Bitcoin Forum

Most of us who have been here for a long time know the importance of backing up our seed phrase for our wallets. Doing it online is as risky as leaving your house key open in front of the door. One can find it if they try hard enough. Or maybe someday a guy comes across it by accident. However you put it, it is risky. So as everyone, I will also suggest you back up your key offline. Write it down on a piece of paper, wood, metal or something that can't be destroyed easily. Also, keep them in a safe place out of everyone's reach.

But my question is, how safe is it? Even if you keep it safe in a locker, one can break it through to access it. Once they get their hands on that piece of paper or whatever you have used to back up your key, your wallet is compromised.

What I really want to talk about here is how you can also prevent this from happening. I am talking about encrypting your seed phrase before backing it up. I know there are more topics about this out there. But this is something that I came up with and I would like to share it with you guys.

First thing first
 
You can read the full article in the given link. If you already know it, then let's move on.

So imagine you have a 12-word or 24-word seed phrase. In this method of encryption, we are going to make groups with these words. I am using a 12-word seed for this example. Here is the actual seed phrase to a wallet.

praise fee short glance merge actual hollow visual spy produce flush razor

Now if we group them by even or odd numbers of words, we will get something like this.
Example: 1
Group 1: [praise fee short glance]
Group 2: [merge actual hollow visual]
Group 3: [spy produce flush razor]

Or something like this.
Example: 2
Group 1: [praise fee short]
Group 2: [glance merge actual]
Group 3: [hollow visual spy]
Group 4: [produce flush razor]

For more security, you can go like this.
Example: 3
Group 1: [praise fee]
Group 2: [short glance]
Group 3: [merge actual]
Group 4: [hollow visual]
Group 5: [spy produce]
Group 6: [flush razor]

To keep it short, I am going to use example number 2.
Now we can randomize the number to our liking. For my case, I will use 2143.
These numbers correspond to the group number.
So if we put these all together the seed becomes like this:
 
glance merge actual praise fee short produce flush razor hollow visual spy

Now the seed phrase has been randomized. All you need to do at this point is to put it all back together. If there are 4 groups, we can be sure that if it's a 12-word seed phrase, each group will have 3 words in them. [12/4=3]

Now if we group them again with 3 words per group, we will again get 4 groups. [1=glance merge actual] [2=praise fee short] [3=produce flush razor]  [4=hollow visual spy]. But they are still randomised. So if we remember the number 2143 we can easily get back our original seed phrase.
So, 2143 = [2=praise fee short] [1=glance merge actual] [4=hollow visual spy] [3=produce flush razor] ___ The actual seed phrase.

But it is still too easy to decrypt if someone knows your method. So to make it harder to crack, we are going to add some random words in between those groups.

As the randomized group number was 2143 we can add more words between them.
i.e. 2 [news proof album civilian letter] 1 [responsibility concept stereotype national bad] 4 [cutting forestry mechanism abuse duty] 3 [year plant offender history owl]

or [news proof album civilian letter] 2 [responsibility concept stereotype national bad] 1 [cutting forestry mechanism abuse duty] 4 [year plant offender history owl] 3.

You can start with the random words or you can start with the group's words.

Now if we put it all together, we get List 1.

Remember, whatever random number you put in between, their amount should be the same. In my case, after each group, I put down 5 random words. You can put as much as you want. If you remember how many words you put, you can always remove that out from that list and get the random number group. i.e 2143.

From the beginning of the list, we get our first group of 3 words. And after that, we take out 5 words out of that list. Then the next 3 words are going to be our 2nd group. We keep doing this until we get all of our groups. Just filter out whatever number of words you put in.

If you followed the 2nd method of putting words first then groups, in this case, remove 5 words first then the next 3 words are going to be your first group.

So when you finally get the full seed phrase filtered out of that word list, you just rearrange them based on your code. Then you get your actual seed phrase.

You can backup this seed and even if someone gets their hands on it, they will be unable to decrypt it. All you need to remember is the code and the number of random words between them.

2143..5 This is all I need to remember to recover my seed phrase from a huge word list.

[Note: All the numbers can be randomised to your liking. Everything shown here was for an example. Do it on your way.]

Let me know if you have any confusion about this. And if you have any suggestions, be sure to comment it down below. Sorry for making it long, but I tried to explain everything so everyone can understand it easily.

Seriously there is nothing bad in trying to secure your wallet but one thing i have always been worried about and that’s doing too much to secure a thing sometimes you lose or make mistakes in doing so, the most painful thing is actually losing your seed phrase because you use a method you can’t remember easily to encrypt it. This particular encryption is base on your head and it’s always a bad idea to trust your head because you can forget it either through health issues or others.

This is not to discourage the process but I will just say keep it simple and just try to save it in a better place, it is more secure than encryption which can lead to error due to forgetfulness or pattern use in the process

Especially a case of accident coupled with lost memory which comes with brain disorderliness, I think during wallet creation there are some wallet that always warned users not to memorized their seed phrase because it could be easily forgotten. The thing is, as a Bitcoiner someone who is devoted and rooted into bitcoin progression and holdings should not store their keys and seed phrase in a particular place rather printing out and store in safe and secured place would be better if possible it should be printed words by words where no one understands it.

even though my memory is quite excellent and I’m confident that with enough familiarization i could remember my seed phrase, i still don’t want to risk it i find that writing my seed phrase on a piece of paper and securely storing it where no one else knows is the safest bet for me at least personally even if i have memorized my seed phrase or came up with a creative way of remembering it, i still wouldn’t feel comfortable with no back up

Simplicity is best so don't complicate your backup method.

If you lose one of pieces in your complex backup procedure, you will lose your bitcoin so don't use complex method and make your recovery process harder or even fails.

How to back up a seed phrase? (https://blog.lopp.net/how-to-back-up-a-seed-phrase/)
Bitcoin Q&A: Why is Seed Splitting a Bad Idea? (https://www.youtube.com/watch?v=p5nSibpfHYE&t=28s)

If your backup is in digital file, use a strong password to encrypt it.

I won't trust myself with this personalized encryption. If I forgot as simple as a 4-digit PIN or a repeatedly used password, how much more a 24-word seed phrase arranged in a puzzle-like manner? That would be too risky for me. And I don't think that's recommendable to the majority of users.

Moreover, in case of death, amnesia, accident that makes you unconscious for the rest of your life, or whatever extreme yet real-life possibilities, will there be anybody else who's able to unlock that encryption? Or will the coins perish with you?

No, I wouldn't go that route and memorized my seeds or mnemonic phrase, I do believed that our memory will regress and deteriorate overtime. And with that we should really write our seed and then make multiple backs up of it, specially if we are going to store huge amount of BTC and we wanted to be a long term holder.

However, I don't like to complicate things in my end.

For me if you really know how to protect your wallet and your seed, then there's no need to invent and make it more difficult for you as a investor. And there are a lot of methods already shared in our great community on how to do that.

Actually I don't find anything new from your so guide, what's the difference with multisig 3 of 3, 4 of 4, or 6 of 6? you must able to get all of them in order to access your wallet.

I still prefer to use passphrase aka seed extension (https://en.bitcoin.it/wiki/Seed_phrase) where you add the last word from your seed phrase. Only hold like $50-$100 in your wallet that contain $50-$100, while the wallet that has a passphrase contains most of your coins.

Hello and thanks for creating a guide for us.

I will be against using this method though.


I love simplicity and I am in favor of creating "notes" that I will be able to understand in 20 years from now.


Adding a strong passphrase (>15 characters from the 95 ASCII printable characters) will immediately solve this issue.

What to do:
Let's say you have 12 words. Add a strong passphrase upon it.

Create 4 physical paper backups as follows:
1. Seed (backup A)
2. Seed (backup B)
3. Passphrase (backup A)
4. Passphrase (backup B)

Save them in 4 different locations.

Check if they are ok every now and then.

If you lose one of the papers (no matter which one) you will still have access to your funds and will be able to recover the wallet. Then you can decide what to do, you can create a new wallet etc.

It was a wonderful statement. Teach me how to do this. “Printed words, words that no one understands”—how does your proposal differ from the OP? You also come up with variants of words, but then, as time passes, you forget about your ideas, and the real phrase loses its meaning since you cannot remember their original meaning.
Don't you think you're contradicting yourself? :)

You should already know, tho, that the enemy of security is complexity.


So do not put it inside a locker, or as told by apogio, use a passphrase which is backed up on multiple places outside.


This is NOT recommended; it does not provide any additional security for a twelve words seed phrase and it introduces enough risk to lock you out of your wallet.  If a thief steals your seed phrase and does not know the order, all they need to do is brute force every possible combination of these words, which in total are only 12! ~= 480 million. (And of that number, 15/16 phrases contain an invalid checksum, so it is a lot easier)

Do not randomize the order.  Use passphrase, it is specifically included in all good Bitcoin wallets for that particular purpose.  And generally, do not experiment with security.  This is like children playing with matches.

I was planning to create a same topic like this I even shared my idea to make a similar topic like yours but I might not talk about this encryption method that you have used. Well, I think I should not make that thread as you already have created it, by the way, are you a mind reader hehe? If I would make this topic then I will definitely talk about other advanced encryption methods like AES or DES.

It's not that your encryption method is not advanced, it is also an advanced and not an easy one to break because the word list you have selected has 32 words in it and to make a 12-word recovery from the word list of 32 words you should have to apply 2.04×10³⁹ different combination and even with a powerful computer you have to spend a hell lot of years to apply these combinations. Well, in simple words, brute force can't be used to break this method of yours, I liked it, and I hope I am not making any mistake in calculating the time. As time will vary with the computational power.

PS: I am writing this reply for 2nd time, the first time I mistakenly refreshed this tab, and before refreshing I thought I had copied the whole text but after refreshing and trying to paste I got nothin in my clipboard lol.

As a sidenote, this forum is full of posts where people ask for help to recover their wallets.

Most of them have done something out of the ordinary. Something completely out of the BIP39 templates.

Most of the time, these people end up losing money.

Again, I like people who try to innovate, but in this case, I can see many potential issues. And I can foresee many people complaining about losing money in the future.

I get the idea of simplicity. But that also does not prevent us from risks. I have shared both simple and complex methods. The simple one is randomizing your key by grouping them.

As I explained, the total number of words is divided by the total number of numbers in the code. We will be able to know how many words per group.
I don't think it will be so hard to remember as it is way too simple. We can leave the code out on plain site and people will have a hard time finding out what it actually is.

Doing only this will also prevent your key from getting compromised to some extent. I know there are other methods more useful than this. That's why I introduced the complex version as well. I don't know how to code but I think we can make a bot that can automatically find the seed phrase if we give it a value such as the number of groups, the number of words that will be in each group and the number of words that need to be removed.

That way it can become an actual thing. I lack the knowledge to make such a thing so I am unable to show its potential.

Still, I think that encrypting the key before making a backup is way more secure than just backing it up as it is. Also if we continuously practice this method after a certain period of time, we will be able to remember it and forgetting the method won't be an issue.
But it's an individual choice for each of us to use what we are comfortable with.
I had an idea so I shared it. You can use it or not, that's up to you.

As I said.  The attacker would only need to brute force all the combinations of your scrambled seed phrase, and it would take him a few seconds to finish, even in an old machine.


When encrypting something, you need to have the decryption key.  That will be stored in plain text somewhere.  What do you want to encrypt and why would that method be more secure, since you still need to store a phrase / password somewhere in plain text?

Another possible way to improve this is to rearrange the words before you group them, maybe you’ll have a pattern to decipher them when it’s time to use them. The importance that rearranging the words could serve is that even if someone else saw and tried the phrases, they still won’t get access because you’ve mixed up somethings, but then, it mustn’t be the whole words, it could be just a word or maybe rearrange the group instead. But in all, have a retentive memory so you don’t end up trying to crack something you set by yourself. 

Why you not encrypt it using an free application? Files saved in Notepad format won't be accessible to anyone unless they know the key or password for the file. There are many free encryption tools available, such as WinRAR (there is free version) or even OpenPGP.

Sometimes, scrambling things may not be considered by everyone, and it's not worse than storing a seed phrase in plain text. As long as you remember the sequence you used, it's okay. The significant problem arises when you're not very familiar with the scrambling technique, making you forget it when you need to recall. I hope you can remember it so that it becomes easier for you to access the wallet with the scrambled seed key.

Thank you for this great effort in explaining and trying to simplify the idea. The idea seems somewhat complicated, but it can be understood.

I don't know, but personally I don't like all this complexity and I try to do things in a simple way because I believe that exaggeration in doing anything may give the opposite result. For example, exaggeration in preserving something important may attract attention, and so on.

Of course, this does not mean that the idea is not good or that I do not like it. I just want to do things in an easy, natural way. All these years I have been preserving my seed the easy way and have not lost it yet, thank God.

The whole post is really big and many won't go through the full post at all. Also, reading makes it hard to understand. So here's a picture I created to explain in as a simple visual learning thing. I have created this maybe that's why it's not that much complicated to me. But some may find this difficult.
https://i.postimg.cc/sx0Vyk9R/encryption.png (https://postimg.cc/p5zNJ160)

It's not only complicated, but it is also not safe.

Let's say you have this wordlist:


Let's also say that the attacker doesn't know anything about your system (group of words, random words in between etc), but they immediately understand all those words belong to the BIP39 wordlist.

So the natural thing to do would be to extract all the 12 wordlists from this list and try to see if they form a seed phrase.

How many ways are there to choose 12 wordlists from the list above? The order matters here, so the Permutations are 32!/(32-12)! = 1.08 * 10^17 =~ 56 bits of entropy.

56 bits of entropy is definetely less than the >100 bits of entropy that you can create with a strong passphrase.

If you want to make this method safe-ish you need to create a list of >250 words = 4.55 * 10 ^ 28 =~ 95 bits of entropy. So, creating a piece of paper with 250 words written upon it, seems somewhat difficult, doesn't it? And even then, the "complicated" aspect that many people mention still remains.

In fact, just imagine that if you have all the 2048 words in front of you, then this offers you ~132 bits of security if you wanted to brute force exactly 1 seed phrase of 12 words from scratch. So, finally, writting 32 words, or 50 on a piece of paper, doesn't provide any security.

How about a Safety Deposit box at a local bank?  About $40 a year.   

You can just whatever method you are comfortable with. But the thing is, we need to encrypt seed phrase before backing it up. Could be a universal method, or as you mentioned entropy or something similar like that. I am confident about my method and I will continue to use it also I am not forcing anyone to use my method. If you like it you can use it. That's all. Otherwise you have other options to choose from.

Banks are centralized. You cannot trust anything that is centralized. At least for me, I will never trust a bank for safekeeping something that is valuable to me. Have you ever realized if something happens to that bank then your safety deposit box is at risk too? Fire, water, storm, earthquake, natural disaster, anything like that could destroy the bank and those data stored into it. If you do it in multiple banks then that acceptable. But never do it in a single bank.

Rather than making it too complex I might use a hardware wallet instead. At least it's hassle free. And as for your methods it is actually good but the thing is our memory is bad. We can't even remember our social media passwords let alone pin of my debit card. But since we don't have access to hardware wallets due to the ban I might think of testing your methods.

Ever heard of natural disaster buddy? ;)

I remembered something from o_e_l_e_o.

Thanks for quoting his post. The actual figures are much higher than I would probably estimate. But even without knowing the actual numbers, even discounting all these diseases, illnesses, and injuries, can we fully trust our memory or our brains even if they're healthy? I don't think so. It doesn't take an amnesia for people to forget things. And given that what's at stake is something that we can't just afford to lose, should we risk it? Of course, not.

The simple one adds zero security and is trivial to brute force, while the complex one adds minimal security while greatly increasing the chance that you accidentally lock yourself out of your wallet.

I have lost track of the number of posts on this forum of people who have come up with their own back up method or their own "encryption" scheme (what you have done is not encryption, by the way), and locked themselves out of their wallets. It is not safe and it does not add the security you think it does.

If you are worried about your seed phrase back up being found, then you have two main options: Hide it somewhere safer, or move to a system which requires the compromise of multiple back ups - either seed phrase plus passphrase, or multi-sig. Both passphrases and multi-sig are far safer and far more secure than your proposal, as well as adding more redundancy against loss and being standardized across the entire ecosystem.

And you've reviewed the code of these programs to ensure they are 100% foolproof? WinRAR isn't even open source, so good luck with that. And you've made sure to write junk data over the sectors of your hard drive which held the unencrypted seed phrase before you encrypted it? I doubt it.

Just write it down on paper like you are supposed to.

Op this your method of encrypting seed phrase will confused someone and by the way if you enter wallet board you see different ways of backing up you seed phrase and the best way to secure your seed phrase if there is devices and to reduce cost is paper. You can just write it in different papers like 4 and laminate them and keep them in different locations. And not necessarily in you house only but somewhere you trust. And you can make something like as the encrypted one.

Assuming this is the seed phrase.
Mate2237 theymos NotATether hilariousandco Cyrus TryNinja
_act_ icopress LoyceV o_e_l_e_o sleep guitar

This is another way to arrange it.
12Guitar 1Mate2237 theymos2 NotATether3 Cyrus5 4hilariousandco TryNinja6
sleep11 o_e_l_e_o10 LoyceV9 icopress8
With the numbering like this you will know where each word would be fixed in.

      -   It's okay that you did it, mate, so for me, as long as you know how to keep it and appreciate it, I think that's enough. As long as you can put the seed phrases of your wallet account in the right place, that's enough, as well as the order.

As others who gave their opinion said, it's better to keep it simple. Let's not make it complicated if we can just make it simple. If someone else is simplified by the tips you gave, that's good.

This is not still different with the OP suggestions because even if you don’t lock your self out of this one, once someone gets hold of these phrases he will easily arrange this in the right order. The numerical numbers you attached to each one will definitely show the person the position of each since we all know that seed phrase are just words and not with characters attached. And even if you use another thing to designate each word’s position, a brute force will be use to arrange them. Just as everyone said you can simply create an either a multi sig wallet or add passphrase to the seed phrase and store passphrase in another location.

Bad idea. You have zero redundancy in such a set up, and if you lose one back up you cannot recover the data stored on it. Thankfully your proposal is so insecure that the data could be trivially brute forced. All in all, a bad solution.

If you are willing to have four back ups, then either use a seed phrase with passphrase with two back ups of each, or use a 3-of-4 multi-sig. With both you can lose a back up with no consequences, they are resistant to brute forcing, and you are far less likely to lock yourself out of your wallet.

Hehe, first of all securing only the seed is a big deal with that we are encrypting the seed and now saving the encrypted seed is also the same challenge. I know encryption will add a layer of security to the seed phrase but still securing that encrypted form is also the same as the original seed phrase.

I've seen that most of the centralized exchanges provided a feature of the Web-3 Wallet haha they've introduced a keyless, crypto wallet I'm particularly mentioning OKX here in which your Web 3 wallet is directly connected with the Exchanges's custodial wallet. Here the point to mention is that securing the seed phase offline is recommended and these wallets are recommending the Google Drive backup.

Hehe regardless of the encryption and extra security layers better prefer following the offline procedure as saving it on Paper or any other way you prefer.

Don't do this if you do not want to lock yourself out of your funds, 'rearranging' the words that make up your seed phrase only gives you a false sense of security, instead of doing that, add an extra layer of security like extending your seed phrase with a passphrase, or setting up a multisig wallet. The extra layers of security may prevent you from loss if your seed phrase is compromised and a passphrase is also great for plausible deniability in a situation of a $5 wrench attack.

Our memory can retain information, but for how long, and how about injuries to the brain and other diseases that affect the memory, you may have memorized your seed phrase today, but in a month or two you're already missing some words, or forgetting the right sequence. Just back it up on paper in the right order.

Using multisig wallet as an extra layer of security is not necessary and may only make things more complicated.

If the basic security of Bitcoin is not enough to keep the funds safe, we would have heard a news of many investors who hold Bitcoin from around 2010 to 2015 that have been hacked.

And because we heard that most investors lose access of their wallet is because of a misplaced not by hack, so the problem is not in the security but in the key. We should focus on what is the best way to keep the key.

20% of All BTC is Lost (https://www.investopedia.com/news/20-all-btc-lost-unrecoverable-study-shows/)

A multisig set up is not unnecessary, it is a good extra layer of security to use. It is also not as complicated as you think it is, you only have more backups and you need more devices, but if you know what you are doing, it would give you better security because an attacker has to compromise more than one key to steal your funds
The BTC network is secure, but the BTC in your wallet is not secure by default, it is as secure as the device you use, your opsec and general knowledge. People lose their funds for many reasons, hackers compromise people's devices and steal their funds. I am not saying that without a multisig set up, one must lose funds, but a multisig wallet makes it harder to lose your funds.
I am having a hard time understanding what you mean, your keys are stored locally in your wallet sofware, if a hacker compromises your wallet, they'll steal your funds, you can also lose your funds if your seed phrase is exposed.
I stopped reading this when the writer called BTC a token:

Yup that's the first thing I did. If I remember correctly, the only time my seed phrase was exposed is at the time of it's creation. And after that, I made sure to make it completely off grid. I just hope bugs or cockroaches doesn't eat out my note pad, lol (Saying in a sarcastic manner). ;D

It depends entirely on your threat model. It's maybe not necessary for you, or indeed for many people, but for some people it is exactly what they need.

Of course, but that has nothing to do with multi-sig. Multi-sig removes a single point of failure and adds redundancy to your back ups. It does nothing to the underlying security of the secp256k1 curve, which is of course plenty secure.

This is pure speculation.

Just keep in mind that this security only helps in case one backup is lost or stolen. In general, the level of security that bitcoin provides is 128 bits. This Is infeasible to be violated, but what we do here, is we add another security layer on top of that in case any backup is lost.


I will guide you to my post here where I explain how many bits of security OP's suggestion adds, compared to my suggestion.

https://bitcointalk.org/index.php?topic=5477341.msg63312153#msg63312153

Just notice that using multisig essentially adds another 128 bits of security on top of the initial ones. It is similar to using a strong passphrase (128 bits +) security wise.