Crypto Security - Additional Protection For Your Seed/Private Keys.

[madnessteat]

Most metal seed phrase storage devices cannot encrypt the seed phrase, which in my opinion is a very important factor. If you store your encrypted seed phrases in more than one cloud storage device it will be much more secure. You can use PGP encryption (https://bitcointalk.org/index.php?topic=4059348.0) and use complex passwords for cloud storage. Even if an attacker can get your encrypted seedphrase, it is almost impossible for them to decrypt it.

[1715455422]

1715455422

[1715455422]

1715455422

[1715455422]

1715455422

[1715455422]

1715455422

[nc50lc]

Most metal seed phrase storage devices cannot encrypt the seed phrase, which in my opinion is a very important factor. If you store your encrypted seed phrases in more than one cloud storage device it will be much more secure. -snip-

I'm pretty sure it can.
The user can always use the standard BIP39 encryption which will only add an additional word to the existing seed (but not to be included to the backup).
Info: BIP-0039

Even if the backup is compromised, the seed will be safe for a while since the mnemonic will derive a different set of keys if there's no passphrase or the correct passphrase wasn't included in the import.

[madnessteat]

Most metal seed phrase storage devices cannot encrypt the seed phrase, which in my opinion is a very important factor. If you store your encrypted seed phrases in more than one cloud storage device it will be much more secure. -snip-

I'm pretty sure it can.
The user can always use the standard BIP39 encryption which will only add an additional word to the existing seed (but not to be included to the backup).
Info: BIP-0039

Even if the backup is compromised, the seed will be safe for a while since the mnemonic will derive a different set of keys if there's no passphrase or the correct passphrase wasn't included in the import.

I agree that the use of an additional word in the seed phrase is a good solution to increase security damage, but I would recommend having multiple backups available anywhere in the world and anytime.

[Lucius]

I agree that the use of an additional word in the seed phrase is a good solution to increase security damage, but I would recommend having multiple backups available anywhere in the world and anytime.

What is recommended today may become necessary in the future, because if we want security, we have to invest a lot more than $50 in a hardware wallet and 24 words on a regular sheet of paper. As far as I can see, opinions are divided between those who suggest encrypted files saved online or on some medium, and those who still stick with multiple backups on paper/metal plates.

I agree that in case we use backups on paper/metal or any other more durable material, we need to use extra word (passphrase) as extra security in case someone if find our backup. Of course, in this case one should be intelligent and separate the seed words from passphrase, and take into account that weak passphrase is not good move since it is subject to brute force attack.


The whole point of this topic is to start acting more responsibly towards what we are protecting.

[o_e_l_e_o]

I'm pretty sure it can.

Passphrases are great, and everyone should be using one, but they don't encrypt your seed - they are used as a salt for PBKDF2. Your seed is still very much stored in plain text. If you wanted to encrypt your seed phrase and store it on some metal device, then you will need a custom/homemade device. You will need a larger character set than just 26 capital letters, and far more of them, than these commercial products can accommodate.

As far as I can see, opinions are divided between those who suggest encrypted files saved online or on some medium, and those who still stick with multiple backups on paper/metal plates.

I use paper back ups, hardware wallets, and encrypted files, but I would advise against storing anything online. Even if it is encrypted, are you 100% confident in the encryption software you used? Are you 100% sure you left no traces of the unencrypted file on your internet enabled device? Are you 100% sure your encryption key is 100% secure and will never be broken? Why take an unnecessary risk? Just store it on a USB drive or airgapped device.

[nc50lc]

I'm pretty sure it can.

Passphrases are great, and everyone should be using one, but they don't encrypt your seed - they are used as a salt for PBKDF2. -snip-

Yeah, it makes sense, you cannot reverse PBKDF2 so it isn't encryption.
But every Wiki/Article link about BIP39's passphrase labels it as "encryption" simply because it uses a "passphrase", those need some correction.

For the security, it's not that safe as I mentioned earlier: "the seed will be safe for a while" (the seed, not mnemonic).