Author

Topic: How to save seed phrase in the Bitcoin blockchain (Read 328 times)

legendary
Activity: 1974
Merit: 4715
February 15, 2020, 10:56:08 AM
#1
This is a translation of igor72's post. Thanks to him for the information!

In this post at the request of one of the forum users I will write instructions on how to save a backup copy of the seed phrase in the Bitcoin blockchain. This is not a translation or retelling, this is my version of how this can be done, so constructive criticism is welcome.
I will write several well-known tricks for solving this problem.

Disclaimer: I can not guarantee 100% safety and performance of this method in the future, I can not advise you to use it. If something doesn't work, it's not my fault.

I will use this method as a backup and with insurance. Insurance is a reliable passphrase for seed (known as passphrase or the 13th (25th) word), which, of course, is saved separately offline (and in the head). With a good passphrase, even with a cracking of 12 (24) words, cracking the seed phrase is almost impossible.




We will place the seed phrase on the blockchain with a transaction with the OP_RETURN code, which allows you to send up to 80 bytes of arbitrary information.

1. We encrypt the seed phrase and get a hexadecimal string.

All operations with seed phrase need to be done on a secure computer. Suppose I don’t have one, so I physically turned off the Internet and booted from the [url = https: //tails.boum.org/] flash drive Tails [/ url] (this is such an anonymous and safe operating system (linux) on a flash drive).

Create a seed.txt text file with a seed phrase (for example: runway exist coconut cinnamon attack laptop oil wild yellow drink lawn cattle). To shorten the line, I will save the first 4 letters of each word (this is enough for identification) and remove the spaces. The result: (runwexiscococinnattalaptoil_wildyelldrinlawncatt) is saved to a file. From this folder, launch the terminal and run the command:
Code:
openssl enc -aes-256-cbc -in seed.txt -out enc.txt -nosalt -k bitcointalk -iter 21000000

I used the bad password "bitcointalk" as an example, in reality you need to choose a good unique password, long (at least 12 characters), but preferably easy to remember.
21000000 is the number of iterations of the pbkdf2 function, I set it up so huge, because I can easily remember it. This parameter greatly slows down encoding / decoding (my old computer encrypted / decrypted for almost 2 minutes), which makes bruteforce unrealistic and allows using a not-so-complicated password. So, we got a file with the encrypted seed phrase, now we need to get a sequence of bytes (dump).
Run the command:
Code:
xxd -ps -c 1000 enc.txt enc_hex.txt

-c 1000 - the number of columns, set arbitrarily (80 could be used). Without this value, the data will be divided by 32 bytes per line, and we need one line. We save the enc_hex.txt file to a USB flash drive or computer hard drive, turn it off, remove the USB flash drive, turn on the Internet and load the operating system.

2. We need to make sure that the transaction with encrypted data is easy to find later. You can probably come up with different options, you can just write it. But I tried not to write anything, and so I chose the option of creating an address from the hash of my favorite word / phrase and then searching for the address in the block explorer. For this I used brainwallet (you can use any other), in the line "Brain Wallet Input" we enter an unforgettable key word, for example, the name of a beloved mother, dog, etc. Security is not important here, if this private key is stolen, then this is not a problem. For example, I used the word "bitcointalk" and got the private key L1AHAuRLxZ14PspT4UjooZa3Jx2Y9hcKfuQpC19b4AqHq8V12u9o.

We import it into Electrum (by creating a new wallet from the private key, I prefer the bech32 address, so I import with the prefix  p2wpkh:L1AHAuRLxZ14PspT4UjooZa3Jx2Y9hcKfuQpC19b4AqHq8V12u9o,
(you can use the legacy address, this does not affect the result).

We got the address bc1qc0kwr8clxgj63dp77sr4ql9zhexq2a6aw85ltw, we’ll pay 300 satoshi for it (for a segwit address this amount will be enough). From this address we will now send the transaction with OP_RETURN.

3. Copy the hexadecimal string from the saved enc_hex.txt file into Electrum and form a transaction.
Fill the line "Pay to" like this:
Code:
OP_RETURN our_string, 0
(do not forget the comma with zero at the end).



We send the payment. Here is my transaction: https://www.blockchain.com/en/btc/tx/0e0546d004f3373822178ceddb3084247912e400b75e5971e66522f6b398f123



How to restore the original seed phrase?

4. Remember the keyword ("bitcointalk" in my example) and get the address (as in the 2nd paragraph). We insert the address into the block Explorer and easily find our transaction. Click on it, open the details, and at the bottom of the page we see our encrypted code 3222e79b5c94efcea7b8e1704e1bdd8fb9257baf7bbecf1a9bb5b5a5b8da094ad570dddc7754220 c2e2359081956d238ba24429639c90b2348f15f052617aab8. Save this line in a text file (I have enc_hex.txt) and save it to a flash drive.



5.Turn off the Internet, restart the computer and use the Tails operating system. Next, copy the encrypted file from the USB flash drive, run the terminal from the folder with the file and run the command:
Code:
xxd -ps -r enc_hex.txt enc.txt
Next command:
Code:
openssl enc -aes-256-cbc -d -in enc.txt -out seed.txt -nosalt -k bitcointalk -iter 21000000

(the value of the -iter parameter must necessarily coincide with that used during encryption, so it is important not to forget it, it is better to write it somewhere).
That's it, open the seed.txt file and rewrite the seed phrase on a piece of paper (dividing words by four letters). If the wallet does not offer possible options when entering the seed words, then the full spelling of the words is in the BIP39 dictionary
(Thanks bomj for the corrections).


If you need to save a seed phrase of 24 words, then they will not fit in 80 bytes. In this case, the hexadecimal encryption string should be split into two parts and two OP_RETURN outputs created. Or use another converter to fit this information into 80 bytes.


P.S. If someone wants to repeat, practice first in the testnet, try not to clutter the blockchain with useless garbage.

___
I tried to translate the information as efficiently as possible. If you find errors, write in this thread, I will fix them
Jump to: