How to remotely share a wallet seed securely \ stacker news ~bitcoin

How to remotely share a wallet seed securely

1143 sats \ 33 comments \ @NoStranger 13 Nov 2023 bitcoin

Hi, I have a bit of a situation I'd like to ask for your help.

I'm planning to give a wallet to a family member but take care of seed backup myself, because they're not able of reliably store the seed themselves.

The biggest issue is that I can't physically reach them to give the seed safely, the only way to contact them is through calls and video calls.

Do you have any ideas for how to do it?

I'd like to know how it can be done, I'm also fine with options like self-hosting.

view all related items

72 sats \ 5 replies \ @fm 13 Nov 2023

this is basic, find a book you both own,, same copy find the 12 or 24 word you need give the page numkber and word number dont mention the book in that specific call, this must be set on another call, win

170 sats \ 1 reply \ @SpaceHodler 13 Nov 2023

There are 129,864,880 books. That's ~ 2^27. There are 2^256 seed phrases. What you're proposing reduces entropy by a factor of 2^229, at least in theory, which is like reducing a seed phrase with 24 word seed phrase to one with 2.45 significant words (I.e. not counting the checksum). I'm not counting editions, but if the average book has 8 editions, that's only 3 bits more, so 2.72 words.

In practice, an attacker would need a digital library of all editions of all books. But your book is likely to come from a smaller set, e.g. it's likely in English and less than 100 years old.

0 sats \ 0 replies \ @fm 13 Nov 2023

just broke my brain trying to think such numbers :)

20 sats \ 1 reply \ @DiracDelta 13 Nov 2023

This technique is called a one time pad and is similar to seedXOR.

20 sats \ 0 replies \ @fm 13 Nov 2023

its called book chipher and its used for centuries now.

0 sats \ 0 replies \ @NoStranger OP 13 Nov 2023

Really clever, thanks!

40 sats \ 2 replies \ @tomlaies 13 Nov 2023

Normally pgp. But if they're not capable of having a seed themselves, then pgp will be complicated to set up.

0 sats \ 0 replies \ @megaptera 13 Nov 2023

Is my assumtion right that you should take the encrypted file to an offline device (e.g. Tails) to encrypt it there and use the seed from there? I would not encrypt the seed on a device connected to the internet.

0 sats \ 0 replies \ @NoStranger OP 13 Nov 2023

That's right, the most I can manage is having them put the seed in a wallet app and destroy it for safety, I'll be keeping the backups.

170 sats \ 9 replies \ @DarthCoin 13 Nov 2023

Write a nice letter, on paper. Put each word of the seed into a specific position of the letter. Make a nice story.

Then later tell them by phone or other communication method where are located the specific words.

Example: in one of my bitcoun guides on substack I put 12 words from a wallet. Is just another backup of many. I could retrieve that seed anywhere I have access to internet. Or I can just share that guide with somebody and indicate where are the specific words.

0 sats \ 0 replies \ @SpaceHodler 13 Nov 2023

You only need the first 4 letters of each word in the seed phrase.

0 sats \ 7 replies \ @zuspotirko 13 Nov 2023

Security by obscurity is bad practice.

Kerckhoffs principle is rule number 1 in cryptography. There is kind of no rule as important as this one.

40 sats \ 5 replies \ @DarthCoin 13 Nov 2023

I invite you to find the words if you can

0 sats \ 4 replies \ @NoStranger OP 13 Nov 2023

I see, but do you have a pattern for constructing the phrases? Surely you need some kind of rule to fetch them right?

How would you go about it?

70 sats \ 3 replies \ @DarthCoin 13 Nov 2023

I cannot say absolutely anything here, on a public space, man. Please try to use your brain, I gave you the tools, it's up to you how to use them. Some things is not good to say it out loud...

0 sats \ 2 replies \ @NoStranger OP 13 Nov 2023

Sorry about that. 😅

I just wanted to know how others handle these things.

You're absolutely right, please forgive my unnecessary curiosity.

70 sats \ 1 reply \ @DarthCoin 13 Nov 2023

No need to apologize. You did nothing wrong asking. Is a good question. Read my bitcoin guides for more info https://darthcoin.substack.com/p/bitcoin-be-your-own-bank-think-like

100 sats \ 0 replies \ @NoStranger OP 13 Nov 2023

Thanks! 🫂

I did read some of your posts earlier, they're clean and informative, I didn't know of that way of managing wallets.

Thank you for writing about Bitcoin.

reply on another page

0 sats \ 0 replies \ @megaptera 13 Nov 2023

What soulution would you propose?

41 sats \ 8 replies \ @DarthCoin 13 Nov 2023

Try this https://publicnote.com/

0 sats \ 7 replies \ @NoStranger OP 13 Nov 2023

The secret you share would be potentially visible with others right?

Seems interesting but I'm not sure about this, can it be self-hosted?

And how would you go for setting a title that only me and them can find?

109 sats \ 4 replies \ @DarthCoin 13 Nov 2023

use your imagination to create methods

0 sats \ 3 replies \ @NoStranger OP 13 Nov 2023

Fair, I'm just concerned to the possibility of being readable from other, guess you can further obfuscate the content after all.

20 sats \ 2 replies \ @DarthCoin 13 Nov 2023

passphrase into passphrase... so many options you could do make it fun. As I said, write a nice letter, send it by email and the same letter put it into publicnote and encrypt it, hiding the 12 words. The receiver just have to copy paste the letter and reveal the words.

10 sats \ 1 reply \ @DarthCoin 13 Nov 2023

if you put the text above in publicnote you will reveal the hidden message from me

0 sats \ 0 replies \ @NoStranger OP 13 Nov 2023

No messages found, but being public like that still concerns me, even if well hidden someone can still get it or even worse override it.

I can see it as a good tool for other uses though.

30 sats \ 1 reply \ @fishyness 13 Nov 2023

deleted by author

0 sats \ 0 replies \ @NoStranger OP 13 Nov 2023

Yes, it's called public for a reason... 🙃

Sadly the best they can do is installing an app and put the seed in.

The idea of giving hints but not the source seems the best idea so far.

30 sats \ 4 replies \ @PRA3S3NT1A 13 Nov 2023

Use the following address: https://privatebin.io/

0 sats \ 3 replies \ @NoStranger OP 13 Nov 2023

I'd prefer to not have it stored for too long on somebody else's servers, might be good for self-hosting though.

20 sats \ 2 replies \ @PRA3S3NT1A 13 Nov 2023

Aren't you protected by the tool that only once you can view the message because after it will automatically delete itself ?

1 sat \ 1 reply \ @NoStranger OP 13 Nov 2023

It is a zero-knowledge service which is really good, but it stays stored for a whole week from what it says, also I'd have to send the URL somehow with risks of exposing it.

Better to do with something I can share partially over voice or text so it can be fetched outside the current chat or call.

20 sats \ 0 replies \ @PRA3S3NT1A 13 Nov 2023

Thank's for sharing this, have a blessed day 🙏