Topic: Storing Private Keys with Colors, how safe is this? - page 2. (Read 538 times)

It is not supposed to save the color patches alone without the hex color codes, of course. Nobody wants to jump into the rabbit hole of color management, color accuracy, color longevity, color fading, you name it. It would be crazy to only rely on the color alone but that's not what this new proposal is about.

I have seen people store data in a song,in a pdf, in a picture you name it, but storing a private key in form of colors isn't going to be me!

What happens, if the color contrast, or sharpness changes  
My guess is as good as yours, the private key is likely to change which means there is a possibility of generating a private key which isnt yours..But love the idea of this as it's hiding information in plain sight  

OK, I relativize my initial assessment regarding this new color encoding scheme. To be fair and honest I didn't look at it very closely before my first response to it.

Encoding from BIP39 words and decoding back is totally doable by hand or at least with some calculator that support decimal<->hexadecimal conversion, that's all you basically need. Of course to play it safe you should well save and backup the procedure so that you're not screwed should the Github repo disappear in the future. The simplicity is actually nice and I still like the fact that a mnemonic word's position is encoded, so it doesn't matter if you mix up the ordering of the colors as long as you of course retain all colors.

What I still don't like is the attempt to sell security by obscurity. It might work, but you can't be sure it does. We have seen such a failure e.g. with brainwallets. You might argue it's not comparable with brainwallets and you're not too wrong with that. My point is basically what @ranochigo said before about steganography. I don't feel safe with obscurity at all.

BIP39colors kind of animates to do unsafe things with your mnemonic recovery words on digital devices, particularly when those originated from hardware wallets. That's my main critic. Yes you can prevent unsafe things if you're knowledgeable and know the pitfalls which newbies commonly don't.

Steganography is not particularly new and the method of using it is quite well-known and have been utilized in quite a few instances. As mentioned, this is a form of security by obscurity where most people wouldn't know that a picture contains a wallet seed or a private key. Of course, it is not meant to be store unencrypted, if anyone catches wind of you doing so, then it wouldn't be too difficult to steal your keys.

Sure, it is safe if you know what you're doing. The only scenario where this is useful is if you require absolute plausible deniability where you are afraid of people trying to steal your Bitcoins. Though, in terms of resistance to the $5 wrench attack, not so much.

Nah, you should never do that because changing the way of your seed words won't be a good thing and if you are doing it with an online tool then you are easily giving your private key to the owners of that site because they can save your private keys and if they ever get access to your wallet address then they or some hackers that can grab the database of the site can easily access your wallet and transfer funds from it. It's always better to keep your private key secret and never let it lie on a system that is connect to internet, and you should never share it on internet not even for fun.

The changing of your seed words into colors doesn't make sense to me and that's why I recommend you to avoid such useless thing because if an hacker is also aware of the method then they can easily decrypt your colors based seed words to their original form and empty your account funds as soon as they get access to it.


The best and most safe path for your wallet safety is to write the private key using a pc that isn't connected to internet and it should also lack all those hardware that can make it possible to connect internet. You should also keep in your mind that the storage device you are using to store your text file would never be able to entered into a pc that's connected to internet, and that way no body will ever be able to hack or access your private key.

I wouldn't want to rely on security by obscurity. Either I'm able to securely store my BIP39 recovery words and make sure no other eyes can find or see them or I use an additional security layer like the optional BIP39 passphrase which of course needs to be stored separate from the recovery words.

I don't buy the so called selling point of BIP39Colors to obfuscate their meaning. It might work but with some adoption it wouldn't be such an obfuscation anymore. That order isn't important is interesting and a nice feature, but I don't consider it the killer feature.

The need to process your recovery words again with another digital tool sounds totally crazy to me. You're supposed to store the recovery words in an analog offline manner, not another digital tool. It would potentially destroy the security a hardware wallet tries to setup when the recovery words are once shown at setup of the wallet for analog backup.

BIP39 recovery words are an easy human readable representation of a large binary secret that no human would directly be able to backup safely if it were not encoded human friendly.
Colors as hex codes are not suitable for this in my opionion. This doesn't make anything easier and proper analog backup is more error prone due to the hex codes.

I have tried the tool (https://enteropositivo.github.io/bip39colors/) which is shared on the Twitter account @enteropositivo^[1].
When I turn off the internet connection and insert the Seed Phrase into the available column and press the Generate Colors button, the results will appear with 8 different colors.



Its use is easy as described, but I am not very sure to save a personal key or seed phrase with the color method offered by the developer Entero Positivo.

I don't want to believe it even though the tool is considered sophisticated.
I am safer to store in my own way without an internet connection even though positivo says he is worried if storing on paper or other physical objects when the thief searches the house and will find it^[2].

---

[1]. https://twitter.com/EnteroPositivo/status/1673041550585069568
[2]. https://cointelegraph.com/news/bip39-converts-crypto-wallet-seed-phrases-colors-art

There are several safe methods of keeping your seed phrase, and of all the options, you have to carefully consider the one that you are comfortable with before you decide. Because this is a new method, thieves who are not keeping up with technology will find it difficult to discover or notice your seed phrase even if it is seen by them in colors. It is new and should be safe until maybe scammers, thieves and cybercriminals find a way to hijack it. It is safe, but not what I will like to try yet, my method of storing my seed phrase is still safe for me.

If indeed this is a new regulation that is applied then there is nothing wrong for those of us who store our assets to follow, as long as the security applied is the same as in prasa, and using colors must have a special storage area because not all applications will be easy to store the color code, whatever the changes without any problems then we can try it for the security of our assets.

It is a permissionless network, so the user is always free to choose or decide what they want to do, but the correct method has to be pointed out for those who do not know what to do. You are right that without great opsec one can lose their funds, even if they store their seed phrase in the right way, but there are ways you shouldn't store your seed phrase, because you can lose it even with good opsec.

You'll either lose it because you obscured it and you can no longer remember the correct order, or you'll lose it because you memorized it. Funds don't have to be hacked before it can be stolen, many people lock themlseves out of their funds because they tried to be too clever wth their back up.

I would not recommend storing a seed-phrase with colors on a PC (with an Internet connection), because in the event of a data leak, attackers will be able to deconvert the wallet using the same program which you indicated in link.

Storing a seed-phrase with colors in a printed form, for example on paper, is fraught with consequences such as fading of colors, which is why you will not be able to restore the original private keys in the future. Change for a couple of tones - and you have lost access to your wallet.

If look closely at the bip39colors code (https://github.com/enteropositivo/bip39colors/#javascript), we can see the color codes. Here is an example: let colors = ['#613911', '#7C5809', '#B8E412', '#225531', '#01AB63', '#3E8775', '#98BDC1', '#E3AFE8']

It is possible to write down the seed-phrase in this form (color codes), but how is it different from the usual storage of the seed-phrase? Few. Of course, this will make it a little more difficult for attackers to decrypt if they have access to your mnemonic phrase, but I don’t think it will be very much.

In general, this method has the right to exist, but you should take into account the additional risks of converting and deconverting to a color palette, although you will not get any outstanding benefits from using it.

It is not storing Private Keys with Colors, it is about BIP39 wallet seed and we can say that it is safe if the code is safe.

I think it adds more complications, as storing these colors digitally is a problem, as it is difficult to print and recognize them visually, and therefore the HEX format must be printed and the resulting code protected from weather factors, earthquakes, shocks, fires, ... etc. these options are available in wallet seed style not color syle.

Do not forget that you must trust the code, as managing it offline does not mean that you are safe, and given the number of simple revisions, this is an additional problem. It's a lot of complications for no benefit, since you can buy a metal seed and put it inside a case that hides the effect of such a thing.

I don't know if we can get color blind when we are getting old and have Retina damage. it's definitely going to be a big problem to distinguish colors. Better to do normally by writing in text or embossed letters on steel to deal if have problem with eye.

Another rhetorical question in the context, that is, perhaps this way of "storing", "protecting" the seeds that you bring us is useless, without hesitation, then should not be asked the question, how safe is this? 0.

Do not get complicated and do not stick to topics that what they do is distort the simple idea of protecting your phrases, these kinds of things are the way to phishing.

OP, I would prefer to store my seed phrase on paper, perhaps in four or five different papers, laminate it, and store it in a very safe, dry place in different locations. Also, I could store it on a stainless steel sheet, and I consider these two methods to be the best and most simple way to safely store my private key or seed phrase. Other Bitcoin users could have their preferred means, but I don't consider converting my seed phrase to colours as a safe means; rather, I feel it's more complicated for me. Everyone has a choice.



Cheers 🥂, Dr.Bitcoin_Strange 👺👺

Yes. It's still the preference of the user and they use it. Because regardless of how simple or complicated the security of the storage, if the user or investor cannot keep it properly and privately then it will be no sense. If you still give your seed phrases or color scheme on scam website, you still cannot protect your own funds in a wallet.

No! Just no!

I had a thought to reinvent seed storage by creating a new method. I used numbers to replace the letters of every word and I was supposed to revert from numbers back to letters once I needed the seed again.

Long story short, I wrote the idea on a paper by writing an example down of how a sheet of metal would look, convinced I’ll never forget how to revert due to how simple it seemed. I found the paper half an year later and I still own it with no clue how the hell to revert numbers to letters. Fortunately, I had no balance on the seed.

Don’t do it. The more unique the method, the more likely you’ll lose your coins. What happens if you die and a relative finds your colors? They’ll likely just throw it in the bin or they won’t even know where to start. Who do you ask about what a string of colors could mean, besides an artist? Because no way in hell your relative’d think it’s a Bitcoin related thing

I think its risky to store it like that. If the color codes are scratched out, then there's no way you'll be able to figure out what most of the color codes are from the color, unless you are a color scientist that is.

And in the case where the color codes can be discerned just by looking at them, don't you think thieves will be able to use the same trick to discover so-called "hidden" seed phrases?

The seed phrase is highly sensitive information that must be kept secret and not shared with any third parties. What makes you think this colour tool will be dependable in the long run? What if it stops working, or if the developer makes changes that contradict the original and affect the original seed phrase saved before using this method? Since it is a third-party notion, it can be readily compromised by him or anyone else who gets their hands on them.

The word is still there; do not save your seed phrase online or connect it to the internet in any way. We live in a technological environment, and what you don't appear to expect or understand can happen at anytime. Stick to the initial method of saving, don’t fall prey of all this no matter how simple they can be to store your seed phrase.

I prefer the old way to store my seed phrases. I have passhrase with them all which is enough for me. If anyone knows my seed phrase, the 21 character passphrase I used with it with upper cases, lower cases, numbers and sign characters is enough against any brute force attack.