Bitcoin core v 0.17.1 how can have a good backUp? problem with HD feature

[spart3x]

Hi all,
i use bitcoin core v0.17.1 for store my bitcoins,
What can I do to get a good backup?

I used the dumpwallet command and I followed the backup procedures from the GUI by putting all the files on an encrypted usb pen.
but I read that from the xpriv(private masterkey) derived all the wallets created following precisely the xpriv, but that the xpriv was created by the root seed (in fact a part of the xpriv is the same for all the wallets).
Is it possible to extract the root seed?
does the root seed have to be encrypted in some way to avoid being vulnerable?
or am I just getting too worried and don't have to think about root seeds?

thank you.BTC

[1715093304]

1715093304

[1715093304]

1715093304

[1715093304]

1715093304

[mindrust]

How many addresses you are actively using?

If it is only 1-5, there is no need to use dumpwallet function or any other comlicated stuff.

Just extract your private keys by using dumpprivkey and write them down. You keep them in a Word file in a USB stick or on a hard paper, it is up to you. I would personally do both.

[AdolfinWolf]

Hi all,
i use bitcoin core v0.17.1 for store my bitcoins,
What can I do to get a good backup?

I used the dumpwallet command and I followed the backup procedures from the GUI by putting all the files on an encrypted usb pen.
but I read that from the xpriv(private masterkey) derived all the wallets created following precisely the xpriv, but that the xpriv was created by the root seed (in fact a part of the xpriv is the same for all the wallets).
Is it possible to extract the root seed?
does the root seed have to be encrypted in some way to avoid being vulnerable?
or am I just getting too worried and don't have to think about root seeds?

thank you.BTC

As far as i understand it, the root seed is basically what generates the extended master private key, (master private key + "chain code")
See:

The root seed is hashed to create 512 bits of seemingly-random data, from which the master private key and master chain code are created (together, the master extended private key). The master public key is derived from the master private key using point()

Is it possible to extract the root seed?

And as far as i can see, there is no way of directly exporting the root seed out of Bitcoin core. Dumpwallet will give you the extended master private key, but not the seed from which it was computed..?
(I'm actually quite curious myself to know if this is possible, but i doubt it.)

does the root seed have to be encrypted in some way to avoid being vulnerable?

If you're storing your extended master private key in a potentially insecure environment, i'd indeed recommend to encrypt it, yes. An attacker will be able to regenerate your entire wallet if you don't.

[Thirdspace]

i use bitcoin core v0.17.1 for store my bitcoins,
What can I do to get a good backup?

I used the dumpwallet command and I followed the backup procedures from the GUI by putting all the files on an encrypted usb pen.

If you have saved backup (wallet.dat) on a usb drive, that's already good enough
saving a dumpwallet file (on the same location) is not necessary once you have backup file saved and secured properly
one recommendation is setting a passphrase on your wallet to secure it before making backup
then you can also wrap that backup in a password protected zip file to add another layer of security 
that would make it total three layer protections on your backup

[HCP]

i use bitcoin core v0.17.1 for store my bitcoins,
What can I do to get a good backup?

Make a backup (or three) of your "wallet.dat"

That is pretty much all you need to do to secure your Bitcoin Core wallet. You do not need to deal with xpriv's or individual private keys or seeds... just make sure you have your wallet.dat safely (and securely) backed up.

[spart3x]

thank you all for your kindness and courtesy in your reply,have a nice day

[cellard]

The fact that all the stuff dealing with private keys is hard to find or even impossible to export (im not sure if you can access the root seed in Core as you can easily with electrum even you are prompted with it during the setup to print it) is a feature, since having that on display is too risky. So just keep backups of wallet.dat with an encrypted password.

An additional protection to avoid that if someone accesses the file: even if they can use it since they would need the wallet.dat password to transact, they could still see all of your addresses, previous tx's.. I never understood why the password doesn't hide all of that. A workaround is to encrypt the wallet.dat itself, you can use dmcrypt or LUKS in linux, put it inside a compressed file with a password, use a veracrypt container... use SHA256 and a decent password should be impossible to crack. The most important thing is having good memory, that is my problem and I lost access to my encrypted stuff because I cannot remember what the hell I typed as password.

[HCP]

...An additional protection to avoid that if someone accesses the file: even if they can use it since they would need the wallet.dat password to transact, they could still see all of your addresses, previous tx's.. I never understood why the password doesn't hide all of that...

I vaguely recall seeing an explanation as to why this is the case... I seem to recall it was because if the wallet.dat was fully encrypted (and not just private keys) you would need the password simply to open the wallet file at startup, and that this would be problematic when using "bitcoind", as it doesn't have a GUI to prompt the user for input etc.

At the end of the day... the private keys are protected (the most important thing) and if someone has access to be able to read your wallet.dat... you've probably got bigger problems that their ability to see your transactions/balances etc.