Why saving seed in mail (secret words) isn't safe ?

[franky1]

apart from google itself which is well documented as happening..
i really wonder why people love storing private keys on third party services.

its funny that you would trust google who is known to read emails far more then relatives in your own house.
its funny that you would put the seed into a encoded narrative, but feel that your family have a higher technical understanding to decode it, compared to google

franky, you missed my 3rd point out there. Can Google compromise my PGP key? I have not saved it there.

well goodluck if google decides to automatically delete emails over 30 days, or you forget your password or your 2FA fails because your phone breaks or you forget your PGP

but with that said, ok use email for a convenience thing if your ever on vacation and need to get to your coins without traveling back home.. but dont rely on third parties as your sole store of private keys.

i suggest keeping a copy locally offline aswell

[Curious8]

apart from google itself which is well documented as happening..
i really wonder why people love storing private keys on third party services.

its funny that you would trust google who is known to read emails far more then relatives in your own house.
its funny that you would put the seed into a encoded narrative, but feel that your family have a higher technical understanding to decode it, compared to google

franky, you missed my 3rd point out there. Can Google compromise my PGP key? I have not saved it there.

well goodluck if google decides to automatically delete emails over 30 days, or you forget your password or your 2FA fails because your phone breaks or you forget your PGP

but with that said, ok use email for a convenience thing if your ever on vacation and need to get to your coins without traveling back home.. but dont rely on third parties as your sole store of private keys.

i suggest keeping a copy locally offline aswell

Google never delete mails and will never do..

[darkstarzz69]

I guess it never really is safe anywhere at the end of the day. Offline, you have robbers or 'friends' and online there are hackers.

Prob paranoia starts to take effect and we are suddenly afraid for our e-mails getting hacked although we have been using it for a long time without issues.

As long as you keep a low-profile online/offline and not brag about the coins you have, you should be ok.

As for the e-mail concerns, maybe you could store the pgp key on a different e-mail account or you could use this guide for a little more protection for your phrases and keys:

http://www.howtogeek.com/howto/windows-vista/stupid-geek-tricks-hide-data-in-a-secret-text-file-compartment/

[AliceWonderMiscreations]

let 1000 geeks try to decode this and they won't succeed
and why should his email gethacked when he keep him safe and probably equipped with the newest antivurus

The e-mail system is painfully insecure due to its age. TLS is a bolt on.

When you write an e-mail and send it - first it goes from your client (web or real) to an SMTP server. That connection probably uses TLS but it might not, you should verify. It is difficult to verify with webmail.

When it gets to the incoming SMTP server, it is no longer encrypted. It is in their server as plain text.

That server then does a DNS lookup for the MX records associated with the receiving domain. Unless the receiving domain uses DNSSEC *and* your sending server enforces DNSSEC, it could be lied to about the answers.

That server then attempts to make a connection to the receiving server specified in the MX record.

That connection may or may not be encrypted and you really have no control over it. The RFC says that the a non-encrypted server MUST be acceptable. Encryption only happens when both support encryption *and* both support a common cipher suite. That may be a weak one like RC4.

When an encrypted connection is used, the certificate is rarely signed by a certificate authority because they never check anyway. They never check anyway because there is no agreed upon list of certificate authorities.

Once the message gets to the specified MX server, if it even was sent encrypted it is decrypted again. And then it is sent to the server where the IMAP/POP3 takes place, and that may or may not be encrypted and you have no way to know.

This btw is why what Hilary did was so dangerous. Within the .gov system, they have control over the servers but as soon as an e-mail is outside their system, they have no control.

Anyway, how fundamentally insecure the e-mail system is is why secret things should not be stored in e-mail.

If you must, encrypt it first using something like GnuPG.

-=-

Using something like hiding your passphrase in a poem - that's called Security by Obscurity and it is a very very VERY bad practice.