Author

Topic: 🔓 Encrypt private keys yourself 🔒 (Read 175 times)

legendary
Activity: 2352
Merit: 6089
bitcoindata.science
October 04, 2023, 08:24:24 AM
#4
You know private key (and mnemonic seed) must be saved as it is. Don't do anything with private key like encrypt it more and more complicated. If your backup process for your private key is more complicated, you will have bigger risk to lose one of back up steps (encryption steps) and what will eventually wait for you?

....

How to back up a seed phrase


You can safely encrypt your seed to use it later on. But you need to save the password to open it.

Even there lopp blog you mentioned suggests doing so.

Saving the encrypted seed is not the best practice, but it is much better than saving it unencrypted.

The best is to save it in a piece of paper or a metal or similar.
hero member
Activity: 1722
Merit: 801
October 04, 2023, 02:55:59 AM
#3
You know private key (and mnemonic seed) must be saved as it is. Don't do anything with private key like encrypt it more and more complicated. If your backup process for your private key is more complicated, you will have bigger risk to lose one of back up steps (encryption steps) and what will eventually wait for you?

You will lose your private key because cracking it is impossible.

Rather than keeping your private key safely, you will have to do multiple tasks like keeping many steps of encryption for decryption later to get your private key. It is unnecessary and not only this, risk for you is bigger.

How to back up a seed phrase
Why is Seed Splitting a Bad Idea?
member
Activity: 266
Merit: 59
March 27, 2018, 07:52:27 AM
#2
A lot of complaints about compromised keys. This method to improve the security of key storage is of no interest to anyone?
member
Activity: 266
Merit: 59
March 24, 2018, 05:53:01 AM
#1

The issue of safe storage of private keys is constantly discussed on the forum. Many different options are offered most often a flash drive and paper.

What happens if they fall into the wrong hands? The flash drive can be encrypted with different programs such as VeraCrypt, but not for each person this option is suitable for different reasons. With the paper version is even more difficult. I have seen variations when replacing or adding one or more characters in a private key. It is an easy way, but inconvenient. The keys are hard to enter manually, it is likely to make a mistake.

Then I thought, maybe you can automate it somehow and remembered about JavaScript. The idea is to create a simple HTML file with JavaScript code that is stored on the computer and a couple of mouse clicks allows you to convert the private key according to the specified algorithm. This is not to protect the key with a password, and the modification of the existing one. Now they can be stored in the modified form, and when you need to easily return to original view.

Pro:
  • Everything is done automatically, it is impossible to be mistaken as with manual input
  • There is no need to trust other people's software, you know for sure that your passwords will not be stolen
  • Everyone can come up with his own algorithm. Even if you do not know JavaScript at all, having spent a little time you can do it
  • You do not need to remember passwords, it is enough to remember the conversion algorithm
  • You can convert without using the computer, just using the pen and paper
  • File unlike the program for encryption is very difficult to detect, especially if you do not know about its existence. It can be called index.html and hide in the folder of some program, where it will look like a service file. You can even change the file extension from .html to any other .dat example, making it even more invisible and it will still work in the browser.

Contra:
  • The principle of openness of the system is violated, the secret is the algorithm itself, and the password is completely absent. I think in our case this is not critical. Although you can add the system and the classic password if you want.
  • The mixing of symbols will not save you from a simple search of all combinations. Another thing is that given the length of private keys it will not be possible to do it in an acceptable period of time.
  • A hacker can not brute to the forehead, but try to guess the encryption algorithm you used, so you need to show your imagination and come up with something less trivial than mirroring the text. Will there be enough knowledge and perseverance in the average hacker who stole your keys to crack their big question, because often he will not even know how many cryptocurrencies on this wallet.

For clarity, I have prepared a few simple options, so you can try it in practice.
1) Mirroring text, 123456789 - 987654321
2) Swap adjacent characters 1 with 2, 3 with 4, 5 with 6 and so on, 123456789 - 214365879
3) It divides into N parts and reverses order, for example 3 parts 123456789 - 789456123
4) Swaps 3 and 6 symbols, 123456789 - 126453789
5) Adds in 3rd and 6th position random numbers from 0 to 9, 123456789 - 12634576789
6) Ways you can combine with each other, it all depends only on your imagination and level of knowledge. As an example: divides the text into parts of 3 characters, changes the order of the symbols and adds 4th random numbers. 123456789 - 321965419878

The finished files of these examples can be downloaded here

This option I did not come across the forum, sorry if this has been done before.
These examples are made for demonstration purposes, you can come up with your own.
Code examples are probably not optimal, I am not a programmer.
The algorithm used to select a random number does not always work well, sometimes generating the same values.
Also, if desired, you can implement various modifications of Caesar cipher, hashing and so on.
The examples provided are not cryptographically stable. However, private keys are not meaningful text and frequency analysis does not help hack them.

Hardware wallet is good, but not everyone has it and they do not support all existing currencies. You can not rely on only one hardware wallet you need to have other backups. Buying a few hardware wallets is quite expensive. Therefore, you need to securely protect your backups. I wonder your opinion on this method of additional protection of private information.
Jump to: