There is a popular quote that states: “With great power comes great responsibility.” This quote has never been truer than when dealing with Bitcoin and cryptocurrencies.
The power to have a bank at your disposal in your pocket and be able to send and receive instant private payments without a third-party as an intermediary, the power and freedom to have at your fingertips your wealth and be able to move your assets in a device the size of a flash drive, that not only empowers but also frees humanity from the banking system. Nevertheless, this freedom and power doesn’t come without a cost and risk. The cost is responsibility and the risk is the possibility of losing everything.
When dealing with Bitcoin and cryptocurrencies in general it is important to understand and keep in mind that all the responsibility is on you. You are the sole proprietor of those digital assets and is your responsibility to keep your private keys and wallet recovery seed phrases safe from hackers and prying eyes.
The best way to do that is to have your Bitcoin and cryptos in a hardware wallet and even though hardware wallets are very secure devices and virtually not hackable, your seed phrases could get lost, destroyed, or seen by someone, in other words, the Achilles heel of a hardware wallet is the 24-word recovery phrases. With those recovery words, anybody can get a hold of your Bitcoin and altcoins stored in your hardware wallet.
If you are reading this post is because you have asked the same question I asked myself when I setup my first hardware wallet. Where can I hide this recovery sheet so that no one other than me can see it or get access to it? Keeping it at home is ok but there is always a risk of someone finding it or hiding it so good that not even the person who hid it could find it.
There could be a fire and burn it, a water pipe can burst and damage it, etc. so how can I keep the recovery phrases safe? To answer this question, I started to do some research and found that there are a few methods that can be used to hide or secure the recovery sheet.
My first thought was to rent a bank’s security box which is very secure but inconvenient because there is an annual fee that must payed while having the security box, also each time I want to have access to it I would have to go to the bank and go through a process to access it.
While researching online I found a device called SteelWallet, which is a cold storage wallet to backup the mnemonic seed phrases of your hardware wallet. It’s made of stainless steel plates and it comes with small precut steel letters that you can use to make up the first 4 letters of each word. After this step is completed it’s covered by two steel plates and that can be stored long term. Being that it’s made of stainless steel it’s fireproof and waterproof. However, if someone finds it or steals it you could lose your funds.
The third available option is ColdTi which is also a cryptocurrency seed storage made from steel, but for this one to store the words you would have to engrave it to the plate using an engraver. It is also safe from damage from fire and water but has the same vulnerability which is if someone finds it, you could lose your funds as well.
Fourth, there is a device called Tjernlund CC3P which is a kit that is made up of three separate sheets of stainless steel and a punch set. Just as the other two methods mentioned, you would have to use the punch set to imprint each word in the sheet of steel.
The good thing is that you could take and hide each sheet of steel separately dispersing them in three different locations thus reducing greatly the possibility of someone finding all three sheets of metal to make up the list with all the words. Just as the other two this method is fireproof, waterproof and hack-proof. One downside of this method is that if one of the plates is lost, you would lose access to your hardware wallet if you ever had to restore it.
All the mentioned devices are compatible with hardware wallets such as Ledger Nano S, Trezor, KeepKey and any other hardware wallet that uses seed words to back up the whole wallet, also known as BIP39.
All these methods are great, but none address the issue of how to keep your recovery phrases safe because there is a possibility of this metal plate getting in the wrong hands thus being vulnerable to losing all the funds on those addresses. For this reason, I started to think of a way to somehow hide the words of the recovery sheet in plain view so that if someone not authorized gets a hold of it they wouldn’t be able to decipher the information, kind of masking the word list within another list.
By continuing to read this post you agree to the following terms:
- The information presented in this post is provided “as is” without any kind of warranties regarding the posts, links and materials presented here.
- By reading this post you understand and agree that you can use the information at your own risk.
- In no event shall the owners, writers, editors, or anyone associated with this blog be liable for any special, direct, consequential, or incidental damage or any damages whatsoever, whether in an action of negligence or other tort, arising out of or in connection with the use of the information provided.
- The owners, writers and editors of this blog reserve the right to make additions, deletions, or modifications to the content at any time without prior notice.
- Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to hardwarewalletinfo.com with appropriate and specific direction to the original content.
It is highly recommended that the following procedure is performed using only pen and paper and not a computer. However, If you decide to do the following procedure on a computer to then print it, IT MUST BE DONE IN AN OFFLINE COMPUTER preferable running LINUX UBUNTU ON A BOOTABLE USB DRIVE or any Linux live operating system of your choice or you would be risking your recovery seed and there would be a chance of hackers and spyware stealing your keys.
If you plan to do this process using an offline computer also known as cold pc running a LIVE BOOT UBUNTU USB make sure you have the BIP39 word list in a flash drive at the time you do this to have easy access to the information you need. If you don’t know how this works or have not created your LIVE BOOT UBUNTU USB flash drive, I recommend you going through the tutorial first on how to create one by clicking here
Now that we are done with the disclaimer and warning, lets proceed. To be able to hide or mask your recovery sheet in plain view the first step is to make a list of numbers from 1 to 100 just as shown in figure 1.
Then I needed to choose 24 random not repeated numbers from the 100 numbers available. To correctly choose the numbers you have to make sure that whatever method you use is reliable and consistent because each time you need to decipher your recovery words you need to generate this random numbers in the exact same order as when originally generated.
Do not use consecutive numbers as your random numbers for example choosing the numbers from 1 to 24 or from 40 to 64 would be like choosing a password such 1234 for your email, would you do that? I don’t think so, so please make sure that your numbers are random.
After you have chosen or generated 24 random numbers if you have a good memory you could memorize them, but most of us don’t have such a good memory so that is why you should choose a mechanism to generate the same numbers so that whenever you need them to decipher your recovery words you would have a way to do so.
I am going to use an example just to illustrate how you could find a set of random numbers for your list. This doesn’t mean that you should use this method, this is just as example.
Take π (Pi) for example, we know that π (Pi) has an infinite number of digits in its decimal representation, and it does not have an infinitely repeating pattern of digits, meaning that they are random set of numbers. To explain this example I am going to focus on the numbers after the decimal point to the 60th place which are: 3.141592653589793238462643383279502884197169399375105820974944
If we group this numbers in sets of two we can find a list of random numbers, the only problem is that when they are grouped is sets of two, some sets repeat, the way I deal with this is to discard whatever set is repeated for the second time. So, if I take the numbers after the decimal and group them in sets of two I get:
14 15 92 65 35 89 79 32 38 46 26 43 38 32 79 50 28 84 19 71 69 39 93 75 10 58 20 97 49 44
If you check carefully you would find that the numbers 32, 38, and 79 are repeated twice, so in that case I would discard the numbers that repeat for the second time. By eliminating the repeated sets of numbers, I get:
14 15 92 65 35 89 79 32 38 46 26 43 50 28 84 19 71 69 39 93 75 10 58 20 97 49 44.
If we count the set of numbers we have available now it turns out that we have 28. We only need 24, basically one number per recovery word. By choosing the first 24 number from the list above we end up with the following list:
14 15 92 65 35 89 79 32 38 46 26 43 50 28 84 19 71 69 39 93 75 10 58 20
Figure 2 shows a typical recovery sheet. This list of 24 words were obtained when the device was initialized for the first time.
Now we can assign a number to each word in the correct order. This can be seen in table 1 below
Now you take word # 1 from the recovery sheet and place it in number 14 in the list in figure 1. Then take word # 2 from the recovery sheet and place it in number 15, take word # 3 from the recovery sheet and place it in number 92 in the list in figure 1 and so on until you have completed all the words. After you are done you should end up with something like what is shown in figure 3.
Make sure you write the correct word in the correct place and make sure that your system or method used to generate your random numbers is consistent each time. By failing to do so, your newly created list could be erroneous which means that you could lose access to your hardware wallet if you ever had to recover it.
After you have finished placing each word in the correct order, now you have 76 empty places to fill with words, but hold on, you cannot just write random words from a dictionary or from your head, you must use the standard list of words used in BIP39 based wallets so that you can correctly and securely mask your recovery words. In simpler words, the list that I am talking about is the list of words that it’s inside the device’s memory from which your recovery words where selected when initializing the hardware wallet for the first time.
You can get the BIP39 list of words from GitHub a website that serves as a repository for coders and software development. You don’t have to take my word for it, just download the list from GitHub and search for a couple of words from your recovery sheet and you will realize that your words are in that list. To download the BIP39 list of words from GitHub, click here
After choosing 76 random words from the BIP39 word list enter them in the list to mask your actual recovery seed. After doing so you should have something like the list shown in Figure 4.
Now that you have correctly and securely chosen 24 random numbers to use them to mask your recovery seed phrases, it is time to test it. Perform the recovery of your hardware wallet using your newly created list.
The first step would be to regenerate from scratch the random numbers that you generated earlier using the same method and copy them in a piece of paper, in this example we used the numbers in π (Pi). Then assign to each one of your random numbers the correct number from 1 to 24. Lookup each word in the list and write it down.
Reset your hardware wallet and use the correct procedure to recover it. Enter each word in order in the hardware wallet and it should work. If you were able to recover your wallet by using only the list as shown in Figure 4, then you have succeeded in correctly and securely masking your recovery words.
You might be asking yourself how secure is this method for hiding the recovery phrases? Let’s look at the math to figure out how many tries someone needs in order to successfully guess the correct order of the recovery words.
We have 24 words that need to be in the exact order to successfully recover a hardware wallet, but these 24 words are spread at random in another list that contains 76 more words. In total we have a list with 100 words and from that list we must chose 24 words in a specific order. The way to calculate this is to use a permutation formula with no repetition. According to the dictionary permutation is defined a way, especially one of several possible variations, in which a set or number of things can be ordered or arranged. The formula is: The symbol “!” means factorial. Factorial is defined as the product of an integer and all the integers below it. For example, 10!(read ten factorial) = 10x9x8x7x6x5x4x3x2x1=3628800. In our case n=100 and r=24 so to calculate how many times someone needs to try before correctly figuring out the exact order is so as you can see is not possible to guess the order, even by using todays super computers it would take hundreds of years to correctly guess the list of words in the correct order.
If wanted to make it even more secure you could increase “n” to whatever you want. Remember that “n” is the total number of words in your list, in our case in this example it can be seen from figure 1 that n=100.
After all this process is done, and of course recovering your hardware wallet 2 or 3 times to make sure you have the correct process in place I made several copies of this list, laminated them and hid it in different places just to make sure I have one available whenever I need one. You might be asking yourself what to do with the original recovery sheet? I my case I decided to burn it so that I did not leave an unsecured recovery sheet laying around. You can do whatever you want with it, I am just sharing what I did with mine.
Please make sure your newly created masked recovery sheet works before you decide to destroy the original one, I can’t stress this enough, MAKE SURE YOUR NEWLY CREATED RECOVERY SHEET WORKS AND THAT YOU HAVE IN PLACE A CORRECT WAY TO GENERATE YOUR RANDOM NUMBERS AND THAT YOU HAVE CHECKED THAT YOUR SYSTEM WORKS AT LEAST 3 TIMES.
I am currently working on a simple method that you can purchase which brings all the 2048 words as small individual stickers that you can use to manually build the list mentioned before in a secure way. If you are interested to know how to purchase it or when is going to become available, please SUBSCRIBE to this site and in the message, section write that you are interested in this system so that you can receive updates about it.
I hope this information is useful to each one of you thinking about securing your recovery seed in a better way. If you have any comments, questions or concerns please contact us. Thank you.
Alberto is the originator and primary contributor for this blog. He is an electrical engineer, tech and crypto enthusiast. Likes to learn and help others understand the amazing world of Bitcoin and cryptocurrencies.