[LIST] Bitcoin Seed Backup Tools - page 2.

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

Quote from: dkbit98 on September 18, 2021, 04:29:59 AM

Quote from: Dabs on September 17, 2021, 10:19:33 AM

I'd probably use a small tin can and screw it together, then put some 2 part epoxy on it, then glitter and other creative stuff. You'll have to break it to open it, and it will be obvious.

Just don't make it super-complicated and don't go crazy with epoxy that would make it impossible to open the can Cheesy

Maybe one more step would add extra complexity but I like the idea of using binary form for seed words, so that most people wouldn't even know what those dots really are.
https://github.com/jakob6102/seedcard

Eh, yeah, just use the epoxy to seal it and make it tamper evident, not open-proof.

That binary one is a new take. Previously I was thinking of using 4 digit octal, or 3 digit hexadecimal numbers stamped or etched. I end up deciding I prefer to just etch the whole word. Still a work in progress but there are a few videos on youtube showing how to electrical etch / engrave stainless steel.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: Dabs on September 17, 2021, 10:19:33 AM

I'd probably use a small tin can and screw it together, then put some 2 part epoxy on it, then glitter and other creative stuff. You'll have to break it to open it, and it will be obvious.

Just don't make it super-complicated and don't go crazy with epoxy that would make it impossible to open the can Cheesy

Maybe one more step would add extra complexity but I like the idea of using binary form for seed words, so that most people wouldn't even know what those dots really are.
https://github.com/jakob6102/seedcard

Quote from: PrimeNumber7 on September 17, 2021, 11:20:17 AM

As I noted in my above post, you ultimately need to store all information required to access your coin, including any passphrase, and additional keys if using multisig. You can store this information in multiple places if you so choose.

Well you need to store everything in this world somewhere, and I would not count on my memory and brain to remember anything important.
You are obviously not going to keep all that in one place, passphrase should always be ins separate location, but what if you forgot where you put all those stuff?
Alzheimer's disease and other neurological disorders are getting more common, and our memory is getting worse and more full with age, that is the case with all hard drives Wink

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: PrimeNumber7 on September 17, 2021, 11:20:17 AM

As I noted in my above post, you ultimately need to store all information required to access your coin, including any passphrase, and additional keys if using multisig. You can store this information in multiple places if you so choose.

Which is exactly where a tamper-evident set up is useful. I don't want someone to be able to compromise one of my back up locations and for me to have no knowledge of it. Some of my back ups are for cold storage coins I haven't touched in years and don't plan to touch for years. Do I really want a period of 10+ years with an attacker knowing my seed phrase and attempting to brute force my passphrase, find its back up location, or both, and me having absolutely no knowledge that that is what is happening? Of course not. Even in your hypothetical situation of me only checking my back ups very rarely, a period of few months before I discover the breach is far better than not knowing about the breach at all.

PrimeNumber7

copper member

Activity: 1666

Merit: 1901

Amazon Prime Member #7

Quote from: Dabs on September 17, 2021, 01:35:40 PM

Quote from: PrimeNumber7 on September 17, 2021, 11:20:17 AM

It is possible to see through some envelopes by holding it up to a light. There is also more advanced technology that can see through darker paper.

Tamper evident bags are really not intended to prevent an observer from looking at the contents inside the bag.

Agreed that envelopes and even thicker ones or darker ones may still be readable, but could you possibly insert another thick paper in there to make the original paper unreadable without opening the envelope? Or even insert small metal foil so no one can shine a light through? Your potential adversary would need advanced technology and I'd wonder if it may be worth it, or they would rather just open it anyway (and then you'll know someone opened it.)

You could have other forms of security to find out if the site has been tampered with or if anyone else has been to that location, depending on specifics. Cameras, or even other low tech solutions (hair stuck to the door, floor patterns of scattered rubble or whatever, dust?)

Sure, there is a lot you can do to try to ensure that you are aware of a compromise when you visit your offsite backup location.

The problem with the above is that it is generally unusual for someone to visit their offsite backup location, and that most people store all information needed to access coin in a single offsite location.

This will only result in negative outcomes. You will generally not know for a long time vis your tamper evident bag, they your backup has been compromised. There is also the potential that you will have multiple offsite locations compromised and you will not realize it. Or you might sacrifice physical security in favor of using a tamper evident bag that results in your private keys being stolen.

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

Quote from: PrimeNumber7 on September 17, 2021, 11:20:17 AM

It is possible to see through some envelopes by holding it up to a light. There is also more advanced technology that can see through darker paper.

Tamper evident bags are really not intended to prevent an observer from looking at the contents inside the bag.

Agreed that envelopes and even thicker ones or darker ones may still be readable, but could you possibly insert another thick paper in there to make the original paper unreadable without opening the envelope? Or even insert small metal foil so no one can shine a light through? Your potential adversary would need advanced technology and I'd wonder if it may be worth it, or they would rather just open it anyway (and then you'll know someone opened it.)

You could have other forms of security to find out if the site has been tampered with or if anyone else has been to that location, depending on specifics. Cameras, or even other low tech solutions (hair stuck to the door, floor patterns of scattered rubble or whatever, dust?)

PrimeNumber7

copper member

Activity: 1666

Merit: 1901

Amazon Prime Member #7

Quote from: dkbit98 on September 17, 2021, 06:32:05 AM

Quote from: PrimeNumber7 on September 16, 2021, 11:50:41 PM

Pretty cool concept. Obviously, if your entire seed is compromised, this will not do much good.

Not if you are using passphrase or multisig setup.
Your seed phrase can get compromised without you even knowing it if you don't have some tamper-evident solution like this.
Someone can find your seed phrase, copywrite your words and put your plate or paper in place like it was before, you would never notice it on time.

As I noted in my above post, you ultimately need to store all information required to access your coin, including any passphrase, and additional keys if using multisig. You can store this information in multiple places if you so choose.

Quote from: o_e_l_e_o on September 17, 2021, 03:27:55 AM

Quote from: PrimeNumber7 on September 16, 2021, 11:50:41 PM

If your security model includes storing portions of your seed in various offsite locations, a tamper-evident bag may provide minimal additional security. Like I mentioned above, these bags are typically transparent, so an adversary will likely not need to actually open the bag in order to see what is inside. It is also probably trivial to do things such as fold/unfold items inside the bag, as well as open things such as an envelope.

So I can use a non-transparent bag. Or put the seed phrase inside an envelope - either they open the envelope inside the bag, in which case it is obvious my seed phrase has been accessed, or they have to open the bag to replace the envelope, which gives the same result.

It is possible to see through some envelopes by holding it up to a light. There is also more advanced technology that can see through darker paper.

Tamper evident bags are really not intended to prevent an observer from looking at the contents inside the bag.

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

If you have a tamper evident transparent container, and it contains an envelope with tamper evident seal / signature / glitter nail polish, then you'll know if anyone opened it, but while it's not open, you'll also know that no one can read whatever is inside the envelope. Just wrap it in more pieces of paper with random scribbles like "security envelopes".

I'd probably use a small tin can and screw it together, then put some 2 part epoxy on it, then glitter and other creative stuff. You'll have to break it to open it, and it will be obvious.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: PrimeNumber7 on September 16, 2021, 11:50:41 PM

Pretty cool concept. Obviously, if your entire seed is compromised, this will not do much good.

Not if you are using passphrase or multisig setup.
Your seed phrase can get compromised without you even knowing it if you don't have some tamper-evident solution like this.
Someone can find your seed phrase, copywrite your words and put your plate or paper in place like it was before, you would never notice it on time.

Quote from: o_e_l_e_o on September 17, 2021, 03:27:55 AM

I have no idea - how feasible would it be for someone to remove the bottom of the plastic container (I don't mean unscrew the lid which would obviously mess up the beads, but rather cut/melt/whatever just the bottom of the container), access the contents, and then attach a fresh piece? What about to do so in a way that it wasn't immediately obvious that it had been done?

It would be impossible to do this without owner noticing that bottom was tampered with, so you would probably get a worse results then if you just open and remove the top lid.
One thing that could happen is that someone clones or 3print identical plastic box, but easy way to protect against this would be to make your box custom and unique only to you.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: dkbit98 on September 16, 2021, 05:51:57 AM

I don't know if anyone is familiar with this, but I found one interesting project called entropy seal for tamper-evident packaging, it is a jar with particles for storing any sensitive physical goods.

I'd echo PN7 in saying this is a very cool concept. I'm not sure I have any use case for it, but I'm sure some people will. Quick question for anyone who can answer since I have no idea - how feasible would it be for someone to remove the bottom of the plastic container (I don't mean unscrew the lid which would obviously mess up the beads, but rather cut/melt/whatever just the bottom of the container), access the contents, and then attach a fresh piece? What about to do so in a way that it wasn't immediately obvious that it had been done?

Quote from: PrimeNumber7 on September 16, 2021, 11:50:41 PM

If your security model includes storing portions of your seed in various offsite locations, a tamper-evident bag may provide minimal additional security. Like I mentioned above, these bags are typically transparent, so an adversary will likely not need to actually open the bag in order to see what is inside. It is also probably trivial to do things such as fold/unfold items inside the bag, as well as open things such as an envelope.

So I can use a non-transparent bag. Or put the seed phrase inside an envelope - either they open the envelope inside the bag, in which case it is obvious my seed phrase has been accessed, or they have to open the bag to replace the envelope, which gives the same result.

PrimeNumber7

copper member

Activity: 1666

Merit: 1901

Amazon Prime Member #7

Quote from: o_e_l_e_o on September 16, 2021, 03:29:44 AM

Quote from: PrimeNumber7 on September 15, 2021, 11:17:02 PM

Those bags are useless, and will provide zero protection.

They provide zero protection, but they are not useless.

Take the situation where you have a seed phrase backed up in one location and a passphrase backed up in another. If you notice that your seed phrase's tamper evident bag/seal/whatever has been broken, then you will know that an attacker has your seed phrase and may be attempting to brute force your passphrase, and you will move your coins immediately to a new wallet. Without a tamper evident bag, you would not have this knowledge. You will also now know that that particular back up location is not secure and you will stop using it, information you wouldn't otherwise have.

No single back up I have is enough to steal any coins from me, but I definitely still want to know if any single back up has been accessed by someone who isn't me.

You ultimately need to store your entire seed, including any passphrase in (an) offsite location(s). Otherwise, you risk losing access to your coin.

If your security model includes storing portions of your seed in various offsite locations, a tamper-evident bag may provide minimal additional security. Like I mentioned above, these bags are typically transparent, so an adversary will likely not need to actually open the bag in order to see what is inside. It is also probably trivial to do things such as fold/unfold items inside the bag, as well as open things such as an envelope.

I am also not sure how often most people access their off-site backup location. I think for a lot of people, this is fairly uncommon, especially if the location is far from their home.

The purpose of a tamper-evident bag is really to provide assurances that the content inside the bag has not changed. This is really not an important question when restoring from a backup.

Quote from: dkbit98 on September 16, 2021, 05:51:57 AM

Quote from: PrimeNumber7 on September 15, 2021, 11:17:02 PM

Those bags are useless, and will provide zero protection.

They are not meant to offer any protection, they should just to tell you if the bag was opened or not, something like sealed envelope, when you break the seal you know that content inside was compromised.

As I mentioned above, it really tells you fi the contents inside a bag have changed.

Quote from: dkbit98 on September 16, 2021, 05:51:57 AM

I don't know if anyone is familiar with this, but I found one interesting project called entropy seal for tamper-evident packaging, it is a jar with particles for storing any sensitive physical goods.
I am not sure if they are selling it yet but it is interesting concept, one thing I don't like is that some phone app must be used for capturing and comparing image,
so I wonder what happens if app is dead or not supported in new phone...

https://www.entropyseal.com/

Pretty cool concept. Obviously, if your entire seed is compromised, this will not do much good.

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

I've read some time ago about using metallic nail polish, or glitter nail polish. There's probably a link somewhere, let me look for it.

https://boingboing.net/2013/12/31/glitter-nail-polish-is-the-bes-2.html
https://trmm.net/Glitter/
https://lifehacker.com/use-glitter-nail-polish-to-make-your-laptop-tamper-proo-1493599646
http://www.kristovatlas.com/improving-tamper-evidence-for-hardware-wallets/
http://blog.ssokolow.com/archives/2017/04/08/home-made-tamper-evident-security-seals-for-kids-and-adults-alike/

I found a few. I'm sure you can find more. The last one doesn't use glitter nail polish but has a similar idea. I think I prefer glitter nail polish.

I'd use a thick paper envelope, seal it or glue it, then paint some nail polish on the envelope or sign it with a marker. If you have some sort of other plastic or metal container, you can get creative as well.

The app is probably a "blink test" to compare the images. You can probably store those images anywhere you usually store them, google photos, amazon photos, drop box, emailed to yourself, or even uploaded to your own website.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: DaveF on September 15, 2021, 06:31:31 PM

Also, with some of the wildfires in CA and other parts of the world having real protection is sadly becoming more and more necessary.

I don't know if you saw what happened in Greece this year, but it was crazy with wildfires more than ever before I think.
Having regular paper backup is just not good enough if you want to have piece of mind that your backups won't burn in flames.

Quote from: PrimeNumber7 on September 15, 2021, 11:17:02 PM

Those bags are useless, and will provide zero protection.

They are not meant to offer any protection, they should just to tell you if the bag was opened or not, something like sealed envelope, when you break the seal you know that content inside was compromised.

I don't know if anyone is familiar with this, but I found one interesting project called entropy seal for tamper-evident packaging, it is a jar with particles for storing any sensitive physical goods.
I am not sure if they are selling it yet but it is interesting concept, one thing I don't like is that some phone app must be used for capturing and comparing image,
so I wonder what happens if app is dead or not supported in new phone...

https://www.entropyseal.com/

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: PrimeNumber7 on September 15, 2021, 11:17:02 PM

Those bags are useless, and will provide zero protection.

They provide zero protection, but they are not useless.

Take the situation where you have a seed phrase backed up in one location and a passphrase backed up in another. If you notice that your seed phrase's tamper evident bag/seal/whatever has been broken, then you will know that an attacker has your seed phrase and may be attempting to brute force your passphrase, and you will move your coins immediately to a new wallet. Without a tamper evident bag, you would not have this knowledge. You will also now know that that particular back up location is not secure and you will stop using it, information you wouldn't otherwise have.

No single back up I have is enough to steal any coins from me, but I definitely still want to know if any single back up has been accessed by someone who isn't me.

PrimeNumber7

copper member

Activity: 1666

Merit: 1901

Amazon Prime Member #7

Quote from: n0nce on September 13, 2021, 10:44:05 AM

Quote from: PrimeNumber7 on September 13, 2021, 12:19:10 AM

For many people, a wildfire will mean that a location will be inaccessible for months at a time, and there is the risk that houses will be looted. The same is generally true for hurricanes/severe floods. A severe flood may also physically move a medium documenting a seed, and it may be difficult, if not impossible to locate the medium, even if it survives.

I think it depends a lot where you live. In my region, there is little to no risk of the events you mentioned. I'm still a big proponent of off-site backups.
But especially for those, it's nice to have a tamper evident seal, be it a steel wallet that offers this feature or just a paper wallet stored in a ShiftCrypto tamper evident seals for example.

Those bags are useless, and will provide zero protection.

First of all, someone with physical access to one of those bags could look at what is inside the bag to obtain the seed stored in written format.

More importantly, once someone has access to private keys belonging to a 3rd party that they have compromised, they are going to quickly move the coin being secured by said private keys. This means you will likely realize your private keys have been compromised when your coin has been moved via transaction(s) that you did not sign. Or, you might arrive to the location of your off-site backup, and find the tamper-evident bag very clearly opened, but upon inspection of the blockchain, will find your coin was moved a long time ago.

Quote from: DaveF on September 15, 2021, 06:31:31 PM

Side note to all of this but keep in mind a lot of "fireproof" safes are not.
If you search google / youtube for fireproof safe failure you can see a lot of them.

Most fire "proof" safes have a specific rating regarding the temperature they can protect against, the specific types of contents they can protect given a specific temperature, and the amount of time they can protect said contents at said temperature.

If your safe is rated for paper, but you have a USB drive inside the safe, there will be problems for all the contents inside your safe. Ditto if the safe is rated for 500 degrees, but the fire immediately outside the safe is 550 degrees.

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Side note to all of this but keep in mind a lot of "fireproof" safes are not.
If you search google / youtube for fireproof safe failure you can see a lot of them.

Which brings us to the point. For a lot of these metal plates for the god forbid house fire that destroys everything having a real 1st layer of heat defense is better then having a safe that fails in 5 minutes. Also, with some of the wildfires in CA and other parts of the world having real protection is sadly becoming more and more necessary.

Just something to think about.

-Dave

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

I got one of those steel stamping blocks. It's a quarter inch thick, so ... but I haven't gotten around to electrically etching it yet. It's like 2 inches by 2 inches square and 0.25 inch thick. I also found some galvanize metal plate somewhere, I'll have to clean that up then do some salt water etching on it too.

n0nce

hero member

Activity: 924

Merit: 5943

not your keys, not your coins!

Quote from: o_e_l_e_o on September 13, 2021, 03:05:58 PM

Quote from: n0nce on September 13, 2021, 10:44:05 AM

The metal I used so far was 1.5mm stainless steel.

That's probably your issue there. If you take a look at a variety of proprietary stainless steel back up products, the good ones are usually much thicker than this.

Coldbit - https://coldbit.com/product/coldbit-steel/ - 4mm
Cryptoetch - https://cryptoetch.com/ - 5mm
Cryptotag - https://cryptotag.io/ - 6mm

Quote from: n0nce on September 13, 2021, 10:44:05 AM

But especially for those, it's nice to have a tamper evident seal, be it a steel wallet that offers this feature or just a paper wallet stored in a ShiftCrypto tamper evident seals for example.

You can always make your own by screwing a second stainless steel plate on to the one which has your words stamped/etched on it, obviously obscuring the words, and then affixing a tamper evident sticker across the two plates, or drilling holes in at least 2 opposite corners and passing through tamper evident wire seals or something similar.

Thanks for the recommendations and ideas, I’ll surely try a bunch, it’s always fun to have more backups Grin

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: n0nce on September 13, 2021, 10:44:05 AM

The metal I used so far was 1.5mm stainless steel.

That's probably your issue there. If you take a look at a variety of proprietary stainless steel back up products, the good ones are usually much thicker than this.

Coldbit - https://coldbit.com/product/coldbit-steel/ - 4mm
Cryptoetch - https://cryptoetch.com/ - 5mm
Cryptotag - https://cryptotag.io/ - 6mm

Quote from: n0nce on September 13, 2021, 10:44:05 AM

But especially for those, it's nice to have a tamper evident seal, be it a steel wallet that offers this feature or just a paper wallet stored in a ShiftCrypto tamper evident seals for example.

You can always make your own by screwing a second stainless steel plate on to the one which has your words stamped/etched on it, obviously obscuring the words, and then affixing a tamper evident sticker across the two plates, or drilling holes in at least 2 opposite corners and passing through tamper evident wire seals or something similar.

n0nce

hero member

Activity: 924

Merit: 5943

not your keys, not your coins!

Quote from: o_e_l_e_o on September 12, 2021, 08:40:09 AM

Why not just etch/engrave your words rather than stamping them? You can get an etching pen for 5 bucks on Amazon or a local hardware store, or just go old school and get a scrap sharp piece of similar metal. No issues with bending or deforming the plate, but you just need to make sure your writing is clear and legible.

What metal are you using? Make sure it is both thick enough and not a malleable metal. Stainless steel and titanium are good choices.

I don't know, I thought engraving always looked very crooked and it doesn't go as deep, which makes me think stamping holds up longer.
But I might pick up an engraver to try next time.

The metal I used so far was 1.5mm stainless steel.

Quote from: PrimeNumber7 on September 13, 2021, 12:19:10 AM

For many people, a wildfire will mean that a location will be inaccessible for months at a time, and there is the risk that houses will be looted. The same is generally true for hurricanes/severe floods. A severe flood may also physically move a medium documenting a seed, and it may be difficult, if not impossible to locate the medium, even if it survives.

I think it depends a lot where you live. In my region, there is little to no risk of the events you mentioned. I'm still a big proponent of off-site backups.
But especially for those, it's nice to have a tamper evident seal, be it a steel wallet that offers this feature or just a paper wallet stored in a ShiftCrypto tamper evident seals for example.

Quote from: dkbit98 on September 13, 2021, 08:55:54 AM

Quote from: n0nce on September 12, 2021, 03:49:34 AM

How do you guys stamp the seed phrase into one of these metal backup plates?

What kind of metal material are you using for seed plate?
It should be something like stainless steel or copper, and you can ask for best tools to do it in local hardware shops that sell metallic parts and tools.
One interesting idea is using metal plate and punching holes in binary form that is cheaper and faster than using full words, and even if someone finds them there is less chance he will know what that is.
You can find instructions below written by jakob6102:

https://github.com/jakob6102/seedcard

I really like this idea, in general anything that can be store-bought and doesn't directly indicate what you're trying to use it for. As opposed to buying a purpose-specific 'device' that may be tracked through post etc.

There is also the option of stamping words onto washers and storing them on a screw, but for that I need smaller stamps or big washers.
I'll try these options as well in the future for sure!

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: n0nce on September 12, 2021, 03:49:34 AM

How do you guys stamp the seed phrase into one of these metal backup plates?

What kind of metal material are you using for seed plate?
It should be something like stainless steel or copper, and you can ask for best tools to do it in local hardware shops that sell metallic parts and tools.
One interesting idea is using metal plate and punching holes in binary form that is cheaper and faster than using full words, and even if someone finds them there is less chance he will know what that is.
You can find instructions below written by jakob6102:

https://github.com/jakob6102/seedcard

Topic: [LIST] Bitcoin Seed Backup Tools - page 2. (Read 1122 times)