I'm feeling a bit nervous about having my bitcoins on the exchange right now. If they suddenly "lose" everyone's bitcoins...what would anyone really care? Everyone has enough problems than to worry about a bunch of rich folks losing money.
I am also a bit gun shy on many cold storage systems I have used. I barely got out of Thailand with my bitcoins intact.
Keeping anything physical requires thinking of different scenarios. Bugging out I can carry it with me. What if I'm arrested for tyranny reasons and they confiscate my home again? Centralized servers don't seem very secure at this point (encrypting it and putting it on AWS, etc.). There's a brain wallet but many of those were hacked due to humans not being as crafty as they think. I had troubles with my trezor in Thailand, I had the trezor but the backup codes were on the seastead. That's part of it, you need backups but what to do with the backups?
I get pretty extreme when doing cold storage for extra security. Last time I bought a cheap computer to create the private keys, then put them into my cryptosteel in an order that only I knew, then I destroyed the computer with a hammer and burned the parts in a fire. Fortunately I had a backup that I split among family members because all of my cryptosteel was on the seastead.
Coming up with a new cold storage solution is not simple when you don't trust that your home won't be over-run. If I was thrown in jail I'd like the peace of mind that every day I'm in there I'm getting richer and richer and nobody can steal my bitcoins while I'm in there.
Would you be able to remember several random words like
peasant
cultivate
specimen
articulate
if you record just the first letter, or the first two letters, of each word? Like this
pe cu sp ar
If so, then you have some entropy to get you started on constructing a seed. Entropy that you can retrieve using an abbreviated mnemonic as above.
Next, you add enough salt to protect you from rainbow table attacks while lengthening the string to protect from brute force attacks.
For example, you could use your social security number and your mother's maiden name
So the reminder string becomes
pe cu sp ar ss mmn
So that you have a string with four words and a number, followed by a fifth word, and you can store just the abbreviated string.
It is highly unlikely that any thief who gets hold of your file will be able to reconstruct the string from the abbreviations, so storing it
becomes much less of a security concern. You might even email it to yourself.
Now we probaby have enough bits to work with. But add more words or salt if you see fit.
The next step is to create a private key or seed from your (entropy + salt) string.
Do a sha256 hash of the full string. This will give you a 256 bit hex string (64 characters).
And that hex can be the input for a tool like
https://bip32jp.github.io/english/or you can use Ian Coleman's mnemonic code converter
https://iancoleman.io/bip39/and click "show entropy details" to put in your own entropy.
Now you have a seed. But you don't need to remember the seed.
If you can reconstruct the string that was the entropy source, you can reconstruct the seed.
For me, it's easier to remember something that I came up with on my own, aided by a mnemonic shorthand like
pe cu sp ar ss mmn
than it is to remember a 12 word HD seed, for example.
But your mileage may vary; everybody's brain works different.
Notes
the output of the hash command depends on the syntax.
I always type it like this:
echo -n 'passphrase' | sha256sum
For example,
a@galliumos:~$ echo -n 'correct horse battery staple' | sha256sum
c4bbcb1fbec99d65bf59d85c8cb62ee2db963f0fe106f483d9afa73bd4e39a8a -
Do the following:
Use the first 32 hex chars (128 bits) of the hash as custom entropy input for one of the generators linked above
and you will get 12 words that you can use to create or restore a bip39 HD wallet.
If you don't want to use the command line to do the hash, you can hash the string by typing it into
http://brain.evilbs.com/, which calls the produced hash the "secret exponent." The output will be the same as that produced by the command line syntax specified above.
Warning: if you use the command line, your .bash_history file will record the command, with the word string as you typed it,
so make sure to erase that line from the file.
Also, you obviously don't want to do this sort of thing on a website. If you use one of the generators or the brainwallet site,
download the page and run it offline.
