I see one large shortcoming of this method: you lose all error correction when writing it down.
The BIP39 word list is designed to allow some level of error correction on your hard copy. I've seen people lose access to funds after making several mistakes writing down a private key. If you have to stamp 72 hex symbols into a steel plate, you have to double or tripple check from scratch to make sure you can decode it again. Don't use your existing spreadsheet to do so, but start over with just the piece of metal, and see if you can use an offline LIVE Linux system to recover the seed words (and also the private keys to your addresses) before funding them.
Topic: [GUIDE] Encoding Bip39 Seed Phrase to Hex Code (Read 335 times)
For this particular batch of backups I wanted to avoid encryption because I want my kids to be able to decode the seeds in case I'm no longer around. The backups will be stored in a safe, to which my kids will receive the combination upon my demise.
in that case you might want to also include a clue of what that backup is and also a walk-through of how to convert it back to something they can import in a wallet (ie seed) because your method is not a known method that is commonly used and that can impose complications.
Interesting idea. But i think is more safer hold coins on hardware wallet and also add an extra word to passphrase. I use a hardware wallet and never had a problem. But your idea is good, just to save down passphrase and only you know for what is and how to decrypt it, even if someone steal it 99% will not know for what is it or how to decrypt it.
It is better to encrypt your keys or seed with a password. Encoding can be reversed (and should never be used "for security purposes" because it is not related to security), encryption can only be reversed if you know the password (or you crack the password but with secure passwords longer than 20 chars this isnt a problem yet). You can use gpg --symmetric --cipher-algo AES256 or openssl to aes encrypt your keys/seed with a password then encode the encrypted string to hex/base64/etc. Encryption will make the string longer but also means that no one can steal your coins if you lose your paper wallet and someone reverse engineers your encoding.
Another idea is to print your encrypted seed/keys on credit card size paper, laminate it and store copies securely in different places.
Edit: Your screenshots show google docs and windows. For anything that requires security please use linux, e.g. tails USB and avoid google services.
Another idea is to print your encrypted seed/keys on credit card size paper, laminate it and store copies securely in different places.
Edit: Your screenshots show google docs and windows. For anything that requires security please use linux, e.g. tails USB and avoid google services.
All very good suggestions, thank you.
The google doc is merely to share the information, I also recommend against storing private keys or seeds on cloud services. I use an off-line computer to generate the wallet seeds, and only access the wallets using master public keys on my on-line PC.
For this particular batch of backups I wanted to avoid encryption because I want my kids to be able to decode the seeds in case I'm no longer around. The backups will be stored in a safe, to which my kids will receive the combination upon my demise.
It is better to encrypt your keys or seed with a password. Encoding can be reversed (and should never be used "for security purposes" because it is not related to security), encryption can only be reversed if you know the password (or you crack the password but with secure passwords longer than 20 chars this isnt a problem yet). You can use gpg --symmetric --cipher-algo AES256 or openssl to aes encrypt your keys/seed with a password then encode the encrypted string to hex/base64/etc. Encryption will make the string longer but also means that no one can steal your coins if you lose your paper wallet and someone reverse engineers your encoding.
Another idea is to print your encrypted seed/keys on credit card size paper, laminate it and store copies securely in different places.
Edit: Your screenshots show google docs and windows. For anything that requires security please use linux, e.g. tails USB and avoid google services.
Another idea is to print your encrypted seed/keys on credit card size paper, laminate it and store copies securely in different places.
Edit: Your screenshots show google docs and windows. For anything that requires security please use linux, e.g. tails USB and avoid google services.
What about base-64 encoding instead of hex? That's only 2 characters per word.
base-16 or hexadecimal is not case sensitive so you don't have to go through the pain of changing case. but base-64 is. so when stamping it on the metal you will have a harder time, specially if you are doing it by hand not using a machine.
What about base-64 encoding instead of hex? That's only 2 characters per word.
i never realized you only need 3 chars for hexadecimal representation of these words since they are smaller than 0800. that was interesting 
what you are stamping now ARE your actual seed words! changing the encoding of it doesn't increase your security by much. if someone knows that piece of metal has something to do with bitcoin (whether it has words on it or hexes) they will be able to easily decode it and steal the coins.
if you want to increase security then you have to encrypt it with a password.
and for security purposes I didn't want the actual seed words stamped on the metal.
what you are stamping now ARE your actual seed words! changing the encoding of it doesn't increase your security by much. if someone knows that piece of metal has something to do with bitcoin (whether it has words on it or hexes) they will be able to easily decode it and steal the coins.
if you want to increase security then you have to encrypt it with a password.
This is a great idea. Here's a tutorial for adding a seed shift to obfuscate the seed phrase. Looks like you can use it with your formula.
https://bitcointalksearch.org/topic/seedshift-encryptdecrypt-your-bip-39-seed-words-with-a-date-shift-cipher-3416202
https://bitcointalksearch.org/topic/seedshift-encryptdecrypt-your-bip-39-seed-words-with-a-date-shift-cipher-3416202
Reserved.
Introduction
I recently decided to stamp my seed phrases onto stainless steel blanks for preservation. I wanted to preserve and secure the seed phrases for multiple wallets, including the ones I've created for each of my children. I didn't want to spend all day stamping letters into stainless, and for security purposes I didn't want the actual seed words stamped on the metal. The spreadsheet I've created below gives me a tool to resolve both issues.
Background
BIP39 Seed Phrases are utilized by many hardware, desktop, and mobile-app wallets and their respective software. They are not only used for Bitcoin, but many other coins as well. There are even some web wallets that utilize BIP39 seed phrases for backup and recovery. The phrases are most often 12 words in a string, but can be longer. The words, and the order in which they are generated is critical information and represents the core backup of an HD wallet, and all its Private Keys. You'll need the seed phrase to restore the wallet in case the hardware on which it resides is lost, stolen, or otherwise compromised. With the seed phrase you can restore the wallet onto multiple devices. In the case of cold wallets you may choose to not have the private key reside on any electronic device.
The Issue
The seed words themselves may be several characters long, and may be in an order that is easy to remember. From the practical perspective, I didn't want to spend a lot of time stamping hundreds of characters into steel. While wanting to secure many wallets it was looking like I would have to dedicate a lot of time stamping seed phrases into the steel blanks.
The security issue of having the seed phrases stamped onto a piece of steel that some one might see was also something that concerned me. Even with the steel locked in secure storage such as a safe, the potential for someone to see them does exist. Someone with a quick eye and a keen memory could theoretically see the phrase and remember it, and then proceed to steal the funds.
Solution
It occurred to me that encoding the phrases could resolve both of my concerns. I choose to use the numeric value of the list position of the BIP39 word and then encode the numeric value to HEX code format. This method compresses the information to three characters per word, and by converting the seed phrase into a format that is not immediately recognizable to most, makes the character string harder to remember.
Although this encoding method does not encrypt the information, it can be combined with encryption techniques for added security. A simple or complex seed number shift can easily be added to the tool outlined below. That will be covered by another post.
Build the Spreadsheet
Security
Since you will be typing your secret seed words into the spreadsheet, I suggest building the spreadsheet on an air-gapped computer, or one that you are 100% confident is not infected with a virus, malware, or a key-logger. Your security is your responsibility, do not skimp.
Sheet 1; BIP39 Word List
Online Computer:
Offline Computer:
Sheet 2; Encoding
Sheet 3; Decoding
Spreadsheet Tool
I have made my sample spread sheet available for viewing and downloading. Editing the spreadsheet has been disabled. It has an unfunded TestNet seed phrase as an example. I suggest you use the formulas above to build your own, and use it on an air-gapped device. The Spreadsheet link is here, if you need to download it.
I recently decided to stamp my seed phrases onto stainless steel blanks for preservation. I wanted to preserve and secure the seed phrases for multiple wallets, including the ones I've created for each of my children. I didn't want to spend all day stamping letters into stainless, and for security purposes I didn't want the actual seed words stamped on the metal. The spreadsheet I've created below gives me a tool to resolve both issues.
Background
BIP39 Seed Phrases are utilized by many hardware, desktop, and mobile-app wallets and their respective software. They are not only used for Bitcoin, but many other coins as well. There are even some web wallets that utilize BIP39 seed phrases for backup and recovery. The phrases are most often 12 words in a string, but can be longer. The words, and the order in which they are generated is critical information and represents the core backup of an HD wallet, and all its Private Keys. You'll need the seed phrase to restore the wallet in case the hardware on which it resides is lost, stolen, or otherwise compromised. With the seed phrase you can restore the wallet onto multiple devices. In the case of cold wallets you may choose to not have the private key reside on any electronic device.
The Issue
The seed words themselves may be several characters long, and may be in an order that is easy to remember. From the practical perspective, I didn't want to spend a lot of time stamping hundreds of characters into steel. While wanting to secure many wallets it was looking like I would have to dedicate a lot of time stamping seed phrases into the steel blanks.
The security issue of having the seed phrases stamped onto a piece of steel that some one might see was also something that concerned me. Even with the steel locked in secure storage such as a safe, the potential for someone to see them does exist. Someone with a quick eye and a keen memory could theoretically see the phrase and remember it, and then proceed to steal the funds.
Solution
It occurred to me that encoding the phrases could resolve both of my concerns. I choose to use the numeric value of the list position of the BIP39 word and then encode the numeric value to HEX code format. This method compresses the information to three characters per word, and by converting the seed phrase into a format that is not immediately recognizable to most, makes the character string harder to remember.
Although this encoding method does not encrypt the information, it can be combined with encryption techniques for added security. A simple or complex seed number shift can easily be added to the tool outlined below. That will be covered by another post.
Build the Spreadsheet
Security
Since you will be typing your secret seed words into the spreadsheet, I suggest building the spreadsheet on an air-gapped computer, or one that you are 100% confident is not infected with a virus, malware, or a key-logger. Your security is your responsibility, do not skimp.
Sheet 1; BIP39 Word List
Online Computer:
- Browse to GitHub and download the Bip39 word list in your preferred language.
- Copy the list onto a clean USB drive for transfer to the offline computer.
Offline Computer:
- Start a spreadsheet, and name the first sheet "BIP39 Word List" (the name of this sheet is critical for the functionality of the formula.)
- Copy the 2048 words from the word list you've chosen, and paste the words into a single column in the sheet titled "BIP39 Word List."
Sheet 2; Encoding
- Create another sheet and name it "Encode" (the name of this sheet is not critical.)
- In the first row, apply names to the columns as a reference (see example below.)
- In my example I've named column A "Seed Words," and column B "Hex Code."
- Type or paste your seed words into column A, typing one word per cell (see example below.)
- Copy the formula code below and past it into cell B2.
- Drag the formula down through all the cells you want to convert.
Code:
=DEC2HEX(MATCH(A2, 'BIP39 Word List'!$A:$A, 0)+ROW('BIP39 Word List'!$A:$A)-1, 3)
Sheet 3; Decoding
- Create a third sheet and name it "Decode" (the name of this sheet is not critical.)
- In the first row, apply names to the columns as a reference (see example below.)
- In my example I've named column A "Hex Code," and column B "Seed Words."
- Type or paste your Hex Code in column A, typing one code per cell (see example below.)
- Copy the formula code below and past it into cell B2.
- Drag the formula down through all the cells you want to convert.
Code:
=INDIRECT("'BIP39 Word List'!A"&HEX2DEC(A2)+0)
Spreadsheet Tool
I have made my sample spread sheet available for viewing and downloading. Editing the spreadsheet has been disabled. It has an unfunded TestNet seed phrase as an example. I suggest you use the formulas above to build your own, and use it on an air-gapped device. The Spreadsheet link is here, if you need to download it.
Jump to: