My backup strategy for the Ledger Nano

[blockchainapps]

I have designed a new redundant Ledger Recovery Sheet. I am always a little afraid to lose my

recovery sheet or that somebody else can find it.

Now I have 3 recovery sheets and you need 2 of 3 recovery sheet to recover the ledger.

https://steemit.com/bitcoin/@blockchainapps/backup-strategy-for-your-ledger-nano-s


How do you store the recovery phrases of the Ledger?

[1713456758]

1713456758

[achow101]

80 bits of security is not considered secure. It is within the realm of practical. In cryptography terms, taking 2500 years to brute force something is weak. There's a reason you don't see anything with less than 128 bits of security actually in use for applications that need serious security.

[RGBKey]

With your approach, an attacker gets access to one sheet and they have 16 out of your 24 words. This gives them a significant advantage, as they only need to brute force the remaining 8 words. To brute force 8 words, they would need to check 2048^8 possibilities, and each possibility would require 2048 HMAC-SHA512 hashes as described here. This means an attacker would need to compute at maximum (2048^8)*2048 HMAC-SHA512 hashes to find your wallet. While this is still a very large number, it's nowhere near the security provided by 24 words. That's why we use 24-word seeds instead of 8-word seeds. Even though if the entire Bitcoin network was performing HMAC-SHA512 hashes instead of SHA256, and they were all searching for your wallet seed, it would take them around 1000 years (maximum) to find your seed, that's way way less than the security provided by 24 words.

You could do this much better by using Shamir's Secret Sharing. This would allow you to split up your seed into 3 pieces (or nearly as many as you like really) and require 2 (or more) pieces to put it back together. The best part about this is with SSS, an attacker having one or anywhere up to one less than the required number of pieces means nothing, as they don't know anything about your seed until they have all the required pieces.

You've got a good idea going, it could just use some improvement.

[blockchainapps]

With your approach, an attacker gets access to one sheet and they have 16 out of your 24 words. This gives them a significant advantage, as they only need to brute force the remaining 8 words. To brute force 8 words, they would need to check 2048^8 possibilities, and each possibility would require 2048 HMAC-SHA512 hashes as described here. This means an attacker would need to compute at maximum (2048^8)*2048 HMAC-SHA512 hashes to find your wallet. While this is still a very large number, it's nowhere near the security provided by 24 words. That's why we use 24-word seeds instead of 8-word seeds. Even though if the entire Bitcoin network was performing HMAC-SHA512 hashes instead of SHA256, and they were all searching for your wallet seed, it would take them around 1000 years (maximum) to find your seed, that's way way less than the security provided by 24 words.

You could do this much better by using Shamir's Secret Sharing. This would allow you to split up your seed into 3 pieces (or nearly as many as you like really) and require 2 (or more) pieces to put it back together. The best part about this is with SSS, an attacker having one or anywhere up to one less than the required number of pieces means nothing, as they don't know anything about your seed until they have all the required pieces.

You've got a good idea going, it could just use some improvement.

Thank you very much for the SSS tipp and the calculation. I have tested this with https://github.com/iancoleman/shamir project. Works really fine. Maybe I can use this for my passwords.

But for my ledger I am using the method above, I think this is easier for my wife  , if something happens to me. 

[RGBKey]

With your approach, an attacker gets access to one sheet and they have 16 out of your 24 words. This gives them a significant advantage, as they only need to brute force the remaining 8 words. To brute force 8 words, they would need to check 2048^8 possibilities, and each possibility would require 2048 HMAC-SHA512 hashes as described here. This means an attacker would need to compute at maximum (2048^8)*2048 HMAC-SHA512 hashes to find your wallet. While this is still a very large number, it's nowhere near the security provided by 24 words. That's why we use 24-word seeds instead of 8-word seeds. Even though if the entire Bitcoin network was performing HMAC-SHA512 hashes instead of SHA256, and they were all searching for your wallet seed, it would take them around 1000 years (maximum) to find your seed, that's way way less than the security provided by 24 words.

You could do this much better by using Shamir's Secret Sharing. This would allow you to split up your seed into 3 pieces (or nearly as many as you like really) and require 2 (or more) pieces to put it back together. The best part about this is with SSS, an attacker having one or anywhere up to one less than the required number of pieces means nothing, as they don't know anything about your seed until they have all the required pieces.

You've got a good idea going, it could just use some improvement.

Thank you very much for the SSS tipp and the calculation. I have tested this with https://github.com/iancoleman/shamir project. Works really fine. Maybe I can use this for my passwords.

But for my ledger I am using the method above, I think this is easier for my wife  , if something happens to me. 

That's a very valid point. Someone is very unlikely to understand how to use SSS to recreate your seed unless there are detailed instructions included with each seed (which is possible). Your strategy is still better than storing multiple copies of the full seed in different locations. There's usually a tradeoff between convenience and security, and that's very apparent here.

[nicosey]

With your approach, an attacker gets access to one sheet and they have 16 out of your 24 words. This gives them a significant advantage, as they only need to brute force the remaining 8 words. To brute force 8 words, they would need to check 2048^8 possibilities, and each possibility would require 2048 HMAC-SHA512 hashes as described here. This means an attacker would need to compute at maximum (2048^8)*2048 HMAC-SHA512 hashes to find your wallet. While this is still a very large number, it's nowhere near the security provided by 24 words. That's why we use 24-word seeds instead of 8-word seeds. Even though if the entire Bitcoin network was performing HMAC-SHA512 hashes instead of SHA256, and they were all searching for your wallet seed, it would take them around 1000 years (maximum) to find your seed, that's way way less than the security provided by 24 words.

You could do this much better by using Shamir's Secret Sharing. This would allow you to split up your seed into 3 pieces (or nearly as many as you like really) and require 2 (or more) pieces to put it back together. The best part about this is with SSS, an attacker having one or anywhere up to one less than the required number of pieces means nothing, as they don't know anything about your seed until they have all the required pieces.

You've got a good idea going, it could just use some improvement.

Thank you very much for the SSS tipp and the calculation. I have tested this with https://github.com/iancoleman/shamir project. Works really fine. Maybe I can use this for my passwords.

But for my ledger I am using the method above, I think this is easier for my wife  , if something happens to me. 

Do you leave instructions somewhere for family members?

[Kakmakr]

I wrote a little story with my 24 words and I left a template for my relatives to figure out the pattern in this story to get the sequence of these words. Nobody will be able to figure out how this work, because they do not have the template. The story and the template are stored away from each other. < several duplicates are kept in different locations >

They cannot do anything with the template, but as soon as I am dead, they will be presented with the story and steps to follow to retrieve these coins. The people with the story, cannot do anything without the template. < They do not know what they have > ^lol^

[spiker777]

If you really want to be safe, don't store the recovery sheet anywhere, use a mnemonic system to memorize the seed phrase. You can also use something like the method of loci, or similar methods to permanently store the seed phrase in your memory. Alternatively, you can generate a seed phrase, and circle the words in sequence in a book that you own. If you want to go one step further, circle those words in invisible ink, then use a UV light to read it.

[o_e_l_e_o]

If you really want to be safe, don't store the recovery sheet anywhere, use a mnemonic system to memorize the seed phrase. You can also use something like the method of loci, or similar methods to permanently store the seed phrase in your memory. Alternatively, you can generate a seed phrase, and circle the words in sequence in a book that you own. If you want to go one step further, circle those words in invisible ink, then use a UV light to read it.

As an intensive care physician in real life, I would strongly recommended against memorizing your seed. I see people with catastrophic head injuries, sepsis, meningitis, encephalopathies, etc, etc that can lose significant portions of their memory, on a daily basis. I also see young fit people dying suddenly and unexpectedly.

Whatever method you use, make sure there is a way for your loved ones to recover your coins if something like what I've mentioned above were to happen to you. Otherwise, your whole crypto journey will have been for nothing.

[jtipt]

If you really want to be safe, don't store the recovery sheet anywhere, use a mnemonic system to memorize the seed phrase. You can also use something like the method of loci, or similar methods to permanently store the seed phrase in your memory. Alternatively, you can generate a seed phrase, and circle the words in sequence in a book that you own. If you want to go one step further, circle those words in invisible ink, then use a UV light to read it.

As an intensive care physician in real life, I would strongly recommended against memorizing your seed. I see people with catastrophic head injuries, sepsis, meningitis, encephalopathies, etc, etc that can lose significant portions of their memory, on a daily basis. I also see young fit people dying suddenly and unexpectedly.

Even a healthy person's memory isn't good enough to memorize a set of 24 words in order for a long period of time, hell even for a short period of time it's hard. With certain techniques you might be able to remover them, like with a mnemonic paragraph but it's still not worth the risk.

[tbalazs]

If you really want to be safe, don't store the recovery sheet anywhere, use a mnemonic system to memorize the seed phrase. You can also use something like the method of loci, or similar methods to permanently store the seed phrase in your memory. Alternatively, you can generate a seed phrase, and circle the words in sequence in a book that you own. If you want to go one step further, circle those words in invisible ink, then use a UV light to read it.

As an intensive care physician in real life, I would strongly recommended against memorizing your seed. I see people with catastrophic head injuries, sepsis, meningitis, encephalopathies, etc, etc that can lose significant portions of their memory, on a daily basis. I also see young fit people dying suddenly and unexpectedly.

Even a healthy person's memory isn't good enough to memorize a set of 24 words in order for a long period of time, hell even for a short period of time it's hard. With certain techniques you might be able to remover them, like with a mnemonic paragraph but it's still not worth the risk.

And what if you have any issues, your family would never have access to your money...

[gentlemand]

If you really want to be safe, don't store the recovery sheet anywhere, use a mnemonic system to memorize the seed phrase.

Only a nutter would attempt that. Unless you practice every single hour for the rest of one's life, at some point a word will go and then everything else will as well.

As for theme of this thread, would it not be more sensible to write these things down on a plain sheet of paper rather than one that says 'LEDGER RECOVERY' at the top of it? You're probably removing rather a lot of potential disaster by at least not announcing what it is.

[Samarkand]

...

As for theme of this thread, would it not be more sensible to write these things down on a plain sheet of paper rather than one that says 'LEDGER RECOVERY' at the top of it? You're probably removing rather a lot of potential disaster by at least not announcing what it is.

This probably will only decrease the potential for a disaster temporarily.
If Bitcoin becomes increasingly mainstream in the future (and an introduction to Bitcoin is taught
in every school) everyone will know what a mnemonic seed is.

I agree that memorizing is a bad strategy if it is the only method of securing your mnemonic
seed, because there are too many possible situations where you will lose parts of your memory
even if you possess a world-class memory now (e.g. loss of memory due to an accident, onset of
an illness like dementia ...).