52 sats \ 10 replies \ @phygit 6 Sep 2023 \ on: Hiding a seed phrase meta
Generally speaking, I'm against storing seeds in physical forms (and totally against writing them on pieces of paper, as it still wrongly recommended by so many wallet providers...).
There are plenty of clever ways to store them digitally. To name only 3:
. Password Managers (Bitwarden and others)
Store your first 6 words on one PM, the last 6 on a second one. These apps are secure and strongly encrypted. An attacker would need to crack your device (phone or computer), then crack the 2 apps to get full access to the seed. Pretty safe. And if you're really worried, you can extend the idea to 3 password managers with 4 words on each.
. Images
I know people who hide their seed in "plain sight" by typing them inside a random image (like family picture). They usually do that using very small fonts so you would need to zoom in multiple times to actually see the words. You just need to remember which image of your database plays this specific role (could be a picture with a special meaning only to you). Doesn't look very safe at first sight, but make sense if you have a large image database (the idea is that an attacker would not look into images and, even if they do, will have to check thousands of images one by one to try to detect something).
. Partial storage
Seed word being simple, dictionary words, it's quite easy to remember a few of them. Just store safely a part of your seed (say, the first 9), than keep the last 3 in your brain. Not totally safe, as the computing power required to find the 3 missing words when you know the others is not that high, but still a long way to go for an attacker: first cracking an app to find the 9 words, then working out to find the last 3, without knowing where they are placed, and without knowing if it's worth it (nobody knows how much money is in your wallet).
Anyway, I still dont' understand the fuss about seeds. Securely storing a list of 12 words is not that difficult (although I'm not crazy about your fish tank idea).
For anyone reading, I would like to say all of these methods are flawed for various reasons. Please, read on regular, simple best practices instead of doing funky approaches.
reply
What is truly flawed is the general advice, that I've seen dozens of times along the years, recommending people "to write down the seed on paper and keep it in a safe place". It's just plain absurd.
Nothing "funky" in using apps designed for encrypted storage of sensitive data, already storing all your most important data (id/passwords, bank cards etc.) to also store your Bitcoin seeds.
reply
Nothing "funky" in using apps designed for encrypted storage of sensitive data, already storing all your most important data (id/passwords, bank cards etc.) to also store your Bitcoin seeds.
That's a good point. But the main difference between bitcoin and your ID, passwords and bank cards is that most actions can be reversed by a central party or LE can attempt to do something.
With bitcoin, no amount of LE will probably help you if you lose your bitcoins
reply
agreed
reply
Physical storage is correct. The risk of any digital storage or network storage is much higher than that of physical storage.
A cheap sheet of metal can be carved more safely with a carving knife than write paper.
Don't trust memory too much, people's memory is quite insecure. Most people can't remember what they had for dinner yesterday.
Any electronic product has the risk of breaking. Never think that it is safe to store it offline in a flash drive(SD card/SSD).
reply
The problem is not just the material you use, but where you keep it. Most people don't have a safe at home (and even if they do, it's not 100% secure). Metal or not, your physical seed can be lost, stolen, burnt...
Most people can remember many the names of persons (2 or 3 complex words) for decades. I don't see why they could not remember 3 or 4 simple dictionary words.
reply
A safe is an obvious target, why is it considered safe to place it in a safe? Everyone has their own method of storing items, and usually adding a passphrase is much safer.
The human brain has a hard time remembering random things, even just twelve random words.Even a random eight-letter password is impossible for most people to remember.
reply
These apps are secure and strongly encrypted.
Wasn't the case with LastPass
And if you're really worried, you can extend the idea to 3 password managers with 4 words on each.
If you're really worried (like I am about my regular passwords), I would self-host the password manager (for example using vault warden) and hide it inside a VPN.
I know people who hide their seed in "plain sight" by typing them inside a random image (like family picture). They usually do that using very small fonts so you would need to zoom in multiple times to actually see the words.
Zooming in? You sure? I thought you were taking about steganography
partial storage
This idea seems flawed since it's a bad trade-off between you forgetting them and an attacker having to brute force just 3 words in case.
If you make the position non-trivial, you also have to remember that.
You won't be able to keep up with an attacker with enough resources to brute-force the words+position vs you trying to not forget them
Securely storing a list of 12 words is not that difficult (although I'm not crazy about your fish tank idea).
Securely storing it for extended periods of time is.
reply
Yes, I'm sure about the zooming. I didn't mention stegano because it's obviously more complex.
As I said, partial storage + memory is not ideal, but the main idea is that an attacker would hesitate to try to brute force a seed without being sure of how much money is attached to it. Too lazy to make the calculations, but pretty sure it would cost some money to brute force 3 out of 12 words without knowing the positions.
reply
but the main idea is that an attacker would hesitate to try to brute force a seed without being sure of how much money is attached to it.
I see. Didn't consider that. Good point.
reply