Wallet for Recovery Seed Use

[crptstv]

My apologies for the perhaps basic question, but I have searched and cannot seem to find an answer.

Up until now I have only used Ledger Nano S devices to store my Bitcoin and hold my private keys. I keep the recovery seed phrases for these secure.

However for the first time I have now also created a brain wallet. Whilst I do not intend to use it for the moment, I feel it is good practice to already have it in place now with a secure pass phrase that I have committed to memory. In the event of an unforeseen event or emergency in the future, I already have the Public Key to send to and have the ability to re-generate the private keys using the memory committed 12 word passphrase.

My question is, which wallet is the best in an emergency to recover this seed phrase to? It is a unique phrase that I created with the BIP39 tool (offline) and only has 12 words, though they are unique and memorable to me. My concern is the words don’t conform to the English BIP39 standard words and as such can’t be restored into wallets like Electrum or my Ledger devices.

Is anyone able to advise wallet services where one can restore a truly unique 12 word passphrase that wasn’t generated by a wallet service?

Or am I going about this the wrong way and in the event of recovery, simply generate the Private keys using the BIP39 tool and then use the private keys themselves in a wallet to restore?

Again, sorry for the basic question!

[LoyceV]

I have a few "counter questions" for you:
What BIP39 tool did you use? https://iancoleman.io/bip39/ ?
How did you create the 12 words? Were they randomly generated, or did you try to make a sentence which you can easily remember? If it's not random enough, you're at risk for a brute-force attack.

In general, it's a very good practice to test recovery of a private key before funding it's address.

[OmegaStarScream]

If your words do not exist in the BIP39 words list, other software won't be able to recognize it. Brain wallet tends to be insecure. If you think you could memorize 12 words, why simply not make an Electrum wallet and memorize the seed, that could be safer.

Or am I going about this the wrong way and in the event of recovery, simply generate the Private keys using the BIP39 tool and then use the private keys themselves in a wallet to restore?

Again, sorry for the basic question!

That what I would suggest If you still want to go with this. Check this as well.

[crptstv]

I have a few "counter questions" for you:
What BIP39 tool did you use? https://iancoleman.io/bip39/ ?
How did you create the 12 words? Were they randomly generated, or did you try to make a sentence which you can easily remember? If it's not random enough, you're at risk for a brute-force attack.

In general, it's a very good practice to test recovery of a private key before funding it's address.

I used bitaddress.org offline to generate the private key using the chosen 12 word phrase. Then took that private key generated and went to wallet details on same site (still offline) to generate the Public Key to be able to send to.

I made a sentence which I can remember. I don't have confidence over long term (talking years) to be able to remember a random selection of 12 words. Whilst I'm aware a human created phrase is less secure, it is not a phrase that has ever been written anywhere in history (ie. from a book etc) and involves ancestors name and totally unrelated topic, so I can't see how it could ever be hacked? eg. something like "yohan sputz went to romania in 1848 and ate some good cake" - that's not it, but not sure how that could be brute forced or guessed?

Happy to be corrected though!

For me the reason for the mnemonic being a phrase I can remember is basically because it will only be used years from now in an emergency eg. govt. attack at border check point as a random example. So likely would only be worst case scenario, and for a limited time.

My every day security protocol is:
- Multiple Ledger Nano S devices,
- Stored in different physical locations
- Recovery seeds for those on multiple physical pin pad encrypted USB's (different brands and physical locations)

[crptstv]

If your words do not exist in the BIP39 words list, other software won't be able to recognize it. Brain wallet tends to be insecure. If you think you could memorize 12 words, why simply not make an Electrum wallet and memorize the seed, that could be safer.

Or am I going about this the wrong way and in the event of recovery, simply generate the Private keys using the BIP39 tool and then use the private keys themselves in a wallet to restore?

Again, sorry for the basic question!

That what I would suggest If you still want to go with this. Check this as well.

Thanks for the reply. The main reason being I don't have enough faith in my memory for a set of random 12 words. The same reason I need to record the seed phrases for my Ledger devices.

This brain wallet seed phrase however - as an emergency temporary solution - does not have the seed phrase recorded anywhere what so ever, even on the encrypted USB's. This is why I feel the need to generate a phrase I will remember, both from repetition now, but also as even if I have a word or two around the wrong way in 5yrs, I'll still be able to get it again through process of elimination (worst case scenario, I am comfortable with my memory for this phrase.)

Thanks for the links. Yes I also used the Github link you provided at the time (offline) to verify the seed phrase just to ensure all was correct and not relying solely on bitaddress.org - but you're saying as I didn't use words that exist in the BIP39 list, I won't be able to restore the wallet anywhere?

[bitmover]

If you have the 12 words, you can recover the funds is almost all decent wallets.

You can restore it in Electrum, just typing the words. Or even in blockchain.info (not recommended for high amounts).

You can also type the word in https://iancoleman.io/bip39
This website will generate all addresses and privatekeys for you , and you can just insert the privatekeys in Electrum, or scan qrcodes woth coinomi (mobile) for example.

Be careful while generating the words on your own. There are some checksums which invalidate a lot of word combinations. I would definitely get a phrase computer generated and write it down somewhere safe.

[crptstv]

If you have the 12 words, you can recover the funds is almost all decent wallets.

You can restore it in Electrum, just typing the words. Or even in blockchain.info (not recommended for high amounts).

You can also type the word in https://iancoleman.io/bip39
This website will generate all addresses and privatekeys for you , and you can just insert the privatekeys in Electrum, or scan qrcodes woth coinomi (mobile) for example.

Be careful while generating the words on your own. There are some checksums which invalidate a lot of word combinations. I would definitely get a phrase computer generated and write it down somewhere safe.

Thanks for the reply.

How would I know if there was a checksum in my phrase? I've been able to generate both public and private keys, able to verify the public address on the blockchain - does this mean it would be ok?

So if I understand correctly, you're saying I could just regenerate private keys then scan QR codes into wallet. The phrase I have used generates private keys in bitaddress.org but when doing it in iancoleman, it says obviously words not in wordlist. Does this mean the private keys spit out by bitaddress might not work?

[OmegaStarScream]

Thanks for the links. Yes I also used the Github link you provided at the time (offline) to verify the seed phrase just to ensure all was correct and not relying solely on bitaddress.org - but you're saying as I didn't use words that exist in the BIP39 list, I won't be able to restore the wallet anywhere?

I could be wrong but I believe that BIP39 has a number of words: https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

If you're going to use words that are not inside that list, you won't be able to restore your seed in BIP39 compatible wallets because that's the standard they use.

You will still be able to use the brainwallet link I gave you though and that should work fine regardless of the characters/words used. Just to be sure, it might be better to generate the wallet with the same tool you're planning to use to recover your wallet in the future. (In this case, the link I gave you, and make sure to download the source code and run it locally).

[bitmover]

Thanks for the reply.

How would I know if there was a checksum in my phrase? I've been able to generate both public and private keys, able to verify the public address on the blockchain - does this mean it would be ok?

So if I understand correctly, you're saying I could just regenerate private keys then scan QR codes into wallet. The phrase I have used generates private keys in bitaddress.org but when doing it in iancoleman, it says obviously words not in wordlist. Does this mean the private keys spit out by bitaddress might not work?

If the words are not in the iancoleman list, they are not in the bip39 standard, so you will have problems generating the keys (probably).

In this standard all possible words are listed in the file posted by OmegaStarScream. You can also use words in a different language
rds: https://github.com/bitcoin/bips/blob/master/bip-0039/ all available languages here.

I recommend that you, just for fun, go to iancoleman website and try to generate a 12 words phrase on your own. You will see that it is hard to find a valid combination. For example, word word word (12x )works, but other words do not work when repeated.

I read somewhere that each of these words correspond to a number, and there is a checksum that marks as failed some combinations (most of them I believe).

Edit: found a very nice article that explains it very well
From a Random Number to Mnemonic Phrase
https://bitcointalk.org/index.php?topic=3490064.0

[LoyceV]

I used bitaddress.org offline to generate the private key using the chosen 12 word phrase. Then took that private key generated and went to wallet details on same site (still offline) to generate the Public Key to be able to send to.

So you created a "classic" brainwallet. That has nothing to do with BIP39, forget about that.
You'll need to use similar brainwallet software to recover your (one) private key.

I made a sentence which I can remember. I don't have confidence over long term (talking years) to be able to remember a random selection of 12 words. Whilst I'm aware a human created phrase is less secure, it is not a phrase that has ever been written anywhere in history (ie. from a book etc) and involves ancestors name and totally unrelated topic, so I can't see how it could ever be hacked? eg. something like "yohan sputz went to romania in 1848 and ate some good cake" - that's not it, but not sure how that could be brute forced or guessed?

Happy to be corrected though!

There are several publications on safety, including some researchers who did some brute-forcing. The main problem with brainwallets is that it's possible to attack all existing brainwallets at the same time, and it's not a heavy encryption. That makes it possible to search billions or even trillions of combinations, including dictionary attacks. I'll search for some examples:
The Bitcoin Brain Drain: A Short Paper on the Use and Abuse of Bitcoin Brain Wallets
Speed Optimizations in Bitcoin Key Recovery Attacks

For me the reason for the mnemonic being a phrase I can remember is basically because it will only be used years from now in an emergency eg. govt. attack at border check point as a random example. So likely would only be worst case scenario, and for a limited time.

Make sure to check (and test!) once in a while if you still know the exact phrase, and can still recover it. And make sure the address you stored somewhere can't be changed. If someone manages to changes your address into his own, you'll unknowingly send all your funds to an attacker.

If you have the 12 words, you can recover the funds is almost all decent wallets.

That's incorrect. OP used a brainwallet.

So if I understand correctly, you're saying I could just regenerate private keys then scan QR codes into wallet. The phrase I have used generates private keys in bitaddress.org but when doing it in iancoleman, it says obviously words not in wordlist. Does this mean the private keys spit out by bitaddress might not work?

BIP39 or iancoleman's site has nothing to do with brainwallets.

When you say "offline", do you use a LIVE Linux operating system that only runs from RAM, and removes all traces when you turn it off? Just unplugging your regular computer from the internet is not enough to consider it safe if you plug it back in afterwards.

[crptstv]

I used bitaddress.org offline to generate the private key using the chosen 12 word phrase. Then took that private key generated and went to wallet details on same site (still offline) to generate the Public Key to be able to send to.

So you created a "classic" brainwallet. That has nothing to do with BIP39, forget about that.
You'll need to use similar brainwallet software to recover your (one) private key.

I made a sentence which I can remember. I don't have confidence over long term (talking years) to be able to remember a random selection of 12 words. Whilst I'm aware a human created phrase is less secure, it is not a phrase that has ever been written anywhere in history (ie. from a book etc) and involves ancestors name and totally unrelated topic, so I can't see how it could ever be hacked? eg. something like "yohan sputz went to romania in 1848 and ate some good cake" - that's not it, but not sure how that could be brute forced or guessed?

Happy to be corrected though!

There are several publications on safety, including some researchers who did some brute-forcing. The main problem with brainwallets is that it's possible to attack all existing brainwallets at the same time, and it's not a heavy encryption. That makes it possible to search billions or even trillions of combinations, including dictionary attacks. I'll search for some examples:
The Bitcoin Brain Drain: A Short Paper on the Use and Abuse of Bitcoin Brain Wallets
Speed Optimizations in Bitcoin Key Recovery Attacks

For me the reason for the mnemonic being a phrase I can remember is basically because it will only be used years from now in an emergency eg. govt. attack at border check point as a random example. So likely would only be worst case scenario, and for a limited time.

Make sure to check (and test!) once in a while if you still know the exact phrase, and can still recover it. And make sure the address you stored somewhere can't be changed. If someone manages to changes your address into his own, you'll unknowingly send all your funds to an attacker.

If you have the 12 words, you can recover the funds is almost all decent wallets.

That's incorrect. OP used a brainwallet.

So if I understand correctly, you're saying I could just regenerate private keys then scan QR codes into wallet. The phrase I have used generates private keys in bitaddress.org but when doing it in iancoleman, it says obviously words not in wordlist. Does this mean the private keys spit out by bitaddress might not work?

BIP39 or iancoleman's site has nothing to do with brainwallets.

When you say "offline", do you use a LIVE Linux operating system that only runs from RAM, and removes all traces when you turn it off? Just unplugging your regular computer from the internet is not enough to consider it safe if you plug it back in afterwards.

Thanks for the comments and reference links LoyceV.

So it is not a BIP39 wallet I've created, just a brain wallet. I will have a good long think about whether to continue with my theory after I've had a chance to re-read all the references provided here by yourself and others thoroughly again.

When you say I would need to use similar brain wallet software to recover, can you name some examples of such? Clearly I haven't used that type of software before, so unless I can get my head around it, it would seem too unsafe to risk using my current brain wallet and will need to change plans. To confirm, I believe you're saying the private key generated from the existing wallet can't just be used in most wallet recovery services even with the key itself (ie. not the seed phrase)?

[bob123]

When you say I would need to use similar brain wallet software to recover, can you name some examples of such?

Well, basically use the same software you have used to create your brainwallet (which is not as secure as a random seed btw).

The easiest would probably be to simply use a hash function (e.g. sha256).

Hash your 'brain seed', and use this hash as the private key.


But please note, that the humans brain is extremely bad at generating random stuff. The entropy will be by far(!) lower compared to using a RNG.
Even if you believe your phrase is not crackable.. it most probably is.

To confirm, I believe you're saying the private key generated from the existing wallet can't just be used in most wallet recovery services even with the key itself (ie. not the seed phrase)?

The private key can be used in any wallet. It is just the 'seed' (better: your brain wallet words) which are not accepted in any wallet.

[LoyceV]

When you say I would need to use similar brain wallet software to recover, can you name some examples of such?

https://www.bitaddress.org/ and http://bitcoinpaperwallet.com/ are the most common ones. It's probably a good idea to keep your own copy of https://github.com/pointbiz/bitaddress.org , or email it to yourself in case it's no longer available in the future.

Clearly I haven't used that type of software before, so unless I can get my head around it, it would seem too unsafe to risk using my current brain wallet and will need to change plans.

I'd say try it: do as you planned with a different brain-password, create a wallet, put 0.0001BTC in it, turn off your offline computer, turn it on again, and try to get back your funds and move them to another wallet.

To confirm, I believe you're saying the private key generated from the existing wallet can't just be used in most wallet recovery services even with the key itself (ie. not the seed phrase)?

The private key can be imported and used in most wallets, but you'll need to convert the brain-password into a key first, using the same software you used to create it.

[Coding Enthusiast]

The easiest would probably be to simply use a hash function (e.g. sha256).
Hash your 'brain seed', and use this hash as the private key.

Note that hashing something doesn't make it random. For example if you compute SHA256 hash of a weak password such as "123" you will get a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3 which looks random but really isn't! Because it can simply be produced as long as the method for its creation is known.

[Abdussamad]

I used bitaddress.org offline to generate the private key using the chosen 12 word phrase. Then took that private key generated and went to wallet details on same site (still offline) to generate the Public Key to be able to send to.

You will have to repeat this process and then import the private key in wallet software of your choice. You can't restore directly using the 12 words since they are not the seed to an HD wallet.

Also note that there is no checksum in your 12 word phrase so if you make a mistake, such as with spelling, punctuation or order of the words, you will generate a different private key entirely. It's also possible someone will guess your brainwallet phrase and steal your funds from you. Omegastarscream has already warned you about using brainwallets.

[bob123]

The easiest would probably be to simply use a hash function (e.g. sha256).
Hash your 'brain seed', and use this hash as the private key.

Note that hashing something doesn't make it random. For example if you compute SHA256 hash of a weak password such as "123" you will get a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3 which looks random but really isn't! Because it can simply be produced as long as the method for its creation is known.

Of course it doesn't.
If this would produce a random output, OP wouldn't be able to ever reproduce this exact private key.. This is completely out of question..

The whole purpose of a hash function is to represent an input of any length as a sequence of X bits (depending on the hash function; 256 bit in case of sha256).
 

This topic is about creating a brain wallet in a reproducible way (e.g. a few years later without direct access to the original software used) and not how to create a random private key properly.

Brainwallets are the worst way to store coins, but that's not the topic here.

[crptstv]

The easiest would probably be to simply use a hash function (e.g. sha256).
Hash your 'brain seed', and use this hash as the private key.

Note that hashing something doesn't make it random. For example if you compute SHA256 hash of a weak password such as "123" you will get a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3 which looks random but really isn't! Because it can simply be produced as long as the method for its creation is known.

Of course it doesn't.
If this would produce a random output, OP wouldn't be able to ever reproduce this exact private key.. This is completely out of question..

The whole purpose of a hash function is to represent an input of any length as a sequence of X bits (depending on the hash function; 256 bit in case of sha256).
 

This topic is about creating a brain wallet in a reproducible way (e.g. a few years later without direct access to the original software used) and not how to create a random private key properly.

Brainwallets are the worst way to store coins, but that's not the topic here.

The consensus is definitely not to use a brain wallet. How do people propose to cross borders in a distant future if there are crack downs eg. you your hardware devices will be confiscated at borders?

I'm basically looking for a way to store and travel with Bitcoin in worst case scenario where govt's are actively attacking Bitcoin or at the very least trying to track/record what you hold. If that doesn't happen, then I'll continue to use my hardware devices and never have the need, but like to plan for such eventualities and even now beginning to be concerned travelling with them as at some point in time in some random border crossing, an official who actually knows what the devices are may pull you up.

Another method that comes to mind is to use the different hardware devices stored in different countries to bounce the Bitcoin back and forth if required and never actually technically travel with it. But this is still problematic.

Happy if anyone has some resources on operating procedure to do with the above they can link me to read up on.

[Abdussamad]

The consensus is definitely not to use a brain wallet. How do people propose to cross borders in a distant future if there are crack downs eg. you your hardware devices will be confiscated at borders?

There are many ways to deal with this scenario:

- Create a standard wallet in electrum and memorize the 12 word seed it generates. This is computer generated so it is secure unlike human generated phrases.

- Instead of memorizing it write it down with a pen in a notebook. They aren't going to confiscate your notebooks are they? If you need a second factor you can extend the seed with custom characters/words which you only keep in your head. To do this in the seed re-entry step of the wallet creation process click on options and choose to extend the seed. You will get the option to enter your custom passphrase in subsequent steps. To recover the wallet a person will need both the 12 words you wrote down and the seed extension that you memorized.

- If USB drives are also subject to confiscation save the wallet file via file > save copy onto a microsd card and sew the card into your clothing.

- Save the encrypted wallet file onto a cloud account and simply memorize the password for that account.

- Save the encrypted wallet file onto an RFID or NFC chip that you inject under your skin. This is apparently a thing now

BTW your post reminds me of this guy. When I first read this I was wondering why he was risking carrying cash when bitcoin is so much more convenient and impossible to detect.

[LoyceV]

I'm basically looking for a way to store and travel with Bitcoin in worst case scenario where govt's are actively attacking Bitcoin or at the very least trying to track/record what you hold.

You can easily hide an encrypted recovery seed or wallet on a laptop. As long as they don't know what to look for, and where to look, I don't think customs has the manpower to search through all your personal data.

Another method that comes to mind is to use the different hardware devices stored in different countries to bounce the Bitcoin back and forth if required and never actually technically travel with it. But this is still problematic.

Why not just memorize your 24 seed words?

[crptstv]

I'm basically looking for a way to store and travel with Bitcoin in worst case scenario where govt's are actively attacking Bitcoin or at the very least trying to track/record what you hold.

You can easily hide an encrypted recovery seed or wallet on a laptop. As long as they don't know what to look for, and where to look, I don't think customs has the manpower to search through all your personal data.

Another method that comes to mind is to use the different hardware devices stored in different countries to bounce the Bitcoin back and forth if required and never actually technically travel with it. But this is still problematic.

Why not just memorize your 24 seed words?

Yes I probably am being paranoid.  For what its worth I've just thrown around 0.02 BTC onto the Brain Wallet address which I'll leave there and see if it gets hacked in the months/years ahead.

You're right, I do carry my hardware wallet keys with me currently in the form of encrypted USB's - I don't leave them on any computer or any cloud service. I guess if things ever became extreme, I would just stop travelling with the hardware wallets, only the USB's which everyone carries and are not suspicious as such.

I don't have enough faith in my memory to remember a random seed word, especially when dealing with large sums, multiple devices etc.