The government gets a search warrant for your office, home, bank & safe deposit box. Assume they will find any 12 or 24 word pass phrase or private key on the premises. Can an agent sweep it?

For the above reason, yes.

Quote from: Ambatman on January 15, 2025, 11:52:47 AM

6. There is extreme political turmoil in your country and you have 24 hours to pack your bags & move to another country. Assume banks/ safe deposit locations are closed. You won’t be able to return to your country. Can you bring your coins and access them in a new country? Source.

Yes and it would not be the first time I've had to do it.

davis196

hero member

Activity: 3234

Merit: 941

1.I would never reveal to my friends and family, that I have BTC. I don't have kids and I don't plan having kids anytime soon.

2.How can you use crypto without a phone and PC? We live in the digital age, so having a phone and PC is a must. Paper cryptocurrencies would never become popular. Grin

3.I live in a pretty safe town, where the crime rates are extremely low.

4.If I ever get dementia, amnesia or extreme trauma the last thing I would care about would be my BTC.

5.I live in a normal democratic country, where the political enemies are oppressed or prosecuted.

In conclusion, I realize that there's no 100% safety for my BTC, but I don't care. Grin

Plaguedeath

hero member

Activity: 910

Merit: 680

I will back up my seed phrase with steel plate without the passphrase and it's only contain small amount.

I also have a back up + seed phrase inside something that doesn't look fancy, so I don't need to worry to carry it to anywhere.

The passphrase is easy to remember, but if I got amnesia or dementia which I can't remember the passphrase, then it's what it's. I don't want to tell my seed phrase to my family too.

Even though I invest most of my money in Bitcoin, but wealth isn't only in Bitcoin. If you have a house, a car and emergency funds, these are enough to inherit to your wife and kids.

Quote from: suzanne5223 on January 15, 2025, 04:25:53 PM

I will go for the use of the safety deposit box while I split the wallet seed phrase into 2 to 3 places.

Read the point 6, you have no way to access safe deposit box.

Quote

By law, if the agent sweeps the key they have no right to take or move the Bitcoin since it is not something accumulated through illegal means.

The agent won't care if your coins accumulated through legal or illegal, if they have the chance, they will take your coins and accuse you for doing illegal means.

suzanne5223

hero member

Activity: 2786

Merit: 657

Want top-notch marketing for your project, Hire me

I like the old-fashioned way and I believe everything that goes through the internet can never be safe. Something happens to writing the seed phrase on paper which could fall into the wrong hands.
I will go for the use of the safety deposit box while I split the wallet seed phrase into 2 to 3 places. By law, if the agent sweeps the key they have no right to take or move the Bitcoin since it is not something accumulated through illegal means.

Amphenomenon

hero member

Activity: 770

Merit: 536

Hope Jeremiah 17vs7

Quote from: hosseinimr93 on January 15, 2025, 03:40:40 PM

Quote from: Amphenomenon on January 15, 2025, 03:23:30 PM

Yes I did discover this feature recently on bluewallet, whereby you differentiate the wallet based on the password you enter and so in the point of being force, you show the false wallet containing fewer funds.

Passphrase, not password.
Your password encrypts your wallet locally and that's different from a passphrase. If someone has your seed phrase (+ passphrase, if there's any) can steal your fund without any need to your password.
Passphrase is added to the seed phrase and with adding a passphrase to your seed phrase, you generate a completely different wallet.

Yeah I do get this aspect but in the scenario where one is forced to open their wallet thier device, bluewallet has a feature where you enter a password set by you that's different from your main wallet password, where you can add smaller funds and then this is used as a disguise wallet.

I just gave the scenario you gave earlier was different from mine. Yours spoke of having a wallet of same seed phrase with one having a passphrase and the other without. Just got that now, sorry for the misinterpretation. Though I haven't thought earlier this method was possible may give it a try and understand better.

Ambatman

sr. member

Activity: 518

Merit: 433

Playbet.io - Crypto Casino and Sportsbook

Quote from: hosseinimr93 on January 15, 2025, 01:13:58 PM

If you don't want your heirs have access to your bitcoin before your death, one solution is to follow the guide provided by LoyceV.

Nice addition I must say but this interest me the most.
I have been learning on OP script for quite sometime but haven't really tried the Locktime script.
Scared of locking my coins for eternity of wrongly
Will check the Thread on my free time.

Quote from: aoluain on January 15, 2025, 03:10:16 PM

Very interesting ideas/questions, these I would have to consider. I would also say
that some of the points may not be relevant to the majority of us but I suppose
we never know what lies ahead.

I also think there has to be a compromise between security and quick access.
Having something so secure doesnt necessarily mean its easy to grab and go.

I will be interested to see what others add to this.

Yeah majority of them ain't my current problem
Hence why is an hypothetical scenario.
About security and quick access
I don't really think so
Your pocket might be more secure than your house depending on the situation (not talking about seedphrase here).

Sometimes making something harder to access makes it less secure because it would be more attractive to prying eyes.

Take an hypothetical scenario for example.
You hid something from your wife, say her favorite ear rings.
It would be harder for her to find it you hid it in her room than in a safe in your room with a password.

Note all this are not absolute. Quite sometime Easy access compromises security.
Like it's quite safer if the word of a seed phrase is scattered but harder than access.

mcdouglasx

member

Activity: 239

Merit: 53

New ideas will be criticized and then admired.

Quote from: Amphenomenon on January 15, 2025, 03:23:30 PM

Quote from: mcdouglasx on January 15, 2025, 02:12:14 PM

Of all the possible ways to store your bitcoins, I believe storing them in plain text will always be insecure, regardless of whether it's recorded on paper, wood, or metal. It's best to never admit you have bitcoins and to use encryption methods. For example, you can take a picture of your cat and combine the hash of the image with a passphrase, then send the image via email. This way, it will be secure.

The fact that you are going to store this in an email makes it not entirely secure for me, to be frank the email might be comprised and when a flaw can be found on the encryption method then your funds are gone. While the passphrase add more security if it's not entirely secure in order of using various characters and symbols then brute forcing won't be that difficult or impossible.

The encryption with passphrase is a great idea but what's lacking here is the fact that you're still storing it online where there are more opportunities for attackers to get their hands on it rather than offline.

If you use an easy passphrase, it will be insecure, but if you use, for example, the entire page 120 of a specific book written in reverse, I assure you no one will decipher it.

You could even choose another type of hash, and the attacker would literally have to be a mind reader.

The point is that insecurity always goes hand in hand with human errors.

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: Amphenomenon on January 15, 2025, 03:23:30 PM

Yes I did discover this feature recently on bluewallet, whereby you differentiate the wallet based on the password you enter and so in the point of being force, you show the false wallet containing fewer funds.

Passphrase, not password.
Your password encrypts your wallet locally and that's different from a passphrase. If someone has your seed phrase (+ passphrase, if there's any) can steal your fund without any need to your password.
Passphrase is added to the seed phrase and with adding a passphrase to your seed phrase, you generate a completely different wallet.

coolcoinz

legendary

Activity: 2814

Merit: 1192

3 is not a problem. I live in a pretty secure location. There's just a single roar to my hose that the attackers would have to drive, me and all my neighbors have cameras facing that road. My closest neighbor owns a dog that runs along my fence and barks at everyone he doesn't know. The fence itself is 2m high and you can't drive up to my house if the gate is closed. They'd have to leave the car on the road and start cutting a hole in the fence all in the open while me and my neighbors see them and dogs bark at them. Also, people who live nearby don't know that I own bitcoin and the house doesn't look wealthy from the outside. It's actually one of the smallest in the community.

2, and 5 are a problem.
2 because I keep a lot of backups in different form, but all of them are in the house. If everything got destroyed, for instance in a nuclear explosion that would vaporize the whole house, I'd lose everything. But is that really something we should worry about?
5 is also a problem because the government owns you. Agents don't have to look for your wallet. If they get you they'll make you give it up, like they made Ross. They'll find ways to threaten you, for instance by putting you in a cell with a gay rapist and after a few days you'll give up everything. So that's also not something I'd lose sleep over.

Amphenomenon

hero member

Activity: 770

Merit: 536

Hope Jeremiah 17vs7

Quote from: hosseinimr93 on January 15, 2025, 01:13:58 PM

Do you worry about a theif stealing your backup?
Consider having a multi-signature wallet or a seed phrase extended by a passphrase.

One wallet, that gives users the chance of adding up a passphrase during their wallet set up is the Ginger wallet.
A passphrase is something that's highly important and one has to be careful not to forget because once it's gone your bitcoins are gone though you have your recovery phrase.
The truth here there's a high responsibility for security one has to take on this, in order to carelessly lost their bitcoins.

Quote from: hosseinimr93 on January 15, 2025, 01:13:58 PM

Do you worry about attackers forcing you to reveal your seed phrase?
Don't keep all your fund in a single wallet. Create two wallets with a single seed phrase. One with passphrase and the other one without passphrase. Keep a small fund which you can afford to lose in the wallet without passphrase.

Yes I did discover this feature recently on bluewallet, whereby you differentiate the wallet based on the password you enter and so in the point of being force, you show the false wallet containing fewer funds.

Quote from: mcdouglasx on January 15, 2025, 02:12:14 PM

Of all the possible ways to store your bitcoins, I believe storing them in plain text will always be insecure, regardless of whether it's recorded on paper, wood, or metal. It's best to never admit you have bitcoins and to use encryption methods. For example, you can take a picture of your cat and combine the hash of the image with a passphrase, then send the image via email. This way, it will be secure.

The fact that you are going to store this in an email makes it not entirely secure for me, to be frank the email might be comprised and when a flaw can be found on the encryption method then your funds are gone. While the passphrase add more security if it's not entirely secure in order of using various characters and symbols then brute forcing won't be that difficult or impossible.

The encryption with passphrase is a great idea but what's lacking here is the fact that you're still storing it online where there are more opportunities for attackers to get their hands on it rather than offline.

aoluain

legendary

Activity: 2464

Merit: 1387

Quote from: Ambatman on January 15, 2025, 11:52:47 AM

I took the Test too and realised my coins ain't as secured as I expected.
I know some will be nonchalant about it. Not My Key Not My Bitcoin
Corrections and improvement are appreciated
Thank you. [/left]

Very interesting ideas/questions, these I would have to consider. I would also say
that some of the points may not be relevant to the majority of us but I suppose
we never know what lies ahead.

I also think there has to be a compromise between security and quick access.
Having something so secure doesnt necessarily mean its easy to grab and go.

I will be interested to see what others add to this.

mcdouglasx

member

Activity: 239

Merit: 53

New ideas will be criticized and then admired.

Of all the possible ways to store your bitcoins, I believe storing them in plain text will always be insecure, regardless of whether it's recorded on paper, wood, or metal. It's best to never admit you have bitcoins and to use encryption methods. For example, you can take a picture of your cat and combine the hash of the image with a passphrase, then send the image via email. This way, it will be secure.

example:

Code:

import hashlib
import os
import typing as t
import unicodedata
from PIL import Image
import io

PBKDF2_ROUNDS = 2048

class ConfigurationError(Exception):
   pass

class Mnemonic:
   def __init__(self):
   self.radix = 2048
   self.language = "english"
   d = os.path.join(os.path.dirname(__file__), "english.txt")
   if os.path.exists(d) and os.path.isfile(d):
   with open(d, "r", encoding="utf-8") as f:
   wordlist = [w.strip() for w in f.readlines()]
   else:
   raise ConfigurationError("Language not detected")

   if len(wordlist) != self.radix:
   raise ConfigurationError(f"Wordlist must contain {self.radix} words.")

   self.wordlist = wordlist
   self.delimiter = " "

   @staticmethod
   def normalize_str(txt: t.AnyStr) -> str:
   if isinstance(txt, bytes):
   utxt = txt.decode("utf8")
   elif isinstance(txt, str):
   utxt = txt
   else:
   raise TypeError("String value expected")

   return unicodedata.normalize("NFKD", utxt)

   def mnemonic(self, data: bytes) -> str:
   if len(data) not in [16, 20, 24, 28, 32]:
   raise ValueError(
   f"Data length should be one of the following: [16, 20, 24, 28, 32], but it is not {len(data)}."
   )
   h = hashlib.sha256(data).hexdigest()
   b = (
   bin(int.from_bytes(data, byteorder="big"))[2:].zfill(len(data) * 8)
   + bin(int(h, 16))[2:].zfill(256)[: len(data) * 8 // 32]
   )
   result = []
   for i in range(len(b) // 11):
   idx = int(b[i * 11 : (i + 1) * 11], 2)
   result.append(self.wordlist[idx])
   return self.delimiter.join(result)

def img_hash(image_path: str) -> str:
   with Image.open(image_path) as img:
   buffer = io.BytesIO()
   img.save(buffer, format="PNG")
   img_bytes = buffer.getvalue()
   return hashlib.sha256(img_bytes).hexdigest()

img_path= "flow.png"
img_sha256= img_hash(img_path)
print(f"Image hash: {img_sha256}")

passphrase = "Flow is a beautiful cat, meow"
comb_data = (img_sha256+ passphrase).encode("utf-8")
comb_hash = hashlib.sha256(comb_data).hexdigest()

mnemonic = Mnemonic().mnemonic(bytes.fromhex(comb_hash))
print(f"Mnemonic phrase: {mnemonic}")

hosseinimr93

legendary

Activity: 2380

Merit: 5213

From this point of view, the best thing we can do is to avoid owning bitcoin. That's the only way to make sure we will never lose bitcoin. Otherwise, whatever we do, it's still possible to lose our bitcoin.

Do you worry about a wildfire destroying your backup?
Keep your seed phrase in a safe or use metal sheets. It's also recommended to keep multiple copies of your seed phrase in different places.

Do you worry about a thief stealing your backup?
Consider having a multi-signature wallet or a seed phrase extended by a passphrase.

Do you worry about your heirs not being able to get access your bitcoin after your death or in the case of some illness?
Instruct them now.
If you don't want your heirs have access to your bitcoin before your death, one solution is to follow the guide provided by LoyceV.

Do you worry about attackers forcing you to reveal your seed phrase?
Don't keep all your fund in a single wallet. Create two wallets with a single seed phrase. One with passphrase and the other one without passphrase. Keep a small fund which you can afford to lose in the wallet without passphrase.

Ambatman

sr. member

Activity: 518

Merit: 433

Playbet.io - Crypto Casino and Sportsbook

This is not an original post by me. I came across it on twitter and felt it would be great to share so those interested can give it a try.

The fire incident on LA showed the importance on how seedphrase are kept.
A Tweet was made there that I also liked

A seed phrase doesn’t belong in a safe.

Putting it in a safe implies it has value to be investigated.
Source

I believe it's in alignment with the notion that a Person wearing a mask in a bank would be more suspicious than one dressing normal despite protecting identity.

Enough of my Rambling. These below are the test and the source would be placed at the bottom.

1. Tell your next of kin to retrieve your coins as if you had died. They are only allowed to use the info they have now. No new note or instructions allowed- if you died today they wouldn’t have those instructions either. See how the test works.

2: Put your phone down and pretend that it, your PC and every single thing in your home / office is destroyed. Now retrieve your coins. Remember - no use of your phone or anything from your home - no paper, notes, nothing.

3. Stop what you are doing & assume 2 or more armed attackers are now at your main premises. Assume they have disabled means for help & assume they will find a safe if you have one. If they threaten violence against you how exactly do you deal with this? What can they get?

4. Assume that over a period of 3 weeks you suffer from illness, amnesia, dementia or extreme trauma which causes you to forget everything about your current setup. How do you or your loved ones / living assistants rebuild and understand your storage system?

5. You speak “misinformation”, are a political enemy or are accused of a crime. The government gets a search warrant for your office, home, bank & safe deposit box. Assume they will find any 12 or 24 word pass phrase or private key on the premises. Can an agent sweep it?

6. There is extreme political turmoil in your country and you have 24 hours to pack your bags & move to another country. Assume banks/ safe deposit locations are closed. You won’t be able to return to your country. Can you bring your coins and access them in a new country? Source.

Other ideas could be added since I'm well aware the OP isn't all knowing.
On a side note
I would add some post I came across about securing your seedphrase.

Recommendations to store my seed phrase!! By Hatchy ( A question perse but most answers there are worth checking out)

Securing Your Seed Phrase with Washers By fillippone updated last year.

I took the Test too and realised my coins ain't as secured as I expected.
I know some will be nonchalant about it. Not My Key Not My Bitcoin
Corrections and improvement are appreciated
Thank you.

Topic: A Test on Self Custody (Read 498 times)