Personal seed phrase

[GeorgeJohn]

Have you just tried writing out the phrase a few times (8-20)? That's worked for me to be able to remember some of mine (I obviously have them written down too as the main backup).

The best option someone can have in order to remember or memorized he or her seed phrase, is exactly what you just portray, because theirs no way someone can store a seed phrase in the brain for long duration and remember exactly the seed points, helping yourself and also keeping it secured is through documentation of seed phrase through putting it down one after the other.

[1714763845]

1714763845

[1714763845]

1714763845

[1714763845]

1714763845

[BernyJB]

I've been working on a way to protect the seed phrase, as I see it as the weakest link in the practice of crypto investing. I will start a thread on it, as soon as I can.

[Z-tight]

I've been working on a way to protect the seed phrase, as I see it as the weakest link in the practice of crypto investing. I will start a thread on it, as soon as I can.

I am excited to hear you are working on ways of protecting seed phrases, i would love to read your thread on it, and i hope it will help a lot of us. Thank you.

[BernyJB]

I've been working on a way to protect the seed phrase, as I see it as the weakest link in the practice of crypto investing. I will start a thread on it, as soon as I can.

I am excited to hear you are working on ways of protecting seed phrases, i would love to read your thread on it, and i hope it will help a lot of us. Thank you.

I hope so. A few days ago, I got the news in the Coinmarketcap newsletter that a kid had drugged his stepdad, got his seed words, and stole his crypto. Almost killed him in the process.
That got me thinking that in the land of "encrypted", the seed words are there, just waiting for somebody to steal them.
But then I'm not a cryptographer, and many of us aren't, so I'm trying to come up with a method anybody can use. Hopefully I will have it finished soon.

[o_e_l_e_o]

But then I'm not a cryptographer, and many of us aren't, so I'm trying to come up with a method anybody can use. Hopefully I will have it finished soon.

I don't mean to discourage you, but we already have a method anybody can use: Write down your seed phrase by hand and store it somewhere secret and secure. If you want additional protection so the compromise of your seed phrase will not lead to loss of your coins, then use one of the standardized and tried and tested methods such as an additional passphrase or multi-sig.

Every single time I have seen people try to come up with their own solution on these forums they either overlook something and leave their coins vulnerable, or they come up with something too complex to remember and lock themselves out of their own wallets.

[LoyceV]

Every single time I have seen people try to come up with their own solution on these forums they either overlook something and leave their coins vulnerable, or they come up with something too complex to remember and lock themselves out of their own wallets.

My assumption is that people who successfully recover coins from their own made-up storage system don't post about it. I think we can call it "failure bias".

[BernyJB]

But then I'm not a cryptographer, and many of us aren't, so I'm trying to come up with a method anybody can use. Hopefully I will have it finished soon.

I don't mean to discourage you, but we already have a method anybody can use: Write down your seed phrase by hand and store it somewhere secret and secure. If you want additional protection so the compromise of your seed phrase will not lead to loss of your coins, then use one of the standardized and tried and tested methods such as an additional passphrase or multi-sig.

I know you don't. In any case, additional information is always welcomed.
My problem with seed words is if they're found, all you need to do is read them. I'm sure there are other methods we (newbies) don't know about. I'm just trying to come up with a method to encrypt your seed words that doesn't require one to be an expert, that may not be as secure as other methods are, but it's more accessible to those of us who don't know what we're talking about. 

Every single time I have seen people try to come up with their own solution on these forums they either overlook something and leave their coins vulnerable, or they come up with something too complex to remember and lock themselves out of their own wallets.

That's what's keeping me. You can go as complex and convoluted as you want, but afterwards you have to remember what you did.

[Z-tight]

My problem with seed words is if they're found, all you need to do is read them. I'm sure there are other methods we (newbies) don't know about. I'm just trying to come up with a method to encrypt your seed words that doesn't require one to be an expert, that may not be as secure as other methods are, but it's more accessible to those of us who don't know what we're talking about...

For me i think if it is not as secured as writing it down and securing it which has to be the best way if you have followed our discussion from the beginning of this thread and just as o_e_l_e_o has reiterated in his last post, then don't you think it is better not to try it in the first place?

From what i have learnt in this thread, your seed phrase should be secured and not accessible, if it is just merely accessible to you, it can be to another who will steal your funds, that was my initial error of trying to make it accessible by keeping it in memory, but as others have said it is a terrible idea. I thought your proposed thread would bring together standard and established methods of seed phrase protection.

[o_e_l_e_o]

My assumption is that people who successfully recover coins from their own made-up storage system don't post about it. I think we can call it "failure bias".

Good point, but we also see plenty of people talking about their own schemes before they use them, which turn out to be deeply flawed (much like this thread, for example).

My problem with seed words is if they're found, all you need to do is read them. I'm sure there are other methods we (newbies) don't know about.

Passphrases and multi-sig, as I mentioned before.

I'm just trying to come up with a method to encrypt your seed words that doesn't require one to be an expert

Then just encrypt it normally. Encrypting it with open source software using a well known algorithm such as AES-256 means you will always be able to recover it, you don't need to remember what weird unique thing you did, and it will be exponentially more secure than any system you come up with yourself.

[BernyJB]

For me i think if it is not as secured as writing it down and securing it which has to be the best way if you have followed our discussion from the beginning of this thread and just as o_e_l_e_o has reiterated in his last post, then don't you think it is better not to try it in the first place?

The fact is writing them down (on paper, metal, whatever) offers no security at all. If the would be robber knows about crypto and seed words and he's looking for them, what do you think he'd be looking for, when he opens your safe, or when he finds the list, wherever you may have hidden it? Security is not about hiding something and hoping nobody will find it: it's about making it impossible (or as hard as you can) for them to use it. Then you hide it in your safe, and put it in other places, in case your place goes up in smoke. But the real security should be in your head, not in a safe.

O_e_l_e_o: my point is I don't know those algorithms, and I don't know how to encrypt the words with them. The best I can do (which I use for my passwords) is to encode the phrase in base 64, but that's about it, and I'm aware it's not encryption. So if I can use a way to somehow obfuscate those words (let's say, pig latin, to put a stupid example), it's not gonna be as secure as it could be, but it will still be more secure than leaving my words laying in a safe for anybody to find them.

[o_e_l_e_o]

The fact is writing them down (on paper, metal, whatever) offers no security at all.

It's not supposed to. The security comes from keeping it physically secure, just as you do with important documents, cash, precious metals, jewelry, electronic devices, etc.

If the would be robber knows about crypto and seed words and he's looking for them, what do you think he'd be looking for, when he opens your safe, or when he finds the list, wherever you may have hidden it?

Then hide it better. There are 100 places I could hide a piece of paper in my house where a thief would never find without demolishing the entire house, even one who was specifically looking for said piece of paper. Drill a hole in your wall, slot it inside, and then cover the hole and paint over it, for example. Inside a piece of furniture. Under your floor boards.

Security is not about hiding something and hoping nobody will find it: it's about making it impossible (or as hard as you can) for them to use it.

Then use multi-sig or passphrases.

O_e_l_e_o: my point is I don't know those algorithms, and I don't know how to encrypt the words with them.

There are open source standards and open source software to do this for you. You also don't know how to turn your seed phrase in to private keys and rely on software to do this for you.

The best I can do (which I use for my passwords) is to encode the phrase in base 64, but that's about it, and I'm aware it's not encryption. So if I can use a way to somehow obfuscate those words (let's say, pig latin, to put a stupid example), it's not gonna be as secure as it could be, but it will still be more secure than leaving my words laying in a safe for anybody to find them.

An attacker who is specifically looking for your seed phrase will not be fooled by base 64 or pig latin.

[aysg76]

I would rather say to go the way as it is intended to be which is get the randomly generated seed phrases from the wallet and keep it secured on offline storage with three to four backups which is more easy to do so and safe.You need to first have all the combinations for seed phrases and difficult part is to make it in a combination which you can remember and is not easy to break.The human mind is prone to errors and beleive me there is no scope of error in this work as you could loose funds easily.

The problem isn't only the memorizing step, the biggest problem is not forgetting it after some time passed. Even if you create a poem like what @Lucius skillfully did, you have to recite it everyday if you don't want to forget the details otherwise in a couple of years you'll start doubting the details and a couple of words missing could easily make it impossible to recover the funds.

If you mix up some words in future and it has pointed out that some other words are also used as mnemonic phrase which is more confusing so it must be avoided at any cost.A little error could cause big deficiency so we need to be safe in this matter.

[BernyJB]

O_e_l_e_o: alright, I'll drop it!  No extra security for seed words. I'm just gonna reply to the points you  made, because they picked my interest. But I'm not starting a thread on it.

The fact is writing them down (on paper, metal, whatever) offers no security at all.

It's not supposed to. The security comes from keeping it physically secure, just as you do with important documents, cash, precious metals, jewelry, electronic devices, etc.

That's the problem. The security of your whole system ultimately relies on the physical security of your seed words. Now, 99% of robberies are crimes of opportunity. Does it make sense to only rely on physical security when you have other options, especially when you can add those options to it?

If the would be robber knows about crypto and seed words and he's looking for them, what do you think he'd be looking for, when he opens your safe, or when he finds the list, wherever you may have hidden it?

Then hide it better. There are 100 places I could hide a piece of paper in my house where a thief would never find without demolishing the entire house, even one who was specifically looking for said piece of paper. Drill a hole in your wall, slot it inside, and then cover the hole and paint over it, for example. Inside a piece of furniture. Under your floor boards.

Yeah, I watched that one, in a "Burn Notice" episode. He hid a credit card under a door hinge. Everybody knows it now. The floorboards thing has been shown in a gazillion movies and series, same with the "inside the walls" thing.

Security is not about hiding something and hoping nobody will find it: it's about making it impossible (or as hard as you can) for them to use it.

Then use multi-sig or passphrases.

You keep pounding on multi-sig. I've been looking everywhere since last October, and couldn't find anything on how to use multi-sig. In any case, if you know multi-sig, chances are would be robbers also know about it, and sooner or later they will figure a way to crack it.

O_e_l_e_o: my point is I don't know those algorithms, and I don't know how to encrypt the words with them.

There are open source standards and open source software to do this for you. You also don't know how to turn your seed phrase in to private keys and rely on software to do this for you.

Yeah, I'm sure there are plenty of them, but I don't know them. That's the problem.
In any case, if they're there is because somebody else knows about them.

The best I can do (which I use for my passwords) is to encode the phrase in base 64, but that's about it, and I'm aware it's not encryption. So if I can use a way to somehow obfuscate those words (let's say, pig latin, to put a stupid example), it's not gonna be as secure as it could be, but it will still be more secure than leaving my words laying in a safe for anybody to find them.

An attacker who is specifically looking for your seed phrase will not be fooled by base 64 or pig latin.

Maybe. Maybe 999999 out of a million won't, and one will. In any case, the idea was to use something like base 64 together with another method.

Anyways, I'm not doing the thread. One of the reasons I posted is because I wanted feedback from guys like you, that know a whole lot about this stuff than me. Thank you for taking the time. 

[mocacinno]

--snip--
You keep pounding on multi-sig. I've been looking everywhere since last October, and couldn't find anything on how to use multi-sig. In any case, if you know multi-sig, chances are would be robbers also know about it, and sooner or later they will figure a way to crack it.
--snip--

If you create a 2 out of 3 multisig wallet, create 2 copy's of each seed phrase and hide them in 6 completely different houses (or banksafes), there is nothing a robber can do... He would need to rob 2 completely different houses in order to "crack" it.

But why don't you just extend your seed with a passphrase (this has already been said)
https://en.bitcoin.it/wiki/Seed_phrase
just search for "extension word".

The function of the password is delaying the thiefs just long enough so you can move your funds out.... Sure, they can brute force an extension word, but as long as they cannot brute force it in the timeframe you'll need to empty out your wallet, it's fine.

[BernyJB]

--snip--
You keep pounding on multi-sig. I've been looking everywhere since last October, and couldn't find anything on how to use multi-sig. In any case, if you know multi-sig, chances are would be robbers also know about it, and sooner or later they will figure a way to crack it.
--snip--

If you create a 2 out of 3 multisig wallet, create 2 copy's of each seed phrase and hide them in 6 completely different houses (or banksafes), there is nothing a robber can do... He would need to rob 2 completely different houses in order to "crack" it.

Kinda expensive... You just have to buy 6 houses to protect your seeds... 

But why don't you just extend your seed with a passphrase (this has already been said)
https://en.bitcoin.it/wiki/Seed_phrase
just search for "extension word".

I think I can do much better than that with just a few camping tricks combined. You take your seed words and write them backwards, combine them (letter by letter) with a known phrase, encode them in base 64 and write them in a grid, going vertically from bottom to top and from right to left. That's definitely gonna delay them a minute or two.
I did search "extension word". Got a bunch of links about Windows file extensions, and one from Merriam-Webster...

The function of the password is delaying the thiefs just long enough so you can move your funds out.... Sure, they can brute force an extension word, but as long as they cannot brute force it in the timeframe you'll need to empty out your wallet, it's fine.

Hopefully, the function of any security measure is to make an attack so difficult it's not worth the effort. A password would be the bare minimum in terms of security, and it implies you know you're being attacked, and you're in a position to transfer your funds elsewhere. In any case it's much better than hiding your plain seed words under the mattress, but it's far from efficient.

[mocacinno]

--snip--

But why don't you just extend your seed with a passphrase (this has already been said)
https://en.bitcoin.it/wiki/Seed_phrase
just search for "extension word".

I think I can do much better than that with just a few camping tricks combined. You take your seed words and write them backwards, combine them (letter by letter) with a known phrase, encode them in base 64 and write them in a grid, going vertically from bottom to top and from right to left. That's definitely gonna delay them a minute or two.
I did search "extension word". Got a bunch of links about Windows file extensions, and one from Merriam-Webster...

--snip--

I meanth searching for the term "extension word" in the page i posted a link to: https://en.bitcoin.it/wiki/Seed_phrase
The idear behind bitcoin is being your own bank. You're free to do whatever you want to do, it's your money after all. We're not going to stop you, but we still want to give you some advice... It's up to you wether you take it or not (i, for one, won't be offended if you decide not to follow any advice i give you).

This being said, i really don't know which aspect of an extension word would be harder than a complete self-invented encoding scheme. It would be best if you used a unique, long, random passphrase (from a security point of view), but you might aswell pick a password you use quite often since the only function of the extension word (or passphrase, both terms are used as a synonym quite often) is to slow a brute force attack down for a couple of days untill you moved your funds out of your wallet. The upside of using a password like that is that you probably don't have to write it down, it's already commited to your long term memory.

The big difference is: an extension word is supported and described by the community, by (hardware) wallet vendors, by software wallets.... If you forget about bitcoin and stumble upon your seed phrase in 10 years, odds are you'll still be able to remember the password you use all the time compared to remembering what kind of shennanigans you did in order to encode your seed phrase.

But like i said: the only we can offer is advice. It's up to you wether you take it or not!

Good luck!

[BernyJB]

I meanth searching for the term "extension word" in the page i posted a link to: https://en.bitcoin.it/wiki/Seed_phrase
The idear behind bitcoin is being your own bank. You're free to do whatever you want to do, it's your money after all. We're not going to stop you, but we still want to give you some advice... It's up to you wether you take it or not (i, for one, won't be offended if you decide not to follow any advice i give you).

Oops, sorry, I'll try it out.
I understand, and I do appreciate (honestly) the input. There's no telling how much I have learned from you guys since I joined. Right now I'm not disagreeing with you: I'm just brainstorming.

This being said, i really don't know which aspect of an extension word would be harder than a complete self-invented encoding scheme. It would be best if you used a unique, long, random passphrase (from a security point of view), but you might aswell pick a password you use quite often since the only function of the extension word (or passphrase, both terms are used as a synonym quite often) is to slow a brute force attack down for a couple of days untill you moved your funds out of your wallet. The upside of using a password like that is that you probably don't have to write it down, it's already commited to your long term memory.

The big difference is: an extension word is supported and described by the community, by (hardware) wallet vendors, by software wallets.... If you forget about bitcoin and stumble upon your seed phrase in 10 years, odds are you'll still be able to remember the password you use all the time compared to remembering what kind of shennanigans you did in order to encode your seed phrase.

But like i said: the only we can offer is advice. It's up to you wether you take it or not!

Good luck!

I'll get back to you on Monday on that one. 

[o_e_l_e_o]

But I'm not starting a thread on it.

You should anyway. More discussion regarding security is never a bad thing. Plus you'll get more opinions rather than just listening to me.

That's the problem. The security of your whole system ultimately relies on the physical security of your seed words. Now, 99% of robberies are crimes of opportunity. Does it make sense to only rely on physical security when you have other options, especially when you can add those options to it?

If that is your threat model, then encrypting your seed phrase using a proper encryption algorithm will be exponentially more secure than anything you come up with yourself.

You keep pounding on multi-sig. I've been looking everywhere since last October, and couldn't find anything on how to use multi-sig. In any case, if you know multi-sig, chances are would be robbers also know about it, and sooner or later they will figure a way to crack it.

It's pretty straightforward when you use a piece of software which will set it all up for you, such as Electrum. You can set it up so a thief would need to compromise 2, 3, or even more different seed phrases or wallets to be able to compromise your coins.

Yeah, I'm sure there are plenty of them, but I don't know them. That's the problem.
In any case, if they're there is because somebody else knows about them.

I'm not sure I follow your logic here. You don't know how to turn a seed phrase in to a wallet either (and in fact, it cannot be done with using software to do it for you since it would be impossible to manually calculate thousands of hashes). What is the problem with using open source software to encrypt your seed phrase? Yes, everyone knows about the existence of AES-256. That doesn't make it insecure.

Kinda expensive... You just have to buy 6 houses to protect your seeds...  

You shouldn't be storing the only copy of your seed phrase in your house anyway. One back in the same location as your wallets is no back up at all. Fire, flood, natural disaster, theft, whatever, and you lose your wallet and your only back up at the same time.

I think I can do much better than that with just a few camping tricks combined. You take your seed words and write them backwards, combine them (letter by letter) with a known phrase, encode them in base 64 and write them in a grid, going vertically from bottom to top and from right to left. That's definitely gonna delay them a minute or two.

I'm afraid that's just simply wrong. Nothing you come up with yourself is going to be stronger than a strong passphrase being combined with your seed phrase in the PBKDF2 function. Further, the number of mistakes you could make in your set up is huge, the potential for forgetting what you have done and not being able to reverse it is huge, and it gives no plausible deniability as you get with passphrases. There is a reason that passphrases are an accepted standard across pretty much all wallets.

[BernyJB]

But I'm not starting a thread on it.

You should anyway. More discussion regarding security is never a bad thing. Plus you'll get more opinions rather than just listening to me.

Well, I won't, but I will... kinda. I'm thinking of a different approach. Stay tuned...
Either way, "just listening to you" (and many others) has been great so far.