Topic: Saving your private key in your email is a lethal move - page 4. (Read 1712 times)

Those people that say don't store it online even if you encrypt it, then what happens if something happens to your computer or usb physically?  Say a theft or fire?  Where is your backup then?  That is why i thought online backup has to be a must because if that happens, you can access dropbox or gmail and the file is there.

That is certainly true. And not just emails, the same thing applies to all cloud storage hosts.

A lot of people say that as long as you encrypt it with a password, it doesn't matter where you store it. But in my opinion if someone is able to gain access to your email, it is likely that they were able to crack your password in the first place which makes encrypted file easy to crack as well, since so many people reuse their passwords for everything.

Even though it may seem convenient at the time and the risks are quite far away - trust me, you don't want to be placed in a situation where you are potentially out of pocket thousands of dollars if not more simply because you failed to follow simple procedures. Store it offline.

This may or may not be relatively safe, depending on what RAR archiver you are using and what encryption method it uses. Some don't encrypt the data at all, others use AES128 or AES256. A better option, in my opinion, would be use a proper encryption program like Veracrypt, and encrypt it with that, rather than relying on a RAR archiver to encrypt it for you.

The other weak link in this chain is where you are encrypting it. If you are talking about encrypting a plain text file on your usual, everyday computer which is internet enabled, you have no guarantee that the plain text data hasn't already left your machine or been otherwise accessed before you encrypt it. You should be encrypting it on a clean OS on a device without the capability for internet access, and then transferring the encrypted file to your internet enabled computer for uploading.

The best option is not to store any sensitive data, encrypted or not, anywhere near the internet, emails, cloud servers, etc.

Well what if something happens physically in your house then and everything is destroyed or stolen?


I understand backing up your seed in your camera by taking a picture is bad and sending it to an email is foolish.  But if its encrypted, thats not good enough?


Example you type your seed in lastpass or keepass.  You need a password to open the program to reveal all your passwords.  You then upload it to dropbox or google drive.  Now the hacker would need to first hack into your dropbox or google drive account.  Then they would need to know the password for you lastpass or keepass.  So isn't that hard already for them?  I can understand it being easy if say that person targeted your computer and send you link etc to keylog you or you download something.  Also say you use axcrypt to encrypt it.  Example you encrypt lastpass or keepass. 


Now they need to


1. hack into your dropbox or gmail

2.  Know your email and password connected with your axcrypt account to encrypt the lastpass or keepass file

3.  Know the password for lastpass or keepass



So aren't these steps already pretty tough for a hacker?  The issue here though is if you do it this way, you need to remember 2 things, your lastpass/keepass password and your axcrypt password.  But the issue here is don't most ppl use a very long complicated password for axcrypt?  Thus that would mean doing this wouldn't work since you won't know your axcrypt password since its probably put in lastpass/keepass?



Also dont most of you use password managers like lastpass/keepass?  I mean u guys dont know your email and banking passwords right?  Thus keep everything there.  So if you keep everything there along with your private key but make sure you have a strong master password, that isn't safe enough?



So what i described which is the better method?  The one with the 3 steps or


1.   Hacker needs to hack into your dropbox or gmail

2.  Know the password for lastpass or keepass




The thing is i think most ppl dont know their axcrypt pw right and store that in lastpass or keepass?

In my own keys and seed phrase, I put them into a plain text then I archive them to a rar file with password 3 times with 3 different passwords (what I mean is after I archived it to rar with the password I archive it again and add another password.) Then the 3rd archive I use base64 encode as my password to make sure if someone trying to brute-force my archived rar seed/privkeys it will take years before they can hack and since I archived it 3 times they can brute-force my archived seed/privkeys and hack after a decade.

The file is saved privately with google drive and I have a backup on my Gmail on the draft page.


As of now, no one knows that I have a backup on my email because I used a different email and never use it for online verification just to make sure no one knows my email.

I don't support the saving of private keeps on an email that's is foolhardy a thing to do.
But where ever is it one decided to safe there private keys the major aim should be apt security and ease for the owners to get.

This isn't a very good solution. Your plain text private key or seed phrase should ideally never touch an internet enabled device, even if the device is offline when you do it. You have no guarantees that there isn't malware on your device which will copy your key/phrase and transmit it to an attacker when internet access is restored.

If you want to save your phrase or key on a memory stick, then it should be encrypted and copied via a permanently airgapped device.

Hardware wallets are the best option to store your private key. But put on your mind that hardware and USB are the same, they are object in which we can misplace easily since they are small. If you are a sloppy person like me, USB flash could not be an option for me.

What I'll do in storing my private key is I'll use a notepad and write all of my private keys on all wallets on one of it and will save it on my desktop. Copy a file of that on my laptop, copy of that file to my phone, to my girlfriend's phone.

You are right when it comes more money demands it required more security needs. I do usually save my private key or seed phrase in the memory card from mobile, after saving my private key I'll remove it and put into my closet. But one thing that comes up in my mind, how about body implant like a microchip implant where your private key stored, I am sure it is secure but I don't know if safe for human.


Google credit

Do you think this is possible or the same on the lethal move?

Flashdrives might get corrupted so does computer/laptop, cloud storage can be hacked, so does email and Social media accounts. The best choice is to make a hardcopy of your private key and lock it somewhere safe, but you might forgot where you place it or might stolen. Hmm looks like everything is lethal huh? XD

Agree, its like actually saving it on someone else computer. You never know how many people have access to this data, its huge risk of your private key beign compromised.
Security need to be adjusted to person need's. Less money demands less security, more money demands more security.

Just treat your private address with a corresponding level of security to its value.

If you've got ten bucks in an address, sure you could save that in an email or on your desktop, the repercussions are fairly minor if someone gets access.

If you've got hundreds, or even thousands then write it down manually and put in a safe. Just use commonsense.

Simple answer: Mathematics.

Even with constantly increasing computing power, there are encryption algorithms which are (mathematically proven) secure.
RSA with a key length of 2048+ bit is safe for the next 10 years for example. 4096 bit keys are secure beyond 2030.

Same applies to AES with 256 bit. It is safe to use beyond 2030. Another good alternative is to use ECC.


In 10+ years, you could simply send all of your coins to a different address and encrypt that private key with a (more modern) encryption algorithm to have it secured for another period.




They don't find a way to "decrypt that encrypted mail", but to "break an encryption". And this - depending on the algorithm - is not possible, which is proven mathematically.




Security through obscurity is a very very VERY bad approach.
Just google it, you will find tons of arguments why you should never rely on this.

Yups that’s totally safe as long as the USB will remain safe and other than that i guess writing in paper will also beneficial for us and our successors as we really don’t know what will happen in future and accidents happen in none expected occasion
I have written my private keys in separate formats an gave to my children each they deserve so when time comes I’ll passed in unexpected ways they will continue my legacy here in crypto

Ignorance & lack of information is a major contributor to this, Here are some of the possible reason why newbies think storing of private on email is the best solution;

• They could easily remember where they stored their private key
• It can be easily access from any device as far they're connected to the internet
• They have been earlier misinformed that storing sensible information on their email is safe

Again the type of wallet they use play a major role in them storing their private key carelessly. A user making use of an online (web) or APP wallet is likable to store their private key in their email than a user making use of a hardware wallet. So again they need to be informed on the best wallet to use to prevent issues like this (them storing private key in emails) from occuring.

Emails aren't a good place to keep anything valuable, period. Even with multiple layers of security on your email like 2FA and SMS confirmation, there's still a chance your email could be compromised and you want to keep as little sensitive information as possible in your inbox when that happens. I periodically go through my emails and delete emails because of this.

Emails are completely unsafe for something like that. But it is necessary that at some point we have some kind of online solution to save a key. It may be just one, of multiple keys needed to open a wallet.

There are several reasons and times that you may have to see yourself completely away from several of your physical assets. As well as wallets, usb etc. When making a trip, being arrested, staying in the hospital. The simple way is to say that online and in the clouds is always the worst option. But in fact everything carries some kind of risk. And you should always analyze case by case.

In this student situation, it is important to demonstrate why email is unsafe to store the keys and also to exchange a range of information that may be confidential. A great opportunity to teach about encryption.

You can only change it with every message if you have a separate and 100% secure way of communicating with the recipient to reveal your new method, (in other words, meeting up in person with no electronic devices around), in which case you are far better just using that secure method to transfer for the information you need to. I make a point of keeping anything truly sensitive well away from the internet, email, cloud servers, etc., even if it is encrypted.

Additionally, if an agency had the computing power to break 256-bit, then they can certainly brute force anything along the lines of swapping digits around or including extra nonsense characters.

How sure are you that encryption technology are safe and that it would stay safe in the future? Let's say the "No Such Agency" finds a way to decrypt that encrypted email in the future, then your sensitive information would be exposed and used against you in the future. and encrypted data would be an ideal target for them.>

Security through obscurity can constantly change and it makes it very difficult for them to decipher the hidden messages.  

This is essentially security through obscurity, and is generally a bad way to store any sensitive information. If you absolutely must send something sensitive via email, the best way is an encrypted file with a previously (and securely) agreed upon key.

The same advice throughout this thread obviously applies to mnemonic seeds as well. Too many people store electronic copies of their mnemonic seed, which again, is a terrible idea. Write it down or engrave it, and store it somewhere physically secure.