Topic: Securing Your Seed Phrase with Washers - page 19. (Read 6998 times)

Adding a non standard derivation is adding a potential failure to the system.
So, I am stamping the correct derivation on a wahser: “1875626591“ to stick to your example.

What is the point of storing this strange derivation together with the seed? He who control the seed, controls the deviation also.

But what happens if the washer with the derivation get damaged? 4 numbers become unreadable, because there was a mechanical failure at the store. How are you going recover the funds?

So no increased security, but greater exposure to failures.

As I said, it’s like protecting an HW in a safe box with a PIN: counterproductive.

If you use a non-standard derivation path, it doesn't hurt to hammer it into another washer. Or hammer the wallet name + version.

---

---

This makes me wonder if some people use a very high derivation path to avoid someone stealing their coins: if you use for instance m/44'/44'/1875626591'/0 and even if someone gets your seed words, I doubt they'll ever find your (shit)coins.

Today I saw a tweet from @Alex Bosworth.



Of course he’s referring to the derivation path.

How this could be addressed in our case?

The first solution would be of using the WIF standard, as suggested by Federico tenga in his article.


Another one it would be to use a common wallet to generate the seed, so that funds are stored in a well known derivation.

I didn’t explicitly mention derivation path as I didn’t want to mess up things. Maybe it’s better to state the obvious? “Don’t use any fancy wallet to generate the seed? I should include a derivation washers”? Might be unintelligible  by the person who should get the Satoshi?

This is exactly my understanding: I wanted to be crystal clear about all the costs, this is re reason why I put that section (apart of being asked this very question in the comments). I went for the "full package", but really, much of the things (even the container) are not necessary, ultimately.


Agree also on this.
Do not overcomplicate things. Keeping things as linear and simple as possibile is an intrinsic safety measure.

I heard horror stories of people putting HW Wallets (without backup) in a safe box in a bank, then losing the backup and now they forget the PIN. Nice way to lose millions in BTC. Why should you protect with a PIN an HW wallet in a safe box in a Bank? So you can add a layer of disaster!

Honestly, the raw material cost is nothing. 4€ for washers and a few euros for the stamp (you can skip that if in a pinch). Tools should be easily available in any household or can be borrowed by some friend without any weird questions.
All the other stuff like tube, stickers, hot glue etc. aren't needed, so while fillippone went total overkill, I think washers are actually the absolute cheapest way to get a steel wallet backup.

The letter stamps have to be purchased with any type of steel wallet product, except those where you slide the letters, but those aren't recommended since they fall out if the casing bends (e.g. under rubble). So I wouldn't really count them into the price, just like the hammer.

A stack of washers (especially larger ones) is extremely solid. I am sure you can even find it in a destroyed house and restore the backup.

I strongly, strongly advise against it. There's a saying that goes something like 'don't roll your own crypto'. There are various posts about it online. In the context of Bitcoin seed backups it's not really because of security concerns, but more about doubts in people's ability to remember what they did one, two or 10 years ago to their seed. Something that seems trivial now (e.g. 'I swap every 4th word with every 5th word' or something), might be completely forgotten mere months later.

I recently ran into an issue where I knew I had a secondary wallet inside a hardware wallet, but couldn't remember how to access it. I knew it wasn't through passphrase and the software didn't show me a second wallet either. It turned out through trial and error, that that wallet used derivation paths to create multiple wallets (without using the standard passphrase feature) and I had completely forgotten about it. It was solved by 'creating' a new secondary wallet in the software (this information is stored on the PC and I had gotten a new one) and the funds were back. But you might not be so lucky with a stack of washers that you applied some random custom 'crypto' to multiple years ago.

I know the cost section might put a lot of users off the idea of doing this, but ignore the total cost, because the total cost is likely not going to to be anywhere near that. Since, most of these items, people already have especially if they're a home owner. For example, I have millions of washers/screws (including the size required), I have a sledge, gloves, duct tape, hot glue gun, and a micro fibre cloth. That has already reduced the price by 35+ euros based on the OP's pricing. Although, I bet I have a tonne of other stuff in storage that can either be substituted to a degree or already have. For example, the stickers could potentially be substituted.

This is just going to draw more attention to yourself, since whoever is snooping in your bins, will now be asking why your feeding washers to your baby. Nah, but in all seriousness that's a good idea, even some of the lowly of thief's aren't going through diapers.

You could encode it if you really wanted too, but depending on your threat model could potentially be overkill. However, to answer your question if someone got their hands on the washers it contains the seed, so they would be able to use it just like anyone else. This basically protects against losing the seeds though various natural threats, for example fires, flooding to degradation of materials. Steel washers are decent at surviving most things, maybe not very high temperatures, but it really does depend on how you store them, hence the container suggested.

Although, if you've got into this much effort, it's probably safe to assume you also have at least some physical security in place to prevent prying eyes. The security labels are a good idea, but effectively if the container has been opened, and therefore the stickers have been torn, you can safely assume that its already been compromised. It's more of a warning that it has been compromised, that something that'll help you save it, if you get what I mean. It doesn't necessarily safeguard your seed.

I added a few suggestion that came out from the comments in the OP.
I also corrected some embarrassing typos (I love "tinkering", not "thinking"!)

Hopefully, more valuable content will continue to come!

No, I didn't added the Etna suggestion, yet.


Also your Italian videos are coming later.

The container is in a very light aluminium.
Not more structural stiffness is needed, as per Jameson Lopp test.
Also, in case of levate temperature, aluminium could be easily removed, without transforming the washers + case in an unmanageable blob of metal.

I can think of a few things You could for instance use the washers to hang 400 kg of concrete from your ceiling. After all, you're dealing with construction material. That'll make it hard to steal.

Interesting way of storing the seed. I suppose stamping is better at remaining legible than say, etching it. If anyone got a hold of this, they'd still be able to use it right? Is there any additional thing that can be done to prevent that or at least make it harder for them to access?

What do you think of like doing a simple encoding of the passphrase so that it'll take longer for them to access the content?

I see you are not impressed with my Etna suggestion but it would be so poetical you know, El Salvador is using their volcano for mining and you are using yours for destroying it... sort off.

Ah. Challenge accepted. Bear with me.

Regarding washers disposal, I think we can be satisfied with the more easy easy of disposal: dustbin, diapers, tossing into rivers… weather balloons, volcanoes and interplanetary ships might be a fun idea, but ultimately an overkill.


VVV while geothermal energy is good to generate bitcoin, no way fillippone is going to ditch precious sats in Earth mantel, irrespective of how much poetic it might look.

@fillippone this is truly one amazing megapost and you even provided videos for lazy people (cool music but I expected something more Italian).
Can you please tell me about material that is used for making Hermetic container?
I have seen few of these before on aliexpress and ebay but I think most of them were cheap and made from aluminum if I remember correctly.
It would add to structural integrity a lot if this could also be made from stainless steel.

Exotic idea.
He could literally send his bitcoin to the moon or maybe even throw them in Etna one by one, I hear this volcano has been more active recently.
Just watch out not to burn yourself doing that fillippone.

I know! I said that, too:


But it's just a gut feeling thing, you know!

I have another idea! Hang each washers on a weather balloon. They can fly round half the world before bursting and the washer falling down into the ocean or any random place.

I missed this question yesterday, but I'll respond anyway because it's fun
I'd say you can give the washers the same treatment as a hard drive: clamp it in a vice, get an angle grinder, and destroy the letters.

Don't do that, it'll just get stuck in the pipes very close to your toilet.

It becomes interesting when thousands of people are disposing of their washers. Even if you'd find them all, you still wouldn't be able to use them.

Even better if you use different trash bins: one per week at home, one in the office. Hide it in something dirty like coffee grounds or diapers.

Actually it's good point. Reducing chance of data loss is more important than saving time during setup.


I checked the specification[1] and looks like it's true for any language which use alphabet similar with English alphabet. But it's not applicable to CJK characters[2-4] which might use less than 4 character.

[1] https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md
[2] https://github.com/bitcoin/bips/blob/master/bip-0039/chinese_simplified.txt
[3] https://github.com/bitcoin/bips/blob/master/bip-0039/japanese.txt
[4] https://github.com/bitcoin/bips/blob/master/bip-0039/korean.txt

I'll repeat what I said in another thread just yesterday: I think we are bordering on the ridiculous here.

The chance of somebody accidentally stumbling across, say, 20 of your washers (assuming the remaining 4 words could be brute forced) which you have disposed of in various places around a city is infinitesimal. Spread those across a state or a country, and the chance is essentially zero.

If we are considering a targeted attack, then what's the likelihood that someone who wants to steal your coins is going to know enough about you to know your system, know you are disposing of it, and follow your every move for weeks or even months to pick up every washer that you throw away, versus some other far easier and more direct attack?

Still, this is wholly unnecessary. Just stamp over them, make them unreadable, and throw them in your trash. Job done.

Putting a bunch of metal down your toilet sounds like a great way to get yourself an expensive plumbing bill.

I still have a few washers I messed up stamping and I immediately wondered what I should do with them.  Welding is a good idea too.  And to fillippone, believe me or not I have not even thought about disposing of them in toilets or burying them in the ground, one washer every trip.

But being the freak that I am, I agree with n0nce.  Even if it is practically impossible to find even 4 of them, probably even 3 or 2 long as nobody sees you and follows the buried spot, it would drive me nuts knowing that the washers are not in my household anymore but sitting outside where anyone could pick them up with my seed still stamped onto them.

My idea of disposing of washers comes from the fear that someone finds my empty seed and gets to see and analyze the history of my coins.  Welding, throwing them away or burying them separately miles away each, stamping multiple letters to make the letters unrecognizable.  I love brainstorming.

-
Regards,
PrivacyG

That's what I did when I had messed up one washer.
I didn't want to even leak a single word of my seed to anyone going through my trash^(nobody), so I just hammered multiple random letters on top of the ones I had already stamped, then trashed the washer.

Distributing washers in various locations internationally would be statistically secure, but mathematically not. The probability of finding all washers would be less than winning the jackpot 100 times in a lifetime probably, but not zero. So as a lover of numbers, that wouldn't make me feel confident enough. I would prefer some sort of destruction.. A welder could for example damage the washers to a large degree.

I would think the easiest way would be to use a complex enough passphrase along with any seed phrase backed up on metal, and then move all your coins to a new wallet if you need to dispose of the back up. Then it is unlikely anyone would be able to brute force your wallet even if they obtained your discarded back up, and even if they do, you have only lost your privacy and not any coins.

The next easiest option would be to "write over" the seed phrase, so to speak - stamp every letter of the alphabet on top of every character already stamped on each washer. They will quickly become unreadable and therefore unrecoverable.