Crypto Security - Additional Protection For Your Seed/Private Keys.

[Lucius]

Have you ever wondered what is one of the weak points when it comes to safe keeping of your cryptocurrency, even though you own your private keys? The point is, the vast majority do not properly store them, and they only realize it when it is too late. I'm not going to talk about ways to protect your wallet online, because the point of crypto is to be your own bank.

Let's focus on desktop and hardware wallets as the two most common ways of handling/storing cryptocurrency.

Desktop wallets are free, functional, in most cases and very easy to use. But they also have a downside, which is that they are vulnerable to various attacks, most often phishing (fake wallets), clipboard malware (address changing), the possibility of loss of funds due to hard disk failure (in the absence of backups).

Hardware wallets with their security solutions go beyond of some above issues, because they store private keys inside the device itself, they give us the ability to double authenticate the address, and they are not affected by possible operating system infection or hard disk failure.

Yet both have one if we can call it weakness, and it's a 12 or 24 word backup (seed) which allows us to retrieve all relevant information at any time, if something goes wrong. Keeping this information is crucial, and many have proven to be very careless about it.

What I would say first is the fact that a one backup often does not mean security, and that we should have at least two backups, preferably in two different locations. Another question is what to use as a backup, and most will still choose paper because it is the most affordable and inexpensive way to store information. Although I use it myself, over time I started to think that it was not a smart solution because the paper is impervious to fire, water, decays over time if not stored properly.

I think we still need to reach for some better materials, such as metal tiles, but however, as far as I can see the prices of such solutions are not very small (in range of hardware wallets). For those who are a little skillful with their hands, it may be easier to do something out of housework. Remember that investing in security is never a waste of money, especially when it comes to something as sensitive as cryptocurrency.

A few examples of what is currently offered on the market :

https://cryptosteel.com/
https://cryptotag.io/
https://hodlinox.com/
https://billfodl.com/
https://www.blockplate.com/
https://coldti.com/

[1715251188]

1715251188

[1715251188]

1715251188

[1715251188]

1715251188

[1715251188]

1715251188

[1715251188]

1715251188

[1715251188]

1715251188

[Charles-Tim]

This is so much helpful. The first thing I read about hardware wallets was that they are the safest  wallet. Both hardware wallet and paper wallet are the safest. Like you said, hardware wallet will be better to use because paper wallet can deteriorate over time. Hardware wallets are safe but it has to also be protected by the owner.
It generates private key offline and also have a recovery phrase. These supposed to be protected and duplicated or triplicated by the owner. It can be used with desktop wallet. So, it is very important to free the computer from Trojan, virus and any type of malware that can change addresses that you paste or input while performimg transaction.
It is better to spend to protect your coins from these malwares by gerring the most powerful antivirus and also very imoortant to read news daily to discover new methods hackers can get through to your coins. Like recently, a trojan was detected to access google factor authentication and reveal the code to hackers.

[Saint-loup]

What I would say first is the fact that a one backup often does not mean security, and that we should have at least two backups, preferably in two different locations. Another question is what to use as a backup, and most will still choose paper because it is the most affordable and inexpensive way to store information. Although I use it myself, over time I started to think that it was not a smart solution because the paper is impervious to fire, water, decays over time if not stored properly.

Be careful several of them don't resist at all to fire or to shock... 







https://blog.lopp.net/metal-bitcoin-seed-storage-stress-test/
https://blog.lopp.net/metal-bitcoin-seed-storage-stress-test--part-ii-/
https://blog.lopp.net/metal-bitcoin-seed-storage-stress-test-round-iii/

[Thekool1s]

Be careful several of them don't resist at all to fire or to shock...

To be fair Jameson put all of them through double the amount of heat than they were originally advertised for... A house fire won't reach temperatures of 2500 F which he used as the control variable in all the test, It's like applying a force of 40 Tons to something which is advertised to only sustain a force of 20 tons. Solutions like of Bitkee survived these extreme scenarios, he gave an A to them so they work in the real world if you ask me. What I don't get is the pricing of these metal tiles... I don't know who they are targetting at that price range. If its people who own less than 1 BTC in total, they won't be investing in this as the price doesn't make any sense and if it's for people who own more than 10 BTC then there are far better ways to store than these cheap metal tiles...

[pooya87]

another security point that is usually overlooked when creating a backup is "encryption".

the private key or mnemonic needs to be encrypted before it is written on whatever medium you choose (paper, metal,...) because if anybody could ever take a look at that backup they can easily write it down and then later on use it to steal all the funds that are stored in those keys. a simple encryption prevents that although it introduces a new issue: "how to remember/store the password used to encrypt it"!

[hd49728]

another security point that is usually overlooked when creating a backup is "encryption".

the private key or mnemonic needs to be encrypted before it is written on whatever medium you choose (paper, metal,...) because if anybody could ever take a look at that backup they can easily write it down and then later on use it to steal all the funds that are stored in those keys.

Encryption for private key or mnemonic seed first, then back them up with different methods: paper, metal tiles, password softwares like Keepass.

After encryption, and backup steps, the next step will be having good storage locations (some backups are stored at some locations - all need to be safe ones).

The last step will be a trial of recovery from those backups. To avoid mistakes during backup steps, try to use backups to test and see how correct they are before actually sending your money to those wallets.

a simply encryption prevents that although it introduces a new issue: "how to remember/store the password used to encrypt it"!

Excellent point. It is why I never use common questions from device setups or from account registrations because I fear of free disclosures of my common facts in my life, that can be used to steal my money.

There are customer services that can help us to recover our accounts, or on the forum, a signed message, common questions are non-sense and risky.

[joniboini]

If its people who own less than 1 BTC in total, they won't be investing in this as the price doesn't make any sense and if it's for people who own more than 10 BTC then there are far better ways to store than these cheap metal tiles...

Some people buy for luxury, some because they want to do it and have a lot of money to burn. You never know.

The fact that they sell it and didn't go bankrupt until now could be proof that there are people that buy those things.

[Saint-loup]

another security point that is usually overlooked when creating a backup is "encryption".

the private key or mnemonic needs to be encrypted before it is written on whatever medium you choose (paper, metal,...) because if anybody could ever take a look at that backup they can easily write it down and then later on use it to steal all the funds that are stored in those keys. a simply encryption prevents that although it introduces a new issue: "how to remember/store the password used to encrypt it"!

That's a good point, but what could you do against that?
You don't think a passphrase is enough?
Mastering Bitcoin states that's a pretty strong protection

The key-stretching function, with its 2048 rounds of hashing, is a very effective protection against brute-force attacks against the mnemonic or the passphrase.
It makes it extremely costly (in computation) to try more than a few thousand passphrase and mnemonic combinations, while the number of possible derived seeds is vast (2⁵¹²).

https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc#from-mnemonic-to-seed

People who didn't set up a passphrase could eventually make a simple shift ciphering in the BIP39 wordlist with a passphrase (eg "The..."  shifts the first word of the seed by 20 places in the bip39 wordlist -because T is the 20th letter of alphabet-, h shifts the second word by 8 places, e by 5 places the third word, etc)

[pooya87]

That's a good point, but what could you do against that?
You don't think a passphrase is enough?

a strong password is enough but the problem i was talking about is backing up that password. for example imagine your password is this: 4@Gx19y{75#Hq (13 characters long), how are you going to remember this? you will have to store it somewhere on a piece of paper which means now you have 2 "objects" you have to store.

Mastering Bitcoin states that's a pretty strong protection

that is NOT encryption.
encryption means if your mnemonic is this:

Code:

legal winner thank year wave sausage worth useful legal winner thank year wave sausage worth useful legal will

the encryted result  which is what you get after actually encrypting it using an actual encryption method (using the password above and AES-256 CBC mode with no padding) would look like this:

Code:

{"iv":"ea2024f935f49c1cc203a313fc8c22f0","mode":"CBC","padding":"NoPadding","keySize":256,"cipher":"aes","salt":"183e68e95f2ab428",
"ciphertext":"VTJGc2RHVmtYMSt5UUhqb1ZhenNPZGFyMVF6bXhGSGpySmNheURsMWQ3N3d4SGRGdTBkWVhPU2pQVkQ3QXhTUwoxeVowbWVCS0drUWlnbzM2SFFScDlFWHZ2L1puN2tOWFV4eEJ2K0FZQ0lpQ2R2anJDWkhhNzl0NmNnbk5hdCtBCkcxM08rMjZZaC9LbEU1RjhhcndQSjNoOHFSRS81Qno5ZDdmaXBxWHY=","time":2,"status":"success"}

[Lucius]

Saint-loup, thanks for the warning, even though these are very extreme conditions, we can still see which materials show up best when it comes to resistance to fire, water, crush. Although most users will not experience such challenges in real life, there is no need to save on investing in security, of course for those who feel they need something like this.

I think for anyone who owns at least 1 BTC, saving backups is something to seriously consider, as otherwise we could have a lot of disappointments in a decade if price of BTC rise only x10 from today. I see many such cases back in 2017, lost seeds, seeds with mixed words, paper wallets with faded characters, wallets on corrupted hard drives (no backups at all).

[Chikito]

Be careful several of them don't resist at all to fire or to shock... 

Some of the steel storage have a problem when crushing test, I read up all of the metal testings by Loop, the rail-based design will make data loss easily

because even slight deformation results in letters falling out of their slots

We can find what the best of metal storage by Loop review
https://jlopp.github.io/metal-bitcoin-storage-reviews/


apparently blockplate is the best, IMO. we don't need more accurate like cryptotag to stamping.

After encryption, and backup steps, the next step will be having good storage locations (some backups are stored at some locations - all need to be safe ones).

laminated paper and keep it to safe deposit box are good one

[o_e_l_e_o]

I think these kind of metal devices are generally overkill. You should never have your seed backed up in only one location, as no storage medium is 100% guaranteed to survive anything that could happen to it and also be able to be found amongst the wreckage, be it fire, flood, earthquakes, whatever. Sure, a steel plate may survive a flood or a tornado where paper wouldn't, but that's not going to be much use to you if it has been carried several miles away and you can't find it. Your seed should be backed up in a minimum of two completely separate and distant locations, and the chance of both locations simultaneously being faced with disaster is very small (provided your two locations aren't your house and your garage, or something equally silly). Paper is completely adequate provided you have more than one backup.

that is NOT encryption.

Yeah, a passphrase is clearly not encryption, but they essentially achieve the same thing - a long, random string of characters that is needed in addition to the seed (or encrypted seed) to access the coins behind it. I'd argue that a passphrase is a better option, since it takes longer to brute force passphrases and check for funds than it does to simply brute force encryption keys. Either way, your passphrase or encryption key also needs backed up, and obviously needs stored separately to your seed phrase back ups.

[DdmrDdmr]

Out of those examples listed in the OP, I’d be less inclined towards the cryptosteel design. I mean it looks cool and sleek, but the fact that there are many tiny pieces makes we feel that something can go wrong if you mount the stopper wrongly at the end of the rod. Additionaly, reading the mnemonic there seems uncomfortable (not much wiggle room) in case you need to retrieve it without actually going through taking the characters off the rod (which seems like an accident prone moment).

Besides the actual method of protection and concealment, there lies the key factor of placement. If we go full paranoid, these devices will not help us if the device itself is stolen, our house get (heavily) flooded, hit by a tornado, or it gets accidently thrown away during spring cleaning. Placement (and perhaps redundancy) are elements to add to de security equation.

[hugeblack]

You can get better results by dividing wallet seed and encoded them in safer ways, for example using the Shamir Secret Chess scheme.
You can divide words into a specific number of splinters and then distribute them to trusted people as M of N will need to pool to renew the seed (try using https://github.com/oed/seedsplit "Run it offline.")

Read more --> https://bitcointalk.org/index.php?topic=142875.0


I remember that there was a way to encryption in the form of a regular image so that you can place them safely in any public place and need a password for the recovery or part of them.

[o_e_l_e_o]

-snip-

Tools like this are great, and Ian Coleman has a similar one up at his site here: https://iancoleman.io/shamir39/. It is very important to be aware, though, that there is no set standard for how this kind of secret sharing should be implemented. Whichever software, program, site, GitHub, etc., that you use to split your secret must be exactly the same one you later use to combine your shards and recover your seed. With that in mind, you need to think about what you would do if that GitHub repository went offline, or if the program on your computer became corrupted or lost.

If you are using a method like this to split your secret, then you must also back up the code you used to do it.

[pooya87]

that is NOT encryption.

I'd argue that a passphrase is a better option, since it takes longer to brute force passphrases and check for funds than it does to simply brute force encryption keys.

well i have to benchmark it to see which one is faster but logically PBKDF2 with iterations below 10mil aren't even supposed to be used for anything that is security critical (BIP-39 uses 2048) and this KDF is not known to be strong at all. there are much better alternatives to use such as scrypt. https://tools.ietf.org/html/rfc8018#section-4.2
note that using it is fine with this iteration because it is not meant to be used for encryption but for "plausible deniability".

[o_e_l_e_o]

note that using it is fine with this iteration because it is not meant to be used for encryption but for "plausible deniability".

Well, that's also true. Just leaving a small amount of coins under your seed unprotected by a passphrase is enough to give you plausible deniability. Leaving a small amount under a decoy passphrase is even better. Even if you only have coins under your real passphrase, you could use the excuse that you were backing up the phrase before sending any coins to it. Someone finding the seed but not knowing what the real passphrase is, or even if one exists, is unlikely to spend a significant amount of time trying to brute force it, and as you say, it gives you plausible deniability for a $5 wrench attack.

On the other hand, if somebody finds your encrypted seed, then I suppose it depends on whether or not they know that what they have found is a seed, and not just some other encrypted data which would be worthless to them. If they did know it was a seed, then it is much more likely they would assume it is holding a significant amount of funds and put more effort in to attempting to crack it.

Perhaps someone might want to go down both routes, and encrypt their seed in addition to using a passphrase, but that now means you have to back up three things (seed, encryption key, passphrase), in multiple, separate, secure locations. I'd be running out of places I can trust are secure at that point, short of renting out multiple safety deposit boxes.

[hd49728]

~

Decentralizing funds and seed backups are best thing to do. It will help to prevent the worst case when you store all your money in one seed and hacker get access to one of your backup and steal all of your funds.

Decentralization is a backbone of bitcoin as well as the crypto currency world. It can also be applied for fund storage and seed backups.

Keeping small funds in handy-wallet for daily usages while decentralizing main funds into different seeds (keep their backups safely too).

[figmentofmyass]

I think these kind of metal devices are generally overkill. You should never have your seed backed up in only one location, as no storage medium is 100% guaranteed to survive anything that could happen to it and also be able to be found amongst the wreckage, be it fire, flood, earthquakes, whatever.

exactly. as with most things, it's crucial not to have a single point of failure. storing everything in your house is asking for trouble. a single disaster or burglary could ruin everything.

the obvious solution is to have backups in multiple physical locations. it could be as simple as encrypted .dat files on thumb drives. you could leave one at your parent's house, at the office, in a safe deposit box, etc etc. periodically replace them to prevent data corruption and you should be all set.

this is a low cost but highly resilient model IMO, better than these expensive metal bricks.

[TravelMug]

You can also check this testing conducted on Billfodl and see the results.



https://twitter.com/JimJones1913/status/1161065474869694464