Pages:
Author

Topic: Looking for a way to add extra security - page 2. (Read 506 times)

member
Activity: 144
Merit: 37
April 05, 2022, 05:42:42 AM
#27
I see no problem in putting it in a file, but it needs to be done securely.
So do it on an airgapped pc, and install VeraCrypt on it.

Create an encrypted container with VeraCrypt (successor of TrueCrypt), ideally with 2 passwords: 1 standard that is a decoy, 1 that opens the hidden container.
There is no way to tell if this file is an encrypted container, but if forced you can always provide the standard password to give them the decoy files.

Put the file with the keys inside the container. Use a standard .txt file, no need for specials like .doc or .ods. You can also copy wallet.dat files, whatever ...
Dismount the container when done.

This file you can move anywhere even in unprotected places.
Encrypted containers in a dozen places online and offline on usb sticks/cd's offer a reliable backup. It's highly unlikely someone can find every single copy.

Remember: paper or metal backups can be found, stolen or confiscated easily.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
April 02, 2022, 05:57:50 AM
#26
Another thing i dont know if anyone brought up but the doc format is kind of proprietary to microsoft and i wouldnt bet on that being readable by any software oneday...

Not completely proprietary though, microsoft partially open .doc specification under Microsoft Open Specification Promise. Although OpenDocument Format (such as .oodt) is better option if you want completely open format.

openoffice can't even read some doc files properly... Huh

FYI, openoffice is very outdated. Check libreoffice instead.
sr. member
Activity: 1190
Merit: 468
April 01, 2022, 11:57:21 PM
#25
Store your seeds in .doc .zip or .rar file do look extra secure with strong password, but the truth isn't. Those software offer bad and low encryption, you don't even have any idea how those software compress your file isn't?

To be fair, most people doesn't know how encryption or compress actually works even if it's open source. But i agree those software usually have weak encryption.


Another thing i dont know if anyone brought up but the doc format is kind of proprietary to microsoft and i wouldnt bet on that being readable by any software oneday...openoffice can't even read some doc files properly... Huh
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
April 01, 2022, 04:04:20 AM
#24
BIP 38 is intended for private key. I doubt there are any user-friendly software which let you use seed/mnemonic phrase as input (rather than private key).
I haven't seen it, but someone should make it! How cool would it be to convert 12 or 24 words into maybe 15 or 30 words with very CPU-intensive encryption?
I'd love to see a new standard developed for this.
hero member
Activity: 1554
Merit: 814
The Alliance Of Bitcointalk Translators - ENG>POR
April 01, 2022, 01:38:18 AM
#23
It depends on what aspect of your set up you are looking to increase the security for. For a seed phrase, then generate it on a permanently airgapped computer which is running a fresh install of a reputable open source Linux distro, or a reputable open source hardware wallet. Do not back it up digitally, but write it down on paper only. You should have a minimum of two back ups in two different geographical locations. If you want to make it so that if your seed phrase is compromised your coins are not immediately stolen, then use a multi-sig set up (backing up each seed phrase and xpub multiple times separately), or create multiple additional hidden wallets by using passphrases (again backing up your passphrases on paper and separately). Alternatively, encrypt your seed phrase and also back up the decryption key on paper, but again separately to your seed phrase back up.

This is all great for increasing the security of generating and storing seed phrase, but that is only one piece of the puzzle, so to speak. If you then import that seed phrase in to a hot wallet, for example, then you have negated everything I have listed above.
Hmm, I confess... this is a very valuable information, thank you so much to share with us  Smiley
Some of these methods you mentioned I already knew about and others I didn't. But I think it's valid to use these tools that you said to increase the security.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
March 29, 2022, 07:33:07 AM
#22
Store your seeds in .doc .zip or .rar file do look extra secure with strong password, but the truth isn't. Those software offer bad and low encryption, you don't even have any idea how those software compress your file isn't?

To be fair, most people doesn't know how encryption or compress actually works even if it's open source. But i agree those software usually have weak encryption.

If you want to encrypt your seeds to add extra security, better to learn and use BIP38 rather than "trusting" those closed source software.

BIP 38 is intended for private key. I doubt there are any user-friendly software which let you use seed/mnemonic phrase as input (rather than private key).
HCP
legendary
Activity: 2086
Merit: 4361
March 29, 2022, 02:37:11 AM
#21
Can't say I would recommend that method unless you have some way to guarantee that the PC you've used to create the encrypted file is (and always will be) kept 100% offline.

Otherwise, the "traditional" offline methods of securely and safely storing your seed backups on (waterproof) paper and/or steel plates, using a fireproof safe, multiple offsite backups etc are probably your best option.

Having said that, whatever you do end up doing, make sure you actually do make backups of your wallet phrase! Wink
hero member
Activity: 952
Merit: 555
March 28, 2022, 03:01:14 PM
#20
Guys is it safe to write down recovery phrases in a .doc file and use WinZip or Winrar to compress and add strong password to the file? I don't know if this is stupid or smart.

If you're to write your keys on any device then it must be coded by you such away that only you can have access to it but ensure you create a back for recovery to it, you can as well split the keys on two different device that only the combination of the keys from the two storage devices can lead an access to your wallet.

Helpful hint:
Make use of hardware open source wallets
Store your keys on a metal sheet and encode it
Write your password and encrypt it with a password
Use an air grip device
member
Activity: 271
Merit: 14
March 28, 2022, 12:28:06 PM
#19
Find stainless steel you aren't using anymore and carve the whole recovery phrase on it, your job from then on is to find a safe spot to keep this stainless steel, this is a better old school way of keeping recovery seed safe.
legendary
Activity: 2268
Merit: 18711
March 28, 2022, 11:19:41 AM
#18
A quick question, are there more ways to get more security? How?
It depends on what aspect of your set up you are looking to increase the security for. For a seed phrase, then generate it on a permanently airgapped computer which is running a fresh install of a reputable open source Linux distro, or a reputable open source hardware wallet. Do not back it up digitally, but write it down on paper only. You should have a minimum of two back ups in two different geographical locations. If you want to make it so that if your seed phrase is compromised your coins are not immediately stolen, then use a multi-sig set up (backing up each seed phrase and xpub multiple times separately), or create multiple additional hidden wallets by using passphrases (again backing up your passphrases on paper and separately). Alternatively, encrypt your seed phrase and also back up the decryption key on paper, but again separately to your seed phrase back up.

This is all great for increasing the security of generating and storing seed phrase, but that is only one piece of the puzzle, so to speak. If you then import that seed phrase in to a hot wallet, for example, then you have negated everything I have listed above.
hero member
Activity: 1554
Merit: 814
The Alliance Of Bitcointalk Translators - ENG>POR
March 28, 2022, 10:50:37 AM
#17
Splitting up your seed phrase like this is a bad idea and almost certainly doesn't achieve the additional security you think it would. If you want to add more security to your wallet, then use a standard method such as additional passphrases or multi-sig.
Thanks for correcting me and complementing my answer.
Well remembered, I confess that I didn't think about the possibility of a multi-sig wallet, this is an excellent method to increase security

A quick question, are there more ways to get more security? How?
member
Activity: 564
Merit: 50
March 28, 2022, 10:08:19 AM
#16
Guys is it safe to write down recovery phrases in a .doc file and use WinZip or Winrar to compress and add strong password to the file? I don't know if this is stupid or smart.

You can try to hide porn with that method, but it wont stop a real hack0r. You security can be broken by guide from https://www.passcope.com/how-to-hack-or-break-zip-file-password/. Why not add a mouse trap close to your pc mouse, put a trap under pc, install scarecrow in your room. Change icon of your zip file to a black icon, thus it will make it unseen. Rename it into smth like "..." and people will think that it is just burned pixels on the screen. Or rename your archive into system.ini - no one would ever try clicking on it.
legendary
Activity: 2730
Merit: 7065
March 28, 2022, 09:56:24 AM
#15
Your seed should never be stored digitally in any way. That includes text documents, .rar achieves, cloud services, emails, etc. Especially on a computer that is permanently connected to the internet and is probably used for all kinds of internet activities. There are so many things that can go wrong, it's not even worth naming them all. Almost everything has been mentioned already in previous replies. One thing that seems to be missing is hardware failure. Your hard drive can break over night making recovery difficult or impossible. You might be required to send it to a repair shop where the personnel could get access to your seed. That won't happen if the words are written down on a piece of paper and stored somewhere safely.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
March 28, 2022, 09:56:03 AM
#14
Guys is it safe to write down recovery phrases in a .doc file and use WinZip or Winrar to compress and add strong password to the file? I don't know if this is stupid or smart.

I don't know if it has change, but last time I've used WinZip, it used to do weak protection.
Using such methods involves computers and your seed will leave a trace on the disk and somebody more skilled could retrieve it.
Even more disks, USBs and so on can easily and suddenly fail, so it's not a reliable way to store the key to your money.


The best way for security is to write down -  in a way or another - your seed onto paper (preferably laminated) or steel and keep it in multiple copies, preferably in different locations many miles away one to the other.
Now, this can go from laminated piece of paper with exact seed phrase to books with the seed words marked, or from using steel washers to buying commercially available CryptoSteel-like products. Just make sure the order of those words is not altered.

Also make sure you don't do anything overly complicated you may forget in 10 years or, in case you suffer an accident, you or your family would be unable to use those funds to help you get back on your feet.
jr. member
Activity: 110
Merit: 1
March 28, 2022, 09:46:19 AM
#13
It's safer to keep your private keys and recovery seed offline, this is one if those reasons why I like paper wallet, you only need to send the coin to the address and track your address using a block explorer, all you have to do is store the keys in an offline place and out of people's reach.
hero member
Activity: 1064
Merit: 843
March 28, 2022, 09:42:10 AM
#12
Store your seeds in .doc .zip or .rar file do look extra secure with strong password, but the truth isn't. Those software offer bad and low encryption, you don't even have any idea how those software compress your file isn't?

If you want to encrypt your seeds to add extra security, better to learn and use BIP38 rather than "trusting" those closed source software.
legendary
Activity: 2212
Merit: 7064
March 28, 2022, 06:16:20 AM
#11
Guys is it safe to write down recovery phrases in a .doc file and use WinZip or Winrar to compress and add strong password to the file? I don't know if this is stupid or smart.
Don't do that, and better keep recovery phrase offline and written on piece of paper or on stainless steel metal.
You can always make a mistake with making digital copies for your files and password (even if you consider it strong today) can be hacked if not done properly.
For extra security I would rather add passphrase to your seed words, or use multisig setup if you don't mind extra complexity.

Splitting up your seed phrase like this is a bad idea and almost certainly doesn't achieve the additional security you think it would. If you want to add more security to your wallet, then use a standard method such as additional passphrases or multi-sig.
This is disaster waiting to happen, and I heard many people made mistakes like this creating their own ''better'' splitting system for seed words.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
March 28, 2022, 06:11:05 AM
#10
Guys is it safe to write down recovery phrases in a .doc file and use WinZip or Winrar to compress and add strong password to the file? I don't know if this is stupid or smart.
It's not safe for a number of reasons. The data for the unprotected seed phrase will still exist on your hard drive, even if you immediately delete it, and could be fairly easily recovered later. You are trusting that the computer you use it on is clean and free of malware. You are trusting the encryption implementation of WinZip. You are trusting the storage medium you are using.

And there are few additional risk such as,
1. The .doc editor and compression tool store the unencrypted data as temporary file which sometimes not deleted automatically.
2. The OS infected by keylogger or clipboard malware.
legendary
Activity: 2268
Merit: 18711
March 28, 2022, 05:45:31 AM
#9
Guys is it safe to write down recovery phrases in a .doc file and use WinZip or Winrar to compress and add strong password to the file? I don't know if this is stupid or smart.
It's not safe for a number of reasons. The data for the unprotected seed phrase will still exist on your hard drive, even if you immediately delete it, and could be fairly easily recovered later. You are trusting that the computer you use it on is clean and free of malware. You are trusting the encryption implementation of WinZip. You are trusting the storage medium you are using.

You should only be using digital backs up if you create them using a permanently airgapped device and you really know what you are doing. Otherwise, just stick to writing down your seed phrase on paper.

Try to store 15 or 20 of the seeds on some paper, and the rest of the seed, try to store it somewhere different, like a tattoo (I know this is weird, but some time ago I saw that someone did this)
Splitting up your seed phrase like this is a bad idea and almost certainly doesn't achieve the additional security you think it would. If you want to add more security to your wallet, then use a standard method such as additional passphrases or multi-sig.
legendary
Activity: 3472
Merit: 10611
March 28, 2022, 04:36:19 AM
#8
There is a good saying that 99% of things that we worry about, most of them never happen.
I don't think it is a good idea to make security related decisions based on statistics simply due to the fact that just because someone hasn't happened before it doesn't mean it won't happen to you. For example Bittrex exchange never scammed anyone until they scammed thousands of users overnight.

It is always best to consider all possibilities and think of ways to prevent them. For example my USB disk that is 15 years old is still working and has never had any issues and I have some files on it as backup but that doesn't mean I trust it won't ever break. So I keep other backups too.
Pages:
Jump to: