encrypting seed phrase with a password

[Saint-loup]

You must be sure to be able to find and use the same software with the same version, even in several years when you will need to decipher your seed phrase otherwise you won't be able to access it. That's why it's better to use a very standardized algorithm to encrypt your seed phrase. And to try several different softwares using it to decipher your secret, to be sure there is no bug into the encryption program.  

[alexeyneu]

truecrypt is better. reputation approved by news like "fbi cracked truecrypt smth". Authors even made a request to waybackmachine to exclude their site from where binaries can be found.

[Forsyth Jones]

truecrypt is better. reputation approved by news like "fbi cracked truecrypt smth". Authors even made a request to waybackmachine to exclude their site from where binaries can be found.

But isn't veracrypt a fork of truecrypt and truecrypt discontinued?

I was unable to use truecrypt on Windows, I made a post about it on my local board.

[alexeyneu]

just using 7.1a right now. portable install.  windows 10.
if it's a problem to find binaries idk. use russian vpn and google for it
About other things you said  : authors make request like this only in one case. Think for yourself it's called  

[satscraper]

My SEED phrase is pgp-encrypted. The relevant private key is secured by hardware dongle. Encrypted SEED is inside protected  data base of  KeePassXC  which is placed in  encrypted partition (persistent storage area) of Tails. In fact I use the  four-layered encryption system. Think, nothing would be better. Interested? Then look here.

[Saint-loup]

That's great but what will happen if your hardware dongle is broken or if you lose it? In addition encryption doesn't protect against damage. If your hard disk is damaged(physically or digitally) what will you do? Your private pgp key won't be enough to recover it unfortunately, the strongest the encryption is. Devices will never be as strong as your encryption can be, they can be destroyed or critically damaged at least, quite easily actually.

[Cricktor]

I'm not sure if this scheme is actually great. It looks overly convoluted to me and frankly I don't know why it's that much layered, to be honest. @satscraper could you explain what kind of attack vectors you try to remedy or your reasoning with such a multi-layered approach?

Then indeed more points of potential failure are introduced, at first glance. The hardware keys would need copies otherwise you're pretty much screwed if you've only one and this sole one gets damaged, stolen or lost. (OK, after actually reading SEED storage on digital media., you use three hardware keys from Yubico, so it seems there's redundancy.)

I hope you've a hell of a good instruction manual for those who are supposed to inherit your stuff should something bad happen to you. And don't forget, you know your scheme well enough now, you constructed it. Years later and without much use, this could change as human memory is a fragile and changing thing. For those not involved in your scheme, instructions would need to be much more elaborate.

Don't get me wrong, I'm not per se against digital storage but I'd like to understand why such paths are walked and to what problems it's aimed to be a valid solution. People need to understand why handling such precious data like mnemonic recovery words and/or mnemonic passphrase on digital devices is potentially dangerous and how to do it safely.

And don't do fancy and complicated procedures just for the sake of it and because you can. There should to be a clear purpose and need for every layer of protection!

[YogiBear77]

I would delete the original file (but previously I would save it as an empty file).

It won't be effective

You should use something like shred command in Linux

I've found one tool on github (the link is below) for encrypting and decrypting text with password, but I am curious how secure that method of encrypting is, and are there any stronger algorithms for encrypting and decrypting text with a password?

https://github.com/blws/text-encrypt

You should use GPG or openssl

.

[Synchronice]

I have an idea how to protect my seed phrases.

The first step would be to generate it it offline.

Second step would be to encrypt it (also offline) with a password.

Third step would be to pack that text file with encrypted seed phrases in a rar archive which would be protected with another password.

After that, I would copy that rar archive to protected USB sticks. And of course, I would delete the original file (but previously I would save it as an empty file).


I've found one tool on github (the link is below) for encrypting and decrypting text with password, but I am curious how secure that method of encrypting is, and are there any stronger algorithms for encrypting and decrypting text with a password?

https://github.com/blws/text-encrypt

Are you really sure that you need that much security and are you also sure that you'll be able to handle the responsibility? Keep in mind that the more secure you make it, the higher the responsibility will be on your shoulders.
By the way, Bitcoin seeds already guarantee a very high security and in practice, Bitcoin wallets are uncrackable. If you put a password on your seed phrase, you have to keep in mind that your password must be as strong as your seed phrases because what's the point of setting a weak password if cracking of it will reveal your seed phrases? Also, again, what's the point of setting a strong password (equal to 12 words) on them (i.e. having two 12 words seed phrase)? Just have a one, 12 words seed phrase or 24 if you wish, save it well, keep it securely and live your life. It's meaningless to make things complicated when there is not a necessity of it.

[satscraper]

that's great but will happen if your hardware dongle IS broken or if you lose it? In addition encryption doesn't protect against damage. If your hard disk IS damaged what you will do? Your private pgp Key won't be enough to recover it

I assume you reading of topic I have referred to was inattentive. That is why you have questioned me.

At the moment I have the set of  three cloned pgp dongles. Should one of them get damage it will be easily replaced by the means  of cloning from remaining ones.

Regarding hard disk. I don't use such stuff.  I use flash drives and industrial grade SD cards to hold Tails with all encrypted  stuff. They are  also clones and can be further cloned if needed. Some of these clones are geographically distant and kept by my relatives.  

[alexeyneu]

industrial grade SD cards

lexar or so is still consumer-grade. i never seen industrial-grade sd card.

[Saint-loup]

that's great but will happen if your hardware dongle IS broken or if you lose it? In addition encryption doesn't protect against damage. If your hard disk IS damaged what you will do? Your private pgp Key won't be enough to recover it

I assume you reading of topic I have referred to was inattentive. That is why you have questioned me.

At the moment I have the set of  three cloned pgp dongles. Should one of them get damage it will be easily replaced by the means  of cloning from remaining ones.

Regarding hard disk. I don't use such stuff.  I use flash drives and industrial grade SD cards to hold Tails with all encrypted  stuff. They are  also clones and can be further cloned if needed. Some of these clones are geographically distant and kept by my relatives.  

Ok, that's great but I think you should warn people against this risk in your tutorial and recommending them to make several copies as you've done yourself because unfortunately digital safeguards are way more fragile than physical ones, even simple sheets of paper (you can throw a sheet of paper 10 times against a wall it won't be broken). Some people are using cloud services for storing their critical encrypted datas in order to avoid the danger of physical damage(including the electromagnetic one) of their devices  but a cloud service can also be easily shutdown, or datas can be erased from there without notice.