It adds more risks without any advantage, as I can encrypt the seeds using a password and keep the wallet file on my phone. This file is hidden and can only be accessed via root privileges. The Electrum wallet is open source and has been tested many times, electrum wallet file can be encrypted using a password. It is powerful enough to store seeds offline in case something happens to the phone.
It is true that your application is open source, but there are not enough reviews. There are better alternatives and many wallets support the wallet encryption feature using a strong password.
However, the sturdiness of physical storage can also be its biggest drawback.
Imagine having to flee from an authoritarian country. Would you really trust a piece of crypto steel that could be confiscated at the border?
Use the BIP39 Passphrases feature, where you add a word to the seed, and you can keep this word in a separate place or even on your phone in an encrypted form.
Now think about an armed conflict that would leave your home in ruins, and your seed phrases would now be under tons of rubble.
Use a multi-signature wallet in different places.
Or even in an unfortunate natural disaster scenario where your crypto steel would simply become inaccessible
Then you will not be able to reach your phone or any digital device, as steel and metals withstand harsher conditions than most electronic devices.
I have not found a convincing reason to use the service, and I have not read the code yet.
- TL;DR
Thank you for raising valid concerns about the security of Seedcake. Let's focus on the brute force attack issue in relation to root access.
1. Brute Force Attacks:The encryption model used would make brute force attacks extremely inconvenient and impractical. Even if an attacker obtains root access and can access the encrypted data file.
-
Key Complexity: The 256-bit encryption key is generated with a high number of iterations (200,000 in the case of `StrongGCM`), meaning any attempt to decrypt the key using brute force would require an immense amount of time and computational resources, making it an inefficient and impractical effort.
-
AES/GCM: The use of AES in GCM mode (Galois/Counter Mode) ensures not just strong encryption but also authentication, increasing security against tampering.
A pitfall here would be storing the passphrase used to encrypt the seed in the same place or file used to store the encrypted data, that indeed could be a disaster since you would be handing both the knife and the cheese to an attacker.
Self-custody is a fundamental step for digital assets, as said the intention of the project is not to convince anyone to use it, but to have it as another ally in your custody strategy.
—
2. Strategies and Analogies:But it seems there's a slight misunderstanding about the intention of the app, which I'd like to clarify.
Think of Seedcake as a multifunctional toolbox, not just as a closet for storing items. Your point of view, focused on local storage, is akin to considering a Swiss Army knife only for its blade, while ignoring the other useful tools it offers.
In the case of Seedcake, local storage on the device is just one of the options. Indeed, if the proposal were simply local storage, it would be more prudent to use a physical method, like a metal plate or a piece of paper. However, the real proposal of Seedcake is to offer a flexible and secure alternative that goes beyond the limits of physical storage, as an additional layer for your self-custody strategy.
At the end of the encryption process in Seedcake, the user has the freedom to choose where to store their encrypted seed, whether on a device, in the cloud, or in a password manager like Bitwarden, which would offer an additional layer of encryption and cloud synchronization. This provides additional security and adaptability, especially in emergency or unforeseen situations, like the ones you mentioned.
The true value of Seedcake lies in its ability to adapt to the self-custody needs of each user, don't get stuck on a static storage solution.
You are absolutely right when you talk about using a multi-signature strategy or even using a passphrase in your seed generated in the wallet itself, and that is encouraged.
But think of it as a game of camouflage: you have your seeds protected by a passphrase and, with Seedcake, you take an additional step, transforming those words into an encrypted hash. This is like disguising a valuable diamond as a common stone, making it less attractive to the eyes of a casual observer, or even some authority in adverse scenarios.
Imagine a hypothetical scenario where your seeds are discovered, but still protected by a passphrase. Having your 12 or 24 words exposed, shouting "I am a BTC seed", is not desirable, especially under authoritarian regimes.
Now, let's move forward in this analogy, not so far from the reality of some, where you are under an authoritarian regime. In this environment, where privacy is a rare luxury, your Bitcoin seeds, protected by a passphrase, would be like valuable jewels stored in a transparent box. Visible, tempting, but still locked.
Following the analogy, you would now be in an extreme situation, where you are confronted with the threat of a drill machine to your knee, a brutal and invasive pressure that such regimes can exert. Would you endure such torture and not give away your passphrase?
With the advent of cryptography, we are in an era where it's possible to take inconfiscable secrets to the grave, a feat unprecedented in history. This capability brings with it a crucial interrogation: Would you resist torture to protect such secrets? I'd prefer to disguise my jewel as a worthless stone and use various strategies (The Seedcake app is for use where local storage becomes unviable), maybe this is not your reality.
By transforming your seeds into an encrypted hash, Seedcake acts as a cloak of invisibility, hiding your precious seeds from everyone's sight, turning them from sparkling jewels into common stones in the eyes of inquisitors.
The app's proposal is to prevent its seeds from being obvious words that scream their nature and purpose, that is, transforming what is valuable and visible into something resilient and hidden.
—
3. Open-source But Without Reviews and with Low Level of Trust:I understand your observation about the lack of reviews in the project, and I agree that this is crucial. This is a very recent project, initially developed for personal use. I recently decided to open it up to the community, seeking contributions and external audits. I am fully aware of the importance of reviews and detailed feedback to ensure the reliability and security of the application. Being an open initiative, I invite enthusiasts and developers to collaborate and conduct their own audits, enriching the project and strengthening its foundation of security and reliability for those who find its use appropriate.
