Pages:
Author

Topic: Backup your Private Keys ! (Before it's too late) (Read 389 times)

hero member
Activity: 1162
Merit: 547
CryptoTalk.Org - Get Paid for every Post!
Thanks, everyone for pointing out flaws in my method. The standard procedure seems the only way to proceed with one's backing up of private keys or seeds.
Someone rightly said that why re-invent the wheel when tried-and-tested methods work fine.
Locking up this thread since its motive is completed.
legendary
Activity: 2408
Merit: 2226
Signature space for rent
I will not encourage to do that for anyone what OP has done. It's quite unsecured to me and but complicated in case your forget your password or encrypted password. Storing this kind of sensitive data on gmail isn't recommended. It would be harmful for you if in case you forgot about your email details or lost 2FA and so on.

What I did about my wallet, I have exported my all private and write the seed on same page and print it eventually. I have stored it on multiple place so there is very low chance that I may loss both documents at the same time. And I feel this is the secure way to store my private keys.
legendary
Activity: 3472
Merit: 10611
~
But you don't answer the issue, how do you prevent a potential incompatibility of future versions of your encryption software?

any decent software like that will always keep backward compatibility in mind. it is not something they can skip and change the software so that it becomes incompatible! besides the algorithms used by these softwares are standard and are not going to change. in most cases you don't even need to reuse the same software! for instance AES became a standard in 2001 and for the past 18 years if you encrypted something using that, you can still decrypt it with any software the supports the algorithm.
same with bitcoin BIPs, they are standards and they won't change. even if your software changed you can still find the standard and re-implement it.
legendary
Activity: 2604
Merit: 2353
I'm sorry but if you use bip39 words and compute the checksum, no one can even know the seed is fake.   
A hacker who finds an empty seed or a seed with only small amount can suspect that it was modifier in some way, and then they will just run a program that cracks it. They can even configure a crawler or malware to do it automatically.
LOL I think you're trolling me...  Roll Eyes What do you want to crack?  Huh LOL You want him to check all the seeds possible?  Roll Eyes In this case he will find yours too LOL   Grin

the real question is "why would anybody want to do this". when you come up with a new way it has to have some advantage over other methods not disadvantage.
lets take a closer look at your setup and compare it with the alternative. you say you have two parts: 1. something stored online (in the cloud) 2. something stored on a paper.
the first one is the seed with some words changed as an encrypting technique and the second is the words that were changed as the key to decrypt it.

what is the alternative?
encrypting it with a strong password and storing the password offline on a paper (#2) and storing the encrypted seed in the cloud (#1).

so what's the difference? you are still storing two things: one encrypted data and one key to decrypt it. the difference is that in the alternative way, the encryption technique is a very strong one (AES-256 for example) and it can not be broken but in first method the encryption technique used is not even close to being as strong as the alternative.
A new way? I don't think using a passphrase of a bip39 seed, or changing words of a bip39 seed without a passphrase, is a very brand new way...
And I didn't say it's more safe than to encrypt it.
But you don't answer the issue, how do you prevent a potential incompatibility of future versions of your encryption software?
legendary
Activity: 3472
Merit: 10611
I'm sorry but if you use bip39 words and compute the checksum, no one can even know the seed is fake.   
A hacker who finds an empty seed or a seed with only small amount can suspect that it was modifier in some way, and then they will just run a program that cracks it. They can even configure a crawler or malware to do it automatically.
LOL I think you're trolling me...  Roll Eyes What do you want to crack?  Huh LOL You want him to check all the seeds possible?  Roll Eyes In this case he will find yours too LOL   Grin

the real question is "why would anybody want to do this". when you come up with a new way it has to have some advantage over other methods not disadvantage.
lets take a closer look at your setup and compare it with the alternative. you say you have two parts: 1. something stored online (in the cloud) 2. something stored on a paper.
the first one is the seed with some words changed as an encrypting technique and the second is the words that were changed as the key to decrypt it.

what is the alternative?
encrypting it with a strong password and storing the password offline on a paper (#2) and storing the encrypted seed in the cloud (#1).

so what's the difference? you are still storing two things: one encrypted data and one key to decrypt it. the difference is that in the alternative way, the encryption technique is a very strong one (AES-256 for example) and it can not be broken but in first method the encryption technique used is not even close to being as strong as the alternative.
hero member
Activity: 1932
Merit: 511
Vave.com - Crypto Casino
Why are trying to reinvent the wheel? There is an accepted standard for backing up wallets - write down your 12 or 24 words on paper, and store them somewhere safe and secure. There is a reason that all major wallets suggest this method.
I am not comfortable with that method to saving Mnemonic (words) 12-24. that's could be same with saving privatekeys to paper. Since a month ago blockchain has lock to open source for privatekeys.
I'm just considering if in a case the website down, trouble or maintenance, we can't access for a while or in urgent situation.

If I remember I still don't have a phone at that time, I only used that email for gaming purposes, old school gaming you know. The password is quite easy that's why I can still remember it until now. but the problem is after I sign in with the Username and Password, it brings me to another tab that I need to confirm another verification. I wish I could get it back, I have some important files out there.
Yes many years ago system number for verifying not yet implemented. But following clue on you picture, you had set up email for recovery or second, but you did it for random email. Never save any important data or things on you could, or you'll lost'em on day.
member
Activity: 854
Merit: 12
arcs-chain.com
So, recently my personal laptop's hard drive got corrupted and all my data was lost, including private keys for my wallet.
...thankfully I already had a secure backup of them and no coins were lost.

Here I am sharing my technique to beginners so they can back up their private keys the same way I did.

Many of the users might be storing the keys/seed in some written form but physical damage to paper might lead to loss of your funds.

Here's how I do it:

1. Edit an image using notepad, paste the seed in between.
2. Add it to a .zip file and encrypt it by setting a password.
3. Create a new Gmail account and set up 2-factor authentication. Upload .zip file to Google Drive.
4. Remember this account's password, and Never use it. NEVER. Don't save to any password manager, just remember.
5. That's it, you got yourself a secure online backup for your keys.

Don't repeat the password in any step, or else this method might become useless.

I don't know if this is optimal or not, but comments are appreciated.


seems way complicated just to substitute a simple piece of paper... if one is not enough, you can make several copies and store them in several places, making redundancy at 100%
with your system, you are introducing several points in which it could fail and that are dependant of third parties... think about it... not that your system does not work, but it can fail in multiple places.... sometimes the simple way is the best Smiley
hero member
Activity: 3024
Merit: 680
★Bitvest.io★ Play Plinko or Invest!
I'm not comfortable with storing delicate and important information such as private keys on cloud storages. Although writing it on a paper is very simple but I still consider it one of the best ways to back up our PKs.

Prone to being crumpled or ripped? write it on a cardboard or stronger paper that obviously can last for years.
legendary
Activity: 2604
Merit: 2353
Brute force? How could you brute force it if you don't know which words had been changed? Maybe the user you're talking about(a link would have been welcomed) was using words not included in the bip39 dictionary of his language.

Yes, brute force, because swapping a few words result in a number of combinations that can be cracked by modern computers - depending on how many words you have changed, it will vary from a few seconds to maybe a few days. Cryptographers consider systems secure if they take billions of trillions of years to bruteforce, and even a few years of bruteforcing is considered broken, so your method is absolutely not secure.
As I said above, the attackers won't have any clue of the replaced words if you use bip39 words of your language.
You can find the dictionaries here https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md

I'm sorry but if you use bip39 words and compute the checksum, no one can even know the seed is fake.  
A hacker who finds an empty seed or a seed with only small amount can suspect that it was modifier in some way, and then they will just run a program that cracks it. They can even configure a crawler or malware to do it automatically.
LOL I think you're trolling me...  Roll Eyes What do you want to crack?  Huh LOL You want him to check all the seeds possible?  Roll Eyes In this case he will find yours too LOL   Grin

Moreover how many people lost their seeds because their precious sheet of paper has disappeared? If you live alone and if you're a tidy person that's could be ok but it's not the case of most of people. People aren't robots.    
And how many people will lose their money by storing their seed in insufficiently protected way in the cloud? And why do they have do these naive tricks if they can use strong encryption like AES instead?
It's ok to encrypt but you have to remember your passphrase, and to trust the software used to encrypt. In several years, will the available version be able to still decrypt your old files?
legendary
Activity: 3024
Merit: 2148
Brute force? How could you brute force it if you don't know which words had been changed? Maybe the user you're talking about(a link would have been welcomed) was using words not included in the bip39 dictionary of his language.

Yes, brute force, because swapping a few words result in a number of combinations that can be cracked by modern computers - depending on how many words you have changed, it will vary from a few seconds to maybe a few days. Cryptographers consider systems secure if they take billions of trillions of years to bruteforce, and even a few years of bruteforcing is considered broken, so your method is absolutely not secure.

I'm sorry but if you use bip39 words and compute the checksum, no one can even know the seed is fake.   

A hacker who finds an empty seed or a seed with only small amount can suspect that it was modifier in some way, and then they will just run a program that cracks it. They can even configure a crawler or malware to do it automatically.

Moreover how many people lost their seeds because their precious sheet of paper has disappeared? If you live alone and if you're a tidy person that's could be ok but it's not the case of most of people. People aren't robots.   

And how many people will lose their money by storing their seed in insufficiently protected way in the cloud? And why do they have do these naive tricks if they can use strong encryption like AES instead?
legendary
Activity: 2604
Merit: 2353
You can also back up online a normal seed (without passphrase) by replacing few words, and remembering  these words, or storing them in another place.


Another horrible advice here. Replacing words doesn't give you any meaningful protection, in most cases its trivial to get the original seed with bruteforce. A few months there was a thread about a user who lost his coins in exactly this way - he saved his seed in his email and just swapped a few words, thinking that it would be enough.

Newbies in this thread, please stop giving people advises about cryptography if you are not an expert cryptographer yourself, you are only making things worse.
Brute force? How could you brute force it if you don't know which words had been changed? Maybe the user you're talking about(a link would have been welcomed) was using words not included in the bip39 dictionary of his language.
I'm sorry but if you use bip39 words and compute the checksum, no one can even know the seed is fake.
Moreover how many people lost their seeds because their precious sheet of paper has disappeared? If you live alone and if you're a tidy person that's could be ok but it's not the case of most of people. People aren't robots.    
legendary
Activity: 3136
Merit: 1172
Leading Crypto Sports Betting & Casino Platform
So, recently my personal laptop's hard drive got corrupted and all my data was lost, including private keys for my wallet.
...thankfully I already had a secure backup of them and no coins were lost.

Here I am sharing my technique to beginners so they can back up their private keys the same way I did.

Many of the users might be storing the keys/seed in some written form but physical damage to paper might lead to loss of your funds.

Here's how I do it:

1. Edit an image using notepad, paste the seed in between.
2. Add it to a .zip file and encrypt it by setting a password.
3. Create a new Gmail account and set up 2-factor authentication. Upload .zip file to Google Drive.
4. Remember this account's password, and Never use it. NEVER. Don't save to any password manager, just remember.
5. That's it, you got yourself a secure online backup for your keys.

Don't repeat the password in any step, or else this method might become useless.

I don't know if this is optimal or not, but comments are appreciated.


There are so many passwords to remember in this scenario.

1- you have to remember the .Zip file password.
2-you have to remember the gmail account password
3- you have to save the back 2fa code also in case your 2fa device is lost.

Remember that secure the private key doesn't mean that you save it in the box under boxes and remember each of those layers passwords. Losing anyone will make you lost.
sr. member
Activity: 2030
Merit: 356
So, recently my personal laptop's hard drive got corrupted and all my data was lost, including private keys for my wallet.
...thankfully I already had a secure backup of them and no coins were lost.

Here I am sharing my technique to beginners so they can back up their private keys the same way I did.

Many of the users might be storing the keys/seed in some written form but physical damage to paper might lead to loss of your funds.

Here's how I do it:

1. Edit an image using notepad, paste the seed in between.
2. Add it to a .zip file and encrypt it by setting a password.
3. Create a new Gmail account and set up 2-factor authentication. Upload .zip file to Google Drive.
4. Remember this account's password, and Never use it. NEVER. Don't save to any password manager, just remember.
5. That's it, you got yourself a secure online backup for your keys.

Don't repeat the password in any step, or else this method might become useless.

I don't know if this is optimal or not, but comments are appreciated.


That's your ways of doing it but I do not want to get in the hassle of making another Gmail and setting up 2fa and blah blah.
Here is how I keep my private key  seed safe. I have bought an USB and put the private key in notepad and in that Usb. Also I have save my seed on a piece of paper and both of these things are saved in private cupboard under lock and key. And they are 100% in my home.
legendary
Activity: 3472
Merit: 10611
you are doing two horrible things:
1. re-inventing encryption by doing weird things such as inserting the seed (un-encrypted) in another file type.
2. uploading it to a server!!!

just STOP.
backup of something this important that could also be valuable (depending on how much you store) needs to be proper. this means COLD STORAGE not storing it online! and STRONG ENCRYPTION.
just stick to what the experts have created for you instead of trying to come up with new ways. BIP38 is what you should use. it uses a strong AES encryption and with a decent password you can protect your private key very well. it also encodes it with base58 making it easier to backup and restore.
you could use AES to encrypt your mnemonic (seed phrase) too. which is what you should do instead of using a zip file!
sr. member
Activity: 728
Merit: 368
Sancho
So, recently my personal laptop's hard drive got corrupted and all my data was lost, including private keys for my wallet.
...thankfully I already had a secure backup of them and no coins were lost.

Here I am sharing my technique to beginners so they can back up their private keys the same way I did.

Many of the users might be storing the keys/seed in some written form but physical damage to paper might lead to loss of your funds.

Here's how I do it:

1. Edit an image using notepad, paste the seed in between.
2. Add it to a .zip file and encrypt it by setting a password.
3. Create a new Gmail account and set up 2-factor authentication. Upload .zip file to Google Drive.
4. Remember this account's password, and Never use it. NEVER. Don't save to any password manager, just remember.
5. That's it, you got yourself a secure online backup for your keys.

Don't repeat the password in any step, or else this method might become useless.

I don't know if this is optimal or not, but comments are appreciated.

It is commendable that you use backups. Two troubles can happen with important information - leak and loss. Your backup method does not protect well enough from both of them and is too complicated for a beginner to implement. This is better than not making backups at all, but you should not cultivate a false sense of security in yourself while you are using your method.
legendary
Activity: 2254
Merit: 1140
I would recommend against using OP’s advice on a net connected computer.  More simple, write it down with pen and paper and jam it into a fireproof safe. 
hero member
Activity: 2268
Merit: 588
You own the pen
That's could being your mistake not services by mails, lets we learn from it, to always set up email or phone active so we can easily revocery a case on one day. Images could be coverted by words then saved on notepad, it's called as encrypt & decrypt methode.

If I remember I still don't have a phone at that time, I only used that email for gaming purposes, old school gaming you know. The password is quite easy that's why I can still remember it until now. but the problem is after I sign in with the Username and Password, it brings me to another tab that I need to confirm another verification. I wish I could get it back, I have some important files out there.

legendary
Activity: 3024
Merit: 2148
You can also back up online a normal seed (without passphrase) by replacing few words, and remembering  these words, or storing them in another place.


Another horrible advice here. Replacing words doesn't give you any meaningful protection, in most cases its trivial to get the original seed with bruteforce. A few months there was a thread about a user who lost his coins in exactly this way - he saved his seed in his email and just swapped a few words, thinking that it would be enough.

Newbies in this thread, please stop giving people advises about cryptography if you are not an expert cryptographer yourself, you are only making things worse.
sr. member
Activity: 560
Merit: 269
I have done that. It's safe as long as you know the passcodes. Op experience happens to me one time. My phone is not functioning well and have to perform a full recovery by wiping all of the data. My data all wiped out including my keystone wallet. So have to do something to prevent this to happen again. I did what op did. So far no problem. But I know it's not the safest way to protect your cryptocurrency. Hackers can break in to your Google drive and just brute force the file which you zipped and take all the funds. The most safe I think is furnish private key print out and keep it in your vault.
sr. member
Activity: 2254
Merit: 258
Quote
1. Edit an image using notepad, paste the seed in between.
This is a good idea not many people knows this

Quote
2. Add it to a .zip file and encrypt it by setting a password.
Only do this when you have a lot of coins in your wallet

Quote
3. Create a new Gmail account and set up 2-factor authentication. Upload .zip file to Google Drive.
highly recommend no one should use gmail without a 2-factor authentication

Quote
4. Remember this account's password, and Never use it. NEVER. Don't save to any password manager, just remember.
password manager is ok as long as you choose the best password manager


Quote
5. That's it, you got yourself a secure online backup for your keys.
I think there are a lot of other want but your is a good one too.

Pages:
Jump to: