QR SafeShare converts each BIP-39 word into its 11-bit index and then packs all indices into a continuous bitstream that matches the original BIP-39 binary layout of entropy plus checksum bits. This packed byte array becomes the secret that is shared using true k-of-n Shamir Secret Sharing, implemented with secrets.js over GF(2⁸) and random coefficients generated by WebCrypto (CSPRNG).

Using Shamir also means there is no single point of failure. For example, in a 3-of-2 setup (n=3, k=2), the recovery phrase is divided into three independent fragments, and any two of them are enough to restore it. If one share is lost, destroyed, or stolen, the other two can still recover the wallet, while a single stolen share alone reveals nothing. This design adds redundancy without introducing new risks, protecting against both loss and theft at the same time.

For a 2-of-2 setup the app switches to a simple XOR split, which provides the same level of security for that case while keeping the QR codes much smaller and easier to handle. When the shares are combined, the app reconstructs the byte array, unpacks the 11-bit indices, and converts them back into the original words. Nothing human-readable is ever split; only the binary form of the mnemonic is used.

In theory a “poisoned” share could be crafted, but without access to the other shares it is practically impossible to make it reconstruct a valid-looking seed. I decided not to include verifiable secret sharing or per-share commitments in the current version because those would greatly increase share size and QR complexity, making the fragments less practical. Checksum validation can be added to detect corrupted or tampered reconstructions, but it is not yet enforced in this release.

Thanks a lot for your message and feedback, I really appreciate it! Sometimes I get the feeling that not many people want to use this tool, or maybe don’t fully understand it, so it’s great to see someone looking into it.

Each QR simply contains a JSON payload with the share data (Shamir or XOR). With enough shares (or the two XOR parts) the secret payload can be reconstructed by any tool or implementation that understands the same format and encodings.

You’re right that for recovery phrases I use a custom compression method, which means you’ll need the QR SafeShare tool (via my website or a local copy) to reconstruct them. For short notes and passwords, however, compatibility is maintained since you can recover those with just the Shamir or XOR part, as those follow standard methods.

To reduce dependency risk, the tool isn’t limited to the main site. You can also use the GitHub version here: https://cmd1982.github.io/qr-safeshare/, or host it yourself. That way, even if qrsafeshare.com is no longer available, the method will still be usable.

It’s also possible to install the site as a Progressive Web App (PWA) on mobile or desktop for offline use. Instructions are available here: https://qrsafeshare.com/help.html#pwa.

Thanks for pointing this out.
You are correct that my license restricts commercial use, which means it does not meet the OSI definition of “open source.” Thank you as well for linking to the Open Source Definition for clarity.
To avoid confusion, I have updated my wording here on Bitcointalk and on the project site. Instead of calling it open source, I now describe it as a transparent project:
The project remains completely free to use, and the full source code is available for anyone to inspect, learn from, or adapt for non-commercial purposes.
Thanks again for highlighting this. Your feedback helps me improve both the tool and the way I present it to the community.

The Problem
A crypto recovery phrase (also called a seed phrase) is the most important backup of your wallet. It is a list of words that can fully restore access to your crypto if your hardware wallet or software wallet is lost. Devices like Ledger, Trezor, and many others rely on recovery phrases.

The challenge is how to store them securely.

• A steel backup like Cryptosteel is durable, but it creates an all-or-nothing risk. If someone steals it, they instantly have full access to your wallet.
• Even split-steel solutions are limited. If one half is lost or stolen you lose access to your recovery phrase.

The Solution
I built QR SafeShare as a transparent alternative. Instead of storing a full recovery phrase in one place, it splits the phrase into multiple QR fragments. Each fragment is useless on its own and reveals nothing. You can also configure redundancy, for example split into three QRs but require only two to recover. That way, losing one fragment is not a disaster.

Why a single QR is unbreakable
A single QR fragment contains no usable part of the recovery phrase. It cannot be brute forced into something meaningful, because it is only a meaningless fragment of the whole. Even with unlimited computing power or a future quantum computer, there is no way to reconstruct the original phrase from a single QR. Only when the required number of fragments are combined does the recovery phrase become visible again.

Why this is safer than Cryptosteel

• Fragments are useless alone: a stolen piece gives nothing.
• Redundancy: you decide how many are required to recover, so losing one does not mean losing access.
• Flexible storage: keep one in a safe, another with family, another digital. No single point of failure.

Why this is safer than digital backups

• Digital backups in cloud storage or password managers create a single point of failure. If that account is hacked or breached, everything is exposed at once.
• QR fragments can be stored physically — on paper, 3D printed, or in a lockable sleeve — which makes them unreachable to remote attackers.
• Even if you choose to keep one fragment in digital form, it is useless on its own without the other required fragments.
• You are not dependent on any third-party service or provider. Fragments stored in safe locations remain fully under your control.

Trust and Security

• All processing is 100% local in your browser. The recovery phrase never leaves your device.
• All code is published on GitHub, transparent, and reviewable.
• Can be installed as a Progressive Web App (PWA) for completely offline use.
• No ads, no tracking, and no data collection.

Maker-friendly features

• One click export to 3MF for 3D printing durable, scannable codes
• A lockable sleeve design is available on printables.com for extra protection

Try it
Use QR SafeShare at https://qrsafeshare.com. The code is public and verifiable.

I know trust is always an issue with tools related to recovery phrases. That is why I made this project fully transparent.
All code is published on GitHub so the community can review and verify it. Feedback from the Bitcointalk community would mean a lot.