Pages:
Author

Topic: BitcoinSeedSplitter (Read 456 times)

full member
Activity: 193
Merit: 124
Just digging around
January 19, 2023, 03:10:43 PM
#28
It is open source, so it can't "just go away". You can compile yourself from github (free VS Code) and check the code too after just use the exe as long as you wish.

Indeed if you use a different software it can steal your coins, so you can follow step one.

I would use a clean install computer (without any network) and zero fill the disk after the splits has been created. I would also add a password to the seeds (so even with enough seeds + with knowledge what it is a thief can't rebuild).
I would also not print it on a printer. I would use steal plates made for seed words.


@Gabrics
What happens if your Bitcoin Seed Splitter tool is gone one day or not working? Someone could also create malicious app clone for stealing words.
Are there any alternatives we can use to restore our backup phrase and merge all splits or we are fully dependent only on your software.
This looks to me like one more single point of failure.

full member
Activity: 193
Merit: 124
Just digging around
April 16, 2021, 08:32:38 AM
#27
He wrote this in 2018, so I thought it's abandoned. Anyway, I still think that the features I mentioned trump compatibility. At least for me Wink

iancoleman commented on Feb 5, 2018
Agreed there are some inefficiencies and implementation-specific cruft that could be improved, but I'm on the cusp of decommissioning this tool in favour of SLIP-0039
https://github.com/satoshilabs/slips/blob/master/slip-0039.md



Abandoned project since 2017 (Ian moved to Slip39 which is not a seed backup option)

His Slip39 mnemonic shares tool is only at experimental prototype stages and I don't see any new commits posted since December 2019, and his latest github commits are unrelated with this.
He is still posting commits for his Bip39 tool and latest one was at the end of February, so I would not call it abandoned project.
legendary
Activity: 2212
Merit: 7064
April 16, 2021, 08:04:12 AM
#26
Abandoned project since 2017 (Ian moved to Slip39 which is not a seed backup option)

His Slip39 mnemonic shares tool is only at experimental prototype stages and I don't see any new commits posted since December 2019, and his latest github commits are unrelated with this.
He is still posting commits for his Bip39 tool and latest one was at the end of February, so I would not call it abandoned project.
full member
Activity: 193
Merit: 124
Just digging around
April 16, 2021, 06:39:30 AM
#25
I checked out and decided not to make this tool binary compatible to the aforementioned one for now.

The reasons:
1) Abandoned project since 2017 (Ian moved to Slip39 which is not a seed backup option)
2) The shares have no CRC which could lead to incorrect restored value as Shamir itself doesn't have CRC
3) Missing SplitID (unique ID at the beginning of each split run). This could lead to fatal issues if user error occurs. Eg. accidentally mixing shares from two splits (from the same seed) which won't re-build.
4) Needing the Shamir extra word at the beginning. This is not an error, but makes the share longer.
5) No password option

full member
Activity: 193
Merit: 124
Just digging around
April 15, 2021, 03:30:53 AM
#24
Indeed! I didn't see Ian's Shamir39 earlier. Will see if I can make mine binary compatible. That way we would have two basic implementations at least.




The big difference that one can backup your seed (this version) SLIP39 can't. That's why I had to write this. I would have been much happier just using something out of the box myself.
You misunderstand me. Ian Coleman's SLIP39 tool (https://iancoleman.io/slip39/) does indeed split a master private key (or other master secret) in to split phrases, but his Shamir39 tool (https://iancoleman.io/shamir39/) is different and does what your does, allowing you to split a seed phrase rather than a master key.

His specification is here: https://github.com/iancoleman/shamir39/blob/master/specification.md. There is obvious no cross-compatibility between your two tools since you both use different encoding schemes for things like the threshold number of shares and order/ID of each share, but I'm wondering you both generate actual share data in the same way?
legendary
Activity: 4522
Merit: 3426
April 14, 2021, 05:51:34 AM
#23
This repo also has code that will use SSS to split a mnemonic, though it is not as advanced as the others: https://github.com/odolvlobo/bip39
legendary
Activity: 2268
Merit: 18771
April 14, 2021, 04:24:30 AM
#22
The big difference that one can backup your seed (this version) SLIP39 can't. That's why I had to write this. I would have been much happier just using something out of the box myself.
You misunderstand me. Ian Coleman's SLIP39 tool (https://iancoleman.io/slip39/) does indeed split a master private key (or other master secret) in to split phrases, but his Shamir39 tool (https://iancoleman.io/shamir39/) is different and does what your does, allowing you to split a seed phrase rather than a master key.

His specification is here: https://github.com/iancoleman/shamir39/blob/master/specification.md. There is obvious no cross-compatibility between your two tools since you both use different encoding schemes for things like the threshold number of shares and order/ID of each share, but I'm wondering you both generate actual share data in the same way?
full member
Activity: 193
Merit: 124
Just digging around
April 14, 2021, 02:38:40 AM
#21
The big difference that one can backup your seed (this version) SLIP39 can't. That's why I had to write this. I would have been much happier just using something out of the box myself.

Indeed, but that's why I uploaded it to github, someone can upload it to other sites. Also binary logic is available, so I believe even a novice programmer can build a tool to merge fairly fast (probably hours/days). Only thing which is a must have the BIP39 wordlist which is safe and widespread enough.


Yes I did check out this in advance and tried to use/build a compatible solution. The BIG problem with SLIP39 that they don't backup the seed words.
With that in mind, what are the significant differences between your tool and Ian Coleman's Shamir39 tool which does the same thing - splitting a seed phrase in to split phrases? You can find his implementation here: https://iancoleman.io/shamir39/

My biggest issue with using something like this is that there is no standard implementation, so in addition to backing up each share you also need to back up the software itself, which is an additional risk.
full member
Activity: 193
Merit: 124
Just digging around
April 14, 2021, 02:35:01 AM
#20
Mainly this is why it's on GitHub and fully open source. Anyone can create it's own or upload somewhere and/or store locally. Running on the latest .NET Core with no 3rd party dependency, so I am fairly certain it will run on windows for many years without an issue.

Also the main math is simple(-ish). So even if the GUI/framework changes it's easy to just copy paste the main functions to a new framework/GUI (this won't be needed for 5-10+ years I believe).

Alternatives would be great indeed. I will make a stand-alone webpage version soon (if someone else won't before). Will also be open source, so that will make the client count to two.

I believe the logic in the code what's the most important. I mean how the binary share is built from the seed. That's all there, no dependencies, just the code.



@Gabrics
What happens if your Bitcoin Seed Splitter tool is gone one day or not working? Someone could also create malicious app clone for stealing words.
Are there any alternatives we can use to restore our backup phrase and merge all splits or we are fully dependent only on your software.
This looks to me like one more single point of failure.

legendary
Activity: 4522
Merit: 3426
April 13, 2021, 03:51:51 PM
#19
Yes I did check out this in advance and tried to use/build a compatible solution. ...

Yes, you are right. Sorry for the poor advice. I forgot that SLIP-39 is incompatible with BIP-39. On the other hand, the designers argue that the incompatibility is not a major issue, but I don't completely agree with them.

Quote
Converting existing SLIP-0039 shares to a BIP-0039 mnemonic

This is not possible due to the overly coupled design of BIP-0039 and its use of a one-way derivation function. BIP-0039 works by first generating a high-entropy secret, then converting it to a mnemonic and finally using the mnemonic itself as input to PBKDF2 to derive the seed. This means that for any new scheme to be compatible with BIP-0039, it would have to be built on top of BIP-0039 with all of its now obsolete aspects. That includes the conversion of the high-entropy secret to the mnemonic using the old wordlist, which would have to be included in the implementation, unreasonably bloating its size. SLIP-0039 instead introduces a new decoupled design which is more feature-rich and allows maximum flexibility for future upgrades.

Some individuals have expressed a concern that the inability to convert SLIP-0039 shares to BIP-0039 may lead to vendor lock-in due to slow adoption of SLIP-0039 by hardware wallet vendors. This concern is unwarranted, since even if the conversion to BIP-0039 were possible and a user needed to recover their seed onto a device which does not support SLIP-0039, then they would need to use some conversion tool running on their computer. In that case they might as well simply recover their SLIP-0039 shares in a software wallet running on their computer and send all of their funds to a new seed on their new device. Thus the ability to convert shares to a BIP-0039 mnemonic makes no difference in this respect.

Perhaps, with some effort you could come up with a SSS protocol that is compatible with BIP-39 and propose it as a new BIP.
legendary
Activity: 2212
Merit: 7064
April 12, 2021, 08:47:53 AM
#18
@Gabrics
What happens if your Bitcoin Seed Splitter tool is gone one day or not working? Someone could also create malicious app clone for stealing words.
Are there any alternatives we can use to restore our backup phrase and merge all splits or we are fully dependent only on your software.
This looks to me like one more single point of failure.
legendary
Activity: 2268
Merit: 18771
April 12, 2021, 03:20:24 AM
#17
Yes I did check out this in advance and tried to use/build a compatible solution. The BIG problem with SLIP39 that they don't backup the seed words.
With that in mind, what are the significant differences between your tool and Ian Coleman's Shamir39 tool which does the same thing - splitting a seed phrase in to split phrases? You can find his implementation here: https://iancoleman.io/shamir39/

My biggest issue with using something like this is that there is no standard implementation, so in addition to backing up each share you also need to back up the software itself, which is an additional risk.
full member
Activity: 193
Merit: 124
Just digging around
April 12, 2021, 12:37:58 AM
#16
Yes I did check out this in advance and tried to use/build a compatible solution. The BIG problem with SLIP39 that they don't backup the seed words.

What they backup is the derived master key from which there is no way to go back to the seed words. Because of this it is very hard/impossible to just feed the restored result to any/all wallets.

Also the derived master key has no CRC or else, so you don't know if you have the correct one or not (as far as I know).

I needed a BIP39Seed/Mnemonic splitter for fault-tolerant Geo-distributed seed storage.
Here is a small tool. Simple, but does the work.
https://github.com/GhostOfSatoshi/BitcoinSeedSplitter

Rather than rolling your own, I recommend that you implement Trezor's Shamir Backup (https://trezor.io/shamir/). It is similar to what you are doing. The advantage is that you would be compatible with Trezor and you get to take advantage of all of their work.

Here are the details:

https://github.com/satoshilabs/slips/blob/master/slip-0039.md


legendary
Activity: 4522
Merit: 3426
April 11, 2021, 10:38:32 PM
#15
I needed a BIP39Seed/Mnemonic splitter for fault-tolerant Geo-distributed seed storage.
Here is a small tool. Simple, but does the work.
https://github.com/GhostOfSatoshi/BitcoinSeedSplitter

Rather than rolling your own, I recommend that you implement Trezor's Shamir Backup (https://trezor.io/shamir/). It is similar to what you are doing. The advantage is that you would be compatible with Trezor and you get to take advantage of all of their work.

Here are the details:

https://github.com/satoshilabs/slips/blob/master/slip-0039.md

legendary
Activity: 2268
Merit: 18771
April 11, 2021, 02:28:40 PM
#14
Whether you hide 6 pieces of paper containing 2 words each, or 6 shares, the thief can gain access to your funds if he/she ever finds many of them.
The difference is by using Shamir's Secret Sharing, as opposed to just writing different combinations of you words on different pieces of paper, the thief has to find many more of your shares.

Let's say, for example, you want to use a 2-of-3 set up. You write 8 of your 12 words on each of the 3 pieces of paper. One piece of paper is enough for the attacker to brute force your seed phrase. With SSS, they need two.
Let's say you use a 4-of-6 set up. You write 6 of your 12 words on each of the 6 pieces of paper. If an attacker gets lucky, the correct two pieces of paper are enough for them to steal your coins. If they get an unlucky combination, then they need three. With SSS, they need four.

With each additional share they need to compromise, you make it exponentially harder for them.
full member
Activity: 193
Merit: 124
Just digging around
April 11, 2021, 08:12:34 AM
#13
Also you can modify with a simple parameter for yourself you can make it a million or billion x hashing, just a parameter in the code.

You can use a simple password and a custom hash count (you do need a password as hashing doesn't happen with empty pw). But be careful not to outsmart yourself... Wink
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
April 09, 2021, 02:31:10 PM
#12
This way you can still have a password which you can keep in mind (or you and one olr more of your loved ones) and that way a thief can't access your seed even if gained access to enough shares. And it's possible to remember a good enough password because I hash 100K times, so brute forcing is VERY slow.
I didn't know about that. This can actually be very interesting...
full member
Activity: 193
Merit: 124
Just digging around
April 09, 2021, 02:07:20 PM
#11
Yes, but you have to have a backup. Even multisig is fallible if the thief finds all the signers. So theoretically nothing is 100%.

In the case of current BIP39SeedSplitter this is exactly why I added the optional password. This way you can still have a password which you can keep in mind (or you and one olr more of your loved ones) and that way a thief can't access your seed even if gained access to enough shares. And it's possible to remember a good enough password because I hash 100K times, so brute forcing is VERY slow. So in this case you have high fault tolerance because of the shares and perfect(ish) security because of the password. I also think that using shares also gives you some stenography like protection. I mean even if someone realizes that these words are seeds than what? I mean it is not a seed as nothing accepts it.

Indeed being careful not loosing access comes first. But safety comes second Wink


I do not know if this question is ironically asked, but for it not to confuse newbies, I will add few comments. This is not a perfect method because hackers can brute force some missing parts of a seed phrase.
I'm saying that it doesn't have any huge difference with the way I described (that is horrible, I know). Whether you hide 6 pieces of paper containing 2 words each, or 6 shares, the thief can gain access to your funds if he/she ever finds many of them. Sure, if you hide twelve words separately you can brute force if you only miss two. You could hide two pieces of paper with 6 words each. I don't know, but I wouldn't ever do that if I was afraid of being stolen. It could help me if I was on a group in which the majority of the members decided the funds' transactions, but there's already a way to do that. The one you mentioned, multisig.

@Gabrics, I'm not "badmouthing" your software, don't get me wrong. I checked your C# code, and it looks great. It does its job properly. I just want to understand why you should hide your coins with that dangerously fallible way. To me, it seems that the entire procedure is being more complicated than it should. I personally believe that it's more important to be able to spend your funds, than to get stolen.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
April 09, 2021, 07:04:08 AM
#10
I do not know if this question is ironically asked, but for it not to confuse newbies, I will add few comments. This is not a perfect method because hackers can brute force some missing parts of a seed phrase.
I'm saying that it doesn't have any huge difference with the way I described (that is horrible, I know). Whether you hide 6 pieces of paper containing 2 words each, or 6 shares, the thief can gain access to your funds if he/she ever finds many of them. Sure, if you hide twelve words separately you can brute force if you only miss two. You could hide two pieces of paper with 6 words each. I don't know, but I wouldn't ever do that if I was afraid of being stolen. It could help me if I was on a group in which the majority of the members decided the funds' transactions, but there's already a way to do that. The one you mentioned, multisig.

@Gabrics, I'm not "badmouthing" your software, don't get me wrong. I checked your C# code, and it looks great. It does its job properly. I just want to understand why you should hide your coins with that dangerously fallible way. To me, it seems that the entire procedure is being more complicated than it should. I personally believe that it's more important to be able to spend your funds, than to get stolen.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
April 09, 2021, 06:44:03 AM
#9
Couldn't this work by simply writing x out of y words on ω papers? It could work on a twelve-words mnemonic with two words missing. (e.g 1 piece of paper out of 6)
I do not know if this question is ironically asked, but for it not to confuse newbies, I will add few comments. This is not a perfect method because hackers can brute force some missing parts of a seed phrase.

Multisig is much better option like I wrote in comparison topic Multisig VS Shamir Secret Sharing.
I too will prefer multisig instead, but sharmir secret is standard also if you understand the basis, it is created in a way the shares can reconstruct back the seed phrase. But I get the point, that leaving seed phrase not going encrypted by having multiple private keys, but Shamir seed phrase encryption do work perfectly with SSS. I too will prefer multisig as it fulfills the purpose and not going beyond bitcoin wallet usage, also that multisig wallet is transparent unlike SSS.

But never mind me saying this thread is not about multisig wallets. Although it is a good alternative.
Pages:
Jump to: