Author

Topic: Using BIP-38 encryption to store mnemonic seed phrase (Read 244 times)

legendary
Activity: 3472
Merit: 10611
you just made everything 100 times harder! Tongue
it may seem like nothing when you are testing with only 3 words but it becomes increasingly harder as the number grows. imagine you wanted to do it with a 24 word mnemonic, it will be a nightmare not to mention that the words you chose have small number of characters (6 tops) there are longer words in word list (up to 8 i think) and finding a vanity address 24 times may not be easy for many users on lower spec computers.
then you also have to store 24 encrypted keys!
keep in mind that BIP-38 encryption and decryption is also time consuming.

here is a much much simpler method that i can think of and works best for 24 word mnemonics:
assume mnemonic is this
Code:
hamster diagram private dutch cause delay private meat slide toddler razor book happy fancy gospel tennis maple dilemma loan word shrug inflict delay length
convert that back to its seed (the entropy) equivalent:
Code:
68a79eaca2324873eacc50cb9c6eca8cc68ea5d936f98787c60c7ebc74e6ce7c
now you can convert this 256-bit entropy to a "private key"
Code:
Kzj9RdPriKXFegaCGEPAFEt1m8vKUTvYxpiPngPT6wy9uBChZpRB
use any tool you like to encrypt that using BIP-38 and store the single result (pass=123)
Code:
6PRJAJzrmDaHLNqkAEwXZWz7QxJHoDn8ChfCbDeAASev7kZuUjYkUpCqSb

to recover, take these steps in reverse: BIP-38 decrypt -> entropy -> mnemonic -> import in wallet?

you may be able to use it with smaller number of words but i'm not sure how safe that is.
12 words:
Code:
ozone drill grab fiber curtain grace pudding thank cruise elder eight picnic
seed (entropy)
Code:
9e885d952ad362caeb4efe34a8e91bd2
pad to make it 256-bit
Code:
000000000000000000000000000000009e885d952ad362caeb4efe34a8e91bd2
to private key
Code:
KwDiBf89QgGbjEhKnhXJuH7Wc2QSa7dt6pEYDMJLc8WW2KeaD71f
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I should be 100% safe because only I know the BIP38 password. Right?
Unless a weakness is found in BIP38. I don't think that's likely to happen, but then again, I'm no cryptographer.

Quote
All provided off course I generate the BIP38 encrypted key with a safe password (for example 16 random characters) on an off line computer using linux live cd.
Your copy of Bitaddress.org shouldn't be compromised either. I know one paper wallet site got compromised, and at some point people had their cold storage funds stolen months later.
For the truely paranoid, you can use split key to add the result from vanitygen to Bitaddress.org. Doing this offline, your funds can't be taken even if your copy of Bitaddress.org is compromised.
legendary
Activity: 2210
Merit: 1109
Thanks for your post, you explained very well how to use BIP38

I tested only encrypted priv key on bitaddress.org and it trun out great with the correct address and (WIF) private key.

So I could use BIP38 encrypted privatekey 100% safe with a third party? For example:

I want a stainless steel plate laser engraved with a bitcoin address and BIP38 encrypted privatekey by a company. This company then knows the address and BIP38 encrypted privatekey, laser engraves the stainless steel plate and ships it of me. I should be 100% safe because only I know the BIP38 password. Right?

All provided off course I generate the BIP38 encrypted key with a safe password (for example 16 random characters) on an off line computer using linux live cd.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Ever since I first used a mnemonic seed phrase, I've been uncomfortable storing them. On the one hand, I don't want to risk losing access, and on the other hand I don't want someone who finds it to be able to easily access it either. I want to encrypt it, but I also want to be able to print a backup. I want it to be something I understand and trust, even though I'm far from an expert on cryptography. I want to have more than one backup, but I also want each backup to be enough to recover my funds.

So, I came up with the idea to use BIP-38.
Quote from: https://bitcoinpaperwallet..com/bip38-password-encrypted-wallets/
The advantage to encrypting your paper wallet's private key with a password is that if your paper wallet is stolen or otherwise exposed, the balance on the wallet is safe unless the passphrase used to encrypt the wallet is guessed. However, if you encrypt your private key with BIP38 and you lose your passphrase, it will be impossible for you to recover the funds you have sent to this wallet.
Based on I'm BIP38 curious, please help me out!, in which a $1000 reward wasn't enough to crack a password with 6 characters, I believe BIP-38 is expensive to brute-force.

Let's say my seed words are:
  • apple
  • pear
  • banana

I used vanitygen to find the following addresses:
  • 1APPLE1cBHQAh1fA9D32L5sovUB4dQU2D6
  • 1PEAR11MfhpHvKiWZdu4nzjanH2k2X8wXj
  • 1Banana2rNb1jC3CoH3eAehNeSeCb3Y1KN
    Privkey: 5KXuFTVczBzxt67UEMdTXBVieQUN3aqXu7NbaPV6g2Ya8hDUoE7
For a real case this has to be done on an offline air gapped PC. Each seed word starts after the first "1" and ends at the next number.

Using Bitaddress.org or .com">BitcoinPaperWallet..com, I created encrypted private keys:
  • 6PRRQJGq7b12grj8RqQiCJNg6i1MFTP8NSrfGZpQFRhQmS2skp38qrLGe8
  • 6PRJi8BDC7SvgctZguDuJpa1aU6rrp3BZuSgFX9UNDqe5YfTxfqTWWyino
  • 6PRSPsEyZdGN5tJdgpXu2FWddeecD24bAowxwstqdL2aM1FXAj1tyVcV1F
My password for demonstration purposes is "Fruit". Obviously, this should be stronger for a real case (and not a dictionary word), but it has to be something you'll never forget.
Note that the Bitcoin addresses should be kept just as secret as the accompanying private keys!

The above list of BIP-38 encrypted private keys (starting with 6PR) can now be printed (use a big font, it's reduces typing errors when recovering your funds) and/or stored in any digital form (offline).
If you're afraid to forget your password, you could even encrypt the same private keys several times, each time with a different password, and print different versions.

When you're done with all this, and have your backups securely stored in as many locations as you feel comfortable with, you should TEST IT! Start from scratch, on a fresly rebooted off-line system running from a Linux LIVE DVD, with nothing else than your encrypted backup. Make sure you can use this to recover your seed phrase, and while you're add it, make sure you can use your seed phrase to recover the Bitcoin addresses that are protected by it.

Now just don't forget your password! It doesn't hurt to once in a while check if you can still decrypt this (again: use an off-line air-gapped system running from a Linux LIVE DVD), so that if your hardware wallet ever fails, your seed phrase can still be used.

This is a lot of work, so if there's an easier method I'm all ears. I'm looking for strong encryption (difficult to brute-force) that can be used to create printable encrypted.
 But since this is a one-time thing for something I shouldn't often need to recover, I don't mind a bit of work.
Jump to: