Author

Topic: Seeking feedback on my HD wallet setup plan (Read 74 times)

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
The objective here is to build a wallet strategy that's impervious to my own forgetfulness, potential house BBQs (aka house fires), theft, hackers breaking in to my cloud account, and even the notorious $5 wrench attack.
That's the holy grail of seed storage. I've never been able to find one that I'm completely happy with, it's always a compromise between not losing access by yourself and preventing others from gaining access.

Quote
Step 1: I'm going to concoct two passwords, hidden in plain sight within a book. I'll pick twenty random words and mark them with underlines or circles, interspersed with entire sentences and decoy notes for good measure. This book will be stored inconspicuously at home, and a duplicate copy (markings included) will be kept at my workplace or a relative's house.
This part sounds like a brain wallet. How will you be sure you still remember the exact decoy notes after 10 years? I've seen people lose access to their coins while they used a less complicated (but also made-up by themselves) system.

Quote
They'll be none the wiser about its significance.
If a relative asks me to keep a book with weird markings, I'd be curious.

Quote
I'll also make a mental note of these passwords. I do realize that this approach might not generate the most random or high-entropy passwords possible (compared to, let's say, picking 20 totally random words from a dictionary), but I believe they will be robust enough for the job at hand.
Take a look at Collection of 18.509 found and used Brainwallets. Creating your own random is risky (although, with 20 words, I don't think it's terrible).

Quote
Step 2: I'll use Ian Coleman's BIP39 tool on an offline computer to create a 24-word seed
Being offline isn't enough: the OS should never be connected to the internet again. So use a Linux Live DVD.

Quote
using a deck of cards for randomness
A deck of cards is great to store randomness, but creating real randomness is tricky. Why don't you use many coinflips instead?

Quote
This mnemonic phrase will be encrypted with the first password and tucked away into a .txt file
What encryption will you use?
I like BIP38 because it's very hard to brute-force, but unfortunately there's still no standard way to encrypt seed phrases.

Quote
which will reside both locally and on the cloud.
No matter how you do it, when you want something to remain private, don't upload it.

Quote
A physical copy will also be safely stashed among my belongings at home.
Since you were using cards: why not just keep the deck? Just don't drop it when you need to restore your stash Tongue

Quote
Step 3: The 24-word seed will be transferred to a hardware wallet, where I'll deposit a small amount of funds as a honeypot. This will alert me if someone manages to get their hands on my seed. Then, I'll add a passphrase using the second password and transfer the lion's share of my funds there.
That means, each time you want to make a transaction, you'll have to remember 20 words (or browse through a book) and type 20 words into your hardware wallet using 2 tiny buttons. How long does that take? If you make it that complicated, why not just go for a BIP38 encrypted private key that you'll use offline and air-gapped?

Quote
Now, for the worst-case scenarios:

• Memory lapse: The marked book serves as my cheat sheet. If I can't even remember which book I used, well, that's probably dementia and at that point, I guess my wallet will be the least of my worries.
The human memory is a funny thing. I wouldn't rely on it entirely, I've remembered useless things and forgotten more important things. It happens.

Quote
• House fire: Should my home pull a spontaneous BBQ act, I can retrieve my encrypted seed phrase from the cloud, and the passwords can be found either from my memory or from the book's doppelgänger.
If you remember your cloud passwords, it's probably not very strong Wink

Quote
• Theft: I doubt that any burglar moonlighting as a literary critic will decipher the marked book and connect it with my seed phrase. In a worst-case scenario, they might just stumble upon the honeypot and stop there.
Granted: this sounds quote burglar-proof. But it's tipping far too much into the "losing access by yourself" end of the deal for my liking.

Quote
• Cloud account hacking: Even if a hacker manages to breach my cloud accounts, they'd still need to crack two robust passwords to access my seed phrase. They might just call it a day after draining the honeypot.
This stands or falls with the encryption you use.

Quote
• $5 wrench attack: In such a case, I'd lead the attacker to the honeypot. If they still insist on more, I guess there isn't much more I can do.
I wouldn't expect a $5 wrench attack to be random. If it's targeted, they'll know what they're looking for.

Quote
I look forward to hearing your thoughts on my plan. Thank you for your time and insight!
TL;DR: KISS.
newbie
Activity: 6
Merit: 11
I'm in the process of creating a new HD wallet and am hoping for some constructive criticism on my plan, especially if there's anything that you think could be improved.

The objective here is to build a wallet strategy that's impervious to my own forgetfulness, potential house BBQs (aka house fires), theft, hackers breaking in to my cloud account, and even the notorious $5 wrench attack. So, let's dive into my approach:

Step 1: I'm going to concoct two passwords, hidden in plain sight within a book. I'll pick twenty random words and mark them with underlines or circles, interspersed with entire sentences and decoy notes for good measure. This book will be stored inconspicuously at home, and a duplicate copy (markings included) will be kept at my workplace or a relative's house. They'll be none the wiser about its significance. I'll also make a mental note of these passwords. I do realize that this approach might not generate the most random or high-entropy passwords possible (compared to, let's say, picking 20 totally random words from a dictionary), but I believe they will be robust enough for the job at hand.

Step 2: I'll use Ian Coleman's BIP39 tool on an offline computer to create a 24-word seed, using a deck of cards for randomness. This mnemonic phrase will be encrypted with the first password and tucked away into a .txt file, which will reside both locally and on the cloud. A physical copy will also be safely stashed among my belongings at home.

Step 3: The 24-word seed will be transferred to a hardware wallet, where I'll deposit a small amount of funds as a honeypot. This will alert me if someone manages to get their hands on my seed. Then, I'll add a passphrase using the second password and transfer the lion's share of my funds there.

Now, for the worst-case scenarios:

• Memory lapse: The marked book serves as my cheat sheet. If I can't even remember which book I used, well, that's probably dementia and at that point, I guess my wallet will be the least of my worries.
• House fire: Should my home pull a spontaneous BBQ act, I can retrieve my encrypted seed phrase from the cloud, and the passwords can be found either from my memory or from the book's doppelgänger.
• Theft: I doubt that any burglar moonlighting as a literary critic will decipher the marked book and connect it with my seed phrase. In a worst-case scenario, they might just stumble upon the honeypot and stop there.
• Cloud account hacking: Even if a hacker manages to breach my cloud accounts, they'd still need to crack two robust passwords to access my seed phrase. They might just call it a day after draining the honeypot.
• $5 wrench attack: In such a case, I'd lead the attacker to the honeypot. If they still insist on more, I guess there isn't much more I can do.

I look forward to hearing your thoughts on my plan. Thank you for your time and insight!
Jump to: