How to secure your Recovery seed or Mnemonic phrase?

Saint-loup

legendary

Activity: 2604

Merit: 2353

Quote from: Ana_crypto on July 28, 2019, 11:31:15 PM

Quote

Which is why some schemes allow you to add password to your seed, so the seed alone is not enough to access the wallet, because private keys are derived from both the seed and the password. I personally don't use this method, because I use Electrum and it doesn't have this option, but even if I could, I still wouldn't because it just adds just the complexity of storing password somewhere. I'd rather not risk locking myself out of my coins because of a misplaced password.

I think Electrum wallet also has the feature of Passphrase. Instead of storing your password anywhere, you can choose a strong password which you can remember. Even if the seed is stolen, without the passphrase they cannot access the wallet.

You can choose to keep part of your funds under passphrase(large amount) and fewer amount without a passphrase(small amount). If the wallet is stolen, then only the small amount without a passphrase will be lost. You can still save the large amount of funds.

Usually people don't own one single wallet only, they possess several wallets with several seeds and even several lonely private keys belonging to one particular address they've used to receive a payment or signing a message for example. So what is your advice when you have several seeds precisely? Do we need to use one single passphrase for all of our wallets or do we need to change it and to use a different one for each of our seed/wallet? Using a passphrase could also be dangerous because if you forget it you will lose your funds even if you have the seed, which can be heavily frustrating.

sima_sara

newbie

Activity: 19

Merit: 4

Quote from: hatshepsut93 on July 28, 2019, 05:28:12 PM

Quote from: bitart on July 28, 2019, 03:30:14 PM

What if you don't use password but use a cryptosteel kind of solution, but you cut your seed into half, and engrave the first part on one steel (it can be a steel business card, you can find it on eg. ebay) and the second part on another steel.

A half of a seed can be enough to crack the whole seed, depending on attacker's capabilities. Electrum seeds have 135 bits of entropy, and 67.5 bits can be cracked on modern hardware.
....

How is this possible?

prix

hero member

Activity: 750

Merit: 511

Quote from: bob123 on September 16, 2019, 01:24:12 PM

However, the vulnerability i was referring to actually was from 7zip. Sorry, my bad.
They used a 16 byte IV (instead of 128 byte as defined in the standard) of which 8 byte were 0's, so effectively a 8 byte IV.

Ok. Thanks for the link. And I’ll fix it a bit, it's about 128 bits, not bytes. Half of 128 bit zeros.
And it doesn't look like a strong vulnerability, 64 bits of RNG is still a lot.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: prix on September 14, 2019, 09:10:19 PM

I tried to search for '"4 bit IV" winrar' in the google - there is only your post. I looked a little at the whole on Winrar password vulnerabilities - nothing.
Can you tell me more about what you are talking about?

There have been multiple vulnerabilities already.
WinRAR used its own encryption mechanism before implementing standard (good) algorithms.

However, the vulnerability i was referring to actually was from 7zip. Sorry, my bad.
They used a 16 byte IV (instead of 128 byte as defined in the standard) of which 8 byte were 0's, so effectively a 8 byte IV.

This hasn't been found for several years.
Relying on WinRAR, WinZIP or 7zip for storing confidential information is always a bad idea. If you want to encrypt data, use some good and reputable software which is made for doing so (e.g. VeraCrypt).

prix

hero member

Activity: 750

Merit: 511

Quote from: bob123 on July 26, 2019, 06:09:29 AM

And you shouldn't trust encrypted archives either.
WinRAR, for example, implemented the encryption itself correctly, but used a 4 bit IV.
Any encrypted archive can be decrypted within a few minutes.

I don't know whether this has been fixed already, but such a huge mistake is just embarrassing.

I tried to search for '"4 bit IV" winrar' in the google - there is only your post. I looked a little at the whole on Winrar password vulnerabilities - nothing.
Can you tell me more about what you are talking about?

ezeobulu007

newbie

Activity: 83

Merit: 0

I have a note book where I jot down all of my recovery/mnemonic phrases after that I take a picture and save them in my gallery vault app so I can only access it.

Successmaniac4

member

Activity: 196

Merit: 10

I never knew the keyphrase can be recovered by a passphrase. I lost some of my money because I lost the keyphrase. But thanks to this information, u will not lose my money anymore.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: Sourhearrt on July 30, 2019, 08:35:23 PM

if you lost your recovery seed or private keys your funds are go forever

And this exactly is the reason why OP asked how we secure our mnemonic code.

The question was not whether it is important to have a backup, but how to secure it.

Quote from: Sourhearrt on July 30, 2019, 08:35:23 PM

to avoid the mistake of losing your keys you should write down your keys somewhere safe and secured or buy a hardware wallet

A hardware wallet doesn't mean you don't need a backup of your mnemonic code anymore.
Those devices can break too (just as a hard drive).

A backup of your mnemonic code / root key / whatever is always necessary, regardless of which kind of wallet you use.

Sourhearrt

member

Activity: 166

Merit: 12

if you lost your recovery seed or private keys your funds are go forever,to avoid the mistake of losing your keys you should write down your keys somewhere safe and secured or buy a hardware wallet

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: bitart on July 29, 2019, 04:08:02 PM

Well, just make 3 or 4 parts and spread it Cheesy

I know that's a bit oldschool solution, but I'm not familiar with that passphrase.

A better solution regarding splitting the mnemonic code would be Sharmirs Secret Sharing.

With this algorithm, you are able to split your mnemonic code into unique sets, so that X out of Y parts (doesn't matter which exactly, just X out of Y) are required to construct the whole mnemonic.
That's definitely preferable to simply splitting it into pieces without the sharing scheme.

bitart

hero member

Activity: 1442

Merit: 629

Vires in Numeris

Quote from: hatshepsut93 on July 28, 2019, 05:28:12 PM

Quote from: bitart on July 28, 2019, 03:30:14 PM

What if you don't use password but use a cryptosteel kind of solution, but you cut your seed into half, and engrave the first part on one steel (it can be a steel business card, you can find it on eg. ebay) and the second part on another steel.

A half of a seed can be enough to crack the whole seed, depending on attacker's capabilities. Electrum seeds have 135 bits of entropy, and 67.5 bits can be cracked on modern hardware.

Plus, you are making things harder for yourself by having parts of your seed in different places. There are better schemes for that like Shamir's Secret Sharing or good old multisig - they even allow N of M parts setups, so you can account for risks of losing some of the parts of the wallet.

That's good to know, thank (the cracking of the seed)
Well, just make 3 or 4 parts and spread it Cheesy

I know that's a bit oldschool solution, but I'm not familiar with that passphrase.
I know that Electrum has a possibility to use a password, also Trezor and maybe Ledger Nano has also something similar (Trezor for sure), but I don't know if they are cross compatible or not.
If you just want to store an amount in a wallet (even in a normal address not segwit etc... just the old style solution which is compatible with all kind of wallets for now and forever

) you don't want to use any possible incompatible solution just to increase the security.
Multisig is another good solution, I'll have a closer look at it, thanks

Ana_crypto

newbie

Activity: 16

Merit: 10

Quote

Which is why some schemes allow you to add password to your seed, so the seed alone is not enough to access the wallet, because private keys are derived from both the seed and the password. I personally don't use this method, because I use Electrum and it doesn't have this option, but even if I could, I still wouldn't because it just adds just the complexity of storing password somewhere. I'd rather not risk locking myself out of my coins because of a misplaced password.

I think Electrum wallet also has the feature of Passphrase. Instead of storing your password anywhere, you can choose a strong password which you can remember. Even if the seed is stolen, without the passphrase they cannot access the wallet.

You can choose to keep part of your funds under passphrase(large amount) and fewer amount without a passphrase(small amount). If the wallet is stolen, then only the small amount without a passphrase will be lost. You can still save the large amount of funds.

hatshepsut93

legendary

Activity: 3024

Merit: 2148

Quote from: bitart on July 28, 2019, 03:30:14 PM

What if you don't use password but use a cryptosteel kind of solution, but you cut your seed into half, and engrave the first part on one steel (it can be a steel business card, you can find it on eg. ebay) and the second part on another steel.

A half of a seed can be enough to crack the whole seed, depending on attacker's capabilities. Electrum seeds have 135 bits of entropy, and 67.5 bits can be cracked on modern hardware.

Plus, you are making things harder for yourself by having parts of your seed in different places. There are better schemes for that like Shamir's Secret Sharing or good old multisig - they even allow N of M parts setups, so you can account for risks of losing some of the parts of the wallet.

bitart

hero member

Activity: 1442

Merit: 629

Vires in Numeris

Quote from: hatshepsut93 on July 28, 2019, 02:34:58 PM

Quote from: gentlemand on July 25, 2019, 04:52:58 PM

No way would I use something like a cryptosteel or something simply written down in an accessible manner. You never know who's going to uncover it. The days of few people knowing what a seed consists of are drawing to a close.

Which is why some schemes allow you to add password to your seed, so the seed alone is not enough to access the wallet, because private keys are derived from both the seed and the password. I personally don't use this method, because I use Electrum and it doesn't have this option, but even if I could, I still wouldn't because it just adds just the complexity of storing password somewhere. I'd rather not risk locking myself out of my coins because of a misplaced password.

What if you don't use password but use a cryptosteel kind of solution, but you cut your seed into half, and engrave the first part on one steel (it can be a steel business card, you can find it on eg. ebay) and the second part on another steel.
After, you hide these half parts in totally different places (in your home, or the first one in your home, the second one in your realtive's home, etc...) and you're fine
You only have to remember which is the first one and which is the second part, not to mess the order...
And don't use a computer based laser engraver but a handheld type engraver (offline one Cheesy

) not to expose your seed...

hatshepsut93

legendary

Activity: 3024

Merit: 2148

Quote from: gentlemand on July 25, 2019, 04:52:58 PM

No way would I use something like a cryptosteel or something simply written down in an accessible manner. You never know who's going to uncover it. The days of few people knowing what a seed consists of are drawing to a close.

Which is why some schemes allow you to add password to your seed, so the seed alone is not enough to access the wallet, because private keys are derived from both the seed and the password. I personally don't use this method, because I use Electrum and it doesn't have this option, but even if I could, I still wouldn't because it just adds just the complexity of storing password somewhere. I'd rather not risk locking myself out of my coins because of a misplaced password.

virasog

legendary

Activity: 3136

Merit: 1172

Leading Crypto Sports Betting & Casino Platform

Quote from: Furryball on July 25, 2019, 11:13:23 AM

I have a huge thick book that I write all my recovery phase in and I've been using the book since 2018,i have different types of wallet recovery seeds safely written down,i keep my book in a safety lock

Many people fail to understand the importance of securing the seed and the passphrase.
In your case if the book is somehow lost or stolen by anyone they will have access to all of your private keys and all of your money is at risk.
I never keep my wallet seed in a single place. I divide the seed in three different parts and place them at three different places. In this case if one of the places is compromised , no one will have access to my wallet.

Furryball

member

Activity: 490

Merit: 19

I lock my private keys away in a very secured locker but they are written down in my private book

Ana_crypto

newbie

Activity: 16

Merit: 10

Quote from: bitart on July 26, 2019, 03:36:56 PM

It's really similar to using a web based banking system, where you have user ID, password, and nowdays 2FA too

I think the banking system is different from a wallet seed where you have the control of your seed. The bank will have your account information and you hold the PIN for it. If the PIN is lost or hacked then you will loose your funds.

Quote

I know that this is a bit different because in a bank you can go into the first branch and can ask for a new password or new login ID or whatever (after you have identified yourself of course), and this is not possible with bitcoin seeds, but somehow similar...

As you said, if the account is hacked, the bank can block your account and can create a new account and password. And your funds are still safe, if it is blocked before stealing your funds. Whereas in case of wallet seed, if you loose the seed then you lost it completely. No way you can recover your funds.

bitart

hero member

Activity: 1442

Merit: 629

Vires in Numeris

People tend to think that storing a seed safely and securely is a kind of really hard and technical thing...
It's really similar to using a web based banking system, where you have user ID, password, and nowdays 2FA too
Do they care about them, to store them securely?
Not really, they key in their login credentials at the first phising mail, on a totally unsecure webpage (which looks exactly like their bank's page)...
I know that this is a bit different because in a bank you can go into the first branch and can ask for a new password or new login ID or whatever (after you have identified yourself of course), and this is not possible with bitcoin seeds, but somehow similar...
As long as people don't learn to care about their digital financial data, it doesn't matter if it's fiat or bitcoin, they will take huge risk...
So if they will start to care about storing their everyday login data in a safe place, they will do the same with their seed too, but until then, it will be a big headache, how to do it...

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: masulum on July 26, 2019, 07:33:55 AM

I'm not giving advice, OP asking about how to secure, and i share my way.

What you are describing with having a Xth backup in case of all offline backups are lost / damaged / infected is regarding safety, not security.

While redundancy is good. Even redundancy via the cloud is good for safety. But it is not a good way to "secure your recovery seed.." as stated in the OP and the title of this topic.

Storing such sensitive information (which gives anyone who has access to this information the full control over your funds) online is the exact opposite of secure.

Topic: How to secure your Recovery seed or Mnemonic phrase? (Read 533 times)