Topic: How best to secure your Private Keys and/or Seed phrase (Read 399 times)

Never storing important things online, from bank accounts, identities, selfie images with your ID card (for KYCs, for instance), crypto exchange account information (passwords, 2FA codes), to private keys/ mnemonic seeds.

All of those things should be stored off-line.

This is horrible advice. Nobody do this please.

Storing a private key on any cloud storage or online service is just asking for it to be hacked. Your account could be compromised can easily be compromised, as pPassword breaches happen all the time, simple social engineering can transfer your mobile phone number to someone else, 2FA can be hacked or disabled, etc. Furthermore, you have no idea how good their security is, their servers could be hacked, an employee could access it, it could be intercepted during transfer or during back up, the list is endless.

Anyone who is storing their seed or private key online needs to set up a brand new wallet, back up your seed offline to paper, and transfer all their funds to it.

Another decide way of storing your private key is Telegram app, you could save it in your saved messages and because it's cloud storage, it would never delete as long as you login to the app periodically, you could also secure your telegram with 2FA which makes it almost impossible for a hacker to get access to the account, to further secure your account, ensure that the registered phone number is owned by you and you do not share it with anybody because nobody can log into your account unless they have that phone number, this is a method I have been using for years and it has been quite effective for me, I have never lost a privtea key and none of my wallets has ever been hacked.

Definitely it's not practical but it can still be alternative just to make sure that you have back up options as long as possible. On the other hand, it's still best to write it down to a paper such as being provided by the ledger. Use a great pen that its link las for a long period of time and then it'll guarantee the safety of your private key or recovery phrase.

This is true, but generally speaking, most users should not be directly interacting with their private keys (as opposed to their wallet software accessing them), as doing so is a good way for them to get compromised.

If you already set a passphrase for Bitcoin core wallet. You have to unlock it first, before you are able to dump private key.

walletpassphrase "passphrase" timeout

With passphrase is your wallet's passphrase (that one you used to encrypt your wallet). Timeout is time, in seconds you leave your wallet opened before it will be automatically locked again.

dumpprivkey yourBTCaddress > Enter

---

What I do is different. I do not only backup wallet's mnemonic seeds/ private keys, but also I do two things simultaneously.
- Backup mnemonic seeds/ private keys.
- Backup wallet files regularly. I usually do it monthly.
In case you lose your mnemonic seeds/ private keys, you will still be able to access your funds through wallet backup files. The only thing you have to do in that case is remembering your wallet passphrase. Passphrase should be set as strong as possible and non-reuseable one.

You can actually have more than that. For example, the same private key can give you two legacy addresses - one compressed and one uncompressed.

The point about each private key only being linked to a single address applies for inside wallets. A single wallet will be all one type of address - all uncompressed legacy, or all native segwit, for example. Inside that wallet, each address will have its own private key. But it is also correct to say that you could extract a private key and use it to derive a different type of address if you wanted (although this carries additional security risks - much better to just create a whole new wallet of your desired address type.)

Personally, I wouldn't rely on hard drives to store my private keys/seeds for long time (more than two or three years).
Some hard drives have a short lifespan (depending on the manufacturer).
I, once, stored all my important files on hard drive and didn't use it for two years. When I tried to restore them, I discovered that most of them were corrupted. So, I wouldn't advice anyone to use this method.

I think one private key has 3 address: Legacy, segwit and native segwit
When you input your private key on electrum should add code:

In this case OP private key: Private key WIF
your private key should use Private Key WIF Compressed with letter L or K to making segwit or native segwit when use electrum.

Compressing use tool: bitaddress.org

One more fact about the seed.

The seed is the sequence of words that contains the mathematical relation needed to generate all your private keys.
Private keys are not linked , but there is a mathematical relation in the private keys generated from the same seed.

If the seed leaks, all the private keys are compromised.


From mastering bitcoin book https://www.oreilly.com/library/view/mastering-bitcoin/9781491902639/ch04.html#hd_wallets

Only your master private key is linked to every address in the wallet. Individual private keys are only linked to a single address.

The words key and address are not synonymous. There is no such thing as a private address, and public keys and public addresses are two different things.

Only if they have been converted to Wallet Import Format (WIF). A private key is more generally though of as a 64 character hexadecimal string.

Actually, the 256 bit number known as the seed number is randomly generated. The words are very specifically calculated in order to encode this number.

It should absolutely be permanently offline. As soon as your seed phrase has touched an internet enabled device, you should consider it compromised.

Google search- https://www.google.com/search?q=how+many+public+key+from+private+key&oq=how+many+public+key+from+&aqs=chrome.1.69i57j33l7.8545j0j4&sourceid=chrome&ie=UTF-8

Search result

I have personally had a case of my receiving address changing after a transaction, and the old public address was still valid and funds sent to it would be reflected on the new address. Note that, this generation takes place automatically, and no new password is used. Since both addresses are linked, i think it's safe to say they use the same private key. Except it's a case of multiple private keys generated from the same Master private key.

I am hypothesising at this point and I'm yet to find a solid link to prove it.
I'll keep searching and would correct it once I find something, I'll also appreciate your feedback as well as comments from others.

Thanks for the information. I just updated the OP.

No. Your private key will have only one address. You can't get more than one address with one private key. You can create as much as address you want- but all belongs to your wallet; not belong to a single private key.
For instance- in Electrum, you may have 10 receiving addresses; these 10 addresses are generated from 10 private keys. If you generate one more address, it means one more private key.
To have all these addresses backed up without storing private key, you can use the seed key. But as I said; 1 private key = 1 address only and it never get changed.

Thanks for the info.


The (public) address linked to a private key can be changed multiple times. However the private key remains the same. This feature I believe is to prevent transactions made from the same address being linked.

Not true. You can get private key in almost all of the software wallet (in desktop/PC). If you are using Electrum-
1. Go to address tab.
2. Select any address. Right click the mouse. You will see Private key option. Click there and get your private key for that address.

If you are using Bitcoin Core client-
1. Go to console.
2. Type [dumpprivkey][your address] & hit enter.
I didn't use Bitcoin Core wallet yet though but that's the basic.

One more info I want to point out-
1 Private Key = 1 particular address
Seed Key = 1 wallet which may include wide variety of addresses.

In the blockchain technology, we are responsible for our own security and hence we have to take maximum measures to ensure that our assets are secure at all times.
Your wallet, which serves as your digital bank account, is (should be) fully under your control, this means that you have total autonomy over the assets stored on it. There are different types of wallets, but avoid storing your assets on a wallet that offers custodial services; this means the website will control the private keys to the wallet, and, if it's not your private keys, it's not your bitcoins.

So as stated above, it's advisable to own your private keys, but this is a huge responsibility and you have to know how to protect your private keys from other people as we as accidents and loss.
Private keys are an alphanumeric phrase that is used to send bitcoins from one wallet to another. They are randomly generated are linked to every address on the wallet, a wallet can have more than one private key, and hence hold multiple public addresses.

What differentiates a private key from a public key?

A private key is used to authenticate transactions from a wallet address, while a public address is similar to an account number of your bank. It's an alphanumeric key that is used to identify a specific address. Public addresses can change after each transaction, and it's advisable you change them to avoid your transactions being monitored and linked, as they're available to the public. Public addresses are derived from private keys. Private keys are not available to the public and do not change. They can not also be generated from the public addess. They usually start with the number 5 (on the main net and 9 on the test net)
Example of a private key: 5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF

Private keys are usually not made available to the wallet owner, (although some wallets allow you to import it) rather you are given a seed phrase or recovery phrase. This is a set of words that are randomly generated and are as secure as the private keys. This phrase is used to recover your account should you use your device or wallet.
For example, red yellow green blue black brown purple grey orange indigo violet pink white

How best do you safeguard your recovery phrase?

Your private keys or seed phrase are too long to be memorized comfortably and you should never screenshot or keep a copy of it on your device. This exposes it to hackers and malware. When securing a recovery phrase, you have to consider online threats (hacks and malware), unforeseen circumstances/accidents; such as fire or water disasters, and keeping it away from other people. Simply writing it down in a piece of paper does not provide the needed level of security especially when you have a high amount of bitcoins.
There are a few ways you can securely back up your private keys and recovery phrases;

Use a hard drive: you can store your private keys or recovery phrase in a hard drive, which should preferably be permanently offline. This way it is not exposed to online attacks and can be easily recovered. You can also secure the drive with a password and store it in a vault to protect it from others.

Paper wallet: a paper wallet is primarily designed to store private keys. The details (which may include QR code are imprinted on a price of paper). This can then be laminated and stored in a vault.

Using a steel wallet: Your private keys can be engraved and stored in a steel wallet, such as cryptosteel. Designers of these products claim it is resistant to hazards such as fire, water, corrosion, etc. This would make it an effective way to store your private keys and/or recovery phrase

Note that when using any of these measures, you should always have multiple copies securely stored.
How do you safeguard your private keys and seed phrases? Also, how would you ensure the bequeathing of your assets to your next of kin(s), besides adding it to your will?