Security and storage of private keys

Hello fellow hoddler,

we all know the rule: Not your keys, not your coins. But how do you secure your private keys or 2FA backup? A paper wallet can be stolen or destroyed by fire. A Ledger is an option and I own one but it can be destroyed as well. I want to share my idea regarding that toppic and would love to have feedback from the community.

The idea:

3 USB sticks with an 256 bit hardware encryption secured with a different password to access.

2 USB sticks are in my home within a fireproofe bag. My parents know the password to each of them.

1 USB stick is in my parents home including the password for the USB sticks in my home. My parents only know the password to my USB sticks.

​

Therefore the risk of fire, water or any other hardware failure for every USB stick should be minimal and theft is prevented by storing device and password in the different physical space.

The passwords are a min. 20 characters generated by a random password generator.

Would it be overkill to put the data within the sticks in an additional .RAR-Package with an AES-128 encryption?

View Source

19 thoughts on “Security and storage of private keys”

  1. This is ultra secure but the best is still to just mug up your seed phrase. I make a rap verse out of my seed phrases to remember them…

    Reply
  2. How far is your parents house from yours?

    Could a natural disaster destroy both locations?

    One USB stick in every continent would work better.

    Maybe send one to Mars as a back up

    Reply
  3. I find security the trickiest part of being in the crypto space

    Especially with off site copies needed incase your primary location is taken out of theatre

    Good luck with your storage protocol

    Stay safe everyone

    🙂

    Reply
  4. Titanium Seed Plate at home, Titanium Seed Plate in a safe deposit box. My next goal is to buy a heavy duty gun safe for storage. Pretty hard to steal a gigantic safe.

    Reply
  5. I tattooed my seed phrase on my asscheeks.

    To be safe however; I made sure to get the first 6 words tattooed at one shop, and the last six words tattooed at a different shop all the way across town.

    This way- neither of the tattoo artists knew each other or had knowledge of the idea that the words they were tattooing contained top secret access to a highly confidential stash of millions, perhaps billions of dollars worth of digital memecoins that only my asscheeks could gain access to.

    I requested the tattoo be done only in special expensive UV blacklight ink. This was of course just another security protocol to protect my loving stash from the naked eye and any promiscuous voyeurs. I was practically invisible, just an average joe living amongst the pawns of everyday life with an enormous secret to hide; forever engrained on my asscheeks.

    Reply
  6. Never digitise your Seed Recovery information, except to a hardware wallet or other dedicated airgapped device. Certainly never on anything capable of connecting to the internet.

    Etched onto steel plates, stored in multiple secure locations far from home, secure passphrase separately from 24-word mnemonic

    Reply
  7. USB sticks are crap. I’ve seen numerous USB sticks fail after sitting on a shelf for a year not being touched at all. If you are going to do this I would seriously consider MIL spec drives.

    Reply
  8. I’m a little late to the party, but what you might be looking for is an algorithm called ‘Shamir Secret Sharing’.

    It is a way to split a passphrase into an arbitrary number of pieces such that a fixed number of shares needs to be combined in order to obtain the passphrase. As an example, you might choose a 3/5 strategy. That means you have five shares and access to _any_ three of these gives you the passphrase. At the same time, a malicious actor who gets access to any two of the shares, does not obtain _any_ useful information at all. Not 2/3 of the key, but literally nothing. It’s mathematically proven and a well understood scheme in information security.

    Reply
  9. This is the best solution;

    – Get offline PC (ie. Raspberry Pi) with no internet capability

    – Use it to create an encrypted file (containing your seed) with a strong password that you can easily remember (ie. 5th sentence of the 5th paragraph of the 5th chapter of the 5th Harry Potter book).

    – Buy 5 Ledger Nano X’s, and input the seed onto all of them (this means that if one is lost or damaged, you don’t need to access your seed. Every time you access your seed, there is risk)

    – Copy your encrypted file to USB, and then store it wherever you like. Google Drive, email, post it to Reddit. Anywhere. It doesn’t matter. It’s secure.

    You’ll be able to access it from anywhere in the world at any time, and there’s no chance anyone will be able to get it from you.

    Storing it physically is dumb. Insanely dumb if it’s unencrypted.

    Your solution would be fine, but storing an encrypted file in the cloud is easier and better.

    >The passwords are a min. 20 characters generated by a random password generator.

    Don’t do this. This means you need the passwords written/stored somewhere, which is an attack vector.

    Use a strong password that you can always find and will never forget.

    Reply

Leave a Comment