Seed phrase security question - page 2.

Chikito

legendary

Activity: 2366

Merit: 2054

Quote from: AkhiMertail on June 18, 2021, 01:12:56 AM

I was singing my seed phrase to memorize it

I am not worried about your iPhone paranoid (if you aren't Intelligent, political, or work in government). I'm worried about you if in on public then slip away singing the song (BIP39 word) loudly on the train. If I'm on the train also, I will know you covered the song with the bitcoin seed.

your action memorized seed on the song is very careless.

CryptocurencyKing

hero member

Activity: 1288

Merit: 504

Memorising your seed phrase doesn't make it safe, it puts you in harms way. The kind of harm that could come only by your hands. How you may want to ask? Its simply by your forgetting it. Singing your seed phrase alongside your phone and sh*ts like that doesn't endanger you besides, its still on that same device that it was generated and you get to type it in occasionally when the need arises to have access to your coins. So, singing it doesn't affect anything except for the fact that, you stored the voice note of it! There is every possibility that, your device could be accessed by someone else, hacked or stolen or even, during a friendly usage of your phone by a friend that understands cryptos and wallets, your keys is been compromised and you end up being sorry. Always endeavour to be careful with your keys.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18748

Quote from: Upgrade00 on June 19, 2021, 04:12:26 PM

Do you think someone can feasibly have so many secure locations to store several back ups and be able to regularly check up on them?

Secure locations can include your house, the house of any family, parents, siblings, children, close friends, your work place (easier if you have lots of other confidential documents which would be under lock and key anyway), safe deposit boxes, etc. If you are worried about one of your back ups being compromised by a thief or an untrustworthy relative/friend, then do something to mean one back up is insufficient to take your funds - encrypt, add passphrase, use multi-sig, etc., as I mentioned above.

Quote from: Upgrade00 on June 19, 2021, 04:12:26 PM

Also, if bitcoin is a taxed commodity in your country, you may be asked to reveal the content of your wallet.

Then don't make it obvious that it is a wallet. Encrypt your seed phrase and store the encrypted string on one piece of paper and the decryption key on another. One without the other is not only useless, but reveals nothing about what is encrypted.

Quote from: Upgrade00 on June 19, 2021, 04:12:26 PM

What would be the best way to store in multiple locations, fo someone living in one Location, work place?

This all depends on your threat model. Are your back up locations more likely to be compromised by a thief, or more likely to be damaged by fire, flooding, natural disaster, etc? Do you simply need to write your seed phrase on two different pieces of paper and hide one in your house and one with a family member whom you trust completely? Or do you need to use multi-sig so that a thief finding one share gets nothing, or two (or more) of your friends/family members would need to collude to steal your coins?

Upgrade00

legendary

Activity: 2114

Merit: 2248

Playgram - The Telegram Casino

Quote from: o_e_l_e_o on June 19, 2021, 12:54:31 PM

That's why you practice redundancy. Back it up more than once on more than one separate pieces of paper, and store these pieces of paper in separate geographical locations. If you are concerned about one of your pieces of paper being discovered, then ensure that it does not contain all the information required to steal your coins: Use an additional passphrase, encrypt your seed phrase, split your seed phrase, etc. Make sure that any additional information required to recover your seed phrase is also backed up on separate pieces of paper and also stored in separate geographical locations.

Do you think someone can feasibly have so many secure locations to store several back ups and be able to regularly check up on them? It seems the safest and most reliable way to avoid loss due to unexpected hazards.
I've been looking into the possibility of storing back up phrases in a bank vault (inside safety boxes). You'll have a bit of privacy as the banks aren't allowed to know what you have inside, but they are regulated and can give up the contents on request by the government.
Also, if bitcoin is a taxed commodity in your country, you may be asked to reveal the content of your wallet.

What would be the best way to store in multiple locations, fo someone living in one Location, work place?

o_e_l_e_o

legendary

Activity: 2268

Merit: 18748

Quote from: nakamura12 on June 19, 2021, 03:33:58 PM

The back up of seed phrase getting torn is not a problem. How about you use a thicker paper and write the seed phrase there then use plastic cover or other things to laminate the piece of paper.

What if it gets incinerated in a fire? What if tornado buries it under 10 feet of rubble and you can't find it? What if it is stolen?

There is no single back up method which is immune to loss, whether it be laminated paper, titanium plates, or electronic devices, even if they are stored in an airtight, fireproof, waterproof safe bolted to the foundations of your house. The only way to come close to ensuring your back up survives is by having more than one back up in different locations, as I said above. Having only a single back up is a risk, and having only a single back up stored in the same location as your wallet (so both your computer and your seed phrase stored in your house, for example) is an even bigger risk.

nakamura12

hero member

Activity: 2268

Merit: 669

Bitcoin Casino Est. 2013

Quote from: pawanjain on June 19, 2021, 10:32:06 AM

It's still not secure enough. You might lose the paper in some way or get it torn.
There's no proven way which can guarantee to store the seeds securely. We just have to back up the seeds with the least risk.

The back up of seed phrase getting torn is not a problem. How about you use a thicker paper and write the seed phrase there then use plastic cover or other things to laminate the piece of paper. I have done this before where I wrote some passwords for games and have to cover the paper with clear tape so no matter how many roll of tapes I used I can still see the content on the paper.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18748

Quote from: pawanjain on June 19, 2021, 10:32:06 AM

It's still not secure enough. You might lose the paper in some way or get it torn.

That's why you practice redundancy. Back it up more than once on more than one separate pieces of paper, and store these pieces of paper in separate geographical locations. If you are concerned about one of your pieces of paper being discovered, then ensure that it does not contain all the information required to steal your coins: Use an additional passphrase, encrypt your seed phrase, split your seed phrase, etc. Make sure that any additional information required to recover your seed phrase is also backed up on separate pieces of paper and also stored in separate geographical locations.

Quote from: bL4nkcode on June 19, 2021, 10:42:16 AM

But the way I put it online is not just obvious labeled file "my recovery seed" or anything similar that is crypto related text. So, no one would know it's something like that.

Security through obscurity is generally a poor choice for protecting valuable information.

boyptc

hero member

Activity: 3024

Merit: 680

★Bitvest.io★ Play Plinko or Invest!

Check if you've got unnecessary applications that have been allowed to connect using your microphone. Don't be paranoid. If you're aware of it then you're just trying to be secured.

But to remove your worry and fear. Create a new wallet with another seeds and transfer your balance there and just record the new seed on a paper.

bL4nkcode

copper member

Activity: 2142

Merit: 1305

Limited in number. Limitless in potential.

Quote from: mk4 on June 19, 2021, 10:09:14 AM

Quote from: o_e_l_e_o on June 19, 2021, 08:50:51 AM

Quote from: bL4nkcode on June 18, 2021, 02:08:56 PM

What I actually do is write the whole 21/22/23 words put it online (not recommended by others which is true) for easy access and put the missing word/s out in a safe place. Ofc, you can do what others said, but that just me, did that since 2017.

This is also a terrible idea. One word can be brute forced in seconds, and even three words can be brute forced in under a day with good hardware.

Just write it down on paper like you are supposed to.

I'm with o_e_l_e_o on this. This is a terrible idea, only exception being unless you created well made air-gapped encrypted storage with absolutely ZERO fuck-ups in the process. Hopefully you actually do know what you're doing.

Ye, I get that. That's why I said it's not recommended, but it work for me.

But the way I put it online is not just obvious labeled file "my recovery seed" or anything similar that is crypto related text. So, no one would know it's something like that. And no one will randomly brute force to guess on such file content that has more than 24 words written on it (well, I guess?)

But ofc, I have one written on a paper, but still the same process, just the 21/22/23 words and just put the remaining online for an easy access. If ever that piece of paper got burned, lost, wet or etc. Well, that's for a guy that has no permanent address/house.

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

Quote from: pawanjain on June 19, 2021, 10:32:06 AM

It's still not secure enough. You might lose the paper in some way or get it torn.
There's no proven way which can guarantee to store the seeds securely.

There is a proven way to store it securely. There is no proof that it'll remain in the same place, that's why you have to maximize your security. I consider the paper way, the most secure; you don't store anything electronically and thus, you're proving to yourself that no malicious party can access your money. If you worry about your computer's RNG, roll a dice instead!

Write it on a paper or on a steel. Create back ups, so that if you somehow lose your main steel/paper, you'll have a way to restore it. Don't memorize it; burry it in the ground, hide it inside your walls, be creative!

pawanjain

hero member

Activity: 2702

Merit: 716

Nothing lasts forever

Quote from: pawanjain on June 18, 2021, 09:31:31 AM

Memorizing the seed phrase is the one of the worst possible ways to back it up.

The context here is not about backing up the seed by memorizing it, instead, it is backing up through some preferred way as well as memorizing the seed.
There's nothing wrong if you can memorize the seed and have it securely backed up as well.
I know we might lose memory and forget the seed and in that case we can just use the backup.

Quote

Just write it down on paper like you are supposed to.

It's still not secure enough. You might lose the paper in some way or get it torn.
There's no proven way which can guarantee to store the seeds securely. We just have to back up the seeds with the least risk.

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Quote from: o_e_l_e_o on June 19, 2021, 08:50:51 AM

Quote from: bL4nkcode on June 18, 2021, 02:08:56 PM

What I actually do is write the whole 21/22/23 words put it online (not recommended by others which is true) for easy access and put the missing word/s out in a safe place. Ofc, you can do what others said, but that just me, did that since 2017.

This is also a terrible idea. One word can be brute forced in seconds, and even three words can be brute forced in under a day with good hardware.

Just write it down on paper like you are supposed to.

I'm with o_e_l_e_o on this. This is a terrible idea, only exception being unless you created well made air-gapped encrypted storage with absolutely ZERO fuck-ups in the process. Hopefully you actually do know what you're doing.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18748

Go to your privacy settings and you will be able to see all the apps which have access to your microphone. Any one of these could have been recording your voice whether or not it was actively running at the time.

Quote from: pawanjain on June 18, 2021, 09:31:31 AM

Memorizing the seed might be good but not having backup of the seeds is definitely wrong.

Memorizing the seed phrase is the one of the worst possible ways to back it up.

Quote from: pawanjain on June 18, 2021, 09:31:31 AM

You should always have multiple backups of your seeds and store it in a password protected file or encrypt it as suited.

And this is one of the other worst possible ways to back it up. Unless you are generating and encrypting it on a permanently airgapped computer running a live open source OS, then chances are you are going to leave some unencrypted traces of it somewhere. Just turning off your WiFi and then adding a text file with your seed phrase to a password protected ZIP file or something similar is not secure enough.

Quote from: bL4nkcode on June 18, 2021, 02:08:56 PM

What I actually do is write the whole 21/22/23 words put it online (not recommended by others which is true) for easy access and put the missing word/s out in a safe place. Ofc, you can do what others said, but that just me, did that since 2017.

This is also a terrible idea. One word can be brute forced in seconds, and even three words can be brute forced in under a day with good hardware.

Just write it down on paper like you are supposed to.

Eureka_07

sr. member

Activity: 1764

Merit: 260

Binance #SWGT and CERTIK Audited

Quote from: AkhiMertail on June 18, 2021, 01:12:56 AM

Hi this is a random question but is it possible for my seed phrase on hardware wallet to be compromised by an app using my iPhone microphone ? I was singing my seed phrase to memorize it and realized my phone was right next to me. I’m also kinda high and paranoid? I see lots of posts about ppl taking photos of their phrases and losing their coins so I didn’t know if saying my phrase out loud was a bad idea.

IMO it is possible, only if your device has some spyware on it. If your phone is secure, it should be fine.
It is great if you have a very good memorization skills, since you won't need to worry where and how you should store those seed phrases away from possible access of other people, as your own memory is your storage.

bL4nkcode

copper member

Activity: 2142

Merit: 1305

Limited in number. Limitless in potential.

It could be better if you just write it down and be quiet about that, memorizing such info could be bad just what others mentioned above.

What I actually do is write the whole 21/22/23 words put it online (not recommended by others which is true) for easy access and put the missing word/s out in a safe place. Ofc, you can do what others said, but that just me, did that since 2017.

The Cryptovator

legendary

Activity: 2394

Merit: 2223

Signature space for rent

Why are we using a hardware wallet? Because it's been hiding your wallet credentials from internet attacks. For security reasons, your seed from the device wouldn't steal by any software. Otherwise, there is no meaning to using a hardware wallet. But if you save the seed at any device anyhow then it's pretty simple to steal for hackers. So depends on the situation how are you saving your seed. Just write it on hard paper, keep it in multiple places. So even a piece of paper damage then you would recover it from another piece. Don't store it on any device either online or offline. Because your device would damage or steal at any time. If you lost your backup means your funds are gone.

nakamura12

hero member

Activity: 2268

Merit: 669

Bitcoin Casino Est. 2013

You don't have to be paranoid since the wallet with the seed phrase you are singing doesn't have any cryptocurrency stored so nothing to worry unless you have stored some crypto in it then you need to generate another wallet and transfer the funds right away and your good to go. If ever you wanted to store your seed phrase safe try to use to encrypt your seed phrase using an encryption program offline and store it somewhere else that doesn't have internet connection. Try to visit this thread for more information about encryption https://bitcointalksearch.org/topic/asymmetric-encryption-vs-symmetric-encryption-5342058.

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Quote from: pawanjain on June 18, 2021, 09:31:31 AM

You should always have multiple backups of your seeds and store it in a password protected file or encrypt it as suited.

Also, taking photos is not my kinda thing since I am paranoid as well. The first thing which gets leaked from our devices are photos.
So I wouldn't risk my seeds in it.

You don't even need to be paranoid to take photos as backups. It's simply just a dumb idea. Period.

As for creating digital backups, regardless if it's encrypted, definitely do NOT do this unless you're 100% sure in what you're doing. You may well indeed get the result of having a securely encrypted backup, but there's just so much things that can go wrong in the process that can leak your keys.

pawanjain

hero member

Activity: 2702

Merit: 716

Nothing lasts forever

Quote from: AkhiMertail on June 18, 2021, 01:12:56 AM

Hi this is a random question but is it possible for my seed phrase on hardware wallet to be compromised by an app using my iPhone microphone ? I was singing my seed phrase to memorize it and realized my phone was right next to me. I’m also kinda high and paranoid? I see lots of posts about ppl taking photos of their phrases and losing their coins so I didn’t know if saying my phrase out loud was a bad idea.

If Siri can keep listening to commands on your iphone why not the other apps. If you have such an app which uses your microphone then the chances of someone listening to it on the other hand is quite possible. Although unlikely as mk4 said it is still possible. But you need not worry about it much since such a scenario is highly unlikely and yeah saying out your phrase loud is definitely a bad idea for someone if not the iphone might be listening to you and you won't even know.
Changing the seeds would be a good thing to start with. Memorizing the seed might be good but not having backup of the seeds is definitely wrong.
You should always have multiple backups of your seeds and store it in a password protected file or encrypt it as suited.

Also, taking photos is not my kinda thing since I am paranoid as well. The first thing which gets leaked from our devices are photos.
So I wouldn't risk my seeds in it.

odolvlobo

legendary

Activity: 4466

Merit: 3391

Quote from: AkhiMertail on June 18, 2021, 01:12:56 AM

Hi this is a random question but is it possible for my seed phrase on hardware wallet to be compromised by an app using my iPhone microphone ? I was singing my seed phrase to memorize it and realized my phone was right next to me. I’m also kinda high and paranoid? I see lots of posts about ppl taking photos of their phrases and losing their coins so I didn’t know if saying my phrase out loud was a bad idea.

I think that the probability of forgetting the phrase is much much higher than the probability that someone recorded you.

Topic: Seed phrase security question - page 2. (Read 615 times)