Author

Topic: Looking for a way to add extra security (Read 519 times)

sr. member
Activity: 1190
Merit: 469
April 11, 2022, 07:52:59 PM
#47
it's automated. there's no person reading the emails. that doesn't affect me at all as far as something i store there that is encrypted because nothing can read that.


Quote
If you're looking for case where regular user is blocked/banned, there are many such posts on twitter, reddit or facebook. Few random example from reddit (since twitter/facebook won't let you search without login),

https://www.reddit.com/r/google/comments/2qhjf5/my_google_drive_account_was_randomly_suspended/
his account was reinstated. nothing was lost. but yeah he did have to jump through some hoops and google had him by the balls for a while...

Quote
Yeah, it says:
...Google banned my payments account because I returned some RMA pixel phones to them and their system didn't recognize the return. When I did a credit card charge back, they banned me. There was no appeal process

Seems like he flew off the handle and did a charge back. so none of what happened after that is surprising at all.

Quote
Besides, the risk is applicable to all kinds of Google users.
thats why you have to replicate your most important data to other places than just google. easier said than done but that's what you have to do. that's what I do. and i had planned to replicate it to some offline storage too but haven't gotten around to it due to being more inconveinent. but i will.


Quote
At the end of the day using cloud services (includes email) to store your private keys is still relying on third parties which is something you should never do when it comes to bitcoin, whether it is usage or storage.They may some day decide that they don't like bitcoin (maybe because google creates their own centralized shitcoin) and ban all accounts that had some activity that related to bitcoin!

i'll let you have the last word on this pooya. suffice it to say that some of this discussion made me realize i need to "beef up" my data storage protocol to make it a bit more robust. thanks guys! Grin




legendary
Activity: 3472
Merit: 10611
April 11, 2022, 07:34:07 AM
#46
At the end of the day using cloud services (includes email) to store your private keys is still relying on third parties which is something you should never do when it comes to bitcoin, whether it is usage or storage. They may some day decide that they don't like bitcoin (maybe because google creates their own centralized shitcoin) and ban all accounts that had some activity that related to bitcoin!
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
April 11, 2022, 04:39:04 AM
#45
Gmail? My god. The same service which openly reads all your emails and attachments?
says who?

Few random article,
https://www.theguardian.com/technology/2014/apr/15/gmail-scans-all-emails-new-google-terms-clarify
https://easydns.com/blog/2019/06/03/googles-gmail-scans-parses-analyzes-and-catalogs-your-email/

Quote
I'd like to mention that Google also could forbid access to "your" data. Usually either don't give the reason or mention vague ToS. And the appeal process isn't easy since usually you'll get robot response.

Check these articles,
Game developers, google play developers, those arent' your typical user. Not surprising at all that this might have happened to them. Not sure they deserved it but they shoudl have realized the risk...

Yahoo mail lost a huge amount of peoples' emails a long time ago. Stuff happens like that. you just have to roll with the punches.

If you're looking for case where regular user is blocked/banned, there are many such posts on twitter, reddit or facebook. Few random example from reddit (since twitter/facebook won't let you search without login),

https://www.reddit.com/r/google/comments/2qhjf5/my_google_drive_account_was_randomly_suspended/
https://www.reddit.com/r/GooglePixel/comments/7nrx07/google_permanently_banned_my_account_because/

Besides, the risk is applicable to all kinds of Google users.
legendary
Activity: 2268
Merit: 18711
April 11, 2022, 04:28:09 AM
#44
says who?
Says Google:

hardware goes bad all the time, flash drives, smartphones, ssds, etc, etc. landfills are filled with the stuff i'm sure. some of it has peoples' data on it that they wish they didn't lose.
Which is why every good wallet tells you to write down your seed phrase on paper.

hard drives do overwrite unused sectors all the time so it's not like it's going to sit there forever.
Depends on how much data your write to the hard drive. And if it's an SSD, then it might deliberately not write to that sector due to wear leveling.

Therefore, no one should ever store sensitive data online. It's a necessary thing.
It's a necessary thing for some types of sensitive data, such as an online fiat bank account. It is absolutely not necessary for anything to do with a bitcoin wallet.

But yet when it comes to crypto that's somehow different and it shouldn't be stored online along with their pictures of their family, house, dog, car, credit cards, bank account details etc.....
Why on Earth are you storing pictures of your credit card online?

Game developers, google play developers, those arent' your typical user.
Google ban accounts all the time. Just Google it (heh). Even something as simple as the credit card linked to your account expiring has been enough for accounts to get shutdown.

Not sure they deserved it but they shoudl have realized the risk...
Much like you are dismissing all the significant risks you are taking?
sr. member
Activity: 1190
Merit: 469
April 10, 2022, 08:09:40 PM
#43
Gmail? My god. The same service which openly reads all your emails and attachments?


says who?

One person throwing out a hard drive does not mean offline back ups are unsafe. Shall we compare how many people have thrown away a hard drive to how many online accounts have been hacked or how many people have lost their passwords? The later is orders of magnitude larger than the former.
the word hard drive in this context could encompass any form of offline storage. so i'm not sure i would agree with your assessment. hardware goes bad all the time, flash drives, smartphones, ssds, etc, etc. landfills are filled with the stuff i'm sure. some of it has peoples' data on it that they wish they didn't lose.

I don't waste time with live OS's.
In which case, your seed phrase likely still exists in plain text somewhere on your hard drive, unless you have overwritten the relevant sector of your hard drive with junk data, either manually or with a dedicated program, which most people don't do.
that's an unlikely attack vector but i suppose it could happen but not in all cases. for example say I am using electrum. i'll just encrypt the wallet. no seed phrase is stored on the hard drive "in the clear". as well, hard drives do overwrite unused sectors all the time so it's not like it's going to sit there forever.

Quote
There is literally no system in the word which is invulnerable to being attacked. Pretty much every email provider in existence has been hacked at some point. Google were caught storing passwords in plain text for 14 years without any of their security team noticing. Plenty of encryption software have had flawed implementations or critical bugs, including very popular ones like TrueCrypt.If you upload something to the internet, then it is at risk.
Therefore, no one should ever store sensitive data online. It's a necessary thing. And I think almost everyone does it. They just don't want to admit to it. But yet when it comes to crypto that's somehow different and it shouldn't be stored online along with their pictures of their family, house, dog, car, credit cards, bank account details etc.....

Quote
I'd like to mention that Google also could forbid access to "your" data. Usually either don't give the reason or mention vague ToS. And the appeal process isn't easy since usually you'll get robot response.

Check these articles,

Game developers, google play developers, those arent' your typical user. Not surprising at all that this might have happened to them. Not sure they deserved it but they shoudl have realized the risk...

Yahoo mail lost a huge amount of peoples' emails a long time ago. Stuff happens like that. you just have to roll with the punches.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
April 10, 2022, 06:14:53 AM
#42
Quote
Said every single person who has ever lost their coins.
that guy that has his bitcoins stored on a hard drive. the whole world knows where the hard drive is located. he does too. problem is, he can't get access to the hard drive because they won't let him go near the garbage dump and he probably has anxiety knowing that maybe someone else has a plan to try and dig up his hdd out of that trash dump. seems to me, if he would have just used gmail to store his btc private keys, he would be good to go. but he wanted to store them offline to keep them safe. they're safe alright. safe from his reach.

I'd like to mention that Google also could forbid access to "your" data. Usually either don't give the reason or mention vague ToS. And the appeal process isn't easy since usually you'll get robot response.

Check these articles,
https://www.businessinsider.com/google-users-locked-out-after-years-2020-10
https://medium.com/@sixacegames/how-google-destroyed-our-startup-by-terminating-our-google-play-developer-account-6a8cca09ea88
https://arstechnica.com/gadgets/2021/01/googles-bots-decide-ass-subtitle-support-is-too-risque-for-the-play-store/
legendary
Activity: 2268
Merit: 18711
April 10, 2022, 04:23:29 AM
#41
gmail has ways to recover an account if you forgot your pw. they are called backup recovery methods. you should check it out.
Gmail? My god. The same service which openly reads all your emails and attachments? And now your back up is duplicated on hundreds of servers around the world which are accessible by thousands of individuals, with unknown physical or digital security.

that guy that has his bitcoins stored on a hard drive. the whole world knows where the hard drive is located. he does too. problem is, he can't get access to the hard drive because they won't let him go near the garbage dump and he probably has anxiety knowing that maybe someone else has a plan to try and dig up his hdd out of that trash dump. seems to me, if he would have just used gmail to store his btc private keys, he would be good to go. but he wanted to store them offline to keep them safe. they're safe alright. safe from his reach.
One person throwing out a hard drive does not mean offline back ups are unsafe. Shall we compare how many people have thrown away a hard drive to how many online accounts have been hacked or how many people have lost their passwords? The later is orders of magnitude larger than the former.

I don't waste time with live OS's.
In which case, your seed phrase likely still exists in plain text somewhere on your hard drive, unless you have overwritten the relevant sector of your hard drive with junk data, either manually or with a dedicated program, which most people don't do.
sr. member
Activity: 1190
Merit: 469
April 09, 2022, 10:20:19 PM
#40
Backing things up in physical form is a hassle. And then you have to keep track of where you hid them. What happens if you forgot about some of the "secure locations" ?
Same thing could be said about any other storage method for example what happens when you forget your login password to your gmail account or wherever else you stored it online!

gmail has ways to recover an account if you forgot your pw. they are called backup recovery methods. you should check it out.

Quote

Said every single person who has ever lost their coins.

that guy that has his bitcoins stored on a hard drive. the whole world knows where the hard drive is located. he does too. problem is, he can't get access to the hard drive because they won't let him go near the garbage dump and he probably has anxiety knowing that maybe someone else has a plan to try and dig up his hdd out of that trash dump. seems to me, if he would have just used gmail to store his btc private keys, he would be good to go. but he wanted to store them offline to keep them safe. they're safe alright. safe from his reach.

Quote
Did you encrypt it on an airgapped live OS to ensure you left no traces? Did you use an open source piece of software which you have personally examined the code to ensure it is secure and bug free? Did you use a long and completely random encrypted key generated by a true source of entropy? Did you ensure the connection between your computer and the server you are uploading it was completely secure? Did you physically visit and examine the server to ensure it is physically secure? Have you examined all the software it is running and its electronic security? Do you know all the people who have physical or electronic access to it?
I don't waste time with live OS's. But I do use open source for encryption and no I didn't examine the code but I'm reasonably certain it is not phoning home because other people have no doubt audited it. And I could if I wanted to, although I may not have the expertise to really understand if there are less obvious bugs. But that's why I test the software. make sure it works before I start using it in a "production environment". I use long passwords so no one is going to guess them. They are generated by software in many cases. But I don't have a radioactive decay detector hooked up to my windows machine if that's what you're asking. I do assume though that things I upload to the cloud are inspected and people are actively trying to take a look at it and decrypt it to find out what is inside the container. thanks for the comment!
member
Activity: 64
Merit: 15
April 09, 2022, 01:16:33 PM
#39
I suggest using Veracrypt , it encrypts and u also can put 21 longs password too. encrypted files is non readable. second way is to write seeds on papers and save it.
legendary
Activity: 2268
Merit: 18711
April 09, 2022, 04:13:46 AM
#38
Something that is properly encrypted is not attackable by anyone in the world with a computer is how i see it. So i'm not worried.
Did you encrypt it on an airgapped live OS to ensure you left no traces? Did you use an open source piece of software which you have personally examined the code to ensure it is secure and bug free? Did you use a long and completely random encrypted key generated by a true source of entropy? Did you ensure the connection between your computer and the server you are uploading it was completely secure? Did you physically visit and examine the server to ensure it is physically secure? Have you examined all the software it is running and its electronic security? Do you know all the people who have physical or electronic access to it?

There is literally no system in the word which is invulnerable to being attacked. Pretty much every email provider in existence has been hacked at some point. Google were caught storing passwords in plain text for 14 years without any of their security team noticing. Plenty of encryption software have had flawed implementations or critical bugs, including very popular ones like TrueCrypt.If you upload something to the internet, then it is at risk.

Backing things up in physical form is a hassle. And then you have to keep track of where you hid them. What happens if you forgot about some of the "secure locations" ?
Far less of a hassle than securely storing something online. And what happens if you forget your email password? Or your decryption key? Or your email provider shuts down your account? Or wipes their servers?

who uses weak passwords? not me.
Most people.

they never have been and so there you go.
And I could drive with no seat belt or airbags for 10 years and suffer no harm from it. Doesn't mean it's a smart idea.
legendary
Activity: 3472
Merit: 10611
April 08, 2022, 11:59:42 PM
#37
Backing things up in physical form is a hassle. And then you have to keep track of where you hid them. What happens if you forgot about some of the "secure locations" ?
Same thing could be said about any other storage method for example what happens when you forget your login password to your gmail account or wherever else you stored it online!

Quote
they never have been and so there you go.
Said every single person who has ever lost their coins.
sr. member
Activity: 1190
Merit: 469
April 08, 2022, 11:33:06 PM
#36
online storage has the benefit of being accessible from almost anywhere...so it's not like it doesnt have its advantages.
I don't see that as an advantage at all, but rather a significant disadvantage. I don't want my seed phrase to be able to be accessed from anywhere. I want it securely locked down in one or two specific and secure locations, and not attackable by anyone in the world with a computer.

Something that is properly encrypted is not attackable by anyone in the world with a computer is how i see it. So i'm not worried.

That's why I would use redundancy. Storing the encrypted seed in at least 2 different email accounts.
Then just use redundancy with your paper back ups for the same but more secure outcome.

Backing things up in physical form is a hassle. And then you have to keep track of where you hid them. What happens if you forgot about some of the "secure locations" ?

You can use whatever password you want to when using AES-256. Nothing to invent there.
Use a weak one and it will be brute forced.
who uses weak passwords? not me.

Quote
Problem not solved at all. If anything, you've just made it significantly more likely your coins are stolen.
they never have been and so there you go.
legendary
Activity: 2268
Merit: 18711
April 08, 2022, 04:58:55 AM
#35
online storage has the benefit of being accessible from almost anywhere...so it's not like it doesnt have its advantages.
I don't see that as an advantage at all, but rather a significant disadvantage. I don't want my seed phrase to be able to be accessed from anywhere. I want it securely locked down in one or two specific and secure locations, and not attackable by anyone in the world with a computer.

That's why I would use redundancy. Storing the encrypted seed in at least 2 different email accounts.
Then just use redundancy with your paper back ups for the same but more secure outcome.

You can use whatever password you want to when using AES-256. Nothing to invent there.
Use a weak one and it will be brute forced.

Well I don't write down passwords on paper. not my thing. I would store the pw online too but not in the same place the encrypted seed is stored. problem solved.
Problem not solved at all. If anything, you've just made it significantly more likely your coins are stolen.
sr. member
Activity: 1190
Merit: 469
April 08, 2022, 01:50:24 AM
#34
There is a higher chance of you not being able to access your Gmail account for different reasons than you losing your paper wallet.
That's why I would use redundancy. Storing the encrypted seed in at least 2 different email accounts.

Quote
And when it comes to encryption, it all comes down to what kind of password and what algorithm you used to encrypt it. There is no BIP for encryption mnemonics so you'll have to come up with your own and security of that method may not be enough.

You can use whatever password you want to when using AES-256. Nothing to invent there.

Quote
Grin
 Not to mention that now you would have to write down the password on a piece of paper so that you don't forget it! In other words we are back where we started.

Well I don't write down passwords on paper. not my thing. I would store the pw online too but not in the same place the encrypted seed is stored. problem solved.
legendary
Activity: 3472
Merit: 10611
April 07, 2022, 10:44:53 PM
#33
i'm not sure where i read this but just because you store something on fire resistant metal or something doesn't mean it can't become inaccessible to you. online storage has the benefit of being accessible from almost anywhere...so it's not like it doesnt have its advantages. if i encrypt my seed phrase and store it in my gmail, to me, that's pretty solid. otoh, if i store it unencrypted in my gmail, that's not very solid. assuming gmail doesn't go out of business, i should be good right?
There is a higher chance of you not being able to access your Gmail account for different reasons than you losing your paper wallet.
And when it comes to encryption, it all comes down to what kind of password and what algorithm you used to encrypt it. There is no BIP for encryption mnemonics so you'll have to come up with your own and security of that method may not be enough. Not to mention that now you would have to write down the password on a piece of paper so that you don't forget it! In other words we are back where we started.
sr. member
Activity: 1190
Merit: 469
April 07, 2022, 07:39:46 PM
#32

Just because some people used a bad medium (paper instead of laminated paper or metal sheet, etc.) to store their key on and they weren't careful when storing it, that doesn't mean a very terrible method of storing backups such as online storage is suddenly a good idea.

i'm not sure where i read this but just because you store something on fire resistant metal or something doesn't mean it can't become inaccessible to you. online storage has the benefit of being accessible from almost anywhere...so it's not like it doesnt have its advantages. if i encrypt my seed phrase and store it in my gmail, to me, that's pretty solid. otoh, if i store it unencrypted in my gmail, that's not very solid. assuming gmail doesn't go out of business, i should be good right?

legendary
Activity: 3472
Merit: 10611
April 06, 2022, 09:58:39 PM
#31
and yet people occasionally come to the forum with a "a rat ate part of the paper my seed phrase was stored on" or some other story about how part of the paper got destroyed or is unreadable...i bet those people wish they would have saved a backup online somewhere.
Just because some people used a bad medium (paper instead of laminated paper or metal sheet, etc.) to store their key on and they weren't careful when storing it, that doesn't mean a very terrible method of storing backups such as online storage is suddenly a good idea.
sr. member
Activity: 1190
Merit: 469
April 06, 2022, 08:12:20 PM
#30
Saving your recovery seed online can be prone to attack by other users, it can never be guaranteed 100% safe as long as it is online. It is prone to attackers, virus or even system damage and you’ll eventually lose everything. The best way to keep it safe is to get it written down in a safe place. You can write it down with a code only you understand in order to be able to access it by yourself even if someone sees where you kept it.

and yet people occasionally come to the forum with a "a rat ate part of the paper my seed phrase was stored on" or some other story about how part of the paper got destroyed or is unreadable...i bet those people wish they would have saved a backup online somewhere.
hero member
Activity: 994
Merit: 701
April 06, 2022, 03:08:04 AM
#29
Saving your recovery seed online can be prone to attack by other users, it can never be guaranteed 100% safe as long as it is online. It is prone to attackers, virus or even system damage and you’ll eventually lose everything. The best way to keep it safe is to get it written down in a safe place. You can write it down with a code only you understand in order to be able to access it by yourself even if someone sees where you kept it.
legendary
Activity: 2268
Merit: 18711
April 05, 2022, 05:16:58 AM
#28
I see no problem in putting it in a file, but it needs to be done securely.
"But it needs to be done securely". That's the problem right there. Most people cannot do it securely. The average person does not know what an airgapped device is, let alone how to open up a computer and physically remove all the necessary hardware. The average person does not know what Linux is, let alone how to format their new airgapped device and install a clean open source OS on it. The average person does not know what encryption is, let alone how to get Veracrypt downloaded, verified, safely transferred over to their airgapped device, installed, and used to create a hidden container. The average person does not know what open source is, let alone being able to review the code of Veracrypt and the encryption algorithm they choose to ensure their encrypted files are safe and secure. The number of steps which could go wrong is huge, and the average person will not be able to identify any steps which have gone wrong or any points in which they have compromised their security.

However, the average person is able to very securely write down 24 words on a piece of paper.

So yes, if you know what you are doing then go ahead and use encrypted airgapped wallets or back ups (I do), but you must realize there is a significant learning curve compared to paper back ups.

Remember: paper or metal backups can be found, stolen or confiscated easily.
If your paper back ups can be easily found and stolen, then you need to find a more secure storage location. I have far more trust in my physical storage locations than I would in, for example, a cloud storage provider not closing my account and losing my files.
member
Activity: 144
Merit: 38
April 05, 2022, 04:42:42 AM
#27
I see no problem in putting it in a file, but it needs to be done securely.
So do it on an airgapped pc, and install VeraCrypt on it.

Create an encrypted container with VeraCrypt (successor of TrueCrypt), ideally with 2 passwords: 1 standard that is a decoy, 1 that opens the hidden container.
There is no way to tell if this file is an encrypted container, but if forced you can always provide the standard password to give them the decoy files.

Put the file with the keys inside the container. Use a standard .txt file, no need for specials like .doc or .ods. You can also copy wallet.dat files, whatever ...
Dismount the container when done.

This file you can move anywhere even in unprotected places.
Encrypted containers in a dozen places online and offline on usb sticks/cd's offer a reliable backup. It's highly unlikely someone can find every single copy.

Remember: paper or metal backups can be found, stolen or confiscated easily.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
April 02, 2022, 04:57:50 AM
#26
Another thing i dont know if anyone brought up but the doc format is kind of proprietary to microsoft and i wouldnt bet on that being readable by any software oneday...

Not completely proprietary though, microsoft partially open .doc specification under Microsoft Open Specification Promise. Although OpenDocument Format (such as .oodt) is better option if you want completely open format.

openoffice can't even read some doc files properly... Huh

FYI, openoffice is very outdated. Check libreoffice instead.
sr. member
Activity: 1190
Merit: 469
April 01, 2022, 10:57:21 PM
#25
Store your seeds in .doc .zip or .rar file do look extra secure with strong password, but the truth isn't. Those software offer bad and low encryption, you don't even have any idea how those software compress your file isn't?

To be fair, most people doesn't know how encryption or compress actually works even if it's open source. But i agree those software usually have weak encryption.


Another thing i dont know if anyone brought up but the doc format is kind of proprietary to microsoft and i wouldnt bet on that being readable by any software oneday...openoffice can't even read some doc files properly... Huh
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
April 01, 2022, 03:04:20 AM
#24
BIP 38 is intended for private key. I doubt there are any user-friendly software which let you use seed/mnemonic phrase as input (rather than private key).
I haven't seen it, but someone should make it! How cool would it be to convert 12 or 24 words into maybe 15 or 30 words with very CPU-intensive encryption?
I'd love to see a new standard developed for this.
hero member
Activity: 1554
Merit: 814
The Alliance Of Bitcointalk Translators - ENG>POR
April 01, 2022, 12:38:18 AM
#23
It depends on what aspect of your set up you are looking to increase the security for. For a seed phrase, then generate it on a permanently airgapped computer which is running a fresh install of a reputable open source Linux distro, or a reputable open source hardware wallet. Do not back it up digitally, but write it down on paper only. You should have a minimum of two back ups in two different geographical locations. If you want to make it so that if your seed phrase is compromised your coins are not immediately stolen, then use a multi-sig set up (backing up each seed phrase and xpub multiple times separately), or create multiple additional hidden wallets by using passphrases (again backing up your passphrases on paper and separately). Alternatively, encrypt your seed phrase and also back up the decryption key on paper, but again separately to your seed phrase back up.

This is all great for increasing the security of generating and storing seed phrase, but that is only one piece of the puzzle, so to speak. If you then import that seed phrase in to a hot wallet, for example, then you have negated everything I have listed above.
Hmm, I confess... this is a very valuable information, thank you so much to share with us  Smiley
Some of these methods you mentioned I already knew about and others I didn't. But I think it's valid to use these tools that you said to increase the security.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
March 29, 2022, 06:33:07 AM
#22
Store your seeds in .doc .zip or .rar file do look extra secure with strong password, but the truth isn't. Those software offer bad and low encryption, you don't even have any idea how those software compress your file isn't?

To be fair, most people doesn't know how encryption or compress actually works even if it's open source. But i agree those software usually have weak encryption.

If you want to encrypt your seeds to add extra security, better to learn and use BIP38 rather than "trusting" those closed source software.

BIP 38 is intended for private key. I doubt there are any user-friendly software which let you use seed/mnemonic phrase as input (rather than private key).
HCP
legendary
Activity: 2086
Merit: 4361
March 29, 2022, 01:37:11 AM
#21
Can't say I would recommend that method unless you have some way to guarantee that the PC you've used to create the encrypted file is (and always will be) kept 100% offline.

Otherwise, the "traditional" offline methods of securely and safely storing your seed backups on (waterproof) paper and/or steel plates, using a fireproof safe, multiple offsite backups etc are probably your best option.

Having said that, whatever you do end up doing, make sure you actually do make backups of your wallet phrase! Wink
hero member
Activity: 952
Merit: 555
March 28, 2022, 02:01:14 PM
#20
Guys is it safe to write down recovery phrases in a .doc file and use WinZip or Winrar to compress and add strong password to the file? I don't know if this is stupid or smart.

If you're to write your keys on any device then it must be coded by you such away that only you can have access to it but ensure you create a back for recovery to it, you can as well split the keys on two different device that only the combination of the keys from the two storage devices can lead an access to your wallet.

Helpful hint:
Make use of hardware open source wallets
Store your keys on a metal sheet and encode it
Write your password and encrypt it with a password
Use an air grip device
member
Activity: 271
Merit: 14
March 28, 2022, 11:28:06 AM
#19
Find stainless steel you aren't using anymore and carve the whole recovery phrase on it, your job from then on is to find a safe spot to keep this stainless steel, this is a better old school way of keeping recovery seed safe.
legendary
Activity: 2268
Merit: 18711
March 28, 2022, 10:19:41 AM
#18
A quick question, are there more ways to get more security? How?
It depends on what aspect of your set up you are looking to increase the security for. For a seed phrase, then generate it on a permanently airgapped computer which is running a fresh install of a reputable open source Linux distro, or a reputable open source hardware wallet. Do not back it up digitally, but write it down on paper only. You should have a minimum of two back ups in two different geographical locations. If you want to make it so that if your seed phrase is compromised your coins are not immediately stolen, then use a multi-sig set up (backing up each seed phrase and xpub multiple times separately), or create multiple additional hidden wallets by using passphrases (again backing up your passphrases on paper and separately). Alternatively, encrypt your seed phrase and also back up the decryption key on paper, but again separately to your seed phrase back up.

This is all great for increasing the security of generating and storing seed phrase, but that is only one piece of the puzzle, so to speak. If you then import that seed phrase in to a hot wallet, for example, then you have negated everything I have listed above.
hero member
Activity: 1554
Merit: 814
The Alliance Of Bitcointalk Translators - ENG>POR
March 28, 2022, 09:50:37 AM
#17
Splitting up your seed phrase like this is a bad idea and almost certainly doesn't achieve the additional security you think it would. If you want to add more security to your wallet, then use a standard method such as additional passphrases or multi-sig.
Thanks for correcting me and complementing my answer.
Well remembered, I confess that I didn't think about the possibility of a multi-sig wallet, this is an excellent method to increase security

A quick question, are there more ways to get more security? How?
member
Activity: 564
Merit: 50
March 28, 2022, 09:08:19 AM
#16
Guys is it safe to write down recovery phrases in a .doc file and use WinZip or Winrar to compress and add strong password to the file? I don't know if this is stupid or smart.

You can try to hide porn with that method, but it wont stop a real hack0r. You security can be broken by guide from https://www.passcope.com/how-to-hack-or-break-zip-file-password/. Why not add a mouse trap close to your pc mouse, put a trap under pc, install scarecrow in your room. Change icon of your zip file to a black icon, thus it will make it unseen. Rename it into smth like "..." and people will think that it is just burned pixels on the screen. Or rename your archive into system.ini - no one would ever try clicking on it.
legendary
Activity: 2730
Merit: 7065
March 28, 2022, 08:56:24 AM
#15
Your seed should never be stored digitally in any way. That includes text documents, .rar achieves, cloud services, emails, etc. Especially on a computer that is permanently connected to the internet and is probably used for all kinds of internet activities. There are so many things that can go wrong, it's not even worth naming them all. Almost everything has been mentioned already in previous replies. One thing that seems to be missing is hardware failure. Your hard drive can break over night making recovery difficult or impossible. You might be required to send it to a repair shop where the personnel could get access to your seed. That won't happen if the words are written down on a piece of paper and stored somewhere safely.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
March 28, 2022, 08:56:03 AM
#14
Guys is it safe to write down recovery phrases in a .doc file and use WinZip or Winrar to compress and add strong password to the file? I don't know if this is stupid or smart.

I don't know if it has change, but last time I've used WinZip, it used to do weak protection.
Using such methods involves computers and your seed will leave a trace on the disk and somebody more skilled could retrieve it.
Even more disks, USBs and so on can easily and suddenly fail, so it's not a reliable way to store the key to your money.


The best way for security is to write down -  in a way or another - your seed onto paper (preferably laminated) or steel and keep it in multiple copies, preferably in different locations many miles away one to the other.
Now, this can go from laminated piece of paper with exact seed phrase to books with the seed words marked, or from using steel washers to buying commercially available CryptoSteel-like products. Just make sure the order of those words is not altered.

Also make sure you don't do anything overly complicated you may forget in 10 years or, in case you suffer an accident, you or your family would be unable to use those funds to help you get back on your feet.
jr. member
Activity: 110
Merit: 1
March 28, 2022, 08:46:19 AM
#13
It's safer to keep your private keys and recovery seed offline, this is one if those reasons why I like paper wallet, you only need to send the coin to the address and track your address using a block explorer, all you have to do is store the keys in an offline place and out of people's reach.
hero member
Activity: 1064
Merit: 843
March 28, 2022, 08:42:10 AM
#12
Store your seeds in .doc .zip or .rar file do look extra secure with strong password, but the truth isn't. Those software offer bad and low encryption, you don't even have any idea how those software compress your file isn't?

If you want to encrypt your seeds to add extra security, better to learn and use BIP38 rather than "trusting" those closed source software.
legendary
Activity: 2212
Merit: 7064
March 28, 2022, 05:16:20 AM
#11
Guys is it safe to write down recovery phrases in a .doc file and use WinZip or Winrar to compress and add strong password to the file? I don't know if this is stupid or smart.
Don't do that, and better keep recovery phrase offline and written on piece of paper or on stainless steel metal.
You can always make a mistake with making digital copies for your files and password (even if you consider it strong today) can be hacked if not done properly.
For extra security I would rather add passphrase to your seed words, or use multisig setup if you don't mind extra complexity.

Splitting up your seed phrase like this is a bad idea and almost certainly doesn't achieve the additional security you think it would. If you want to add more security to your wallet, then use a standard method such as additional passphrases or multi-sig.
This is disaster waiting to happen, and I heard many people made mistakes like this creating their own ''better'' splitting system for seed words.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
March 28, 2022, 05:11:05 AM
#10
Guys is it safe to write down recovery phrases in a .doc file and use WinZip or Winrar to compress and add strong password to the file? I don't know if this is stupid or smart.
It's not safe for a number of reasons. The data for the unprotected seed phrase will still exist on your hard drive, even if you immediately delete it, and could be fairly easily recovered later. You are trusting that the computer you use it on is clean and free of malware. You are trusting the encryption implementation of WinZip. You are trusting the storage medium you are using.

And there are few additional risk such as,
1. The .doc editor and compression tool store the unencrypted data as temporary file which sometimes not deleted automatically.
2. The OS infected by keylogger or clipboard malware.
legendary
Activity: 2268
Merit: 18711
March 28, 2022, 04:45:31 AM
#9
Guys is it safe to write down recovery phrases in a .doc file and use WinZip or Winrar to compress and add strong password to the file? I don't know if this is stupid or smart.
It's not safe for a number of reasons. The data for the unprotected seed phrase will still exist on your hard drive, even if you immediately delete it, and could be fairly easily recovered later. You are trusting that the computer you use it on is clean and free of malware. You are trusting the encryption implementation of WinZip. You are trusting the storage medium you are using.

You should only be using digital backs up if you create them using a permanently airgapped device and you really know what you are doing. Otherwise, just stick to writing down your seed phrase on paper.

Try to store 15 or 20 of the seeds on some paper, and the rest of the seed, try to store it somewhere different, like a tattoo (I know this is weird, but some time ago I saw that someone did this)
Splitting up your seed phrase like this is a bad idea and almost certainly doesn't achieve the additional security you think it would. If you want to add more security to your wallet, then use a standard method such as additional passphrases or multi-sig.
legendary
Activity: 3472
Merit: 10611
March 28, 2022, 03:36:19 AM
#8
There is a good saying that 99% of things that we worry about, most of them never happen.
I don't think it is a good idea to make security related decisions based on statistics simply due to the fact that just because someone hasn't happened before it doesn't mean it won't happen to you. For example Bittrex exchange never scammed anyone until they scammed thousands of users overnight.

It is always best to consider all possibilities and think of ways to prevent them. For example my USB disk that is 15 years old is still working and has never had any issues and I have some files on it as backup but that doesn't mean I trust it won't ever break. So I keep other backups too.
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
March 28, 2022, 03:25:02 AM
#7
Guys is it safe to write down recovery phrases in a .doc file and use WinZip or Winrar to compress and add strong password to the file? I don't know if this is stupid or smart.
Basically, you should not store your back up on digital devices. It is worse if you connect those devices to the Internet too often.

Better methods are
legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿
March 28, 2022, 02:50:32 AM
#6
I always thought that people like to be very paranoid about their bitcoins.  I agree that you need to worry about the storage of your code phrase and engrave it on some solid metal if a person has really big money. But I do not believe that everyone here is rich, so everyone needs to drip out their keys on uninhabited islands.
Enough for a few flash drives, or, just a record that will not fade with time.
There is a good saying that 99% of things that we worry about, most of them never happen.
Do not fuss, but just be careful.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
March 28, 2022, 02:27:31 AM
#5
Only do that if you know how to do it on an air-gapped device; like on this[1] guide by Sowik. If not, stay away from digital recovery phrase storage 100%.


[1] https://bitcointalksearch.org/topic/guide-secure-air-gapped-crypto-wallet-storage-method-2828437
legendary
Activity: 2268
Merit: 1379
Fully Regulated Crypto Casino
March 28, 2022, 01:41:18 AM
#4
Guys is it safe to write down recovery phrases in a .doc file and use WinZip or Winrar to compress and add strong password to the file? I don't know if this is stupid or smart.
Everything that input on a computer is prone to brute force attack even though we are careful. But securing it on a piece of paper and laminated it then stored to a safe keep in your place would prevent you from being hacked by others. Provided you keep it safely on your house without possible wet encountered or any  that might damage the copy of your seed phrase.
hero member
Activity: 1554
Merit: 814
The Alliance Of Bitcointalk Translators - ENG>POR
March 28, 2022, 12:58:09 AM
#3
Guys is it safe to write down recovery phrases in a .doc file and use WinZip or Winrar to compress and add strong password to the file? I don't know if this is stupid or smart.
No problem, no need to apologize for asking this question.

So I would like to share with you what little knowledge I have on this subject.

I believe this is not the best way to store your seeds. Because I believe that there is a possibility of someone breaking the password using brute force, NSIS or something like that.

Some tips I'd like to share

Use 2 or more wallets to fractionate and store your crypto assets, so if you lose your seed or suffer a phishing, your loss will be limited.

Try to store 15 or 20 of the seeds on some paper, and the rest of the seed, try to store it somewhere different, like a tattoo (I know this is weird, but some time ago I saw that someone did this)

Buy a cryptosteel plate, store your seeds there, and bury it somewhere

If you are interested in wanting to store your seeds on a computer, I advise you to use a computer that does not have internet access and you do not use that PC much.

I hope I was helpfull!
legendary
Activity: 1372
Merit: 2017
March 28, 2022, 12:51:34 AM
#2
This would have been better if you had asked this question on a technical board but I will report the thread to you so that it can be moved.

I would not recommend it, unless when you create the document and compress it, you do it offline and you are 100% sure that you don't have any virus or anything on your PC.

Also, how are you going to save the strong password? Written down? For that I think you better save the written seeds in a secure physical location and that's it.

member
Activity: 110
Merit: 20
March 28, 2022, 12:38:45 AM
#1
Guys is it safe to write down recovery phrases in a .doc file and use WinZip or Winrar to compress and add strong password to the file? I don't know if this is stupid or smart.
Jump to: