Storing the seed. Is this method efficient enough?

[20kevin20]

I'm planning to store 3 copies of my seed in 3 different locations, but I am not sure if my method is good enough.

My plan is to use an RNG to randomize the order of my seed's words. Afterwards, I'd note down the correct order in numbers and then I'll have 6 different locations: 3 for the randomized seed and 3 for the correct order.

Example:
SEED: answer real swallow drink verify road anger note mountain giraffe cloth fish
RANDOMIZED SEED: real swallow verify answer drink anger fish mountain giraffe cloth road note
CORRECT ORDER: 4; 1; 2; 5; 3; 11; 6; 12; 8; 9; 10; 7

I would store 3 copies of the RANDOMIZED SEED in 3 different places and 3 copies of the CORRECT ORDER in 3 different places as well.

How safe is this?

[1715501619]

1715501619

[1715501619]

1715501619

[1715501619]

1715501619

[Charles-Tim]

There will be many tools to arrange the randomized seeds phrase easily, it will even be simple than to look for missing words. If looking for missing words in seed phrase is simple and can be recovered by some tools like btcrecover, it is also easy for the complete words to be arranged properly which can result to compromised wallet.

The safety of your wallet is by saving the seed phrase properly in a way it can not be attacked by offline attackers and also not prone to damage. Having six of it will increase the chance of offline attackers, having three correct seed phrase backup that are properly saved oflline is better.

[20kevin20]

I am quite sure offline attackers are probably never going to find my seed and, even if they did, they'd have to also find the location where I placed the correct order if they wanted to sweep my wallet. (that's if the seed is hard to bruteforce..)

I do acknowledge the existence of tools for bruteforcing, but I'm not a math guy so I am really curious to know from a mathematical perspective how hard it'd really be to "crack" a seed that has been randomized. Best thing I can do to calculate how many possibilities there are to crack the seed is 12^12 or 2^12, which I'm quite sure is way, way off the actual answer, lol.

As far as I'm concerned, a randomized seed is not necessarily a correct one since checksums also exist. With that being said, out of the entire possibilities there might even be a way to take out the incorrect seeds out of the total amount so that bruteforcing is made even easier.

Might sound like a stupid idea, but I thought it'd be an interesting discussion. Better ask than be stupid. Sometimes math is kicking my arse, and I think today is one of those days

[odolvlobo]

It is relatively safe, but there are issues. One issue is that you can distinguish between the two parts and that lowers the security. Another issue is that you must find 6 secure places to store the data. That is a lot to maintain. Also, I believe that a 12-word seed in random order is not considered secure. You should use a longer phrase.

There may be better ways to do it. Why not simply encrypt the seed and store that in a few places? This looks interesting: https://trezor.io/shamir/

[pooya87]

Please don't try to ever come up with your own "encryption" techniques when you try to secure something. It rarely works. You must always stick to what the experts have already designed. Unfortunately as I've said many times before there hasn't been any BIP for encrypting mnemonics but they are still strings and we have simple ways of encrypting them, namely AES. You'll have to find some encryption tool though.

Best thing I can do to calculate how many possibilities there are to crack the seed is 12^12 or 2^12, which I'm quite sure is way, way off the actual answer, lol.

Since the words can not repeat the number of possibilities works like this:
First position can be any of the 12 words (word 1, word 2, ... word 12)
Second position we have already used one word so we can choose from 11
Third position is 10
...
Twelfth position is 1

That is 12*11*10*...*1 or 12! = 479,001,600 and it is not at all hard to check 479 million mnemonics within reasonable times.

[j2002ba2]

That is 12*11*10*...*1 or 12! = 479,001,600 and it is not at all hard to check 479 million mnemonics within reasonable times.

Moreover in 12 words BIP39 there's 4-bit checksum, so the number of valid combinations is ~29,937,600.

[NotATether]

Your method is no more secure than scoring three clear text copies of your seed in different places.

The problem is that while people think that they can boost security by churning out a bunch of encrypted copies and scattering them around places, if you have just one clear text copy then it's a waste of effort.

Also, please don't randomize your seed words. If the order you put each word in is somehow destroyed or lost you then have to solve the very difficult problem of recovering a seed phrase with 12 scrambled words.
 

Please don't try to ever come up with your own "encryption" techniques when you try to secure something. It rarely works. You must always stick to what the experts have already designed. Unfortunately as I've said many times before there hasn't been any BIP for encrypting mnemonics but they are still strings and we have simple ways of encrypting them, namely AES. You'll have to find some encryption tool though.

GPG and openssl are builtin tools, at least for Unix, that can AES-encrypt files. Failing that or if you some reason do not want to use GPG4win because it doesn't have a GUI, there's also AxCrypt[1]  that can do AES128 on a batch of files, but you have to pay to unlock the ability to encrypt using AES256.

[1]: https://axcrypt.net

[Charles-Tim]

There may be better ways to do it. Why not simply encrypt the seed and store that in a few places? This looks interesting: https://trezor.io/shamir/

The Shamir backup can be great in which the seed phrase is encrypted into n secrets while m shares can be used as the recovery. Which means 6 secrets can be created while 3 shares can be used to restore the whole seed phrase if set to be 3 shares from the 6 secrets. It will be good suggestion for 20kevin20 as the secrets are just not the same, while if an attacker can find one or two but useless and not able to use it for the recovery. But, it should be noted that Shamir will only convert the seed words into characters (numbers and letters) just like private keys. And in the case that 3 shares are used, this means if 3 shares can not be accessed, that can lead to permanent loss of the seed phrase.

[NeuroticFish]

I'm planning to store 3 copies of my seed in 3 different locations, but I am not sure if my method is good enough.

If any of the locations where you keep the randomized seed can be tracked back to you and the potential thief understands that it's a seed, he may come after you and the 5$ wrench can help him de-randomize it fast.
I think that I would rather save the seed in a different way than a list of 12/24 words.
An example for your case could be a notes page where you can even have the seed in a correct order, but written like:

answer = raspuns
real = advarat¹
swallow = randunica
..

[1] -> But then you have to find a seed that doesn't contain words too similar with Romanian equivalent, in order to avoid writing:
real = real