Bitcoin Forum
January 20, 2020, 12:18:54 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: My backup strategy for the Ledger Nano  (Read 170 times)
blockchainapps
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
February 11, 2018, 07:50:27 PM
 #1

I have designed a new redundant Ledger Recovery Sheet. I am always a little afraid to lose my

recovery sheet or that somebody else can find it.

Now I have 3 recovery sheets and you need 2 of 3 recovery sheet to recover the ledger.

https://steemit.com/bitcoin/@blockchainapps/backup-strategy-for-your-ledger-nano-s


How do you store the recovery phrases of the Ledger?


1579522734
Hero Member
*
Offline Offline

Posts: 1579522734

View Profile Personal Message (Offline)

Ignore
1579522734
Reply with quote  #2

1579522734
Report to moderator
1579522734
Hero Member
*
Offline Offline

Posts: 1579522734

View Profile Personal Message (Offline)

Ignore
1579522734
Reply with quote  #2

1579522734
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1579522734
Hero Member
*
Offline Offline

Posts: 1579522734

View Profile Personal Message (Offline)

Ignore
1579522734
Reply with quote  #2

1579522734
Report to moderator
1579522734
Hero Member
*
Offline Offline

Posts: 1579522734

View Profile Personal Message (Offline)

Ignore
1579522734
Reply with quote  #2

1579522734
Report to moderator
achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 2016
Merit: 3010


bc1qshxkrpe4arppq89fpzm6c0tpdvx5cfkve2c8kl


View Profile WWW
February 11, 2018, 08:46:16 PM
Merited by RGBKey (1)
 #2

80 bits of security is not considered secure. It is within the realm of practical. In cryptography terms, taking 2500 years to brute force something is weak. There's a reason you don't see anything with less than 128 bits of security actually in use for applications that need serious security.

RGBKey
Hero Member
*****
Offline Offline

Activity: 854
Merit: 630


rgbkey.github.io/pgp.txt


View Profile WWW
February 11, 2018, 08:50:04 PM
Merited by achow101 (2), Lucius (2)
 #3

With your approach, an attacker gets access to one sheet and they have 16 out of your 24 words. This gives them a significant advantage, as they only need to brute force the remaining 8 words. To brute force 8 words, they would need to check 2048^8 possibilities, and each possibility would require 2048 HMAC-SHA512 hashes as described here. This means an attacker would need to compute at maximum (2048^8)*2048 HMAC-SHA512 hashes to find your wallet. While this is still a very large number, it's nowhere near the security provided by 24 words. That's why we use 24-word seeds instead of 8-word seeds. Even though if the entire Bitcoin network was performing HMAC-SHA512 hashes instead of SHA256, and they were all searching for your wallet seed, it would take them around 1000 years (maximum) to find your seed, that's way way less than the security provided by 24 words.

You could do this much better by using Shamir's Secret Sharing. This would allow you to split up your seed into 3 pieces (or nearly as many as you like really) and require 2 (or more) pieces to put it back together. The best part about this is with SSS, an attacker having one or anywhere up to one less than the required number of pieces means nothing, as they don't know anything about your seed until they have all the required pieces.

You've got a good idea going, it could just use some improvement.
blockchainapps
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
February 11, 2018, 10:21:39 PM
 #4

With your approach, an attacker gets access to one sheet and they have 16 out of your 24 words. This gives them a significant advantage, as they only need to brute force the remaining 8 words. To brute force 8 words, they would need to check 2048^8 possibilities, and each possibility would require 2048 HMAC-SHA512 hashes as described here. This means an attacker would need to compute at maximum (2048^8)*2048 HMAC-SHA512 hashes to find your wallet. While this is still a very large number, it's nowhere near the security provided by 24 words. That's why we use 24-word seeds instead of 8-word seeds. Even though if the entire Bitcoin network was performing HMAC-SHA512 hashes instead of SHA256, and they were all searching for your wallet seed, it would take them around 1000 years (maximum) to find your seed, that's way way less than the security provided by 24 words.

You could do this much better by using Shamir's Secret Sharing. This would allow you to split up your seed into 3 pieces (or nearly as many as you like really) and require 2 (or more) pieces to put it back together. The best part about this is with SSS, an attacker having one or anywhere up to one less than the required number of pieces means nothing, as they don't know anything about your seed until they have all the required pieces.

You've got a good idea going, it could just use some improvement.

Thank you very much for the SSS tipp and the calculation. I have tested this with https://github.com/iancoleman/shamir project. Works really fine. Maybe I can use this for my passwords.

But for my ledger I am using the method above, I think this is easier for my wife  Cheesy, if something happens to me. 
RGBKey
Hero Member
*****
Offline Offline

Activity: 854
Merit: 630


rgbkey.github.io/pgp.txt


View Profile WWW
February 11, 2018, 10:27:39 PM
 #5

With your approach, an attacker gets access to one sheet and they have 16 out of your 24 words. This gives them a significant advantage, as they only need to brute force the remaining 8 words. To brute force 8 words, they would need to check 2048^8 possibilities, and each possibility would require 2048 HMAC-SHA512 hashes as described here. This means an attacker would need to compute at maximum (2048^8)*2048 HMAC-SHA512 hashes to find your wallet. While this is still a very large number, it's nowhere near the security provided by 24 words. That's why we use 24-word seeds instead of 8-word seeds. Even though if the entire Bitcoin network was performing HMAC-SHA512 hashes instead of SHA256, and they were all searching for your wallet seed, it would take them around 1000 years (maximum) to find your seed, that's way way less than the security provided by 24 words.

You could do this much better by using Shamir's Secret Sharing. This would allow you to split up your seed into 3 pieces (or nearly as many as you like really) and require 2 (or more) pieces to put it back together. The best part about this is with SSS, an attacker having one or anywhere up to one less than the required number of pieces means nothing, as they don't know anything about your seed until they have all the required pieces.

You've got a good idea going, it could just use some improvement.

Thank you very much for the SSS tipp and the calculation. I have tested this with https://github.com/iancoleman/shamir project. Works really fine. Maybe I can use this for my passwords.

But for my ledger I am using the method above, I think this is easier for my wife  Cheesy, if something happens to me. 

That's a very valid point. Someone is very unlikely to understand how to use SSS to recreate your seed unless there are detailed instructions included with each seed (which is possible). Your strategy is still better than storing multiple copies of the full seed in different locations. There's usually a tradeoff between convenience and security, and that's very apparent here.
nicosey
Full Member
***
Offline Offline

Activity: 321
Merit: 101



View Profile
February 12, 2018, 05:53:20 AM
 #6

With your approach, an attacker gets access to one sheet and they have 16 out of your 24 words. This gives them a significant advantage, as they only need to brute force the remaining 8 words. To brute force 8 words, they would need to check 2048^8 possibilities, and each possibility would require 2048 HMAC-SHA512 hashes as described here. This means an attacker would need to compute at maximum (2048^8)*2048 HMAC-SHA512 hashes to find your wallet. While this is still a very large number, it's nowhere near the security provided by 24 words. That's why we use 24-word seeds instead of 8-word seeds. Even though if the entire Bitcoin network was performing HMAC-SHA512 hashes instead of SHA256, and they were all searching for your wallet seed, it would take them around 1000 years (maximum) to find your seed, that's way way less than the security provided by 24 words.

You could do this much better by using Shamir's Secret Sharing. This would allow you to split up your seed into 3 pieces (or nearly as many as you like really) and require 2 (or more) pieces to put it back together. The best part about this is with SSS, an attacker having one or anywhere up to one less than the required number of pieces means nothing, as they don't know anything about your seed until they have all the required pieces.

You've got a good idea going, it could just use some improvement.

Thank you very much for the SSS tipp and the calculation. I have tested this with https://github.com/iancoleman/shamir project. Works really fine. Maybe I can use this for my passwords.

But for my ledger I am using the method above, I think this is easier for my wife  Cheesy, if something happens to me. 

Do you leave instructions somewhere for family members?

Kakmakr
Legendary
*
Offline Offline

Activity: 1890
Merit: 1388


View Profile
February 12, 2018, 07:11:30 AM
 #7

I wrote a little story with my 24 words and I left a template for my relatives to figure out the pattern in this story to get the sequence of these words. Nobody will be able to figure out how this work, because they do not have the template. The story and the template are stored away from each other. < several duplicates are kept in different locations >

They cannot do anything with the template, but as soon as I am dead, they will be presented with the story and steps to follow to retrieve these coins. The people with the story, cannot do anything without the template. < They do not know what they have > ^lol^

spiker777
Sr. Member
****
Offline Offline

Activity: 630
Merit: 254


Better. Quick. Transparent.


View Profile
February 13, 2018, 10:40:56 AM
 #8

If you really want to be safe, don't store the recovery sheet anywhere, use a mnemonic system to memorize the seed phrase. You can also use something like the method of loci, or similar methods to permanently store the seed phrase in your memory. Alternatively, you can generate a seed phrase, and circle the words in sequence in a book that you own. If you want to go one step further, circle those words in invisible ink, then use a UV light to read it.


       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
   
       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
  B

          ▄▄▄▄▄▄
     ▄▄████████████▄▄
   ▄█████▀▀    ▀▀█████▄
  ████▀            ▀████
 ████                ████
▐███                  ███▌
███▌                  ▐███
▐███           ▄▄     ███▌
 ████         ▀███▄  ▐███
  ████▄         ▀███▄███
   ▀█████▄▄     ▄█████▀
     ▀▀████████████▀▀
          ▀▀▀▀▀▀
T 
Better. Quick.

Transparent.






             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀






▄█████████████████████████▄
███████████████████████████
███████████████▀       ████
██████████████      ▄▄▄████
██████████████    ▐████████
██████████████    ▐████████
██████████            ▐████
██████████            █████
██████████████    ▐████████
██████████████    ▐████████
██████████████    ▐████████
▀█████████████    ▐███████▀






                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
o_e_l_e_o
Legendary
*
Offline Offline

Activity: 812
Merit: 3334


Decent


View Profile
February 13, 2018, 12:24:08 PM
Merited by RGBKey (1)
 #9

If you really want to be safe, don't store the recovery sheet anywhere, use a mnemonic system to memorize the seed phrase. You can also use something like the method of loci, or similar methods to permanently store the seed phrase in your memory. Alternatively, you can generate a seed phrase, and circle the words in sequence in a book that you own. If you want to go one step further, circle those words in invisible ink, then use a UV light to read it.

As an intensive care physician in real life, I would strongly recommended against memorizing your seed. I see people with catastrophic head injuries, sepsis, meningitis, encephalopathies, etc, etc that can lose significant portions of their memory, on a daily basis. I also see young fit people dying suddenly and unexpectedly.

Whatever method you use, make sure there is a way for your loved ones to recover your coins if something like what I've mentioned above were to happen to you. Otherwise, your whole crypto journey will have been for nothing.

jtipt
Hero Member
*****
Offline Offline

Activity: 924
Merit: 526



View Profile
February 13, 2018, 05:51:22 PM
 #10

If you really want to be safe, don't store the recovery sheet anywhere, use a mnemonic system to memorize the seed phrase. You can also use something like the method of loci, or similar methods to permanently store the seed phrase in your memory. Alternatively, you can generate a seed phrase, and circle the words in sequence in a book that you own. If you want to go one step further, circle those words in invisible ink, then use a UV light to read it.

As an intensive care physician in real life, I would strongly recommended against memorizing your seed. I see people with catastrophic head injuries, sepsis, meningitis, encephalopathies, etc, etc that can lose significant portions of their memory, on a daily basis. I also see young fit people dying suddenly and unexpectedly.

Even a healthy person's memory isn't good enough to memorize a set of 24 words in order for a long period of time, hell even for a short period of time it's hard. With certain techniques you might be able to remover them, like with a mnemonic paragraph but it's still not worth the risk.
tbalazs
Jr. Member
*
Offline Offline

Activity: 126
Merit: 7


View Profile
February 13, 2018, 05:53:44 PM
 #11

If you really want to be safe, don't store the recovery sheet anywhere, use a mnemonic system to memorize the seed phrase. You can also use something like the method of loci, or similar methods to permanently store the seed phrase in your memory. Alternatively, you can generate a seed phrase, and circle the words in sequence in a book that you own. If you want to go one step further, circle those words in invisible ink, then use a UV light to read it.

As an intensive care physician in real life, I would strongly recommended against memorizing your seed. I see people with catastrophic head injuries, sepsis, meningitis, encephalopathies, etc, etc that can lose significant portions of their memory, on a daily basis. I also see young fit people dying suddenly and unexpectedly.

Even a healthy person's memory isn't good enough to memorize a set of 24 words in order for a long period of time, hell even for a short period of time it's hard. With certain techniques you might be able to remover them, like with a mnemonic paragraph but it's still not worth the risk.

And what if you have any issues, your family would never have access to your money...

DGTX Airdrop // Crypto exchange without commission  (https://digitexfutures.com/join-waitlist?kid=15JQ42/)
gentlemand
Legendary
*
Online Online

Activity: 2254
Merit: 2214


Pink Panties


View Profile
February 13, 2018, 06:06:40 PM
 #12

If you really want to be safe, don't store the recovery sheet anywhere, use a mnemonic system to memorize the seed phrase.

Only a nutter would attempt that. Unless you practice every single hour for the rest of one's life, at some point a word will go and then everything else will as well.

As for theme of this thread, would it not be more sensible to write these things down on a plain sheet of paper rather than one that says 'LEDGER RECOVERY' at the top of it? You're probably removing rather a lot of potential disaster by at least not announcing what it is.

Samarkand
Sr. Member
****
Offline Offline

Activity: 630
Merit: 278


View Profile
February 14, 2018, 12:30:38 PM
 #13

...

As for theme of this thread, would it not be more sensible to write these things down on a plain sheet of paper rather than one that says 'LEDGER RECOVERY' at the top of it? You're probably removing rather a lot of potential disaster by at least not announcing what it is.

This probably will only decrease the potential for a disaster temporarily.
If Bitcoin becomes increasingly mainstream in the future (and an introduction to Bitcoin is taught
in every school) everyone will know what a mnemonic seed is.

I agree that memorizing is a bad strategy if it is the only method of securing your mnemonic
seed, because there are too many possible situations where you will lose parts of your memory
even if you possess a world-class memory now (e.g. loss of memory due to an accident, onset of
an illness like dementia ...).


Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!