Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Merits 2 from 1 user
Re: Masking seed phrases for an extra layer of security (experimental)
by
mcdouglasx
on 04/06/2025, 13:37:15 UTC
⭐ Merited by vapourminer (2)
Quote from: BTCW on Today at 12:38:30 PM
Nice coding job.

But I fail to see the point. A private key is exactly 256 bits, or 32 bytes, if you will, and BIP39 seed phrases are just a dictionary for it—human-readable binary. There is nothing magic about the words in the wordlist. It is literally a dictionary, and your suggestion accomplishes what? A dictionary for a dictionary?

BIP38 from 2011 allows for standardized encrypted private keys. If I ever were to encrypt a private key, my immediate thought would be: Should I be dealing with crypto in the first place if I lack the skills to keep 32 bytes of data a secret? If I, for some reason, still decided I wanted to encrypt a private key, which in my opinion accomplishes nothing other than increasing complexity and increasing the risk of losing control (because what if you, two weeks or 12 years later, can't recover the 32-character password you went with), I would use a well-established and war-tested standard for it.

My point is that private keys are safe as they are. Whether you like to save them as a 64-character hexadecimal string or as Base58check is just a matter of taste—both represent the exact same thing.

Unless you have a Ph.D. in cryptography, don't invent your own safety layers; they tend to bite you in the ass sooner or later.

The idea behind this is simple, a steganographic trick.

Even if an attacker obtains your seed phrase, they wouldn’t know how to access the original funds.

It’s not about encryption itself; it’s about using the encrypted seed phrase as a decoy.

And while you're right in saying that anyone unable to store a key securely shouldn’t be in crypto, that statement is somewhat ambiguous because no one is exempt from being hacked.

Historically, those who have lost the most money due to BTC hacks have all been experts.

for example:

Bitcoin developer @lukedashjr's wallet was hacked

The security of your private keys doesn’t rely solely on encryption, it depends on how you protect that encryption. But it’s true, the best approach is always to use standardized methods, especially for someone lacking technical knowledge.