Topic: Crypto Security - Additional Protection For Your Seed/Private Keys. (Read 527 times)

Yeah, it makes sense, you cannot reverse PBKDF2 so it isn't encryption.
But every Wiki/Article link about BIP39's passphrase labels it as "encryption" simply because it uses a "passphrase", those need some correction.

For the security, it's not that safe as I mentioned earlier: "the seed will be safe for a while" (the seed, not mnemonic).

Passphrases are great, and everyone should be using one, but they don't encrypt your seed - they are used as a salt for PBKDF2. Your seed is still very much stored in plain text. If you wanted to encrypt your seed phrase and store it on some metal device, then you will need a custom/homemade device. You will need a larger character set than just 26 capital letters, and far more of them, than these commercial products can accommodate.

I use paper back ups, hardware wallets, and encrypted files, but I would advise against storing anything online. Even if it is encrypted, are you 100% confident in the encryption software you used? Are you 100% sure you left no traces of the unencrypted file on your internet enabled device? Are you 100% sure your encryption key is 100% secure and will never be broken? Why take an unnecessary risk? Just store it on a USB drive or airgapped device.

What is recommended today may become necessary in the future, because if we want security, we have to invest a lot more than $50 in a hardware wallet and 24 words on a regular sheet of paper. As far as I can see, opinions are divided between those who suggest encrypted files saved online or on some medium, and those who still stick with multiple backups on paper/metal plates.

I agree that in case we use backups on paper/metal or any other more durable material, we need to use extra word (passphrase) as extra security in case someone if find our backup. Of course, in this case one should be intelligent and separate the seed words from passphrase, and take into account that weak passphrase is not good move since it is subject to brute force attack.

---

The whole point of this topic is to start acting more responsibly towards what we are protecting.

I agree that the use of an additional word in the seed phrase is a good solution to increase security damage, but I would recommend having multiple backups available anywhere in the world and anytime.

I'm pretty sure it can.
The user can always use the standard BIP39 encryption which will only add an additional word to the existing seed (but not to be included to the backup).
Info: BIP-0039

Even if the backup is compromised, the seed will be safe for a while since the mnemonic will derive a different set of keys if there's no passphrase or the correct passphrase wasn't included in the import.

Most metal seed phrase storage devices cannot encrypt the seed phrase, which in my opinion is a very important factor. If you store your encrypted seed phrases in more than one cloud storage device it will be much more secure. You can use PGP encryption (https://bitcointalksearch.org/topic/eng-tutorial-pgp-signature-encryptdecrypt-message-fingerprint-4059348) and use complex passwords for cloud storage. Even if an attacker can get your encrypted seedphrase, it is almost impossible for them to decrypt it.

You can also check this testing conducted on Billfodl and see the results.



https://twitter.com/JimJones1913/status/1161065474869694464

exactly. as with most things, it's crucial not to have a single point of failure. storing everything in your house is asking for trouble. a single disaster or burglary could ruin everything.

the obvious solution is to have backups in multiple physical locations. it could be as simple as encrypted .dat files on thumb drives. you could leave one at your parent's house, at the office, in a safe deposit box, etc etc. periodically replace them to prevent data corruption and you should be all set.

this is a low cost but highly resilient model IMO, better than these expensive metal bricks.

Decentralizing funds and seed backups are best thing to do. It will help to prevent the worst case when you store all your money in one seed and hacker get access to one of your backup and steal all of your funds.

Decentralization is a backbone of bitcoin as well as the crypto currency world. It can also be applied for fund storage and seed backups.

Keeping small funds in handy-wallet for daily usages while decentralizing main funds into different seeds (keep their backups safely too).

Well, that's also true. Just leaving a small amount of coins under your seed unprotected by a passphrase is enough to give you plausible deniability. Leaving a small amount under a decoy passphrase is even better. Even if you only have coins under your real passphrase, you could use the excuse that you were backing up the phrase before sending any coins to it. Someone finding the seed but not knowing what the real passphrase is, or even if one exists, is unlikely to spend a significant amount of time trying to brute force it, and as you say, it gives you plausible deniability for a $5 wrench attack.

On the other hand, if somebody finds your encrypted seed, then I suppose it depends on whether or not they know that what they have found is a seed, and not just some other encrypted data which would be worthless to them. If they did know it was a seed, then it is much more likely they would assume it is holding a significant amount of funds and put more effort in to attempting to crack it.

Perhaps someone might want to go down both routes, and encrypt their seed in addition to using a passphrase, but that now means you have to back up three things (seed, encryption key, passphrase), in multiple, separate, secure locations. I'd be running out of places I can trust are secure at that point, short of renting out multiple safety deposit boxes.

well i have to benchmark it to see which one is faster but logically PBKDF2 with iterations below 10mil aren't even supposed to be used for anything that is security critical (BIP-39 uses 2048) and this KDF is not known to be strong at all. there are much better alternatives to use such as scrypt. https://tools.ietf.org/html/rfc8018#section-4.2
note that using it is fine with this iteration because it is not meant to be used for encryption but for "plausible deniability".

Tools like this are great, and Ian Coleman has a similar one up at his site here: https://iancoleman.io/shamir39/. It is very important to be aware, though, that there is no set standard for how this kind of secret sharing should be implemented. Whichever software, program, site, GitHub, etc., that you use to split your secret must be exactly the same one you later use to combine your shards and recover your seed. With that in mind, you need to think about what you would do if that GitHub repository went offline, or if the program on your computer became corrupted or lost.

If you are using a method like this to split your secret, then you must also back up the code you used to do it.

You can get better results by dividing wallet seed and encoded them in safer ways, for example using the Shamir Secret Chess scheme.
You can divide words into a specific number of splinters and then distribute them to trusted people as M of N will need to pool to renew the seed (try using https://github.com/oed/seedsplit "Run it offline.")

Read more --> https://bitcointalksearch.org/topic/ann-passguardiancom-client-side-threshold-secret-sharing-142875


I remember that there was a way to encryption in the form of a regular image so that you can place them safely in any public place and need a password for the recovery or part of them.

Out of those examples listed in the OP, I’d be less inclined towards the cryptosteel design. I mean it looks cool and sleek, but the fact that there are many tiny pieces makes we feel that something can go wrong if you mount the stopper wrongly at the end of the rod. Additionaly, reading the mnemonic there seems uncomfortable (not much wiggle room) in case you need to retrieve it without actually going through taking the characters off the rod (which seems like an accident prone moment).

Besides the actual method of protection and concealment, there lies the key factor of placement. If we go full paranoid, these devices will not help us if the device itself is stolen, our house get (heavily) flooded, hit by a tornado, or it gets accidently thrown away during spring cleaning. Placement (and perhaps redundancy) are elements to add to de security equation.

I think these kind of metal devices are generally overkill. You should never have your seed backed up in only one location, as no storage medium is 100% guaranteed to survive anything that could happen to it and also be able to be found amongst the wreckage, be it fire, flood, earthquakes, whatever. Sure, a steel plate may survive a flood or a tornado where paper wouldn't, but that's not going to be much use to you if it has been carried several miles away and you can't find it. Your seed should be backed up in a minimum of two completely separate and distant locations, and the chance of both locations simultaneously being faced with disaster is very small (provided your two locations aren't your house and your garage, or something equally silly). Paper is completely adequate provided you have more than one backup.

Yeah, a passphrase is clearly not encryption, but they essentially achieve the same thing - a long, random string of characters that is needed in addition to the seed (or encrypted seed) to access the coins behind it. I'd argue that a passphrase is a better option, since it takes longer to brute force passphrases and check for funds than it does to simply brute force encryption keys. Either way, your passphrase or encryption key also needs backed up, and obviously needs stored separately to your seed phrase back ups.

Some of the steel storage have a problem when crushing test, I read up all of the metal testings by Loop, the rail-based design will make data loss easily
laminated paper and keep it to safe deposit box are good one

Saint-loup, thanks for the warning, even though these are very extreme conditions, we can still see which materials show up best when it comes to resistance to fire, water, crush. Although most users will not experience such challenges in real life, there is no need to save on investing in security, of course for those who feel they need something like this.

I think for anyone who owns at least 1 BTC, saving backups is something to seriously consider, as otherwise we could have a lot of disappointments in a decade if price of BTC rise only x10 from today. I see many such cases back in 2017, lost seeds, seeds with mixed words, paper wallets with faded characters, wallets on corrupted hard drives (no backups at all).

a strong password is enough but the problem i was talking about is backing up that password. for example imagine your password is this: 4@Gx19y{75#Hq (13 characters long), how are you going to remember this? you will have to store it somewhere on a piece of paper which means now you have 2 "objects" you have to store.

that is NOT encryption.
encryption means if your mnemonic is this:
the encryted result  which is what you get after actually encrypting it using an actual encryption method (using the password above and AES-256 CBC mode with no padding) would look like this:

That's a good point, but what could you do against that?
You don't think a passphrase is enough?
Mastering Bitcoin states that's a pretty strong protection
https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc#from-mnemonic-to-seed

People who didn't set up a passphrase could eventually make a simple shift ciphering in the BIP39 wordlist with a passphrase (eg "The..."  shifts the first word of the seed by 20 places in the bip39 wordlist -because T is the 20th letter of alphabet-, h shifts the second word by 8 places, e by 5 places the third word, etc)

Some people buy for luxury, some because they want to do it and have a lot of money to burn. You never know.

The fact that they sell it and didn't go bankrupt until now could be proof that there are people that buy those things.