Pages:
Author

Topic: Simple way to secure THE Seed (Read 1172 times)

legendary
Activity: 1736
Merit: 1023
January 17, 2017, 08:28:58 PM
#23
Also consider encryption like TrueCrypt, something Snowden has mentioned.

Yeah, it might be better to use VeraCrypt though which is a fork of TrueCrypt and contains additional security patches since TrueCrypt is no longer under development.
legendary
Activity: 1159
Merit: 1001
January 17, 2017, 07:09:35 PM
#22
Also consider encryption like TrueCrypt, something Snowden has mentioned.
legendary
Activity: 1736
Merit: 1023
January 14, 2017, 10:49:04 PM
#21
I have said it several times that the most secure way to conserve the SEED is, at least for me:

Create a Gmail account and add 2FA via a SMS to your phone number needed each time you want to access it.

Start a Linux Live DVD- like Linux Mint and use the latest version of Libre office there, write down your seed in such document, add a strong password to it, than this password protected document add it to a rar file with a strong password also. Than upload this file to your Gmail account with 2FA enabled.

You can install Electrum in the Live session and then restore it in your PC after finishing saving and uploading the file to your Gmail. This is how I keep my seeds as I have different wallets.

The password to be strong enough like at least 16 characters and to make sense only to you and not contain dictionary words.

I do similar, however, I use PGP encryption then upload it to the cloud.  

Also, I memorized my seed... though not too sure how well I can remember it when I'm much older.


Yeah, if you are gonna store it in the cloud, you should definitely be sure to use some sort of encryption to secure it. I wouldn't feel safe storing my seed in the cloud in unencrypted form.
legendary
Activity: 1159
Merit: 1001
January 14, 2017, 09:45:22 PM
#20
I have said it several times that the most secure way to conserve the SEED is, at least for me:

Create a Gmail account and add 2FA via a SMS to your phone number needed each time you want to access it.

Start a Linux Live DVD- like Linux Mint and use the latest version of Libre office there, write down your seed in such document, add a strong password to it, than this password protected document add it to a rar file with a strong password also. Than upload this file to your Gmail account with 2FA enabled.

You can install Electrum in the Live session and then restore it in your PC after finishing saving and uploading the file to your Gmail. This is how I keep my seeds as I have different wallets.

The password to be strong enough like at least 16 characters and to make sense only to you and not contain dictionary words.

I do similar, however, I use PGP encryption then upload it to the cloud.  

Also, I memorized my seed... though not too sure how well I can remember it when I'm much older.
newbie
Activity: 58
Merit: 0
December 20, 2016, 01:16:09 AM
#19
I just store mine in 3 discreet places.  Also, one in the cloud, inside of a school paper... good luck finding it.  lol
newbie
Activity: 21
Merit: 0
December 16, 2016, 11:54:11 AM
#18
I think the simplest way is to simply memorize your words using nemonics or whatever its called.

Using the above example with 6 words
1613  sister   0003 able  0832 gun  0558 eat   0242 bullet   0082 any

Remember a sentenace such as
"My sister was able to buy a gun and later went to eat some bullet(s) and any day now is her funeral"


It's not so easy to remember precisely something for a long time, especially  when you don't use it frequently.
And what if you have (like me) several wallets ?  something must be written somewhere.

In a similar way .... Remembering the PIN code of a credit card,  I have 5 and among them 3 I use at most  four or five time a year.

My solution is a bit different but in the same way : I write a four digit pin code on the card   ( not the real one, but each help me to retrieve the good !)

 Stolen, my card will go quickly to... a cash machine   normal : what will you do if you find a credit card with the Pin Code ?? bring it back to the lost objects office?  or try to get some cash?
So you type  the code  Wrong  1st trial   , damned, probably your too big fingers slipped on the small keyboard..
 you type carefully  the same code for the second trial  >> Wrong
For the third and last trial , you'll probably type the code from last to first digit...  Wrong
And my card could sleep in the  cash machine Grin
By chance "brut force" is limited no more than 3 trials.
And the encryption is different for each card, for the quite impossible event : my five cards stolen by the same who by chance (1/9998 Shocked) succeeds with the third trial on the first or second card.

I prefer the card to finish in the safe box of the bank either than visiting the web where it can move money without using the Pin.

And at first, it remains the simpler way for me to retrieve this damned pin code Cheesy
legendary
Activity: 3472
Merit: 10611
December 16, 2016, 09:18:25 AM
#17
~Another problem is that it's tied to Electrum, so if tomorrow Electrum will become useless ~

this doesn't make sense. electrum's seed are not a super secret formula, it is an open source code that can never die even if electrum development stops.
and if you like me don't understand the code of electrum you can easily ask someone to point out where it is or writes you a simple couple of lines to convert your seed to your set of private keys.

Quote
Let me tell you an on-topic, but pretty paranoid idea: since I assume OP uses an Android phone with the contacts synced, Google can see that the phone numbers are non existing ones. Since they have one of the best web crawlers, they can surely find the recipe OP has posted, make a cross-reference and recover all Electrum seeds saved with this idea. And they don't even have to know who you are in real life.

i think OP has a written phonebook (on physical paper) in his mind rather than on his phone but this is a good point to have in mind.
legendary
Activity: 3808
Merit: 1723
December 15, 2016, 06:03:25 AM
#16
I think the simplest way is to simply memorize your words using nemonics or whatever its called.

Using the above example with 6 words

1613  sister   0003 able  0832 gun  0558 eat   0242 bullet   0082 any


Remember a sentenace such as

"My sister was able to buy a gun and later went to eat some bullet(s) and any day now is her funeral"

legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
December 15, 2016, 03:15:32 AM
#15
the robber who comes to your home is not going to steal your papers and phonebook, he instead would take all the jewleries, your TV, computer, laptop and if he has time and a vehicle he is going to take your microwave ,.... Cheesy

Well said.
Somehow people tend to keep their Bitcoin ... data... all in one place. Like wallet and seed both on the phone.
Now, OP's proposal is one of the best ways to keep seed I've seen. But it still has the issue of keeping it on the phone, where probably the wallet also is.
Another problem is that it's tied to Electrum, so if tomorrow Electrum will become useless (of course the chance is almost 0), the better choice is to keep your private keys on paper.

But all this is offtopic, because the idea was to keep the Electrum seed at hand in a very easy place. And this solution is good.



Let me tell you an on-topic, but pretty paranoid idea: since I assume OP uses an Android phone with the contacts synced, Google can see that the phone numbers are non existing ones. Since they have one of the best web crawlers, they can surely find the recipe OP has posted, make a cross-reference and recover all Electrum seeds saved with this idea. And they don't even have to know who you are in real life.
legendary
Activity: 3472
Merit: 10611
December 15, 2016, 01:33:49 AM
#14
sorry to be a bit offtopic but whenever someone says writing your private keys, seed, etc on a piece of paper is not safe because anyone can steal it easily i can't help but be reminded of this scene in scary movie (2000)
https://www.youtube.com/watch?v=fddw9B_7Wuc

the robber who comes to your home is not going to steal your papers and phonebook, he instead would take all the jewleries, your TV, computer, laptop and if he has time and a vehicle he is going to take your microwave ,.... Cheesy
newbie
Activity: 21
Merit: 0
December 11, 2016, 05:01:28 AM
#13

Quote

Like Shorena said, once somebody knows that you have hidden it this way (say by reading this thread), it is not difficult to crack.
And if it is online (if you use a smartphone), then the risk is even higher.

And so what  Huh  You red this thread, and you know my way...  but do you know me Grin  My name, address ?, (BtW i've NO smartphone, forbidden by my religion)  Shocked, I'm far from to be a Geek  Cheesy

By chance if you come home (you're welcome ) , you'll probably be afraid by the amount of Books and handwritten papers ... not very useful for your nice cracking software. maybe after a couple of months of busy holidays (nice place close to the sea side)... you'll find the Graal  Grin


I just wanted to say, that's the best place to hide a very important thing (in that case information) is to let it, unhidden in the middle of a lot of others looking without any interest.

 Wink Everybody has a phone list, few people ( 0,001%  surely more less) have an electrum wallet and SEED to hide.

Q.E.D  Grin  or as said in French  C.Q.F.D.
legendary
Activity: 1042
Merit: 2805
Bitcoin and C♯ Enthusiast
December 11, 2016, 12:07:33 AM
#12
For example  (only 6 words)    1613  sister   0003 able  0832 gun  0558 eat   0242 bullet   0082 any

Jane  01 16 13 00 03    Peter  01 08 32 05 58    Steve  01 02 42 00 82 (in alphabetical order )

This is a very interesting method. Thanks for sharing.

What if that txt file changes? What if eat will be 0559?
What if the file is deleted?

This being said, you better keep a copy of that file on your phone. And then your method becomes pretty good.

As far as I can tell, the wordList has never changed. https://github.com/spesmilo/electrum/commits/master/lib/wordlist/english.txt
It has moved around but never changed.

Even if Electrum repository disappears there are 485 forks and lots more clones you can easily find on the internet to recover the english.txt file.
legendary
Activity: 1918
Merit: 1012
★Nitrogensports.eu★
December 10, 2016, 10:14:12 PM
#11

Quote

I would consider a smartphone as insecure. A lot of apps can access your contact list.
Do you have an app like True Caller installed? If yes, those contacts could be broadcast to the world.
You don't necessarily need to have somebody to physically steal your phone and browse your contacts to find them.

I just want to notice, that the purpose is to hide the mean to retrive the Seed in a place that can't look like a safe box...
If you put your banknote in a plastic bag in the flush of your toilets, they'r probably more secure than in your big safe boxor under your mattress or Under a pile of shirts in your wardrobe.

Ok anybody could crack your smartphone or any other device, but for what???  is there any Electrum's seed to find among 6 or seven of any phone numbers anywhere in the world Huh in that case you can also try to find A seed among the words or figures of a school paperbook or in a shopping list  Grin

You want to hide it in plain sight. It would work in most cases.
Like Shorena said, once somebody knows that you have hidden it this way (say by reading this thread), it is not difficult to crack.
And if it is online (if you use a smartphone), then the risk is even higher.
newbie
Activity: 21
Merit: 0
December 10, 2016, 01:59:42 PM
#10

Quote

I would consider a smartphone as insecure. A lot of apps can access your contact list.
Do you have an app like True Caller installed? If yes, those contacts could be broadcast to the world.
You don't necessarily need to have somebody to physically steal your phone and browse your contacts to find them.

I just want to notice, that the purpose is to hide the mean to retrive the Seed in a place that can't look like a safe box...
If you put your banknote in a plastic bag in the flush of your toilets, they'r probably more secure than in your big safe boxor under your mattress or Under a pile of shirts in your wardrobe.

Ok anybody could crack your smartphone or any other device, but for what???  is there any Electrum's seed to find among 6 or seven of any phone numbers anywhere in the world Huh in that case you can also try to find A seed among the words or figures of a school paperbook or in a shopping list  Grin
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
December 10, 2016, 10:07:00 AM
#9
What if that txt file changes? What if eat will be 0559?
What if the file is deleted?

This being said, you better keep a copy of that file on your phone. And then your method becomes pretty good.
legendary
Activity: 1946
Merit: 1007
December 10, 2016, 10:00:28 AM
#8
I have said it several times that the most secure way to conserve the SEED is, at least for me:

Create a Gmail account and add 2FA via a SMS to your phone number needed each time you want to access it.

Start a Linux Live DVD- like Linux Mint and use the latest version of Libre office there, write down your seed in such document, add a strong password to it, than this password protected document add it to a rar file with a strong password also. Than upload this file to your Gmail account with 2FA enabled.

You can install Electrum in the Live session and then restore it in your PC after finishing saving and uploading the file to your Gmail. This is how I keep my seeds as I have different wallets.

The password to be strong enough like at least 16 characters and to make sense only to you and not contain dictionary words.

You can use a password manager with 2FA enabled to store the password for your google account.

That would up the security an aditional layer with the method you described. If you really wanna go crazy, get the 2FA from a different source, either a different phone or a hardware solution that creates the 2FA codes.
hero member
Activity: 1050
Merit: 529
December 10, 2016, 01:57:15 AM
#7
~snip~

I would consider a smartphone as insecure. A lot of apps can access your contact list.
Do you have an app like True Caller installed? If yes, those contacts could be broadcast to the world.
You don't necessarily need to have somebody to physically steal your phone and browse your contacts to find them.
Yep thats what I think is the biggest disadvantage of this method, right now a lot of apps have access to contacts. An alternative to this is think is writing down the phone number in a physical phone book rather than saving them in the phone.
legendary
Activity: 1918
Merit: 1012
★Nitrogensports.eu★
December 09, 2016, 09:52:56 PM
#6
Not in a safe box or other technical device with many locks, but simply hidden where nobody could imagine there’s something precious to discover :

My way is to hide the seed among phone numbers

The whole list is public  https://github.com/spesmilo/electrum/blob/master/lib/wordlist/english.txt easy to find anywhere as soon as you're connected

Each word has a number  between  0001 and 2048 ( I use the number with 4 digits)

For example  (only 6 words)    1613  sister   0003 able  0832 gun  0558 eat   0242 bullet   0082 any

Then  I add 3 new friends in my address book (paper or electronic ‘s one) with their phone number: In my coutry the phone numbers are 10 digits long.
 
The last 8 digits of each phone number are 2 words (4 +4)

Jane  01 16 13 00 03    Peter  01 08 32 05 58    Steve  01 02 42 00 82 (in alphabetical order )
My address book in my pocket or laptop or smartphone, and anywhere I can access to the list, I am able to rewrite this damned seed within minuts
A list of phone numbers is much more easy to be “anonymous” than a sequence of words which can hardly look like a sentence.

Hope it could be helpful.

I would consider a smartphone as insecure. A lot of apps can access your contact list.
Do you have an app like True Caller installed? If yes, those contacts could be broadcast to the world.
You don't necessarily need to have somebody to physically steal your phone and browse your contacts to find them.
hero member
Activity: 761
Merit: 606
December 09, 2016, 04:06:45 PM
#5
The other thing once you accumulate coins, say a 21 club member, is what happens when you are gone?  I can't imagine anyone but you ever learning your method of SEED concealment.  You may not have my concerns in this regard, but many collectors do.  (Some of us are not 20 anymore)
legendary
Activity: 910
Merit: 1000
December 09, 2016, 01:23:22 PM
#4
I have said it several times that the most secure way to conserve the SEED is, at least for me:

Create a Gmail account and add 2FA via a SMS to your phone number needed each time you want to access it.

Start a Linux Live DVD- like Linux Mint and use the latest version of Libre office there, write down your seed in such document, add a strong password to it, than this password protected document add it to a rar file with a strong password also. Than upload this file to your Gmail account with 2FA enabled.

You can install Electrum in the Live session and then restore it in your PC after finishing saving and uploading the file to your Gmail. This is how I keep my seeds as I have different wallets.

The password to be strong enough like at least 16 characters and to make sense only to you and not contain dictionary words.
Pages:
Jump to: