IntroductionCustody of the seed is a topic that has always been close to my heart. For the first time, Bitcoin is a system that puts the responsibility of their financial sovereignty on the users' hands. This feature involves a complex balance of opportunities but also risks, given the intrinsic bearer nature of Bitcoin. The ownership of a bitcoin belongs to the person who can digitally sign a transaction with the corresponding private key—no other subject. Person, institution, or bot, whoever controls the private key, controls the bitcoins.
That means that the custody of bitcoin is of fundamental importance regarding the actual possibility of signing transactions and the possibility of adverse events, present or future, of a personal, social, or technological nature that every bitcoiner may encounter within a few years.
Technological, personal, and legal threats must be assessed when considering which storage option to select:
For a comprehensive guide on how to choose the way to backup your seed phrase, you can resort to this new article, again from Jameson:
How to Backup a Seed PhraseOf course, the important thing is that Bitcoin enables the self-custody options ruled out in traditional finance. It is a unique feature that empowers bitcoiners in various adverse scenarios that will be, sadly, more and more common in a few years.
The problem is that self-custody is complex, and the amount of lost bitcoins is a warning for everyone who wants to go down this road: challenges take the most different shapes.
I have been researching this topic for a few years, and one of the first articles to spark my curiosity was:
Gifting satoshis to future generationsRecently, I've been tasked to gift some satoshis to a newborn baby, who is supposed to redeem them when he grows up, about 18 years from now. The challenge was trickier than initially expected, as there are many different ways to store bitcoin, each one with different trade-offs. At the same time, it's hard to predict the state of the Bitcoin industry two decades into the future.
Reading this article, I realised that the custody of a private key through a physical wallet had a few undoubted advantages:
- independence from the technological development in terms of wallets/IT supports
- security concerning the decay of the physical support
- ease of use by the recipient of my gift.
Browsing the internet, I then found a page on Jameson Lopp’s website, a famous Cypherpunk and security expert, where he tested various Metal Seed Storage:
Metal Bitcoin Seed Storage Stress TestIn the first round of testing, one, in particular, caught my attention, as it was the first implementation of the idea of printing the seed on washers by SAFU Ninja:
SAFU Ninja ReviewThe brilliant idea is described in the blog:
Cheap and Easy DIY Metal Bitcoin Seed Storage – Safu Ninja The innovation is setting up the storage using pieces easily found in a typical hardware store to print the seed.
The most critical part of the work was stamping the letters on the washers, which turned out to be quite a long, tiring process, yielding not always perfect results when done freehand.
Therefore, a few tinkerers have developed a jig suitable for facilitating the correct orientation, separation, and correct printing of the letters.
The most famous jig is from
Cryptocloacks.
This jig can accurately print the letters with correct spacing and positioning.
The n0nce jig is also available on bitcointalk.org.
n0nce's Steel Washer Backup jig
The advantage of this jig is twofold: first of all, the project is modular. Therefore, it is adaptable to different sizes regarding the washers (the project was born precisely to print on more large size washers) and, above all, adapt to the various dimensions of the punches.
Secondly, n0nce created an improved design of the Blockmit jig, strengthening it in several parts and taking care of the invention with smaller tolerances to reduce the mechanical play between the components.
I will use the n0nce jig in the rest of the guide, but the operation is the same. Finally, in the appendix, we will analyse the differences between the two projects in detail.
As correctly pointed out by Federico Tenga, the BIP39 standard presents "risks of obsolescence" and, above all, risks due to the derivation path used. For this reason, he, in his test, used the WIF format.
Tough I understand perfectly and share his concerns, I decided to use the more usual BIP39 format instead of this project's first iteration. I believe that it presents a better risk/benefit balance on the practical possibility of recovery by the message recipient. Nothing prevents you from hacking the key in that format on the washers: it is a string of 51 characters so you would need only seven washers.
On the internet, the first to have described the whole process was econoalchemist:
Securing a Bitcoin seed phrase in stainless-steel washers (abridged)What can I say? He is an über cool bloke. A complete test with a blowtorch! I don't aspire to that much, and I'll be content to print the washers' resistance to fire corrosion and pressure that I could potentially do. I am afraid it wouldn't differ significantly from the tests made by econoalchemist and Lopp.
[TOP]
Shopping ListAs mentioned, the company's advantage is to use readily available pieces. This choice certainly helps to have some degree of security by obscurity, as no one will ever really know what you are doing. Indeed, as directly suggested in Safu's guide, if you have something suitable at home, use that, don't even buy it. If you know someone who already owns those punches, borrow them by saying you have to print keys rather than buying them (never mention bitcoin, of course).
So take these models as suggestions:
WashersWashers with an outside diameter of 24 mm, inside diameter of 8 mm, and stainless steel are sufficient. They are found in any hardware store. Twenty-four washers are required for the key and four washers for the additional safety devices. Equip yourself with many extra washers to cope with trials and inevitable errors.
I recommend that they are made of stainless steel. The
most corrosion-resistant steels are 304 and 321.
Bolt We need a 60 mm bolt with a nut, a diameter of 8 mm (the most astute will have noticed that the diameter is the same as that of the washers!).
Also, in this case, the material to choose is stainless steel.
SledgehammerYou need a sledgehammer. A hammer is not enough since the weight must impart enough force to stamp the washer correctly. Again, nothing too sophisticated.
Anvil Who would have thought that your passion for Bitcoin would lead you to buy an anvil!
Given the strength needed to print the washers correctly, you will need sturdy support that won't get damaged by all the strokes. This small 1kg anvil, the smallest I have found, is the perfect fit for you.
Of course, bigger is better, but if you want to save these euros, you can use the smooth side of another club or a metal base. The important thing is that it is a sufficiently large surface to guarantee good stability of the jig and the force applied by the club—a matter of preference. However, I must say that I found this mini anvil very comfortable and suitable for work.
StampsRegarding the stamps set, I have chosen the following 6 mm punch set: it is a set of 36 characters, all letters, digits, and the “&” character. The quality is good, and the dimensioning of the punches is adequate. I found no defects during use, and the print quality did not deteriorate during the whole process.
Safety labelsThese are adhesive labels that, once attached, break, leaving a mark on the surface.
To close the container, you will need safety labels that leave a trace when opened. They must be individually numbered to print the serial number inside the washers.
Hermetic containerWe want to insert the seed in an airtight container for an aesthetic factor and verify its integrity. I found this in a lovely bitcoin orange. Among other things, the internal diameter is 25 mm, therefore ideally suited to accommodate our washers. If you decide to buy a different one, make sure that the diameter and length of the space available inside are sufficient to accommodate your seed.
At this point, the setup is almost complete.
Below is an overview of all the necessary materials.
Other miscellaneous material- A pair of gloves.
- Hot glue gun and stick. To seal the washers.
- Circular labels for security seals.
- The private key in BIP39 format.
- Indelible marker.
The following is an indicative recap of all possible costs (time excluded):
[TOP]
Stamping Verifying and Sealing the SeedThe procedure is straightforward. Insert the washer into the jig, covering the bottom of the jig with some duct tape. Using that tape immobilises the washer inside the support to not stop after each hammering.
In this way, you will avoid the letters being printed at different distances, but if you are not satisfied with how the letter is printed, you can try to reprint it, completely overlapping the signs. This is the main advantage of using a jig: doing everything freehand, it is easy for a letter to be poorly printed if the punch is hit in a non-optimal manner; with a jig instead, the printing process is rock solid, and if done correctly every letter is printed steadily and firmly into metal. Nevertheless, with a jig, the operation is straightforward and is well represented by the following gif:
The two upper notches are used to identify the correct order of the words, while the eight lower notches are used to print the terms. In the BIP39 standard, words have a maximum length of 8 letters, and the first four letters are sufficient to identify them uniquely. You won't have to worry about data loss if one or two letters aren't perfectly legible.
Place the jig on the anvil and deal a blow.
Proceed like this for all the letters and all the words.
One video, or rather two videos, are worth more than 100 words:
| | |
| Outdoor workstation. Note the discarded washers in the foreground. | Detail of the molding process. |
I advise you to proceed calmly, personally. It took me about an hour and a half to print everything. I made many mistakes in the beginning. It could take less than an hour if I did it all over again, but I better have all the necessary time.
Check and double-check that you have written the seed correctly, the correct spelling of the words, and above all, the order.
Check twice, then a third. Do not check against the piece of paper you used to print. Instead, check directly with the software wallet to avoid errors in the transcription of the seed. Check word by word, letter by letter.
Insert all the washers in the bolt in a numbered order, and leave the part not engraved on the same side.
When you have engraved all the seeds, I advise including some "special" washers.
The first suggestion is to print an emergency telephone number.
It is not sure that whoever will have to recover the seed must necessarily be a Bitcoin expert, and it is not sure that you will help her if she wants to take possession of it. You can include in the washers the telephone number of a trusted person who can help those who have to recover funds to do it correctly.
In addition to being a person I trust ("Steal only the minimum of funds you need to live a decent life", I veiled him, threatening to haunt any property he decides to buy with my funds), she's quite a technical expert in case anything goes wrong.
I printed the telephone number on a washer, front and back, identifying it with the initials P1 and P2.
| |
| Telephone number printed on both sides of the washer, perhaps it would be better to add the country code! |
Compared to what I did, it might be worth engraving the international prefix as well (the "+" character could be printed with two crossed "I"'s). This is not so much for accuracy, but to make it more evident, it is a phone number.
The second suggestion is to insert the serial numbers of the security labels that will close the container in the seed. Then, when the source is opened, the recipient will be able to confirm the correspondence of the serial number printed on the washers with that of the labels just broken to be sure that the seed has not been tampered with. I then inserted two more washers with XX SECURITY written on one side and the two serial codes of the corresponding security labels on the other side that I would later have to seal the container.
Something like this:
| | |
| The washers must have printed the serial number of the security label | Backside |
Once everything was printed I found myself with the following equipment:
| |
| 24 washers with the words of the seed, one with the recovery phone number, and two with the copies of the security seals. |
At this point, I signed and dated two white labels and pasted them on the outer washers. This is the first of the security mechanisms.
| |
| Block overview, ready to be sealed. |
| |
| Sealed metal case: it is divided into three pieces, and the central body can only accommodate a couple of more washers than the ones we used. |
The block is ready to be sealed with hot glue on both ends, welding the data to the relative washer. Once covered with hot glue, they would make the block's opening evident.
The block is ready to be inserted into the tube, which is in turn sealed with the previously insulated safety labels.
| | |
| The tube is ready to close. You can see the seal with hot glue, semi-transparent shows the signed label underneath. | The closed and labeled container. |
The labels must be positioned transversely to the opening of the container to be effective in case of opening the same. If the tube were opened, the tags would be broken, and if they were positioned, the serial would not match.
It is a solution with limits: if a thief were determined, he could replace the entire block with a similar one, with similar security measures (another sentence, other labels, other seals).
It is essential never to show anyone how you sealed your seed or what anti-counterfeiting measures you have taken.
Some final tips: - Practice a little before you start printing to understand how hard you need to apply to the club to print the letters correctly.
Mistakes are inevitable, but get used to always checking that you have done it correctly:
- correct positioning of the washer inside the jig
- positioning of the jig in the correct position to be printed
- punch orientation check
- successful engraving check.
- The greater number of errors I made were caused by the wrong orientation of the punch. It might be a good idea to mark one of the sides of the character (the bottom side, for example) with a permanent marker to immediately understand how to insert the punch into the jig to have the correct orientation of the character. Remember that to be printed correctly, the character must be entered differently depending on whether it is used to print the sequential numbers at the top or print the actual word.
- Use a minimum of caution in disposing of the "wrong" washers. Please don't leave them in plain sight, don't throw them away altogether. If you have the wrong orientation of a letter, the word is still readable, and if you have printed many wrong washers, the level of entropy that can be deduced is too high to keep your seed safe. Before throwing away the washers, print several letters on top of each other to make the words unreadable and throw the washers away one at a time, each in different places. Better if you disguise the washers in something dirty like coffee grounds or diapers (thank you @LoyceV). The same suggestions are to be followed if you need to get rid of the whole seed, even if it has no sats on this anymore. Losing the privacy of your fund might also mean losing your security.
- I did not use scotch tape to attach the jig to the anvil, as suggested in the original article, as it is enough to hold it by hand. However, the scotch to keep the washer to the jig is essential to prevent it from moving while printing it. But at this point, I do not recommend double-sided tape, but I recommend the normal one, as long as it is sturdy (duct tape or "American").
- Be careful not to overdo it with hot glue. In my setup, the washers go almost exactly inside the cylinder, and if you overdo it with the glue, they may not fit anymore.
- Printing both sides of the washers is possible. Doing so, you'd effectively use half of the washers. This choice would enable a smaller container or extra information enclosed in the remaining washers.
- After writing this guide, I noticed that on the Safu Ninja website, there was the following link, where you can find a link where to buy a set that does everything written in this guide.
42 HODL CAPSULEYou are free to do so, but for the "security by obscurity" discourse, I think it is better not to let an obscure site know that you want to buy a set to store cryptocurrencies.
A little parenthesis on dividing the seed phrase in different placesThe idea of splitting the seed into different positions is a controversial practice. Therefore, each strategic decision in this regard must be made considering its risk characteristics regarding loss of the seed, theft or acts of violence, technological experience, the time horizon of the backup, and potential personal attributes of those who potentially will have to recover the backup, etc.
Splitting the seed into multiple locations increases security against theft but makes it more complex regarding the source's loss. Indeed, in the case of multisig (2 of 3, for example), knowing that one of the seeds is compromised can help secure the funds without being too late, as with the single seed.
Let's say that this guide focuses on how to keep a single seed without going into the merits of its configuration (single signature/redundancy/split/Shamir's secret/multisig).
[TOP]
ExtrasA comparison of the support jigs When I started thinking about this guide, I realised that getting the jigs to print the washers would be the problem.
Of course, it would also be nice to do it without giving too many addresses around the internet for all the privacy talk.
So I tried to search the internet. I sent an email to a printing service in my city via Protonmail, attaching the Blockmit file, and the response was the following:
Hello,
Consider an expense of € 30 + VAT with delivery within two working days, FDM 3d printing in ABS.
Regards,
Given the problems of anonymity and the costs, I decided to try on a Telegram channel dedicated to 3D printing, with hand delivery of the object.
Fortunately, two users immediately came forward.
The first one printed me the Blockmit file for free because he was a kind bloke and, above all, because he has the curiosity for the use I would have made of it.
The second user (Telegram: @liiuk99) asked me for 30 euros, citing the superior print quality as motivation (he used a higher quality printer and a better carbon filament, according to him).
I decided to have the “professional” printer print the n0nce file to compare it with Blockmit's.
I am inexperienced with 3D printing. However, I read on the internet, and the "free" printer confirmed that the cost of the material is negligible. So I wanted to compare if there was a difference between the two objects once they were printed.
Unfortunately, the "professional" printer refused to print me, to do a real test, even the Blockmit file, so the test is not complete, but I think I have a good idea.
| | |
| The two jigs in comparison: that of n0nce certainly larger and more robust. However, I was equally surprised by the sturdiness of the Blockmit jig. | The backside of the central piece of the two jigs: appreciate the different finish. |
The cheap object is aesthetically "ugly" and has a tremendous mechanical play between the parts. I don't know whether it is due to the file or the print quality, but there is an excessive backlash between the two pieces, which does not allow you to "print" the letter exactly in the same place. Furthermore, even the punch is not perfectly stuck in its support since it can oscillate slightly. Finally, once inserted, this does not allow you to accurately "reprint" a letter if it does not turn out well.
On the other hand, the one I had printed from the n0nce file, in addition to being physically larger (partly justifying the higher printing cost), appears much more robust. There is no slightest play between the two components or between the components and the punch.
n0nce provides the file with different sizes for the punches. Unfortunately, I had problems: despite carefully measuring, the hole turned out to be too small.
I had to buy a square file and "file" the hole to widen it enough to fit the punch. In addition to the question of costs, my trusted printer was in my city by chance, and the shipping would have been prohibitively expensive, and above all, it would have forced me to come up with all the "tricks" I know in order not to reveal my identity.
After all, perhaps it is better to have narrower holes and file them once printed than to have wider gaps, preventing correct and precise punch positioning.
For this purpose, I bought a square file from the trusty Leroy Merlin. It was an accessory that I did not know existed but turned out perfect for the purpose: it was wide enough to insert it into the hole and slowly tie the excess material. The square shape of the file was essential to widen the gap evenly. Within about 30 minutes of filing on all the inner walls of the hole, I was able to have a large enough hole for the punch.
n0nce has released a new file with the fully customisable jig: the design is parametric and can be adapted to any washer and punch. This customisation dramatically favours the reuse of elements. I am thinking above all of the points, which we should already have available, without having to buy ones suitable for the dimensions of the jig. Just select the sizes (diameters and thickness of the wheels, dimensions of the punch) to have a perfectly custom-made file for your needs!
| |
| It took me a good 30 minutes with the file to widen the hole sufficiently. The square file is fundamental. The material is really studry. |
I was surprised by the "resistance" of the material, which was not deformed while it was being filed, remaining homogeneous and opposing an excellent resistance to the treatment.
Among other things, with use, the hole will inevitably widen, and the positioning of the puncture will become less precise.
In fact, during my test, as the fit was exactly precise, in the beginning, the punch was even “struggling” to pass through the support. But, in the end, this was very loose, and even the reprinting of the letters was no longer accurate.
At the end of the printing process, I tried to compare the two jigs on the quality of the reprint.
|
|
| Contrary to expectations, n0nce's jig performs worse than Blockmit's. But there is a very specific reason. |
As you can see, the reprint of the n0nce jig is worse—a surprising result. The comparison is unfair since the n0nce jig was used throughout the experiment, while the Blockmit is practically new. This means that with use and hammer strokes given, the hole in the n0nce jig has widened considerably, allowing the non-homogeneous insertion of the punches, which is reflected in the imprecise printing of the letters on the washer. I don't have the mathematical proof, but I have the certainty if I printed 24 words with the Blockmit jig, the result would be worse.
More anti-tamper ideasHow to seal the seed is a complicated matter. My rather patchy and artisanal method does not leave me satisfied.
One idea could be to make the container itself an anti-tamper label.
Seed CapsuleA plastic housing to protect your seed.
As you do, even a potential saboteur could print his container. The suggestion is always the same: be creative with colours, writings, and details that anyone should know.
Another exciting method is the
Entropy Seal, which is a non-commercial prototype of a "random entropy seal".
A similar implementation is that of
BitBox TeP.
There is also the artisan version, with a bag of beans, legumes or others, as explained here by @dkbit and @o_e_l_e_o:
Sorry, I am not smart enough to understand how this should work. Also, you don't need to take care of a seed, but now you need to take care of a picture?
Take a transparent plastic food container.
Fill it half full with mixed rice, grains, legumes, seeds, confetti, coloured ball bearings, etc.
Place your seed phrase inside.
Fill the rest of the box with more of the above until it is overflowing.
Force the lid on, sealing everything inside tightly so it can't move around.
Take photos of the box from a variety of angles.
Hide the box.
When you go back to retrieve the box in the future, you can compare the photos you took before to how it looks now. If anyone has opened it to access your seed phrase, all the grains or whatever you used will have moved around and will look different to the photos.
A variation on the theme is to use some glitter nail polish.
Don't Want Your Laptop Tampered With? Just Add Glitter Nail Polish
In both cases, the concept is the same: you create a random pattern, which is then compared with what you find in front of you, as this does not prevent the attacker from accessing the seed, but at least there is clear evidence of the theft.
The value of such DIY solutions is undeniable. The common thread of this guide is the concept of "security by obscurity". While buying a “TeP” or an “Entropy Seal”, you communicate that you need a "container for something precious” to both the manufacturer and the courier. Instead, no one will ask the right questions when buying beans or glitter.
The concept is interesting: still, the limit is that it is impossible to have an anti-tamper mechanism enclosed within the object itself, which makes the solution impossible. It would be perfect if it were possible to insert inside the “Entropy Seal” a photo of how the pattern on the lid should be. Instead, whoever has to verify the correctness of the seed must have both the top and the image to check the pattern that "testifies" the correct entropy correspondence. The problem arises as having a picture is not always possible. Also, I don't like the need to have an app: what happens if the app is not updated for a certain period and then deleted from the app stores? Is the right to verification lost?
The last alternative is anti-tamper bags, also sold by Shift Crypto.
Tamper-evident bags Our tamper-evident security bags are robust, but the critical element is the security tape that allows us to securely seal the pack with its content.
The security tape contains unique features so that you can quickly detect any attempt to open the tamper-evident bag.
These are envelopes with seals that reveal the opening, or attempted opening, through several different checks and markings.
Here is a series of links that inspired this work:
[TOP]
ConclusionsI had great fun writing this guide.
I must admit I liked the tinkering aspect of this way of securing the seed phase.
Also, I guess the act of securing multigenerational wealth with a sledgehammer and an anvil was hilarious.
I am not sure this way of storing the seed phrase is for everyone, as I guess the right combination of threats is the following:
- Personal threats: very low. You have to trust someone else to recover your funds or help the desired person recover the funds.
- Technological threat: high. If you weren't worried about technology, present and future, there is no meaning in doing all this.
- Legal threat: very high. Bitcoin is financial sovereignty: if you opt-out of the financial system and get involved in all this process, you cannot trust anyone to take care of the custody of your seed phrase.
So, please assess your situation attentively before feeding sats to your physical seed phrase secured by some washers!
This guide was initially published on the Italian Board:
[GUIDA] Backup Fisico della propria SeedPhrase su rondelle[TOP]