I built a FOSS tool to protect my SEED phrases under duress

[teycir]

https://github.com/Teycir/Sanctum

Key features:
- 3-layer architecture: decoy/hidden/panic
- Cryptographically indistinguishable layers (like VeraCrypt hidden volumes)
- Client-side XChaCha20-Poly1305 encryption
- IPFS decentralized storage
- RAM-only key storage (forensics-resistant)
- 100% free, open code for audit

[NotATether]

Which type of duress are you referring to here when you speak of the term?

The legal analysts who work with the government?

Or criminals with wrenches trying to fetch your seed phrase?

[satscraper]

~

“$5 wrench attack - hand over a decoy wallet, real funds stay safe.” Sorry, but this statement copy-pasted from your repository made me laugh.

I assume that attacker using $5 wrench to get your money doesn’t care which wallet it comes from. They show you the number ^{written on paper}, and it becomes your problem to choose between your life and your money. Given common sense, most people will choose life ^{you don’t need money in the afterlife}.

[Eze BTC]

~

“$5 wrench attack - hand over a decoy wallet, real funds stay safe.” Sorry, but this statement copy-pasted from your repository made me laugh.

I assume that attacker using $5 wrench to get your money doesn’t care which wallet it comes from. They show you the number ^{written on paper}, and it becomes your problem to choose between your life and your money. Given common sense, most people will choose life ^{you don’t need money in the afterlife}.

You're right. The appropriate working of the decoy is when attacker runs digital check balances, or is being patient with compliance and not forcing immediate compliance. Anything contrary means one is playing with his emotion. In a nutshell, there's threat of psychological stress whether you hand over a decoy or the real one. This explains that and bring to us that security is beyond technical. There need to be human involvement.

[Synchronice]

OP, as I understood, you can encrypt a file, for example where you have stored your seed phrases but what if someone forces you to open your Electrum wallet? How will your tool help in this case? I guess, it's very limited to encrypting some files but it can't help with the actual software wallets that we use.

I assume that attacker using $5 wrench to get your money doesn’t care which wallet it comes from. They show you the number ^{written on paper}, and it becomes your problem to choose between your life and your money. Given common sense, most people will choose life ^{you don’t need money in the afterlife}.

You are not guaranteed to live after giving attacker your money. If they are psychos, they'll kill you anyway, after sending them your coins, just for fun (that's fun for them) and if they aren't killers, there is a chance they won't kill you even if you don't send them your coins.
I know it sounds crazy but I wouldn't send them my coins, even if they could potentially kill me. The thing is, I don't obey, that's my principle, to do not show a weakness and secondly, I believe they might kill me anyway, so why should I benefit them? God knows what's in their mind.

[Agbe]

Which type of duress are you referring to here when you speak of the term?

The legal analysts who work with the government?

Or criminals with wrenches trying to fetch your seed phrase?

You have just asked him the question that was in my mind when I saw the topic. And the Topic of the Op is different from the content. I thought he would explained why he was forced to built the FOSS tool to protect his SEED Phrase. Probably the Op doesn't understand the term duress.

Op DURESS means, you are doing something under pressure, forced, uncomfortable atmosphere, monitor with arms pointed at you to do what you don't like to do. So on what duress where built the tool?

[satscraper]

OP, as I understood, you can encrypt a file, for example where you have stored your seed phrases but what if someone forces you to open your Electrum wallet? How will your tool help in this case? I guess, it's very limited to encrypting some files but it can't help with the actual software wallets that we use.

I assume that attacker using $5 wrench to get your money doesn’t care which wallet it comes from. They show you the number ^{written on paper}, and it becomes your problem to choose between your life and your money. Given common sense, most people will choose life ^{you don’t need money in the afterlife}.

You are not guaranteed to live after giving attacker your money. If they are psychos, they'll kill you anyway, after sending them your coins, just for fun (that's fun for them) and if they aren't killers, there is a chance they won't kill you even if you don't send them your coins.
I know it sounds crazy but I wouldn't send them my coins, even if they could potentially kill me. The thing is, I don't obey, that's my principle, to do not show a weakness and secondly, I believe they might kill me anyway, so why should I benefit them? God knows what's in their mind.

Depends on the attackers. If they are wearing masks and have not physically harmed you then after getting what they want they are more likely to let you go. Killing is the grievous crime, and I assume that most robbers try to avoid committing it. This is supported by available statistics showing that robberies involving homicide are far fewer in number than those that end without killing.

[CryptoVoyager24]

@teycir
> - IPFS decentralized storage
> - Client side XChaCha20-Poly1305 encryption

While the cryptography seems solid, I see a fundamental architectural conflict here.
You are trying to solve the "Duress" problem with **software complexity**, whereas the Gold Standard is **protocol simplicity**.

BIP39 already handles this natively via the Passphrase (the so-called 25th word).
1. Input mnemonic (empty passphrase) -> Opens "Decoy" Wallet (balance: $500).
2. Input mnemonic + "MySecretPass" -> Opens "Real" Wallet.

This works on every standardized hardware wallet (Coldcard/Trezor/BitBox) without needing:
1. External dependencies (IPFS is a massive attack surface for a seed).
2. Custom software that might be unmaintained/deprecated in 5 years.
3. Digitizing the seed (which violates the core tenet of Cold Storage: the seed should never touch a general-purpose OS).

As @satscraper pointed out, the threat is physical. Adding a software layer just adds a point of failure. If your tool has a bug or IPFS changes its protocol in 2030, the user is locked out.
Protocol > Software.