Pages:
Author

Topic: Storing Private Keys with Colors, how safe is this? (Read 590 times)

hero member
Activity: 2366
Merit: 838
Hm, why just limit yourself with colors-pallet.

We can advance further and convert SEED phrase into music.

I have just used Music Sheet Cipher and converted the following SEED (search where universe puzzle search doctor dumb holiday patch wheel begin detect) - don't use it! - into music notations.


Quote
You must have good musical knowledge to understand it. Does the musical sheet contains all seed words and does not include non-seed words?

Because if you hide your seed words, mix them with non-seed words, you will have problems to find whatrl words are from your seed.

It is better if the sheet only contains seed words but what will happen if with this large piece of paper, you will have more risk to see it gets wet, damages by physical threats. I could be wrong but a smaller piece of paper is better for me to store my seed. It is more easily to backup, storage safely and recover in future.
full member
Activity: 1092
Merit: 227
Unless and until I am not sure about the exact pattern of conversion and also safety standard I may not get involved with modern ways of conversions. I would rather prefer to keep my bitcoins on paper wallet and Store it somewhere safe. I had very bad experience with the software wallets such as mycelium and others when it comes to backing up and importing the previously generated address.

With such coded messages I don’t want to complicate it even further. What if colors are read in wrong way? How many combinations it would generate with just 8 color codings? I don’t know everything seems ambiguous at this stage. But let’s hope they will have full proof System soon. It’s always welcomed.
hero member
Activity: 714
Merit: 1298
Hm, why just limit yourself with colors-pallet.

We can advance further and convert SEED phrase into music.

I have just used Music Sheet Cipher and converted the following SEED (search where universe puzzle search doctor dumb holiday patch wheel begin detect) - don't use it! - into music notations.


Quote

P.S. Hope everyone will  catch the  subtleties of sarcasm in my post  Grin
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
After all, art is abstract and a bunch of colours mashed together wouldn't raise any suspicion.
But, as discussed, will also result in your losing your coins. There is absolutely no way you can take 8 colors and print them out, and then later scan them back in and recover the same hex codes. You must include the raw codes or this method is useless. And if you include the raw codes then you need to hide them, because why else would someone have 8 random hex codes written down? And if you can hide them, then you can just hide the seed phrase and not add in all the additional risks of writing down a mistake, using this unreviewed code, being dependent on this code to regenerate your seed phrase, and so on.

Don't forget the case where the scanner or printer reads or writes the colors in greyscale. Or the case where your device's color profile screws up and converts the colors in your image to the "correct" color profile. Or images encoded in an unreadable format such as RAW, with colors auto-converted when turning it into a PNG or something else readable. Or the fact the browsers cannot render any color consistently except for the web-safe colors.

I get that the color space being used is (somewhat?) limited, but we'd still have problems even if this was done with 8-bit colors or web-safe colors only.
legendary
Activity: 2268
Merit: 18771
After all, art is abstract and a bunch of colours mashed together wouldn't raise any suspicion.
But, as discussed, will also result in your losing your coins. There is absolutely no way you can take 8 colors and print them out, and then later scan them back in and recover the same hex codes. You must include the raw codes or this method is useless. And if you include the raw codes then you need to hide them, because why else would someone have 8 random hex codes written down? And if you can hide them, then you can just hide the seed phrase and not add in all the additional risks of writing down a mistake, using this unreviewed code, being dependent on this code to regenerate your seed phrase, and so on.
legendary
Activity: 2520
Merit: 1218
There are pros and cons of such storing method. Someone might think that this is another level of defense, but that might turn into another level of complexity. For example you lose some mobility. User no longer will be able to act as fast as previous. If this is a script, and color palette isnt endless, then one day it can be bruteforced. And in future, for AI, this wont be a insurmountable barrier.
hero member
Activity: 1316
Merit: 787
Rollbit - The #1 Solana Casino
I absolutely refuse to toy with my seed phrase under any circumstances. I am adamantly against using any online tools to convert my seed into color names, as storing your seed phrase in any online storage is strongly discouraged. I will adhere to the conventional method of using a seed phrase and ensure it is securely stored in a safe location. Why would we take the risk of jeopardizing our seed when there is a clear danger involved?
Storing the seed pharse or private key in a tool made by a random person is not an option we should do. You are right. Why should we trust others when we can store them ourselves in a place that we deem safe offline despite the sophistication of the tools offered by Dev Entero Positivo.
I wouldn't trust it at all because it's still possible that the owner of the device could access it.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
I think storing Private keys with colors, just adds another process that can be deciphered... if you have the method to do it. I still think the best way to store Private keys are to split them up in a way that only the owner knows how to reconstruct it. (not other people that knows the method)

I can store pass phrases and Private keys online, without anyone being able to identify it. I can leave a template to my friends and family to decipher it, when I am gone.  Grin
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
I would still argue that a too easy, call it lazy, brainwallet is kind of security by obscurity. You hide your too easy, too bad, maybe lazy, easy to remember phrase behind a hash and hope it's not found by "crackers". People tried to cut corners to be able to remember some random looking secret when in fact it wasn't hidden well enough.

You can have a perfectly safe brainwallet, but not derived from publicly available data or publicly available words which probably only need some amount of mixing. We all know how this turned out for many brainwallets.
Humans are bad sources for entropy. By brainwallet's scheme, if I were to generate a key that is sufficiently long and has sufficient entropy, it would never get cracked. Note that brainflyer cracks the keys at a pretty fast speed but it is very far from exhausting the entire space of SHA256.

The thing with this scheme is somewhat similar. You could try to make some abstract digital painting with only 8 or 16 colors. Would that attract suspicion? It depends, you can't be sure. Decoding the colors' hex values, transforming them to decimal could raise suspicion again because you could notice that all colors have at their front two digits monotonically rising in a quite unusual way.

I'd say, it's not an easy puzzle to solve but not well enough hidden, too. For hidden in plain sight, I believe, it's a gamble. With this, I don't like to gamble.
Hiding anything without encryption isn't the best way of doing things anyways. Even a safe can be cracked given time, and most people usually add a layer of encryption ontop of their keys before hiding behind something.

The beauty about this is that there isn't a set way of recovering or encoding your keys. It is perfectly possible for you to choose a unique obfuscation technique that doesn't raise the slightest form of suspicion and people wouldn't bother figuring out how you've encoded it. After all, art is abstract and a bunch of colours mashed together wouldn't raise any suspicion.
sr. member
Activity: 924
Merit: 365
If the seed phrase is what is to be shared or shown to people, I would say it will be beautiful for someone to have his or her seed phrase beautifier with colors so that people would see how beautiful their seed phrase looks with colors. But in this case, the seed phrase is not to be shared or shown to people, beautifying it with colors doesn't make sense since the seed phrase is meant to be stored and written down on a piece of paper where eyes can not see or touch it except you.

The old method will remain the best for me, I won't try on the new approach of color beautifying of seed phrase because, to me, it doesn't make sense since am not showcasing my seed phrase to anyone
legendary
Activity: 2716
Merit: 1383
I recently came across an interesting new tool developed by Bitcoin developer Entero Positivo on GitHub This tool claims to offer a different way of storing Bitcoin seed phrases using Bip39colors. According to the developer,
Quote
you can convert a 12-word phrase into 8 colors (or a 24-word phrase into 16 colors) and then convert them back to the original seed

However, I personally have reservations about this idea of storing seed phrases as colors. It raises concerns about the safety of the conversion process and the risk involved in using an online tool to handle sensitive information like seed phrases. Instead, I believe it's safer to stick to the traditional method of storing seed phrases.
I would like to hear your thoughts on this matter. Do you trust this new approach, or do you prefer the old method of storing seed phrases? Let's  share our opinions on this
All things being equal it is better to keep things as simple as possible in order to reduce that chances of making a mistake and losing your coins, and while you can do this if you want I think it is a bad idea to add this additional step as I do not see it adding too much security to your coins and instead I see it as an additional headache and point of failure, after all what can be more simple than to just write your seed words on a notebook and keep several backup copies in the case of an emergency?
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
I would still argue that a too easy, call it lazy, brainwallet is kind of security by obscurity. You hide your too easy, too bad, maybe lazy, easy to remember phrase behind a hash and hope it's not found by "crackers". People tried to cut corners to be able to remember some random looking secret when in fact it wasn't hidden well enough.

You can have a perfectly safe brainwallet, but not derived from publicly available data or publicly available words which probably only need some amount of mixing. We all know how this turned out for many brainwallets.

The thing with this scheme is somewhat similar. You could try to make some abstract digital painting with only 8 or 16 colors. Would that attract suspicion? It depends, you can't be sure. Decoding the colors' hex values, transforming them to decimal could raise suspicion again because you could notice that all colors have at their front two digits monotonically rising in a quite unusual way.

I'd say, it's not an easy puzzle to solve but not well enough hidden, too. For hidden in plain sight, I believe, it's a gamble. With this, I don't like to gamble.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
What I still don't like is the attempt to sell security by obscurity. It might work, but you can't be sure it does. We have seen such a failure e.g. with brainwallets. You might argue it's not comparable with brainwallets and you're not too wrong with that. My point is basically what @ranochigo said before about steganography. I don't feel safe with obscurity at all.
Brainwallet isn't security by obscurity, because it isn't intended to be obscure. Brainwallet can work if the keys are long and random enough, with enough key stretching. Storing seeds as words isn't the failure of it, but allowing user to compromise on the entropy would be.

I would argue that it could work, provided that the security model fits the threat. There is no safe that can't be cracked with a matter of time, but if you were to hide a perfectly normal looking art piece, or an image file for that matter beside the safe, then there is no good reason why the adversary won't be trying to crack your safe instead. All is given with the fact that your adversary doesn't have prior knowledge of it.

Both the passphrase and your safe are susceptible to $5 wrench attack so there is that.
member
Activity: 388
Merit: 30
Reward: 10M Sheen (Approx. 5000 BNB) Bounty
There idea look nice but not too good and  cannot be relied on as means of storing private keys and mnemonics . If a system is designed to convert private keys which are combination of words to color, I believe another means can be generated to decode those color. Remember we are in an ever growing technological world.  So it can become easy to decode what a particular color refers to of access is granted to the wrong hand.

It is best to think of storing your private keys in the best form you can ever think and also do your bitcoins stuff behind the scene so that you won't attract attackers or scammers.
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
It's up to you on what you want to do when storing a seed phrase. Whatever method you are comfortable with the go with it. The point for the developer is if you want another method of storing seed phrase then he has something to offer for that and as I have said, it is up to you on what you decide to do either you use the said method or you go with the traditional one. If you are not use if it's safe or okay to use then never use it but if it's safe and you still don't want to use then that's also fine after all, it's your seed phrase and not someone else.
hero member
Activity: 1750
Merit: 589
Do whatever you want with your private keys, just do not store it in a notepad file on a system connected to Internet or in your emails or in any place which is connected to Internet.
Make sure your private key stays offline. Register it down or write it down and store it in a locker. Also, do not ever store your private keys in a phone app which says it will keep it protected.

Anything that is connected to internet can surely giveaway your private key. Making an encryption like this and storing it doesn't save it either. Someone will crack it down.
Exactly. Nowadays people overcomplicate security when all they really have to do is make sure that no one gets to it that you don't allow. You don't want to write it down or you're too lazy to type it out letter for letter so you don't want to use a paper wallet? jot it down to a notepad and save it on your local hard drive. You're a nerd who wanted to make sure nobody really gets into it? By all means buy one of those overpriced cold wallets if that's what will make you feel safe. Just don't save it on OneDrive, your personal email, or your personal DMs on FB and Twitter or whatever social media you usually use. Do this and you're safe from anyone who's trying to get a hold of your coins no problemo.
legendary
Activity: 2422
Merit: 2228
Signature space for rent
I absolutely refuse to toy with my seed phrase under any circumstances. I am adamantly against using any online tools to convert my seed into color names, as storing your seed phrase in any online storage is strongly discouraged. I will adhere to the conventional method of using a seed phrase and ensure it is securely stored in a safe location. Why would we take the risk of jeopardizing our seed when there is a clear danger involved?
hero member
Activity: 2282
Merit: 589
Storing your private key offline and not on Internet-connected systems is the best way to keep it safe. Store your private key in a secure locker, you ensure that no one can access it through the Internet.
I agree with your opinion, why do we need a tool to convert phrases to colors or other tools if we have various offline or traditional ways to store phrases or private keys safely without anyone knowing, I doubt every tool works to convert phrases even if the code of the development tool exists on github, but I don't use the phrase main wallet other than accessing on the official wallet app.

I still implement the method of storing phrases using traditional methods because guaranteed wallet access will be safe compared to you giving access to third parties to fill in your phrase code in the word column to be converted, if you don't realize that the phishing web will lose all your assets in the wallet .
sr. member
Activity: 1316
Merit: 254
Sugars.zone | DatingFi - Earn for Posting
Storing your private key offline and not on Internet-connected systems is the best way to keep it safe. Store your private key in a secure locker, you ensure that no one can access it through the Internet.

Also, it's a smart idea to avoid storing private keys in phone apps or anywhere else connected to the Internet. You need to ensure that your private key is not remotely accessed or stored on any platform for its safety.
sr. member
Activity: 1624
Merit: 315
Leading Crypto Sports Betting & Casino Platform
I recently came across an interesting new tool developed by Bitcoin developer Entero Positivo on GitHub This tool claims to offer a different way of storing Bitcoin seed phrases using Bip39colors. According to the developer,
Quote
you can convert a 12-word phrase into 8 colors (or a 24-word phrase into 16 colors) and then convert them back to the original seed

However, I personally have reservations about this idea of storing seed phrases as colors. It raises concerns about the safety of the conversion process and the risk involved in using an online tool to handle sensitive information like seed phrases. Instead, I believe it's safer to stick to the traditional method of storing seed phrases.
I would like to hear your thoughts on this matter. Do you trust this new approach, or do you prefer the old method of storing seed phrases? Let's  share our opinions on this

Well you already said that it would be better to stick to traditional method of storing seed phrases, I have seen a lot of ways in storing their own seed phrase but I don't know I just find it making it complicated for themselves. You could just write down and store it in a safe place that's it. Still it's up to you, you can do whatever you want since it's your assets that your risking. Just do not save your seed phrase online where hackers or scammers could access it. Plus do not click any link cuz it might be a drainer to your wallets. If colors is the way you could remember those seed phrase then go for it. Just be cautious because it's your assets at risk.
Pages:
Jump to: