Topic: Coinplate Steel Seed Phrase Saver (Read 831 times)

OK. Can you tell us how you would recover a seed that was written down on paper and got lost? Or how would you recover a seed stored digitally (not recommended) if you can no longer gain access to that medium? Let's assume in all cases that you only have that one backup. The one that's lost.

It's a phrase or a seed, not a phase. Coinplate is just a metal plate where the words can be written down. It's not a wallet. Your seed can be stored on metal, paper, wood, concrete, as a tattoo on your arm... If you lose it, you lose the possibility to recover your coins if needed. You can still move your coins if they are in a fully functional and configured software/hardware wallet even without the seed. 

Are we still talking about a situation where you lose the entire seed or what are we talking about?

With non-custodial solutions, there is no support center to call. You control your money, you protect it, and only you should have a copy of your recovery phrase. There shouldn't be anyone to call when it comes to Bitcoin. If there is, you are doing many things wrong. 

My comrade, you are out of point from the whole topic and discussion here. We are not taking about recovering of seed phrase here but where to keep it in a safe place. That is why Coinplate Steel is recommended so if anyone is interested can order and get it from the company so you are not to hit or click any forgotten password link. Please you can look for a board that is suitable for you because your idea is contrary here. please don't be offended. thanks

That's not the case for the method that foggoat proposed. In his example, each share contains 16/24 words and any two shares will have all the words necessary to recover the seed. Losing one share still leaves two splits that can be used for wallet recovery.

So if we were to rank the different splitting systems from 1-4, the worst one would be to split 24 words on three and backup 8 words on each split. In that case, losing one share means losing your coins. In 3rd place we would have foggoat's example with 16 words per share. SSS would take the 2nd place. And using multisig is still the best way to go about it.

It would be nice to know foggoat's opinion on this matter and whether they can indicate to their customers on declaration paper a minimum of information about the content, of course, without telling what is inside. Also, it would be better not to indicate the name / logo of the manufacturer on the package / declaration paper and this applies not only to the Coinplate company. What do you say to that, foggoat? The name of your company leaves no doubt what is inside the package. This is not only for you, but for most of your competitors too.

Drifting way OT, but in a lot of new construction you see metal mending / binding plates where 2 pieces of lumber meet:

https://www.homedepot.com/b/Building-Materials-Building-Hardware-Mending-Plates/Prong-Plate/N-5yc1vZasc4Z1z1at5c

Nail them together and then use these for more support so metal that can be found with a metal detector in walls is not a big deal in a lot of locations.
With that being said I think in most locations a piece of metal like this is going to be unnoticed.

Which is more obvious, something like a seed place or hardware wallet sitting in a safe or a seed plate screwed to the underside of a couch so that it looks like someone did a quick and dirty repair?
Which I may done with a normal piece of metal I found.

Makes you wonder if someone could make a seed plate that is 'aged' to look like a piece of junk metal that has been sitting around since before the home PC existed, never-mind BTC

-Dave

Problem I see with splitting seed phrases in any other way than good multisig setup, is that you will have single point of failure.
Losing single part of split seed words would mean you will lose all your coins and all other parts would be useless.
I could say similar thing for Shamir Secret Sharing, it also has single point of failure.

All they need is metal detector to see if something is hidden inside walls or floor, so I think this could be main negative side of using any metal based seed words backup.
I am not saying someone would scan for seed words with metal detectors, but they could used them to scan for other precious metals, so this this would be biproduct.

It's much less dangerous than buying hardware wallets, since this is just a piece of metal and there is no direct connection with Bitcoin.
You could probably ask them to write on declaration paper it's just a metal plate for home use.

Yeah, don't get me wrong here. I'm not criticising that they're doing this (I quite like that these type of services/products exist), I'm just suggesting those that are willing will find easier ways of going about this, with less security risks, and more convenience. The security risks aren't all that much as has already been discussed, for example using PO boxes for both security, and privacy is probably wise.

As suggested above their markup isn't crazy, and does save you some of the effort yourself, so definitely the local metal works route is definitely for the Do It Yourself (DIY) type of people.

Shipping physical, clearly Bitcoin-related products (and other goods, too) is always an area of concern.
Price-wise though, I just checked and their markup is actually not too high, considering the extra work for the milling, tapping and engraving. Though if you don't need that, you can get away a good chunk cheaper by getting the steel cut locally.

Coinplate:

Random piece of AISI 304 on a general metal store (probably similar to local hardware store prices):

For any product there is always a buyer. Accordingly, there is a corresponding demand for products, such as coinplate, even at declared prices. For people like you, who are able to make an coinplate's equivalent with the tools and materials at hand from the nearest shop, coinplate seems overpriced. But it should be borne in mind that not everyone has such skills and the desire to actually make seed phrase saver like coinplate by hands. It seems to me that the coinplate and analogues of other competitors are aimed at such buyers. I almost forgot to point out that they are also ready to expect delivery (buying locally is incomparably faster) and neglecting the safety of personal data, such as payment details (if you pay not in cryptocurrency) and delivery address. Buying locally leaves no "trace" that you bought the coinplate and respectively, you are the crypto owner.

Yeah, your house footings even if it was a fire or what not probably aren't going anywhere any time soon, so cementing in concrete is a decent idea. Plus, no one's going to be digging that up while you're there, unless someone pulls some Prison Break esque plan on you, but that's incredibly unlikely.

However, while it's nice that this product exists, and I know the costs have been figured out a little more since the OP, I can't help, but think I could just go to my local metal works shop, and get something of similar quality for much less, and wouldn't need to ship it. Obviously, you could argue that your local metal works could be using lesser metal, but you could potentially test it yourself to assure that. So, this product is decent for those that can't find any other means, but it's still rather expensive when you factor in almost everyone has access to this sort of thing locally at a reduced cost.

It's not 8 words per seed plate, it's 16 words per seed plate. 8 words in total are missing from each share. No matter which two shares you have, you will have all the necessary words to restore your wallet.

I agree with Andreas in the sense that a seed shouldn't be split up because losing one part can create plenty of difficulties. In this particular example, losing one split wouldn't do that because you still have two remaining. And any 2 out of 2 shares are enough for wallet recovery. I am not sure what you can do with today's technology and how far we are from being able to bruteforce 7 or 8 words. But no matter how easy or difficult it is, bruteforcing 8/24 is exponentially faster than cracking all 24.

foggoat method isn't bad in the sense that it's ridiculous. It isn't. If you split your seed in the way he suggested and someone finds one of your backups, he would have 16 out of 24 words needed to steal the coins. If you have 3 different backups with all your words written down on all 3 pieces of paper and one of them got stolen, the thief would have everything they need to get to your coins. In that sense, it would have been better to use foggoat's splitting system.

But why give a thief even 16 out of 24 words if you can do it in a better way? With SSS, finding a share that is below a quorum, is like having found nothing at all. Even better, finding 1/3 of a 2/3 multisig gets you no closer to the coins because you need 2/3 to spend the BTC. 

Ok. You suggest splitting seed phrasee into 3 parts and storing it in 3 different places. It turns out, 8 words for each coinplate. Then it would be right to add mini-coinplate (like coinplate split - I don't need thanks for the name I came up with for your new product line ) to the assortment of your store. A smaller version of coinplate with space for 8 words and offer them in packs of 3 (for 1 to 8, 9 to 16, 17 to 24 words).

I don't undertake to discuss the correctness of dividing splitting seed into 3 parts, since, for example, Pmalek believes that this is a bad idea (not only he thinks so).
Let's leave the right to choose exactly how to store their seed phrase, splited or whole for the owners of it personally.

I want to say the following. If foggoat voices this method, then it would be logical to offer his customers to purchase a product that allows you to split seed into 3 parts. Those samples that are available in the https://getcoinplate.com/ are not suitable for this (it contain space for 24 words) and buying 3 coinplates to fill only ~30% of the surface of each I consider wasteful. In total, 3 such plates will cost ~200-240 euro (Punch version or Alpha). Offer buyers 3 mini-coinplates for 8 words for the approximate price of one coinplate (~70-80 euro). Then this will be useful, otherwise it turns out that you offer this method of spliting seed into 3 parts only in order to increase your sales (selling 3 plates is better than 1, right). No offense. I expressed my subjective opinion.

OFFTOPIC
I absolutely disagree with his explanation and his recommendations. You can check the comments to see that he couldn't really prove his point in that video. Also, I think that you miss the entire point here. I'll stop at that as it's not the topic here...

I read your replies and I understand you are just suggesting an alternative and not saying that it's better than this or that. I like this video of Andreas Antonopoulos who explains why seed splitting is a bad idea: Bitcoin Q&A: Why is Seed Splitting a Bad Idea?

His exact words is that the suggested splitting method is absolutely not safe and that people should never make such custom shares and store them separately. He does go on to suggest that SSS is a better solution than custom-made splits because if you have less words than the needed quorum in SSS, its like you don't have any words at all. But having knowledge of 16 words like in your example makes it exponentially easier to bruteforce the remaining 7 or 8. 7 because the last word is a checksum, so it's easier to guess that one. Andreas also suggests that in the next decade, it should be possible to bruteforce 7-8 words with powerful-enough machines.

True; I got sidetracked a little bit. I guess both have their benefits and drawbacks. 3 full seed backups means almost guaranteed not to lose funds, while not being hackerproof at all.
Your method would be more secure against an attacker / if someone found one backup, however the owner may lose 2 backups and lose all their funds or they could forget how the scheme worked and not be able to recover it.

The reason why me and others 'quickly' bring up multisig is that it's less hard / scary to set up and use as some may believe & it's popular; you can see in this forum alone how from time to time people come in asking for help with their custom-seed-backup that they can't restore anymore.

No worries! Just want to make sure before you recommend custom backup schemes to customers that they are aware that we already have tried, tested, documented and popular schemes (maybe a little more effort to set up) that they could have an easier time recovering, years down the line. If not just because they are more common.

Sorry about the off-topic!

No problem, that would be dumb. No one should straight split their seed, I agree.


The multisig is a solid approach, I cannot argue with that. Not meant it to be a multisig alternative, but as a whole Multisig is still more complicated than the simple approach I suggested. The scheme I suggested can be explained in a few sentences and solid, durable backups are easy to make. However, multisig needs a detailed tutorial and compatible wallets. It might be difficult to remember it all after a few years or if your family member would ever need to access your coins.  

Most importantly, the discussion started from just simply keeping the extra backups of your seed phrase, not making it totally hackerproof or other things if I recall correctly.

If you were to keep just 3 straight backups of your seed phrase in separate locations, you will be better off using the scheme I suggested. In the thing, I suggested If someone found one of your backups you will be safe from hacking for quite some time (at least a few months if not years), it will require some proper knowledge and resources (incl. time) to crack it. Furthermore, I haven't mentioned this idea as any sort of alternative to a multisig, as it's a whole different beast altogether, and I don't really follow why we are discussing it that way.


Probably, true. However, the approach I suggested is quite simple so probably no true need for a lot of explainers. As mentioned earlier multisig is still a more complicated thing.



Honestly, I haven't thought that someone might still make a wallet with 12 words nowadays, it's not a good practice. I mentioned 24th words seed in my example.
Cracking 4 words of BIP39 seed is hardly comparable to cracking 8 words. To crack 4 words you need around 2^40 combinations, for 8 words it's around 2^80, it's a completely different thing. ^{(not really precise math here though)} You will have 7 words to crack on one of the backups as the last word is a checksum, but it's not that much difference.
It will take quite a lot of knowledge and computing power +money  to crack 8 words and it still will take months if not years. Also they will need to get one of your backups in their hands first.  

And as we were discussing just a mere alternative way of keeping your multiple seed backups in different locations, I think that's quite good for something that is so easy to do.
Even for 12th words (which is not ideal) it still beats keeping multiple backups straight and fully, as it requires proper knowledge to crack even 3 or 4 words. A bit harder to do than just putting the words into a wallet.  Overall multisig will offer probably much better security, but a bit more complicated to do properly.

I am not arguing that one is better than the other, though. I'm not pushing anyone to use that scheme. Different things for different folks. Never meant it as an alternative to multisig. Just replying to your arguments.

It is a simple no-tech idea meant as a way for keeping multiple seed backups in separate physical locations, where you are not able to keep an eye on all of them for 24/7.  
This is quite a digression from the main topic and maybe it would be best to not make this the center of this thread and avoid jumping into this rabbit hole.

Sorry; misread. I thought you'd recommend splitting 1-8, 9-16, 17-24.

As gmaxwell said, though, I don't understand why. There are so many good guides for setting up Multisig with basically any software and hardware wallet and combination of them.
A nice side effect is that you can deposit dummy amounts on each individual seed to deter any thief / finder to go looking for a second seed.

And also.. it just works, it's integrated into wallets and it's a popular scheme, so if someone has a problem with setup or restore, they'll find help online without a problem.
I can almost guarantee that they would find less users who know about this '1-16, 9-24, 1-8 + 17-24' scheme and who will be able to assist.

---

I haven't calculated it with 24 words, but it appears that if someone found 2/3 of the words of a 12-word seed phrase (8 words), it's possible to crack the remaining 4 words rather quickly.
https://bitcoin.stackexchange.com/a/101336/119879

Basically, in your scheme, each share holds 2/3 of the original seed's key material.

Have you even taken a minute to think about it or just straight assumed it's wrong? The thing is it's a 2 out of 3 scheme, you need to lose 2 parts out of 3 to lose your seed phrase. If you lose just 1 part out of 3 you are safe and sound.

I'd also advocate for Multisig instead of SSS. It was discussed on this forum at length, a whole bunch of times and if memory serves correct, Multisig always came out on top.

Even Gregory Maxwell himself seems to agree with this:
[emphasis mine]

That's actually even worse! If you lose 1 part, the whole thing's gone. Never do that!

I didn't mean Shamir's Secret Sharing, it's probably too complicated for most of ppl including myself. Not a biggest fan of multisig, but it might be nice if you have a big holdings.

I meant just very simple idea that you just split your seed into thirds. Then each copy has 2/3 of the full seed on itself. You just do it manually, no tech no math approach. For example 1st copy has words 1-16th, 2nd has 9-24th and 3rd has 1-8th + 17-24th. I think that it's simple and it works, it might be good enough for most long term hodlers.