Topic: Looking for a way to add extra security (Read 478 times)

I don't see that as an advantage at all, but rather a significant disadvantage. I don't want my seed phrase to be able to be accessed from anywhere. I want it securely locked down in one or two specific and secure locations, and not attackable by anyone in the world with a computer.

Then just use redundancy with your paper back ups for the same but more secure outcome.

Use a weak one and it will be brute forced.

Problem not solved at all. If anything, you've just made it significantly more likely your coins are stolen.

That's why I would use redundancy. Storing the encrypted seed in at least 2 different email accounts.


You can use whatever password you want to when using AES-256. Nothing to invent there.


Well I don't write down passwords on paper. not my thing. I would store the pw online too but not in the same place the encrypted seed is stored. problem solved.

There is a higher chance of you not being able to access your Gmail account for different reasons than you losing your paper wallet.
And when it comes to encryption, it all comes down to what kind of password and what algorithm you used to encrypt it. There is no BIP for encryption mnemonics so you'll have to come up with your own and security of that method may not be enough. Not to mention that now you would have to write down the password on a piece of paper so that you don't forget it! In other words we are back where we started.

i'm not sure where i read this but just because you store something on fire resistant metal or something doesn't mean it can't become inaccessible to you. online storage has the benefit of being accessible from almost anywhere...so it's not like it doesnt have its advantages. if i encrypt my seed phrase and store it in my gmail, to me, that's pretty solid. otoh, if i store it unencrypted in my gmail, that's not very solid. assuming gmail doesn't go out of business, i should be good right?

Just because some people used a bad medium (paper instead of laminated paper or metal sheet, etc.) to store their key on and they weren't careful when storing it, that doesn't mean a very terrible method of storing backups such as online storage is suddenly a good idea.

and yet people occasionally come to the forum with a "a rat ate part of the paper my seed phrase was stored on" or some other story about how part of the paper got destroyed or is unreadable...i bet those people wish they would have saved a backup online somewhere.

Saving your recovery seed online can be prone to attack by other users, it can never be guaranteed 100% safe as long as it is online. It is prone to attackers, virus or even system damage and you’ll eventually lose everything. The best way to keep it safe is to get it written down in a safe place. You can write it down with a code only you understand in order to be able to access it by yourself even if someone sees where you kept it.

"But it needs to be done securely". That's the problem right there. Most people cannot do it securely. The average person does not know what an airgapped device is, let alone how to open up a computer and physically remove all the necessary hardware. The average person does not know what Linux is, let alone how to format their new airgapped device and install a clean open source OS on it. The average person does not know what encryption is, let alone how to get Veracrypt downloaded, verified, safely transferred over to their airgapped device, installed, and used to create a hidden container. The average person does not know what open source is, let alone being able to review the code of Veracrypt and the encryption algorithm they choose to ensure their encrypted files are safe and secure. The number of steps which could go wrong is huge, and the average person will not be able to identify any steps which have gone wrong or any points in which they have compromised their security.

However, the average person is able to very securely write down 24 words on a piece of paper.

So yes, if you know what you are doing then go ahead and use encrypted airgapped wallets or back ups (I do), but you must realize there is a significant learning curve compared to paper back ups.

If your paper back ups can be easily found and stolen, then you need to find a more secure storage location. I have far more trust in my physical storage locations than I would in, for example, a cloud storage provider not closing my account and losing my files.

I see no problem in putting it in a file, but it needs to be done securely.
So do it on an airgapped pc, and install VeraCrypt on it.

Create an encrypted container with VeraCrypt (successor of TrueCrypt), ideally with 2 passwords: 1 standard that is a decoy, 1 that opens the hidden container.
There is no way to tell if this file is an encrypted container, but if forced you can always provide the standard password to give them the decoy files.

Put the file with the keys inside the container. Use a standard .txt file, no need for specials like .doc or .ods. You can also copy wallet.dat files, whatever ...
Dismount the container when done.

This file you can move anywhere even in unprotected places.
Encrypted containers in a dozen places online and offline on usb sticks/cd's offer a reliable backup. It's highly unlikely someone can find every single copy.

Remember: paper or metal backups can be found, stolen or confiscated easily.

Not completely proprietary though, microsoft partially open .doc specification under Microsoft Open Specification Promise. Although OpenDocument Format (such as .oodt) is better option if you want completely open format.


FYI, openoffice is very outdated. Check libreoffice instead.

Another thing i dont know if anyone brought up but the doc format is kind of proprietary to microsoft and i wouldnt bet on that being readable by any software oneday...openoffice can't even read some doc files properly...

I haven't seen it, but someone should make it! How cool would it be to convert 12 or 24 words into maybe 15 or 30 words with very CPU-intensive encryption?
I'd love to see a new standard developed for this.

Hmm, I confess... this is a very valuable information, thank you so much to share with us 
Some of these methods you mentioned I already knew about and others I didn't. But I think it's valid to use these tools that you said to increase the security.

To be fair, most people doesn't know how encryption or compress actually works even if it's open source. But i agree those software usually have weak encryption.


BIP 38 is intended for private key. I doubt there are any user-friendly software which let you use seed/mnemonic phrase as input (rather than private key).

Can't say I would recommend that method unless you have some way to guarantee that the PC you've used to create the encrypted file is (and always will be) kept 100% offline.

Otherwise, the "traditional" offline methods of securely and safely storing your seed backups on (waterproof) paper and/or steel plates, using a fireproof safe, multiple offsite backups etc are probably your best option.

Having said that, whatever you do end up doing, make sure you actually do make backups of your wallet phrase!

If you're to write your keys on any device then it must be coded by you such away that only you can have access to it but ensure you create a back for recovery to it, you can as well split the keys on two different device that only the combination of the keys from the two storage devices can lead an access to your wallet.

Helpful hint:
Make use of hardware open source wallets
Store your keys on a metal sheet and encode it
Write your password and encrypt it with a password
Use an air grip device

Find stainless steel you aren't using anymore and carve the whole recovery phrase on it, your job from then on is to find a safe spot to keep this stainless steel, this is a better old school way of keeping recovery seed safe.

It depends on what aspect of your set up you are looking to increase the security for. For a seed phrase, then generate it on a permanently airgapped computer which is running a fresh install of a reputable open source Linux distro, or a reputable open source hardware wallet. Do not back it up digitally, but write it down on paper only. You should have a minimum of two back ups in two different geographical locations. If you want to make it so that if your seed phrase is compromised your coins are not immediately stolen, then use a multi-sig set up (backing up each seed phrase and xpub multiple times separately), or create multiple additional hidden wallets by using passphrases (again backing up your passphrases on paper and separately). Alternatively, encrypt your seed phrase and also back up the decryption key on paper, but again separately to your seed phrase back up.

This is all great for increasing the security of generating and storing seed phrase, but that is only one piece of the puzzle, so to speak. If you then import that seed phrase in to a hot wallet, for example, then you have negated everything I have listed above.

Thanks for correcting me and complementing my answer.
Well remembered, I confess that I didn't think about the possibility of a multi-sig wallet, this is an excellent method to increase security

A quick question, are there more ways to get more security? How?

You can try to hide porn with that method, but it wont stop a real hack0r. You security can be broken by guide from https://www.passcope.com/how-to-hack-or-break-zip-file-password/. Why not add a mouse trap close to your pc mouse, put a trap under pc, install scarecrow in your room. Change icon of your zip file to a black icon, thus it will make it unseen. Rename it into smth like "..." and people will think that it is just burned pixels on the screen. Or rename your archive into system.ini - no one would ever try clicking on it.

Your seed should never be stored digitally in any way. That includes text documents, .rar achieves, cloud services, emails, etc. Especially on a computer that is permanently connected to the internet and is probably used for all kinds of internet activities. There are so many things that can go wrong, it's not even worth naming them all. Almost everything has been mentioned already in previous replies. One thing that seems to be missing is hardware failure. Your hard drive can break over night making recovery difficult or impossible. You might be required to send it to a repair shop where the personnel could get access to your seed. That won't happen if the words are written down on a piece of paper and stored somewhere safely.

I don't know if it has change, but last time I've used WinZip, it used to do weak protection.
Using such methods involves computers and your seed will leave a trace on the disk and somebody more skilled could retrieve it.
Even more disks, USBs and so on can easily and suddenly fail, so it's not a reliable way to store the key to your money.


The best way for security is to write down -  in a way or another - your seed onto paper (preferably laminated) or steel and keep it in multiple copies, preferably in different locations many miles away one to the other.
Now, this can go from laminated piece of paper with exact seed phrase to books with the seed words marked, or from using steel washers to buying commercially available CryptoSteel-like products. Just make sure the order of those words is not altered.

Also make sure you don't do anything overly complicated you may forget in 10 years or, in case you suffer an accident, you or your family would be unable to use those funds to help you get back on your feet.

It's safer to keep your private keys and recovery seed offline, this is one if those reasons why I like paper wallet, you only need to send the coin to the address and track your address using a block explorer, all you have to do is store the keys in an offline place and out of people's reach.

Store your seeds in .doc .zip or .rar file do look extra secure with strong password, but the truth isn't. Those software offer bad and low encryption, you don't even have any idea how those software compress your file isn't?

If you want to encrypt your seeds to add extra security, better to learn and use BIP38 rather than "trusting" those closed source software.

Don't do that, and better keep recovery phrase offline and written on piece of paper or on stainless steel metal.
You can always make a mistake with making digital copies for your files and password (even if you consider it strong today) can be hacked if not done properly.
For extra security I would rather add passphrase to your seed words, or use multisig setup if you don't mind extra complexity.

This is disaster waiting to happen, and I heard many people made mistakes like this creating their own ''better'' splitting system for seed words.

And there are few additional risk such as,
1. The .doc editor and compression tool store the unencrypted data as temporary file which sometimes not deleted automatically.
2. The OS infected by keylogger or clipboard malware.

It's not safe for a number of reasons. The data for the unprotected seed phrase will still exist on your hard drive, even if you immediately delete it, and could be fairly easily recovered later. You are trusting that the computer you use it on is clean and free of malware. You are trusting the encryption implementation of WinZip. You are trusting the storage medium you are using.

You should only be using digital backs up if you create them using a permanently airgapped device and you really know what you are doing. Otherwise, just stick to writing down your seed phrase on paper.

Splitting up your seed phrase like this is a bad idea and almost certainly doesn't achieve the additional security you think it would. If you want to add more security to your wallet, then use a standard method such as additional passphrases or multi-sig.

I don't think it is a good idea to make security related decisions based on statistics simply due to the fact that just because someone hasn't happened before it doesn't mean it won't happen to you. For example Bittrex exchange never scammed anyone until they scammed thousands of users overnight.

It is always best to consider all possibilities and think of ways to prevent them. For example my USB disk that is 15 years old is still working and has never had any issues and I have some files on it as backup but that doesn't mean I trust it won't ever break. So I keep other backups too.

Basically, you should not store your back up on digital devices. It is worse if you connect those devices to the Internet too often.

Better methods are

• Using air-gapped computer to store your wallet. [Guide] Secure air-gapped crypto wallet storage method
• Use steel plates, etc to store your keys/seeds. Crypto Security - Additional Protection For Your Seed/Private Keys.
• Make sure you know how to use a strong password. [GUIDE] How to Create a Strong/Secure Password. Additionally, use password managers such as
  
  • KeePass: https://keepass.info/
  • KeePassDroid (KeePass for Android): https://play.google.com/store/apps/details?hl=en&id=com.android.keepass
  • bitwarden: https://bitwarden.com/

I always thought that people like to be very paranoid about their bitcoins.  I agree that you need to worry about the storage of your code phrase and engrave it on some solid metal if a person has really big money. But I do not believe that everyone here is rich, so everyone needs to drip out their keys on uninhabited islands.
Enough for a few flash drives, or, just a record that will not fade with time.
There is a good saying that 99% of things that we worry about, most of them never happen.
Do not fuss, but just be careful.

Only do that if you know how to do it on an air-gapped device; like on this[1] guide by Sowik. If not, stay away from digital recovery phrase storage 100%.

---

[1] https://bitcointalksearch.org/topic/guide-secure-air-gapped-crypto-wallet-storage-method-2828437

Everything that input on a computer is prone to brute force attack even though we are careful. But securing it on a piece of paper and laminated it then stored to a safe keep in your place would prevent you from being hacked by others. Provided you keep it safely on your house without possible wet encountered or any  that might damage the copy of your seed phrase.

No problem, no need to apologize for asking this question.

So I would like to share with you what little knowledge I have on this subject.

I believe this is not the best way to store your seeds. Because I believe that there is a possibility of someone breaking the password using brute force, NSIS or something like that.

Some tips I'd like to share

Use 2 or more wallets to fractionate and store your crypto assets, so if you lose your seed or suffer a phishing, your loss will be limited.

Try to store 15 or 20 of the seeds on some paper, and the rest of the seed, try to store it somewhere different, like a tattoo (I know this is weird, but some time ago I saw that someone did this)

Buy a cryptosteel plate, store your seeds there, and bury it somewhere

If you are interested in wanting to store your seeds on a computer, I advise you to use a computer that does not have internet access and you do not use that PC much.

I hope I was helpfull!

This would have been better if you had asked this question on a technical board but I will report the thread to you so that it can be moved.

I would not recommend it, unless when you create the document and compress it, you do it offline and you are 100% sure that you don't have any virus or anything on your PC.

Also, how are you going to save the strong password? Written down? For that I think you better save the written seeds in a secure physical location and that's it.

Guys is it safe to write down recovery phrases in a .doc file and use WinZip or Winrar to compress and add strong password to the file? I don't know if this is stupid or smart.