Author

Topic: Bitcoin Wallet & Seed Storage Question? (Read 660 times)

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
October 28, 2019, 09:34:04 AM
#42
Get yourself a set of metal stamps for 10$ and a couple 4" electrical box cover plates from the hardware store $3. 
I like this one. I've also been looking at all sorts of alphabet and number craft things, but most of them are plastic or foam or wood, which is not much better than paper when considering their survival rates in a house fire.

In case that's still acceptable, I've also thought of using embroidered letters sewn to cloth strips, which you can hide anywhere and also be able to bring with you on your person if needed.
legendary
Activity: 2730
Merit: 7065
October 28, 2019, 04:46:09 AM
#41
If you contact insurance providers and say "Do you insure this exchange", then chances are they aren't going to divulge specifics of their business dealings or other customer's details.
All true, yes. But you can do it in a smarter way. Asking the insurance providers if they provide crypto insurance in order to insure a new crypto exchange. If they ask for more details and information about the exchange they have in some form admitted that they are providing such services depending on who they are insuring. If they reply negatively it means they aren't.
legendary
Activity: 2268
Merit: 18748
October 27, 2019, 04:42:58 AM
#40
Whether or not it is true can be checked by contacting the companies and asking about such services but that is not something that is very high on my to-do-list
It can't, though. If you contact the exchange and ask "Are you really insured" then of course they are going to say yes. Again, you are taking them at their word. If you contact insurance providers and say "Do you insure this exchange", then chances are they aren't going to divulge specifics of their business dealings or other customer's details.

The exchange in question should be posting proof that they are insured as they claim, by posting formal documents of their policy or notarized letters from the insurance company stating as such. As far as I know, none have done so.
legendary
Activity: 2730
Merit: 7065
October 27, 2019, 02:56:41 AM
#39
That's my point - there is no independent confirmation of any of these insurance policies. There are news articles which reference each other or blog posts from the exchange in question. I am yet to see (and someone please correct me if I'm wrong) a statement from a bank or insurance provider saying "We are insuring exchange X for the amount of Y bitcoin", or a documented insurance policy, or a claim which has been fulfilled, or any true verification that this insurance exists.
Seeing how much governments, including banks, are fighting crypto I think crypto insurance is not something they would proudly highlight as part of their portfolio. Another article I found mentions that groups like Allianz and AIG have insurance packages for crypto exchanges.
https://cryptoslate.com/report-banks-are-secretly-offering-cryptocurrency-insurance-to-businesses/

Whether or not it is true can be checked by contacting the companies and asking about such services but that is not something that is very high on my to-do-list  Cool
legendary
Activity: 1463
Merit: 1135
October 27, 2019, 12:26:10 AM
#38
I'd highly advise you not to obscure your seed phrase in books, invisible ink, etc. With these ideas you are more likely to lose your seed than have it stolen.
Here is a solution I like.
Get yourself a set of metal stamps for 10$ and a couple 4" electrical box cover plates from the hardware store $3.  
Spend an afternoon stamping your seed on the metal plate.  Once finished, bolt the 2 plates together (words facing inwards) with short bolts and nylock nuts.  Bolting it together makes it so tools must be used to even see that something is written on the other side of the metal. It does not look valuable and you can hide it wherever you want. Perhaps bolting it into an unused electrical outlet in your home and covering it with drywall if you're worried you'll be broken into, or hide it under a corner of your carpet for easier access. Perhaps hidden in plain site as paperweight base with some cheap bobbly head toy glued to the top. Get creative with that part but don't be the guy who loses access to his funds because half was stored at grandmas or some other difficult to access location.


legendary
Activity: 2268
Merit: 18748
October 26, 2019, 05:28:21 AM
#37
-snip-
That's my point - there is no independent confirmation of any of these insurance policies. There are news articles which reference each other or blog posts from the exchange in question. I am yet to see (and someone please correct me if I'm wrong) a statement from a bank or insurance provider saying "We are insuring exchange X for the amount of Y bitcoin", or a documented insurance policy, or a claim which has been fulfilled, or any true verification that this insurance exists. theymos could quite easily write an announcement saying all forum funds are insured, but that doesn't make it true.

Perhaps I'm being overly cynical, but my faith in centralized exchanges given how many times they have been hacked and the huge amount of shady activities they have taken part in over the years is a big fat zero.
legendary
Activity: 2730
Merit: 7065
October 26, 2019, 04:41:20 AM
#36
I wouldn't share the name of which exchange you are storing them on, but are you sure they are insured?
According to this article> https://flagshipcrypto.com/which-cryptocurrency-exchanges-are-insured/ there are 4 crypto exchanges which are in some way insured. Those are Coinbase, Circle, Gemini and Xapo. It was published back in February so it is possible there is a longer list.

Another source confirms that the insurance of Coinbase covers up to $255 million for the assets they hold in their hot wallets.
https://www.coindesk.com/coinbase-insurance-coverage

Furthermore, insurance only protects against a single method of failure - the exchanges themselves being hacked. It wouldn't protect against them exit scamming, shutting down, freezing your accounts, demanding ridiculous KYC, your account being hacked, you being phished, you having clipboard malware, and so on.
+1
That is the most important thing we should remember! Any mistake on the user's part are not covered by the insurance.
hero member
Activity: 1358
Merit: 635
October 26, 2019, 04:10:08 AM
#35
I just want to thank everyone for all of your input so far. I still haven't decided yet how I want to store my seed phrase. I bought two Ledger Nano X's but my crypto is still on an exchange. I know that, "If it's not your key, it's not your Bitcoin". Still, I feel safe with it so far because the exchange is insured for up to $250,000. I know. I am being stupid by putting trust in an exchange.

IMHO, the only way to justify the storing  on exchange is to trade there and receive profit that equals iterative covering of the pertaining risk, but even in that case I would repeatedly withdraw part of the gained fund to my own wallet.    
legendary
Activity: 2268
Merit: 18748
October 26, 2019, 03:30:25 AM
#34
I wouldn't share the name of which exchange you are storing them on, but are you sure they are insured? I'm not sure I know of any exchange which has had to claim on insurance to refund customers. Anyone can simply write "Deposits are insured" when they aren't at all. Have you seen any paperwork or documentation stating that?

Furthermore, insurance only protects against a single method of failure - the exchanges themselves being hacked. It wouldn't protect against them exit scamming, shutting down, freezing your accounts, demanding ridiculous KYC, your account being hacked, you being phished, you having clipboard malware, and so on.

There's a reason that every good hardware wallet suggests that your mnemonic phrase should be written down on paper; that's the best way to store it. If you are concerned about somebody finding it, then use a long passphrase, write that down on paper, and store it separately (I would argue everyone should be using passphrases regardless). If you are still concerned about both these things being found, then you could use something like Shamir's Secret Sharing to split it in to parts, and then an attacker would need to find 3 (or 4, or 5) different pieces of paper to steal your funds. It you are still concerned, then encode it in some way when you write it down. Just be aware that every additional step you add, whilst making it harder for your coins to be stolen, also makes it harder for you to recover them, especially if you forget one of the steps or where one on your hiding places is.
newbie
Activity: 21
Merit: 11
October 25, 2019, 01:35:24 PM
#33
I just want to thank everyone for all of your input so far. I still haven't decided yet how I want to store my seed phrase. I bought two Ledger Nano X's but my crypto is still on an exchange. I know that, "If it's not your key, it's not your Bitcoin". Still, I feel safe with it so far because the exchange is insured for up to $250,000. I know. I am being stupid by putting trust in an exchange.
hero member
Activity: 1358
Merit: 635
October 25, 2019, 12:36:24 PM
#32
snip

So secondly, what should I do about storing my seed phrase?


I don't know if that helps, but I have used  Shamir scheme  to split my SEED phrase into six parts with the ability to restore it via any 3  of 6  and shared those ones ( in form of QR codes printed on the back of my family pictures) among my relatives, each received one piece. Whenever anyone asked about those QRs, I gave an answer they are related to ID of studio that made pictures of my family.


Interesting choice, but there's high risks of rolling your own backup/restore method and it's not something that regular user would do.

It sounds like example, but do you plan to ask your relative to show your family's picture out of nowhere if you need to restore your seed/mnemonic phrase?

I'm visiting  them  every  year and they all like to share memories. They do it  by browsing trough  the pictures  what  in fact is one of their favorite activities. That is why,  as I checked,  taking  QR code on the sly is not a big task for me.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
October 25, 2019, 10:51:16 AM
#31
Your email address is hidden to everyone except admins of the forum. And before I think you may be referring to the contents of your email, that depends on your provider and the kind of authentication you have for it, passwords and two factor, and who else you gave it to.

If you access your email from a compromised computer (like if a keylogger was installed on yours), then someone else may already have access to it.

As for the seed words. Write it down with normal ink. Stick that paper in an envelope or a book, if that's your thing. I would probably use a laser printer and make a QR code of the whole thing, but be aware that this could lower security (printers get hacked, the software you use to make the QR code gets hacked, or the computer you do it all on is already compromised), unless you take proper precautions.

Just write it down is best. You could also find a way to encode it in an existing book (marking letters and such), or just write it in the margins of the pages of the book using permanent ink.
hero member
Activity: 1358
Merit: 635
October 23, 2019, 04:23:16 AM
#30
snip

So secondly, what should I do about storing my seed phrase?


I don't know if that helps, but I have used  Shamir scheme  to split my SEED phrase into six parts with the ability to restore it via any 3  of 6  and shared those ones ( in form of QR codes printed on the back of my family pictures) among my relatives, each received one piece. Whenever anyone asked about those QRs, I gave an answer they are related to ID of studio that made pictures of my family.
legendary
Activity: 2268
Merit: 18748
October 22, 2019, 03:30:42 AM
#29
-snip-
+1 for this. Passphrases are great, and everyone should be using one (one long and random enough that it can't be easily bruteforced).

I prefer to use "Set temporary passphrase" rather than "Attach to PIN code", for a couple of reasons. Firstly, if you use "set temporary", then you have to physically enter it each time you use it. Since most people (incorrectly) don't back up their passphrase on paper, it serves as a memory aid every time you enter it. There have been a couple of posts I've seen on this forum of users attaching passphrases to PINs, forgetting the passphrase having never had to use it in months, and then losing access to their coins.

Secondly, this article: https://ledger-donjon.github.io/Unfixable-Key-Extraction-Attack-on-Trezor/. I appreciate this article is about a Trezor device, but the premise is the same. This attack on the Trezor device is now possible with around $100 of equipment. Given enough time, money, equipment, and expertise, it is conceivable that an attacker would be able to extract your seed from a Ledger device. If you have your passphrase attached to a PIN, then your passphrase must be stored somewhere within the secure element, and therefore available as an attack target. If you set the passphrase temporarily each time, then (as far as I am aware) it is used to generate your keys, but is not stored on your device and is wiped after you unplug, therefore protecting you against an attack such as this.

The obvious downside to this is the time it takes to enter your passphrase every time can non trivial (5-10 minutes if you are using a long and random passphrase as you should). However, given that my passphrase protected wallets are used for long-term cold storage, I'm not accessing them often enough that this becomes too much of an issue for me.
sr. member
Activity: 443
Merit: 350
October 22, 2019, 02:39:54 AM
#28
I have read the topic and did not find anything about one very useful ledger's security option.
Instead of buying 2,3,4 or more Ledgers it is better to make 2 different PIN-codes on one ledger, creating the additional passphrase and splitting the accounts between 2 different HD wallets within one device. It works in the following way:

1) You activate your ledger at normal way: it generates 24 seed words and set of accounts based on these words. You also create PIN code, for example 1234. This is your HD wallet #1
2) After that you add a passphrase (actually this is a 25th word for your security seed), and attach this passphrase to another PIN code (let's say 5678). That passphrase actually generates for you the completely different set of addresses, so you actually receive "another" wallet. This is your HD wallet #2. Do not write down this passphrase together with the 24word secreet seed. Keep in in mind or separately.
3) Now if you input PIN-code 1234, you will access wallet #1. If you input PIN-code 5678, you will access wallet #2.
4) So, split your funds between wallets #1 and #2. Put to first wallet small amount let's say USD500, but put to the 2nd wallet the main funds let's say 10,000USD.

This is very useful. If somebody finds your secret seed, he will enter these 24words and has the access to wallet #1 with USD500. If somebody finds your hardware wallet, and physically (drawing the knife) ask you to provide the PIN, you will call PIN 1234 and povide the access to wallet #1 with small amount. Only you will know how to open your wallet with main funds: entering another PIN 5678, or if you lost a ledger device, order another one and recover with your 24words seed + passphrase.

I like this option very much. Perfect!

This is a video tutorial for Nano S (the same feature works in Nano X as well): https://youtu.be/RJzSQtGVaA0
copper member
Activity: 832
Merit: 18
Create your coin for FREE ★mintme.com★
October 19, 2019, 12:09:25 PM
#27
O.K., So I think I have made up my mind as to what I'm going to do. Tell me what you think of my ideas.

1. As stated, I purchased two Ledger Nano X's. I will hide one with my Bitcoin on it somewhere in my apartment. I will keep the second Ledger brand-new, unused in my desk drawer. This way if a thief comes into my apartment they will think that they found the Ledger with the Bitcoin on it. Also, in the future, if the Ledger with the Bitcoin on it wears out for some reason, I will have a back-up.

2. I will use the random BIP39 seed word that the Ledger Nano X generates. (Thank you for saving me here, guys!) I will also use a PIN.

3. Perhaps the most controversial part. I will write my 24 word seed phrase with "archival" permanent invisible ink in a book. I will duplicate this in another book and keep the second book in a safety deposit box or in a P.O. Box at the post office. (I will check from time-to-time the longevity of the ink.)

O.K., So there it is. Is it a sound and effective plan? Thank you.

P.S. I wish I had the "NeuroticFish" username because that's what I've become. A computer I am not.

Well, I believe this would be effective, yet I can't shake the feeling that you're overdoing it and all of this could be undone with a mistake that no one would notice now

Also, the invisible ink thing seems a lot like security by obscurity which is something unadvisable.
legendary
Activity: 2408
Merit: 2226
Signature space for rent
October 05, 2019, 01:58:30 AM
#26
3. Perhaps the most controversial part. I will write my 24 word seed phrase with "archival" permanent invisible ink in a book. I will duplicate this in another book and keep the second book in a safety deposit box or in a P.O. Box at the post office. (I will check from time-to-time the longevity of the ink.)
Why are you like to handover your seed like post office box? I know you will secure it by something else. But do you know that no system is safe? Seems you are too much worried about your seed how to store it. Why not make it simple? Store your seed on multiple safe places. Even 1 would burn another will survive. Safe zone means under your control, it might on your house or some other places. If you think your home wouldn't safe then think what will happen if you die ? So there is no guaranty actually. That's life, and I has no guarantee. So it would be nice solution, write your seed on multiple good paper and store it on multiple safe place and check occasionally if your seed is fine.
newbie
Activity: 21
Merit: 11
October 03, 2019, 01:06:20 PM
#25
Since I started this thread, I heard a podcast with Anthony Pompliano and the founder of ZenGo, which uses ZoOm, a facial recognition security app to secure Bitcoin. I’ve had a couple of discussions with Ouriel Ohayon from ZenGo about the benefits of ZenGo over Ledger. In comparison, Ledger already seems antiquated but has ZenGo been vetted enough to trust that ZenGo is secure? Since ZenGo uses ZoOm I can see how one party would blame the other party if hacking were to occur. I am not a security expert. What do you all think of ZenGo?
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
3. Perhaps the most controversial part. I will write my 24 word seed phrase with "archival" permanent invisible ink in a book. I will duplicate this in another book and keep the second book in a safety deposit box or in a P.O. Box at the post office. (I will check from time-to-time the longevity of the ink.)

It's good solution IF you're absolutely sure only you who know about this information, even though it's highly unlikely that someone who know you in real life also know you're using method and have power/connection to access deposit/P.O box.

I have doubt about P.O. box to secure important information though.
legendary
Activity: 4592
Merit: 1851
Linux since 1997 RedHat 4
Just remember, a hardware wallet depends on whatever the wallet connects to, to ensure the wallet is correct.
It's not a full bitcoin node, so it doesn't verify the blocks and transactions necessary, it allows someone else to do that ...
legendary
Activity: 2730
Merit: 7065
I would also do one more thing.
If you get robbed, and the robber knows what Ledger is and that a Ledger device needs the seed to get access to the funds, create a fake seed and put it together with your unused Nano X. Create it from the available word list.
HCP
legendary
Activity: 2086
Merit: 4361
That seems "OK"... I'm still not sold on the use of invisible ink, but that's just my personal preference and as long as you're satisfied with it's longevity and/or you check it regularly, then I don't see any really obvious flaws.

One more thing I would like to add would be to ensure that you stay somewhat up to date with happenings in the Ledgersphere... ie. firmware updates etc. There have been one or two users in recent history who have had issues trying to update very old firmwares. Hopefully this won't be repeated going forward and Ledger have put plans into place to prevent a reoccurrence, but they cannot foresee all eventualities!
newbie
Activity: 21
Merit: 11
O.K., So I think I have made up my mind as to what I'm going to do. Tell me what you think of my ideas.

1. As stated, I purchased two Ledger Nano X's. I will hide one with my Bitcoin on it somewhere in my apartment. I will keep the second Ledger brand-new, unused in my desk drawer. This way if a thief comes into my apartment they will think that they found the Ledger with the Bitcoin on it. Also, in the future, if the Ledger with the Bitcoin on it wears out for some reason, I will have a back-up.

2. I will use the random BIP39 seed word that the Ledger Nano X generates. (Thank you for saving me here, guys!) I will also use a PIN.

3. Perhaps the most controversial part. I will write my 24 word seed phrase with "archival" permanent invisible ink in a book. I will duplicate this in another book and keep the second book in a safety deposit box or in a P.O. Box at the post office. (I will check from time-to-time the longevity of the ink.)

O.K., So there it is. Is it a sound and effective plan? Thank you.

P.S. I wish I had the "NeuroticFish" username because that's what I've become. A computer I am not.
legendary
Activity: 2268
Merit: 18748
My only concern would then be how permanent the invisible ink is. I know in sunlight it disappears after a week but in the dark it will last indefinitely... so they say. Maybe there a different qualities of invisible ink but I haven't found any.
This a risky move if you don't have first hand experience with the particular invisible ink you are using. Unless you are for some reason opening your safe deposit box weekly to check the ink is still visible, then you probably wouldn't know it had faded until you needed to recover your wallet in an emergency, by which point it is too late.
HCP
legendary
Activity: 2086
Merit: 4361
And see here for proof that poems are a bad idea: https://www.reddit.com/r/Bitcoin/comments/1ptuf3/brain_wallet_disaster

Line from an obscure poem in Afrikaans and he got robbed!!?!  Shocked

As for storing the 24 word seed mnemonic backup... there are two components to consider, being that you need to keep it "safe" and "secure". "Secure" in that you need to prevent it being stolen/accessed by a 3rd party who could then steal your coins... and "safe", in that you need to prevent accidental "loss" of the seed (destroyed by fire, water damage, accidentally throwing it out, memory loss if memorised etc.)... which could potentially mean loss of the coins if something happens to the device as well.


Storing the actually hardware device itself is somewhat less of a problem... as someone would need to know your PIN to be able to use it and they only get 3 attempts at "bruteforcing" it before the device wipes itself. If it does get stolen/lost/damaged, you can always recover from the seed mnemonic backup, so IMO... the seed mnemonic backup is the critical component.
legendary
Activity: 3682
Merit: 1580
See here for why a poem is a bad idea here: https://bitcointalksearch.org/topic/m.3345309

Why do you think someone who stole your entire safe couldn't open it at their leisure?
newbie
Activity: 21
Merit: 11
I am still getting caught up to speed so thank you for your continued help. O.K., I've now accepted and get why I must use the random 24 random word phrase that comes with my Ledger. So we are all good on this front. : )

So I have another idea where I can keep the 24 word seed phrase. Please tell me what you think. Instead of keeping the word phrase on a Billfodl why not write the 24 word phrase with invisible ink in one of my favorite books? I could keep the book in a safety deposit box or at a P.O. Box at the post office. No one would ever suspect that the word phrase is written inside the book. I could have a back up book too if I wanted. My only concern would then be how permanent the invisible ink is. I know in sunlight it disappears after a week but in the dark it will last indefinitely... so they say. Maybe there a different qualities of invisible ink but I haven't found any.

Now where to store the Ledger. I was thinking two things. I could put the Ledger in a magnetic hide-a-key holder and magnetize it to any metal surface in my apartment. I also live in an old apartment. I could bury the Ledger underneath a floor board. I could also hide it in plain site, in a safe in my closet. I really like the following safe because it has an alarm that would go off if someone tampers with it. It also has a time stamp on it showing when it was tampered with. The only thing it doesn't have is it won't send a notification to my phone. This would be cherry if I got a notification on my phone if a thief tried to snag it.

https://www.amazon.com/Verifi-Smart-Safe-Top-Opening-Biometric-Fingerprint/dp/B06XG2F5LN/ref=sr_1_1_sspa?keywords=Verifi+Smart+Safe+S4000&qid=1561587964&s=gateway&sr=8-1-spons&psc=1

So which of the ways do you think is the safest way to store the Ledger? Definitely not my underwear drawer... : )

I know some of you are speculating about how many peanuts I actually have. Too funny. Honestly, I am a regular worker and I've worked full-time my whole life with very little vacation time. I've never had health insurance. So this is why it is so important to me. I would like to be able to afford health insurance and take a nice vacation from time to time.


legendary
Activity: 2268
Merit: 18748
On the Ledger Nano S, your PIN can by anything from 4 to 8 numbers long, and the device gives no indication of how long it is. Given that:

4 digits = 10k combinations
5 digits = 100k combinations
6 digits = 1M combinations
7 digits = 10M combinations
8 digits = 100M combinations

This means that there are 111,110,000 possible PIN combinations. A thief would get 3 attempts, and then the device wipes itself. Not great odds to be able to break in to it. Cheesy

Just a thought: you can write it down anywhere you want: on the bottom of a door for instance, or use a metal punch to write it at the back of your safe.
This. If you are worried about someone breaking in to your house and stealing your seed, then hide it somewhere it will never be stolen. Write it on paper, fold it up tight, and seal it in an air and water tight bag. Unscrew a light fitting or an electric socket and stick the bag in the wall/ceiling. Lift a carpet or a floorboard, hide it underneath, replace, and move some heavy furniture on top. Avoid obvious places like the back of your underwear drawer.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Finding the Ledger shouldn't be much of a problem: the thief can try the PIN a few times, then it erases itself.
Note: I still don't have a hardware wallet, so haven't tested this by myself.

I can confirm that for Ledger Nano S: after 3 incorrect attempts for the PIN I had to recover the wallet from seed.


I'm not sure how many characterse long the PIN is, but the chance of a thief stealing your funds is quite small. The "wrench to the head scenario" where the thief forces you to share the PIN is probably more likely.

For Nano S it's 8 characters. I expect at least the same for Nano X. And you can make it 8 chars or you can make it shorter - that could also confuse the thieves.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
O.K. so I think I'm starting to get it. With BIP39 I can only make my 24 word seed phrase from an existing 2048 word list? For instance, I could not have some of these words be in Spanish, French, or Italian? I did see how complicated it would be for a computer to crack the code with from your example but it seems to me computers are getting smarter every second and they'll eventually will be able to crack BIP39 security. Am I wrong?
You're wrong Tongue As long as it's generated at random, there's no way to crack it. Just to compare: Electrum by default uses a 12 word seed. That means there are 2048^12 times more possibilities to check.
For Electrum, lets assume 10 billion people each have 100 different seed phrases in use, and all 10 billion people have a computer that does 10 billion tries per second, then one of them may find one seed phrase from one person after a year.
And that's with just 12 words. So in short, you don't have to worry about this as long as you don't make a seed phrase by yourself.

Quote
Is it possible to get a wallet with a 10,000 wordlist or a 36 word passphrase?
That would increase the risk of making a mistake writing it down. And since it's very safe already, that's unnecessary.

Quote
I have another idea for generating a seed phrase. It just bugs me that if someone finds a Billfodl then they will immediately know that it is used to store a seed phrase.
I still haven't found a good solution for this problem: on the one hand, I don't want to rely on my memory, and on the other hand, I don't want to risk exposing a seed.
Just a thought: you can write it down anywhere you want: on the bottom of a door for instance, or use a metal punch to write it at the back of your safe. Just make sure you can't lose it.

Quote
Also, I am rethinking the idea of purchasing a safe. If I had a safe in my closet and a burglar broke into my apartment they would automatically know where the Ledger is. Since it is small it may be better to hide the Ledger in a inconspicuous place? It would be much harder for a thief to find. What's better, getting a safe for the Ledger or just hiding the Ledger somewhere?
Finding the Ledger shouldn't be much of a problem: the thief can try the PIN a few times, then it erases itself.
Note: I still don't have a hardware wallet, so haven't tested this by myself.

Quote
Also, since my critical information is the seed word, what should I do if someone stole the Ledger? I was thinking since I already bought a back-up Ledger Nano X, it might be better to not back up the second Ledger with the same seed phrase. I could just keep it new in the box and if anyone were to steal my original Ledger with Bitcoin on it I could activate the second Ledger and move my Bitcoin over from the first Ledger to the second Ledger before anyone tries to hack the first Ledger? Is this a good idea?
I'm not sure how many characterse long the PIN is, but the chance of a thief stealing your funds is quite small. The "wrench to the head scenario" where the thief forces you to share the PIN is probably more likely.

Quote
I know I keep asking questions but you're all so brilliant and I'm very insecure at this point
My suggestion: try it! Get a hardware wallet, secure the seed, deposit a small amount, try to recover it, and keep experimenting until you feel confident.

Quote
Everyone is saying I must get my Bitcoin off of Coinbase and I just want to have the most secure method of storing my Bitcoin. Thank you for your continued support.
You can also look at paper wallets. It has some pitfalls (most importantly: create it from a LIVE Linux DVD on a system without internet connection, and when you empty it you should use all funds at once). Here too: experiment a bit until you feel confident.

Quote
One more question about this forum? I hope my email is hidden in my profile. I would hate to have a hacker read this thread and have access to my email.
It's hidden.
newbie
Activity: 21
Merit: 11
The total possible number of words to choose from is actually much smaller than that. The BIP39 wordlist I linked to before contains 2048 words. Some 24 word combination of those 2048 words will give you the seed to every bitcoin wallet that has ever or will ever exist. Why the bots don't do that is simply because of how staggeringly large a number that is.

O.K. so I think I'm starting to get it. With BIP39 I can only make my 24 word seed phrase from an existing 2048 word list? For instance, I could not have some of these words be in Spanish, French, or Italian? I did see how complicated it would be for a computer to crack the code with from your example but it seems to me computers are getting smarter every second and they'll eventually will be able to crack BIP39 security. Am I wrong?

I found this information -
Ledger has a position on this: PBKDF2 is an interesting function allowing to derive a low-entropy password into a larger cryptographic key. The lack of entropy is balanced by a CPU intensive derivation function preventing Brute-force.The main problem in BIP39 is that the number of iterations is set to only 2048, which is far lower than the last NIST recommandation (from 2016) which is 10,000. When the mnemonics are well generated and can be kept secret, they represent 256-bits, consequently, the "only" 2048 iterations are not a problem. On wallets where the mnemonics extraction is easy, manufacturers suggest using a passphrase to mitigating the mnemonics extraction threat. In this case, the "only" 2048 iterations become a problem and bruteforce is then possible. If ever, you use a wallet on which mnemonics extraction is possible, my recommandation is to maintain the mnemonics' level of security and using a 256-bit entropy passphrase: 36 random characters passphrase.

Is it possible to get a wallet with a 10,000 wordlist or a 36 word passphrase?

I have another idea for generating a seed phrase. It just bugs me that if someone finds a Billfodl then they will immediately know that it is used to store a seed phrase. Let's go back to my book idea. What if I used the first word at the beginning of each chapter in a random book? If I know which book has my seed phrase it would be safe because no one else would know which book I'm using and it's just one of many in my library. Also, I could even keep the book off premises? Is this a good idea? The problem I see is that the first word in each chapter probably will not be in the BIP39 2048 word list?

Also, I am rethinking the idea of purchasing a safe. If I had a safe in my closet and a burglar broke into my apartment they would automatically know where the Ledger is. Since it is small it may be better to hide the Ledger in a inconspicuous place? It would be much harder for a thief to find. What's better, getting a safe for the Ledger or just hiding the Ledger somewhere?

Also, since my critical information is the seed word, what should I do if someone stole the Ledger? I was thinking since I already bought a back-up Ledger Nano X, it might be better to not back up the second Ledger with the same seed phrase. I could just keep it new in the box and if anyone were to steal my original Ledger with Bitcoin on it I could activate the second Ledger and move my Bitcoin over from the first Ledger to the second Ledger before anyone tries to hack the first Ledger? Is this a good idea?

I know I keep asking questions but you're all so brilliant and I'm very insecure at this point as to how to move forward with this. Everyone is saying I must get my Bitcoin off of Coinbase and I just want to have the most secure method of storing my Bitcoin. Thank you for your continued support.

One more question about this forum? I hope my email is hidden in my profile. I would hate to have a hacker read this thread and have access to my email.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
I think that two ledgers is overkill. I mean, if anything happens with the first one, you can order a second one and recover from the seed.

You don't even need Ledger if your original Ledger HW is lost/stolen, as long as you have the seed, you could extract the xprv or private key (with tool such as https://iancoleman.io/bip39/) & import/sweep it into Electrum.

Of course, you're right, but since I expect that OP keeps more than peanuts there (else he would not have bought two ledgers!) so waiting a little and signing with a new ledger would mean proper safety.
legendary
Activity: 2268
Merit: 18748
If bots are that powerful why can’t they just take every word in Webster’s dictionary and figure out every possible 24 word combo possible?
The total possible number of words to choose from is actually much smaller than that. The BIP39 wordlist I linked to before contains 2048 words. Some 24 word combination of those 2048 words will give you the seed to every bitcoin wallet that has ever or will ever exist. Why the bots don't do that is simply because of how staggeringly large a number that is.

Each one of those words encodes 11 bits of entropy. 24 words give you 264 bits, but as the last 8 bits are a checksum, your 24 word seed is actually 256 bits of entropy. 2^256 is a very big number:

115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936

More easily written as 10^77. For comparison, there are 10^18 grains of sand on Earth. There are 10^50 atoms on Earth. Even a bot running on a supercomputer 24/7 for your entire life will never find a single match. Here's another way of thinking about it I explained in another thread a few weeks ago:

Let's say we have a trillion planet Earths. On each Earth, there are a trillion people. Each person has a trillion computers. Each computer generates a trillion keys a second. All these computers have been creating a trillion keys per second since the birth of the universe 13.7 billion years ago. 10^12 * 10^12 * 10^12 * 10^12 * 60 * 60 * 24 * 365 * 13.7 * 10^9 = 4.3*10^65. This means thay they would have so far generated approximately 0.0000000004% of all private keys.
newbie
Activity: 21
Merit: 11
June 25, 2019, 03:36:02 PM
#9
I can’t help but think what would’ve happened if I did not join bitcointalk... 😳  I thought I was being smart about this but I was instead being totally naive. So let me ask you this: If bots are that powerful why can’t they just take every word in Webster’s dictionary and figure out every possible 24 word combo possible? It would seem like an impossible task but just a few years ago the idea of a computer beating the smartest person in Jeapordy was considered impossible... until it happened.

This is scary stuff. Maybe I should just leave my Bitcoin in cold storage in a Coinbase Vault? I hate to trust a third party to protect my Bitcoin but I trust myself even less!
legendary
Activity: 2268
Merit: 18748
June 25, 2019, 03:18:35 PM
#8
So let’s say my first word is, “OUT”. There are robots that scan for phrases that start with, “OUT”. Then let’s say my second word is also, “OUT”. The robot will immediately have narrowed down the likely phrases from the first word and intuit my second word which is also, “OUT”. Then I’m done for because the robot will know my seed phrase is from Shakespeare
Kind of, but not really.

It's not that a brute force attacker could figure out your words one at a time, and "narrow things down" as you put it. They would have to figure out all the words/the entire phrase in one go. If they used a slightly different phrase, it would still generate a valid wallet, just not your wallet. However, if you pick a phrase that appears pretty much anywhere else in the English language (song lyrics, movie quotes, book or poem passages, famous sayings/quotes/idioms/speeches), it's like to be broken anywhere between a matter of seconds to minutes. There are many attackers constantly scanning such phrases for coins to steal. Even if you pick some words or characters you think are random, chances are they aren't, and even if they are, anything that you can remember probably contains far, far less entropy than the 256 bits of entropy contained within a properly generated 24 word mnemonic phrase. The general advice is let your Ledger generate your wallet for you, write down the 24 words it gives you on paper (never store these words electronically!), and securely store the paper somewhere.

Now, I don't want to overload you with information here, but since you have said you have concerns regarding storing your seed phrase, the other option you could explore with a Ledger is adding on a passphrase. There are details on how to do this here: https://support.ledger.com/hc/en-us/articles/115005214529-Advanced-passphrase-security. Essentially, in addition to your 24 word phrase that Ledger generates for you, you can add on your own passphrase to the end. This passphrase could very well be the opening line to your favorite poem. With this in place, an attacker would need both your 24 word phrase and your secret passphrase to steal your coins. This can be quite complicated process, so I would make sure you try creating, accessing, and restoring a wallet with only a very small amount of bitcoin first, to ensure you fully understand how it works and know how to set it up properly. You don't want to send all your bitcoin to a wallet you later discover you have set up incorrectly and can no longer access.
newbie
Activity: 21
Merit: 11
June 25, 2019, 02:59:35 PM
#7
Guys, again, thank you. I’m starting to understand. So let’s say my first word is, “OUT”. There are robots that scan for phrases that start with, “OUT”. Then let’s say my second word is also, “OUT”. The robot will immediately have narrowed down the likely phrases from the first word and intuit my second word which is also, “OUT”. Then I’m done for because the robot will know my seed phrase is from Shakespeare:

“Out, Out, brief candle. Life is but a walking shadow, who struts..., etc.”

Oh geeze. Thank you guys. I’m so grateful to you. 🙏🏻
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
June 25, 2019, 11:44:29 AM
#6
I think that two ledgers is overkill. I mean, if anything happens with the first one, you can order a second one and recover from the seed.

You don't even need Ledger if your original Ledger HW is lost/stolen, as long as you have the seed, you could extract the xprv or private key (with tool such as https://iancoleman.io/bip39/) & import/sweep it into Electrum.

There is nothing better than a truly randomly generated seed.
Human brains are not (and can never be) random enough.

Additionally, it would be disaster if you forget your poems, especially if you either :
1. Forget multiple words
2. Forget few words & it's exact position
legendary
Activity: 2730
Merit: 7065
June 25, 2019, 04:34:54 AM
#5
A 2nd or 3rd Ledger isn't really needed. As you know your assets aren't really on your hardware device. They are on the blockchain and your Ledger wallet is just holding the corresponding keys that gives you access to those coins. If one, two or five devices malfunction your seed words will give you another entry point to your coins.

Since you live in a shady environment it might not be the best idea to have a safe delivered to your home, because you never know who is watching.
Also, don't tell people you own Bitcoins, don't try to impress someone by saying you will be rich in a few years.   

The safety of your seed is more important than the number of wallets you use and as I said above, one would be just fine.
legendary
Activity: 1624
Merit: 2481
June 25, 2019, 04:20:30 AM
#4
[...] You could create what is known as a brain wallet using words from a poem, but this is an extremely bad idea and your coins would likely be stolen by a simple brute force attack within a matter of hours. No one would need access to your Ledger, seed, wallet, or anything else to be able to brute force a brain wallet. Don't do this.

I can't emphasize this enough.

Even if you think you are safe when choosing a poem.. There are people out there bruteforcing brainwallets by using most common passwords (e.g. the rockyou.txt wordlist) or any kind of poems / stories / quotes / etc..

The chances are high that you will lose your coins.


There is nothing better than a truly randomly generated seed.
Human brains are not (and can never be) random enough.

Trust math, not your brain.
legendary
Activity: 2268
Merit: 18748
June 25, 2019, 03:51:38 AM
#3
I have this idea and I need your opinions. I love poetry and I have many poems memorized. Why can't I have my seed phrase be the first 24 words of my favorite poem?
That's not how mnemonic seeds work.

When you create your wallet, your Ledger device will generate 24 words for you, from this list of 2048 possible words: https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt. (Actually, it generates a very long random number known as your seed, and the converts that in to 24 words, but the result is the same - it gives you 24 words.)

You could pick your own 24 words, but it is highly advisable not to do so for several reasons. Firstly, many combinations aren't actually valid, because the last 8 bits of your random number are a checksum, which have to match up with the rest of the number. Secondly, humans all have significant amounts of unconscious bias and are extremely bad at picking randomly.

Using the first 24 words of a poem as a mnemonic phrase is simply not possible. As I said above, your mnemonic words have to come from the BIP39 list of 2048 possible words. You could create what is known as a brain wallet using words from a poem, but this is an extremely bad idea and your coins would likely be stolen by a simple brute force attack within a matter of hours. No one would need access to your Ledger, seed, wallet, or anything else to be able to brute force a brain wallet. Don't do this.

In short, your Ledger will generate 24 random words which it is then up to you to store securely.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
June 25, 2019, 01:27:08 AM
#2
I think that two ledgers is overkill. I mean, if anything happens with the first one, you can order a second one and recover from the seed.
Another thing is about the placement. If you want super safety, keep the backup in another city. Maybe send your second ledger to your grandparents or something like that. Or keep it at home without the seed in it. (Just keeping too many ledgers at home may lead to the 5$ wrench security issue if one finds them)

The seed, on the other hand, is the most important thing and imho the easiest to conceal. Get two books, mark the seed words in them (make sure you keep the ordering right too), keep one at home, keep the second at your parents/grandparents/uncle/whatever. Of course, the marking should not be so obvious, for example keep somewhere (on a specially made/printed bookmark?) a list with page numbers and word numbers.

I would not rely solely on memorizing. It's prone to the 5$ wrench issue and an accident can make you partly lose your memory and you'll lose everything.
newbie
Activity: 21
Merit: 11
June 24, 2019, 11:42:07 PM
#1
Hello,

Recently I've decided to move my Bitcoin from Coinbase to a hardware wallet. I purchased 2 Ledger  Nano X's, the extra Ledger as a backup. I've checked out many hardware wallets before I decided to get the Ledger Nano X and with all the research I've done there didn't seem to be a wallet that was considered the Holy-Grail by anyone. The Ledger seems good enough to me.

So I live in kind-of a sketchy urban city neighborhood. I plan on buying a safe for the Ledger and keeping the safe in my bedroom closet. I will always know where the Ledger is and even if someone were to burglarize my apartment and steal the entire safe they would not have my seed phrase. One of the questions I have is where should I store the backup Ledger? Should I put the backup Ledger in a hide-a-key and store it in my basement locker or find some hiding place in my apartment? Is buying a safe for my closet even a good idea?

So secondly, what should I do about storing my seed phrase? I've seen the Billfodl wallets and the like but I'm not too terribly sold on them. So I would put my seed phrase on the Billfodl and then store the Billfodl in a safety deposit box at a bank? Seems straight forward to me but where I live there are no safety deposit boxes nearby and it would take a while to get to one.

I have this idea and I need your opinions. I love poetry and I have many poems memorized. Why can't I have my seed phrase be the first 24 words of my favorite poem? I already have the book in my library so I know where the seed phrase is and no one who breaks into my apartment will ever be able to find the seed phrase because it's just one out of thousand of poems in my library. So what if there is a fire? Well, I can just buy another book or better yet, what if I just buy a back-up book and keep that book in a P.O. Box at the post office directly across the street from where I live? Maybe I could underscore the poem lightly with a pencil in the back-up book.

I know there are many ways to store hardware wallets and seed phrases and even though I think my ideas are good ideas I am not an expert on this matter and I would welcome any opinions. Thank you.
Jump to: