Topic: Using BIP-38 encryption to store mnemonic seed phrase (Read 196 times)

you just made everything 100 times harder!
it may seem like nothing when you are testing with only 3 words but it becomes increasingly harder as the number grows. imagine you wanted to do it with a 24 word mnemonic, it will be a nightmare not to mention that the words you chose have small number of characters (6 tops) there are longer words in word list (up to 8 i think) and finding a vanity address 24 times may not be easy for many users on lower spec computers.
then you also have to store 24 encrypted keys!
keep in mind that BIP-38 encryption and decryption is also time consuming.

here is a much much simpler method that i can think of and works best for 24 word mnemonics:
assume mnemonic is this
convert that back to its seed (the entropy) equivalent:
now you can convert this 256-bit entropy to a "private key"
use any tool you like to encrypt that using BIP-38 and store the single result (pass=123)

to recover, take these steps in reverse: BIP-38 decrypt -> entropy -> mnemonic -> import in wallet?

you may be able to use it with smaller number of words but i'm not sure how safe that is.
12 words:
seed (entropy)
pad to make it 256-bit
to private key

Unless a weakness is found in BIP38. I don't think that's likely to happen, but then again, I'm no cryptographer.

Your copy of Bitaddress.org shouldn't be compromised either. I know one paper wallet site got compromised, and at some point people had their cold storage funds stolen months later.
For the truely paranoid, you can use split key to add the result from vanitygen to Bitaddress.org. Doing this offline, your funds can't be taken even if your copy of Bitaddress.org is compromised.

Thanks for your post, you explained very well how to use BIP38

I tested only encrypted priv key on bitaddress.org and it trun out great with the correct address and (WIF) private key.

So I could use BIP38 encrypted privatekey 100% safe with a third party? For example:

I want a stainless steel plate laser engraved with a bitcoin address and BIP38 encrypted privatekey by a company. This company then knows the address and BIP38 encrypted privatekey, laser engraves the stainless steel plate and ships it of me. I should be 100% safe because only I know the BIP38 password. Right?

All provided off course I generate the BIP38 encrypted key with a safe password (for example 16 random characters) on an off line computer using linux live cd.

Ever since I first used a mnemonic seed phrase, I've been uncomfortable storing them. On the one hand, I don't want to risk losing access, and on the other hand I don't want someone who finds it to be able to easily access it either. I want to encrypt it, but I also want to be able to print a backup. I want it to be something I understand and trust, even though I'm far from an expert on cryptography. I want to have more than one backup, but I also want each backup to be enough to recover my funds.

So, I came up with the idea to use BIP-38.
Based on I'm BIP38 curious, please help me out!, in which a $1000 reward wasn't enough to crack a password with 6 characters, I believe BIP-38 is expensive to brute-force.

Let's say my seed words are:

• apple
• pear
• banana

I used vanitygen to find the following addresses:

• 1APPLE1cBHQAh1fA9D32L5sovUB4dQU2D6
• 1PEAR11MfhpHvKiWZdu4nzjanH2k2X8wXj
• 1Banana2rNb1jC3CoH3eAehNeSeCb3Y1KN
  Privkey: 5KXuFTVczBzxt67UEMdTXBVieQUN3aqXu7NbaPV6g2Ya8hDUoE7

For a real case this has to be done on an offline air gapped PC. Each seed word starts after the first "1" and ends at the next number.

Using Bitaddress.org or .com">BitcoinPaperWallet..com, I created encrypted private keys:

• 6PRRQJGq7b12grj8RqQiCJNg6i1MFTP8NSrfGZpQFRhQmS2skp38qrLGe8
• 6PRJi8BDC7SvgctZguDuJpa1aU6rrp3BZuSgFX9UNDqe5YfTxfqTWWyino
• 6PRSPsEyZdGN5tJdgpXu2FWddeecD24bAowxwstqdL2aM1FXAj1tyVcV1F

My password for demonstration purposes is "Fruit". Obviously, this should be stronger for a real case (and not a dictionary word), but it has to be something you'll never forget.
Note that the Bitcoin addresses should be kept just as secret as the accompanying private keys!

The above list of BIP-38 encrypted private keys (starting with 6PR) can now be printed (use a big font, it's reduces typing errors when recovering your funds) and/or stored in any digital form (offline).
If you're afraid to forget your password, you could even encrypt the same private keys several times, each time with a different password, and print different versions.

When you're done with all this, and have your backups securely stored in as many locations as you feel comfortable with, you should TEST IT! Start from scratch, on a fresly rebooted off-line system running from a Linux LIVE DVD, with nothing else than your encrypted backup. Make sure you can use this to recover your seed phrase, and while you're add it, make sure you can use your seed phrase to recover the Bitcoin addresses that are protected by it.

Now just don't forget your password! It doesn't hurt to once in a while check if you can still decrypt this (again: use an off-line air-gapped system running from a Linux LIVE DVD), so that if your hardware wallet ever fails, your seed phrase can still be used.

This is a lot of work, so if there's an easier method I'm all ears. I'm looking for strong encryption (difficult to brute-force) that can be used to create printable encrypted.
 But since this is a one-time thing for something I shouldn't often need to recover, I don't mind a bit of work.