Topic: Usb Encryption (Read 492 times)

If lamination poses a problem to anyone with the fear of the words fading, they can have a dual backup in the same location, one written on regular paper and the other written on regular paper but laminated. The laminated one provides the extra security of being protected against tears, wetness and some other hazards and the other backup protects your fear of it fading.

I have laminated documents for several years that have shown no sign of fading in the slightest but it is best to take any precaution possible when it costs nothing to do.

- Jay -

Whatever procedure you apply to secure or encrypt your valuable secrets, lets hope you have every step well documented, unless it's very obvious like for SLIP39, because it's almost certain that after some years you will forget what you did and you likely then will loose access to your secrets. Much more, if something should happen to you, none of your heirs will know how to access those encrypted secrets if there's no precise documentation (which needs to be protected, too, a devilish loop emerges).

You can just create a new wallet with the same seed on the iancoleman page (offline) for example or in a wallet accepting it, but with an extra passphrase and then just transferring your assets over there. The wallet won't be the same of course, but you will just need to store a new passphrase, since you have already back up your seed and it stays the same.
Another strategy allowing to keep the same wallet could be to encrypt your initial entropy with BIP38 like explained here https://bitcointalksearch.org/topic/thinking-of-separating-my-holdings-into-two-physical-locations-5437245 or with SLIP39 https://github.com/satoshilabs/slips/blob/master/slip-0039.md
When you will need to use your seed you will have to decipher and to derive it from the encrypted entropy, but your seed will be secured at least. You can get back this entropy from your seed by reversing the first part of the BIP39 algorithm. That is to say by getting the rank of each word of the seed into the BIP39 wordlist, subtracting 1, converting each number in binary radix and removing the part corresponding to the checksum.

I think most folks who prefer to keep their private keys and seed phrases only in digital form, without any old-school "hard copy" backup, might be a bit in the dark about what is really going on inside those memory cells in their SSDs and Flash drives and might not be fully aware of all the risks involved. I even saw someone saying they feel safe because they have copies on two flash drives. That gave me a good laugh!

This belongs to someone that I know, my relative:



The page is clearer here than what you are looking at on the above image. I do not see anything like fading at all.

Check the date on the page that I screenshot. That was 20th May, 1995. That was more than 28 years ago.


You can do another backup every year.

Don't use pen, because you most likely have cheap pen, and these don't last long on paper. Ink fades, especially if exposed to moisture or light. Pencil is more resistant due to it being graphite-based, and you can get much better quality from a $5 pencil than an expensive pen.

I just checked my notebooks from the early days of elementary school. Teacher's text written with pen ink is very readable, but a few parts have started sort of fading. My text, which was written with pencil, is like I wrote it yesterday. That must have been good quality paper, though. (less than 20 years ago)

The main reason to laminate paper is to protect it from flooding, and this risk seems to be increasing lately in many places.
If you're afraid the ink will somehow be influenced by the laminating hot glue, just fold the paper with the ink on the inside. Or write the same words on the paper a few times before folding and laminating.

I have backups on paper, written with pen and they are not showing any sign of fading. The books I wrote some words since many years ago are still intact, I have not seen anything like the words written there to be fading. If I laminate the handwritten words, I do not think it will fade.

The text books I have used more than 20 years ago, I took a look at some just now, they did not fade. If I cut part of the textbook and laminate it, I do not think anything will happen. The laminated paper I was referring to is my NIMC identity which was printed on paper. Somethings like that printed in my country are just done with inferior materials. Someone gave me his contact on a paper with some part handwritten with a pen while others printed. I took a look at the paper just now which I kept near the kind of material used for lamination. The printed part is fading and the ink attaching to the material, but the part written with pen are intact and showing no sign to fade.

Although, the kind of paper used is also important.

Paper back up as been excellent for me. But I do not like to laminate it because of it not to become obvious that the words are important. If anyone sees it convenient, I see no reason not to laminate written words on an exercise book because they do not fade. Having like two other backups.

Those are printed on thermal paper, and indeed you have to copy them if you want to be able to claim product warranty 10 years later. But other than Piper Wallet, normal users won't use that for their seed backup.

I clearly said paper/metal and no I don't trust paper, I trust multiple backup copies with multisig setup in different locations.

I had a bunch of old paper receipts that faded in just few years, so yes printed stuff can certainly fade and it probably all depends on quality of used materials.
Stainless Steel washers are much better option if you want to have longevity and better resistance to various conditions.

I'm still not old enough to answer the best poster, but I'm happy.

I just want to say to the op that it is better to use writing on paper to store important things like seeds rather than using a USB based on my experience which has saved several important files from my work.
The initial intention was to say, write it on paper and then store it in a place that is far from being exposed to water better... Yeah, someone came who made me a little stiff to respond.

Btw, you are right. By providing a plastic wrap, it is safer as long as you don't use wet glue.

Other than thermal paper, I've laminated many things including toner, ink and drawings made by many kinds of pens, markers and pencils. The only thing that caused problems was if there's wet glue in there, other than that everything is in good condition.
I really wonder what conditions you must have to destroy written paper in normal use.

So many people laminate important documents to preserve it, but it is not really advisable to do so and some institutions that i know of in my country now warn against lamination of important certificates or results. The heat and adhesives used in the process of lamination can destroy what's written on the paper, and i believe that's what happened in your situation.
If the book is exposed to moisture, what is written on it is going to fade, but if kept totally dry, it would be intact.
Seed phrase written properly on paper and kept dry and safe is one of the most trusted and recommended backup.

@AprilioMP
Water can also damage a flash drive, just that paper is more vulnerable to water damage.

Fire that may not damage stainless steel seed phrase backup will easily damage a flash drive.

I have laminated a paper before, nothing happened to it, but it faded and some of its ink got attached to the plastic which was used for the lamination after I put it under many heavy books for months or years. But I am still able to read the words. I have heard and read about very old books having faded inks. I have been given a book that is nylon-similar and what are typed on it faded.

Some of the books that I used in first degree school are still intact. If not damage by water or fire, they are still intact. Nothing has happened to the seed phrase that I have written with pen till today. But I do not know if I laminated the paper if something like fading would be seen. But I think the type of paper that are used is very important. The books students are using and jotters are good.

If you can care about USB drive, you care about paper backup. Take good care of it and take a look at it like every year. If you have like three backups in different locations, they can not all fail you.

Passphrase makes backup on a paper to be excellent for me.

If you are not secure with paper, get a stainless steel made for seed phrase backup and backup your seed phrase easily.

It depends on how you do it: This guy posted his private key with $1000 and a 6 character password (with hints!) on Bitcointalk, and nobody cracked it in 2 years.
I agree that the average user shouldn't do it though, most users won't really know what they're doing.

Put it in plastic.

Show me a piece of paper you own that has faded over time. I don't have any.

There's no way I can trust a piece of paper. Storing the essentials isn't always a good option where they can easily be damaged by something like water or faded if left too long.
I mentioned that it is better to store it on paper rather than on a USB as an example, even if you don't think that is a reasonable example.
I also wouldn't store it in paper because it wouldn't be safe at all.

I'm preparing steel according to the number of letters of each word seed.
It makes me feel more at ease in keeping it.

I created this topic, I hope to find an answer
https://bitcointalksearch.org/topic/m.62814429

You can do it the way LoyceV mentioned, you need 3 cards and made 3 copy each of those cards, this gives us about 9 copies, provided that the similar cards are in different places.

Cloud storage is the worst option, whatever type of encryption you're trying to do.

This is not recommended and it is too risky, storing seed phrases using different methods of obscurity usually makes sense when you're doing it, until you mess up and lock yourself out of your funds, it only gives you a false sense of security. Even if you want to make multiple backups of your divided seed phrase, you'll have too many backups because you have to provide at least two backups of each divided part and keep them all separately.
Uploading your backups to the cloud is not recommended, even if they are encrypted, because it is now online and anything online is prone to hacking, and an attacker can brute force your password. Even if you have a strong password that may take very long or even never for an attacker to brute force, i will consider any backup in the hands of an attacker as being compromised already.
Seed phrase written on a piece of paper can last forever if you store it well, and that's were your opsec comes into play, you wouldn't store it where it will get wet, damaged or torn; and you surely won't store it where another hand can easily see and steal it.

Why not use both? Ideally with different passwords, just in case you forget one of them.

Nothing I've ever written has faded. Paper with ink lasts hundreds of years if stored dry and you don't burn the place down.

To create a seed phrase wallet with a strong passphrase is enough. For the backup, two or three (I prefer three) backups can be done and the seed phrase and passphrase should be backup differently in different locations. If you can not go for paper backup, there are steel/stainless steel backup material that can be bought for it. If it is not a wallet file, I have no reason to backup anything electronically on a device.

For all those people, who do not trust the reliability of the USB, I am surprised that you people trust the piece of paper which can be damaged too, ink fade, torn or even stolen from the money safe.

I have my Bitcoin saved on the electrum wallet on tails OS on the USB and I have a backup USB as well. So if my USB got corrupted or my tails OS got corrupted I will still have another copy. I plug in both USBs every week or 15 days to check if both of them are working. I don't think both USB can get corrupted at the same time. If so, I can buy another USB today and make a third backup too. Now there will be 0% chance of losing seed because USB is unreliable and corrupted.

I like method of uploading encrypted backups done on airgapped device digitally.

Make encrypted backup on airgapped device, move it to Internet connected one and upload on cloud storages.

Files get corrupted indeed, so I make and upload them regularly. If there is one file that gets corrupted, there is another to lean back on. I tend to have peace of mind as I feel like even if my file gets leaked, attacker won't be able to open it without password, also am quite confident on my password.

So far it has worked out well.

It is very true that USB is not a safe tool to store important files. I had to throw two USBs against the wall because all my work data files could no longer be opened. For the first usb, I didn't give a password and the price was slightly cheaper than the second usb that I had used.

---

Op..., I think password is only the first door which can still be compromised to the main access door. Giving/inserting a password on a USB is not a safe way.
It's still better to keep it on paper and put it in a small safe like a money safe even though people can still know where it is.
Such offline storage is better than storing it on usb.

I have one USB drive that was previously encrypted by me, and ever since I decrypted it and did a full format it is not working correctly.
It works as it should few times but at some point it gets corrupted and I can't use it anymore until I format it again.
I am not using this usb for anything important, but this is just showing how fragile and unreliable this drives are, so I would never use them for anything bitcoin related.
For me it's much better to have offline backup on paper/metal, without keeping important stuff in digital format.

For single sig. You can generate a pay-to-taproot single signature wallet on Sparrow:





For multisig. You can not generate a pay-to-taproot multisig wallet on Sparrow:



You can read about BIP86 which defines the derivation path to pay-to-taproot single sig wallet: https://github.com/bitcoin/bips/blob/master/bip-0086.mediawiki

I have not read anything about pay-to-taproot multisig wallet. I do not think that it is existing yet, although it has been made possible. Or, can you point to any BIP that points to pay-to-taproot multisig wallet?

You can use Sparrow wallet to generate a P2TR transaction, which is often cheaper or the same as a regular multisig transaction. Ignoring outputs (same for P2TR & P2WSH), the P2TR input transaction weighs 230 WU, which is cheaper than P2SH and P2WSH transactions.

I do not want to go into details and say that it is the cheapest, but using P2TR will definitely make multisig fees cheap or as cheap as regular transaction fees.
Follow this table, and you can go into detail from here https://murch.one/posts/2-of-3-using-p2tr/

This should not be mentioned at all. It is one of the worst ways to backup seed phrase.

Multisig is secure than single sig wallets online wallet, not for backup if you get how to backup the single signature wallet correctly. If you use a passphrase with the seed phrase, that is enough. If you like you can backup the wallet using USB drive or not. If the passphrase is strong enough, you are good.

If it is online security, multisig wallet is better. But its transaction fee is higher than single sig wallet transaction fee. For online wallets, I will advise people to use multisig wallet, but if it is a cold wallet or hardware wallet, single sign wallet is not bad either, despite that the multisig wallet of the same type is more secure.

This topic leads me to the question, which is better, keeping wallet seed digitally after encrypting it with a strong password, or keeping an encrypted copy of the wallet file with a strong password?

In both cases, storing wallet seed in a digital or encrypted form is dangerous, but the options that you can do are:

1) Divide the seeds and store them separately, for example, into four parts, and store each part in a safe place (dangerous because if you lost any part, this mean you lost your coins).
2) Extend the seed with an extra word and save it independently.
3) Create a multi-signature address 2 of 3 and save it in a trusted location that no one else can access together.

I have a better more secure solution for this. Since you want to copy your wallet files in your USB and then encrypt that USB so no one can access it. But if you connect your USB with a malware affected computer and copy it is connected to the internet, then you are not 100% sure that your wallet files were not compromised while copying this data on your USB. Even though the chance may be very slim but since we are dealing with our money, we should be 100% sure about it.

A better way is to install a USB operating system on your USB drive, like tails OS and then create an offline Electrum Wallet there and transfer your funds in that wallet. Make your the wifi option is disabled in tails OS and there will be no chance of your seed phrase or wallet file getting compromised or affected by any malware.

If it an airgap device wallet, there is no problem. Get a new USB drive and backup the file.

If it is on an online wallet, it may not be safe. The problem this can have is if the USB drive is damaged or corrupted which can happen. The user will have to be doing the backup periodically like every 6 months on another USB drive.

How to provide a password on a USB has been given a guide in a way that is familiar to Windows users by Bitcoin Smith.
Then, you are still confused I see. Even though that is the right answer, it is related to how to give a password to the USB which contains the seed.

More than one backup needs to be saved and I am not very sure about saving it on a USB because there is still a chance that the USB will be infected with a virus which will cause the files to be damaged and no longer accessible.

This can be done by creating a new wallet.

No, that is not correct. When you encrypt the wallet data container (file) on one computer, it remains encrypted even after importing (opening) it with the software on another computer. Of course, you will need a password to access it, and that is the whole point. However, if you recreate the same wallet from a backup seed phrase, you will once again have the option of whether you want to password protect (encrypt) the wallet file or not because it will be a new wallet file.


The BIP39 passphrase is designed to protect your backup seed phrase. However, it is not encryption; it is simply the method for generating wallets from a seed phrase. For instance, you can generate a wallet with a specific 24-word seed phrase. But if you add a passphrase to that same seed phrase, you will create an entirely new wallet with a completely different set of private keys and addresses. Think of it as the 25th word (although it doesn't have to be a dictionary word, and it doesn't have to be just one word since it is a passphrase, not a password).


No, encrypted wallet files cannot be opened on any computer without the correct password. They can potentially be brute-forced if the password is too weak.

For online attack, remember that your seed phrase can be seen together with your passphrase on online wallets. The only wallet that I did not see the passphrase is Bluewallet, and it is not supporting passphrase while generating a new wallet, you can only import a seed phrase to input the passphrase. Yet, we have to be careful of online attacks because online wallets are weak and vulnerable generally, even if you use passphrase with the seed phrase.

Z-tight is talking about importing the seed word phrase, not the encrypted wallet.

That's not how encryption works.

That's interesting. So as we say that the password protected wallet is encrypted, it is encrypted only if it remains on that particular system. If someone copies that wallet file generated by the electrum and imports it into another computer, it will not remain encrypted???



So we can write a seed phrase on a piece of paper and make such a passphrase that we never forget, and save that passphrase in our mind. So now if anyone gets our seed or if the seed is somehow get hacked through malware or something, the hacker won't be able to get access to our wallet.
However, if the hacker gets the whole wallet file (encrypted one), then he can import it into another computer and can access the wallet ?

You should not be overly fond of storing important files (seed phrases are exactly that) on a USB flash drive, all the more, even encrypt. No matter how you later have to face the problem of losing access to this file due to a USB flash drive malfunction or the inability to decrypt data due to lost password. Besides, how are you going to store the password from an encrypted USB flash drive so that your relatives don't peep? Create another one?

Don't forget to make duplicates of your USB flash drive, and also think about writing the seed phrase not on a piece of paper, as you did, on another storage medium that has better safety characteristics (protection from water, fire, acids, etc. ). For example, a stainless steel plate.

I have SanDisk that I bought since 2018, despite the large files of about 40 gigabytes on it, it is still working till today. Although, I hardly use it.

As LoyceV comment, I think it is better that way. People should not depend on any device for long term storage. I understand you and I think that you are also right, and disks are also different from one another, there are some with even longer lifespan. But people should not depend on that because any device can fail at anytime. I year backup dependency is enough in my opinion.

---

I prefer seed phrase with passphrase and it makes backup easy for me on just a paper.

10yrs is just the expected lifespan but in my experience, it doesn't most of my USB Drives no longer work after a year or two some of them work but files become corrupted even though I take care of them very well.
Only 2 of my 8 USB drives with two different brands still survive after 4 years(transcends 16GB and Sandisk 32 GB).

Having multiple backups is also fine but for long-term DVDs is way better to handle files for more than 10 years because I have a DVD that still survives after 10 years it still works.

Easy solution: once a year, spend $10 on a new stick from a different brand and make another backup. Keep your old backup.

Does that mean untrusted people have physical access to your house?

Flash drives are smaller
Flash drives and SSD cards are using the same technology
They both have the same life span of 10 years, but depending on usage and maintenance
SSDs are bigger, but with larger memory and faster in speed
Flash drives are cheaper, but they have small memory
Just for encrypted wallet file backup, or seed phrase extended with passphrase backup, flash drive is better
I think you are only comparing SSD and HDD, not flash drive.

Agree. Nevertheless, If OP insists on digital backup I would advocate for industrial grade SSD card (in micro or micro format) instead of ordinary USB flash drive. Those cards have an incredible life span, are less damageable  and  much easier to hide (or carry in the course of relocation)  than  bulk drives (even of 2.5" size).

USB drive has expected lifespan of 10 years which I do not think it is bad at all.

What makes the lifespan of USD drive, CD, DVD, SSD or HDD shorter or longer depends on how often you are using it to transfer files, and also maintenance. If he is using the USB drive for just file backup and nothing more, I am expecting the USB flash drive to have a long lifespan if he protects it.

I do not see any reason to depend on flash drive when he can use BIP39 passphrase and backup the seed phrase just on a paper, while the passphrase also on a paper in different locations, having like two or three backups for both.

There is no point in copying if someone finds out your seed because he can still access that seed concurrently.
Creating another copy is just for 2nd backup, not protecting you from thieves. To protect it, create 2 or 3 layers of security, not to create too many copied seed.

Just to be clear the added passphrase/password on Electrum is passphrase protection you have a choice on the first wallet creation if you want the wallet file to be encrypted you need to enable it or disable it while using a password. Encryption is another layer of protection so that the wallet file itself is not readable(seed and keys are encrypted) when you try to open it with Notepad.



@OP Since the USB Drive has a short lifespan I suggest burn them into CD/DVD because they have a long lifespan according to Google 10-15 years but if you want a disc with a longer lifespan check the M-disc it has a 1000yrs lifespan. And don't forget while creating a wallet to make sure it's safe you should create a wallet in an offline environment to avoid someone monitoring and recording your keystroke/clipboard.

No, the password you set up only encrypts the wallet locally, if you or an attacker imports this wallet with the seed phrase on a different device, you'll have access to spend the funds on the wallet and set up a different password for the wallet on that device.
Yes you should be able to do that.

You should be able to hide your paper backup of your Electrum mnemonic recovery words in such a way that only you can find it. But what if you forget your hiding spot? It would be a single point of failure.

USB flash devices can fail (happened to me), so don't rely on only one backup device!

You wrote your mnemonic recovery words on a computer that was likely online and with unknown security status. This should be avoided and you may consider your mnemonic recovery words as not safe anymore. (Depends on what daily internet "shit" you do on that computer.) Mnemonic recovery words of wallets should only treated on offline and non-digital devices like paper or metal backup.

You could use Veracrypt or Bitlocker or something similar and reliable. But again, don't do that with your mnemonic recovery words on a digital device that will go online any time later. Boot a live Linux that solely runs in RAM or TAILS, both have to stay offline, if you play with private keys and/or mnemonic recovery words, so that after shutdown none of your secret keys and words are retained on the used computer.

You cannot; you will have to create a new wallet.

Basically, if you add a passphrase to your current seed phrase, it will generate a new wallet with completely different addresses. This is another advantage of a BIP39 passphrase: you can have two (or more) wallets with the same seed phrase. One can serve as a decoy (with a small amount of coins), and the other, kept secret, can be your main hodl wallet. So, if someone gets their hands on your seed phrase, all they will be able to access is your decoy wallet with a small amount of coins. Your main stash in the secret wallet remains safe.

What is a BIP39 Passphrase?
https://www.blockplate.com/blogs/blockplate/what-is-a-bip39-passphrase

I also do not recommend storing on usb because of the disadvantages like wearing out and damages. The best thing would be to add passphrase

You can follow this guide by DireWolfM14 to create the passphrase on electrum Wallet

Also even if you use a passphrase you can also encrypt the Wallet file. The wallet file can only be accessed with password if you encrypt it, this adds another layer of protection to the wallet again

You have to create a new wallet.

On desktop
While generating new wallet, click on standard wallet -> create new seed - click on options -> check ✔️ extend seed word with custom word -> click on next to input the extended word and continue.

On mobile
While generating new wallet, click on standard wallet -> create new seed - check ✔️ extend seed word with custom word -> input the extended word and continue.

The extended word generate different keys and addresses. If you lost it, just like the seed phrase, you will lose access to your coins. Backup the seed phrase and passphrase (extended word) separately in two or three different locations.

How do i create a passphrase for my wallet which i have already created?

What if the USB gets corrupted and becomes unreadable? Even if you make copies on several devices, you still risk data loss because electronic devices are sensitive to various external factors such as heat, moisture, electromagnetic radiation, electric shocks, virus-infected devices, and more. I think that a piece of paper, or even better, a metal plate, is a safer solution.

You do not have to encrypt the seed phrase because you can simply create a BIP39 passphrase. In this case, the seed phrase itself is useless without the additional passphrase, which you can write down and store in a safe location separately from the seed phrase.

That password protected wallet file remains password protected, even if you import that into a new electrum wallet ?

Also if i make a wallet without password protected wallet file, can i convert that later to password protected ?

You can use Bitlocker for windows to encrypt your USB, which makes the USB completely encrypted and without the password it is impossible to open it no matter what.Make sure your system is not connected to internet while connecting your USB stick which eliminates the risk of getting exposed in case if there is any malware present in your system.

How to use BitLocker Drive Encryption

If you entered a password while creating wallet on electrum itself makes the wallet file encrypted, so you don't need to worry about that.

I write my electrum private seed on the piece of paper and save it with me but i fear that someone near to me may read that paper and get access to the wallet. So i copied the wallet file on my usb and also write the seed in notepad in that usb. Now i want to password protect that usb or encrypt it so if anyone tries to access that usb, he can never open and read it contents.  How to do this ?