Ever since I first used a mnemonic seed phrase, I've been uncomfortable storing them. On the one hand, I don't want to risk losing access, and on the other hand I don't want someone who finds it to be able to easily access it either. I want to encrypt it, but I also want to be able to print a backup. I want it to be something I understand and trust, even though I'm far from an expert on cryptography. I want to have more than one backup, but I also want each backup to be enough to recover my funds.
So, I came up with the idea to use BIP-38.
The advantage to encrypting your paper wallet's private key with a password is that if your paper wallet is stolen or otherwise exposed, the balance on the wallet is safe unless the passphrase used to encrypt the wallet is guessed. However, if you encrypt your private key with BIP38 and you lose your passphrase, it will be impossible for you to recover the funds you have sent to this wallet.
Based on
I'm BIP38 curious, please help me out!, in which a $1000 reward wasn't enough to crack a password with 6 characters, I believe BIP-38 is expensive to brute-force.
Let's say my seed words are:
I used
vanitygen to find the following addresses:
- 1APPLE1cBHQAh1fA9D32L5sovUB4dQU2D6
- 1PEAR11MfhpHvKiWZdu4nzjanH2k2X8wXj
- 1Banana2rNb1jC3CoH3eAehNeSeCb3Y1KN
Privkey: 5KXuFTVczBzxt67UEMdTXBVieQUN3aqXu7NbaPV6g2Ya8hDUoE7
For a real case this has to be done on an offline air gapped PC. Each seed word starts after the first "1" and ends at the next number.
Using
Bitaddress.org or
BitcoinPaperWallet.<now a scam site>.com, I created encrypted private keys:
- 6PRRQJGq7b12grj8RqQiCJNg6i1MFTP8NSrfGZpQFRhQmS2skp38qrLGe8
- 6PRJi8BDC7SvgctZguDuJpa1aU6rrp3BZuSgFX9UNDqe5YfTxfqTWWyino
- 6PRSPsEyZdGN5tJdgpXu2FWddeecD24bAowxwstqdL2aM1FXAj1tyVcV1F
My password for demonstration purposes is "Fruit". Obviously, this should be stronger for a real case (and not a dictionary word), but it has to be something you'll never forget.
Note that the Bitcoin addresses should be kept just as secret as the accompanying private keys!
The above list of BIP-38 encrypted private keys (starting with 6PR) can now be printed (use a big font, it's reduces typing errors when recovering your funds) and/or stored in any digital form (offline).
If you're afraid to forget your password, you could even encrypt the same private keys several times, each time with a different password, and print different versions.
When you're done with all this, and have your backups securely stored in as many locations as you feel comfortable with, you should TEST IT! Start from scratch, on a fresly rebooted off-line system running from a Linux LIVE DVD, with nothing else than your encrypted backup. Make sure you can use this to recover your seed phrase, and while you're add it, make sure you can use your seed phrase to recover the Bitcoin addresses that are protected by it.
Now just don't forget your password! It doesn't hurt to once in a while check if you can still decrypt this (again: use an off-line air-gapped system running from a Linux LIVE DVD), so that if your hardware wallet ever fails, your seed phrase can still be used.
This is a lot of work, so if there's an easier method I'm all ears. I'm looking for strong encryption (difficult to brute-force) that can be used to create printable encrypted.
But since this is a one-time thing for something I shouldn't often need to recover, I don't mind a bit of work.
