In this third installment of our series on BitCoin security, we discuss how to store your seed words and PIN to a cold storage phone securely.
Marquee Mark – September 5, 2019
This three-part series shows how to store BitCoins long-term, securely. In Part 1 we discussed what cold storage is, why use it and the different options available, in Part 2 we discussed more in-depth how to use a second phone for secure cold storage.
In this third installment, we discuss how to store your seed words and PIN to your cold storage phone securely.
Writing down your seed words
In Par2 the seed words to recreate the wallet were written down on paper. I like to use a 2B pencil with several sheets of paper underneath so that the words do not get imprinted on any other medium. Once the words are written I shred or burn the paper underneath. The problem now is that the words are in one location, so if someone burgles your home, or robs you, the attacker can obtain all your cold storage BitCoins.
There is a balance between security and convenience, to increase security, convenience inevitably needs to be reduced. Your seed words, therefore, need to be split up and placed in separate geographical locations to reduce this attack vector.
Cold storage x of y
A nice balance between convenience and security is to require two out of three locations in order to reconstruct our words and phone PIN. You need to decide what you are comfortable with. This can be adjusted to suit your security preference. For brevity, we will focus on two of three in this article.
Let’s split our words into three groups A, B and C. Here are some generated words for a wallet that’s never been used.
The word order is important, so make sure to keep them in order when writing them. What we will do is split those words onto three separate pieces of paper so that we can put those pieces of card (or paper) in separate locations but only require two pieces to reconstruct all our words.
Write them out again so that on card 1 we have groups A and B, on card 2 we have groups A and C, and on card 3 we have groups B and C. When done for this example the cards should have the words like this:
To help you do this, I would recommend you buy SafeWords specifically for this purpose at CoinStorageGuru. These cards come with envelopes, and tamper-proof seals with serial numbers so you will know if someone has looked at them.
SafeWords also has a place to write your PIN, but I do not recommend you use this feature. See my video on Streamanity on how to use SafeWords properly.
Storing your PIN
To store your PIN, I recommend using at least an 8-digit PIN for your phone and then using Shamir’s Secret Sharing scheme to split the 8 digit PIN into three parts. All you have to do then is place one part in each envelope of your SafeWords.
Go to PassGuardian.org and choose Split a secret, change Number of shares to 3 and Threshold to 2. Enter the PIN and then Click Split. The secret shares are then shown one on each line below.
So in this example, line 1 goes in envelope 1, line 2 in envelope 2 and line 3 in envelope 3.
Distribute your envelopes
The seed words and PIN is now split into two of three pieces and can now be put in three separate geographical locations. I personally do not have ANY pieces at my home property. I will leave it to your imagination but some good places might be a bank vault, a trusted friend or professional such as a lawyer/solicitor.
As your cold storage phone contains your private key to your wallet, you should also store this away from your home. We are willing to give up some convenience for security, perhaps store that in a bank vault. Whenever you need to withdraw from your cold storage wallet, simply go to the bank vault and transfer the money you need to your hot wallet.
I have made a video demonstrating the above processes here.