In order to properly secure your cryptocurrency, we have already described in the first part of our series how to create secure passwords as well as how to manage them and how to create backups.
While those aspects of secure cryptocurrency handling refer more to an area that establishes general instructions for action, the handling of so-called seeds is much more specific.
In this part of our series, we want to teach you what a seed actually is and how you can secure it.
The Seed as a Master Key
Some of our readers will already know the relationship between private keys and public keys. While the receiving address is derived from the public key, the private key is used to control the ownership of the coins. A wallet file stores all key pairs and allows for the creation of new pairs, thus facilitating the handling of cryptocurrencies like Bitcoin.
If you want to secure a wallet you have the option to copy the encrypted wallet file, create backups and store them. Another option is to export all private keys to make them available in plain text for storage in analog or digital form. They can then be imported manually into another wallet.
ReWallet
However, the import of private keys is associated with risks since improper use of this method can sometimes result in loss. This can especially be the case if you only transfer a partial amount of a cryptocurrency controlled by an imported private key. The remaining amount might then be transferred to the receiving address of the old wallet. Unless you have also imported this address or its private key into the new wallet this could lead to a loss. As a rule of thumb, however, you only export the key or keys that hold coins at that time.
The solution to the problem of having to export all keys is the so-called seed, which is also called seed phrase or mnemonic phrase. A seed is a secret, similar to a private key, but with some differences:
- Unlike a private key, a seed is written in a form that can be read by humans.
- It usually consists of 12, 18 or 24 words.
- The seed is used to restore the entire wallet and obtain all key pairs.
Given these characteristics, the seed has become the most popular method of creating a wallet backup. It also has advantages in regards to estate planning because whoever has the seed immediately has full access to all coins. Especially if you are to inherit Bitcoin, this is an advantage. For example, a seed can be deposited with a notary with specific instructions for the heirs. However, the seed’s full-access feature also poses risk because an unauthorized person would immediately have all the coins in his hands.
What Is the Best Way to Handle My Seed?
There are two basic methods of securing the seed, each having its advantages and disadvantages. It would seem to be obvious to save the seed digitally. Password managers, for example, which also allow the management of so-called secret notes, are suitable here. In this way, they ensure that the seed is not stored unencrypted.
The advantage of this method is that you can quickly create and distribute multiple backups. However, the biggest disadvantage is that you can never be completely sure that the computer on which you initially enter the seed has not been compromised. If there is a virus on the computer your cryptocurreny assets might be at risk.
This problem can be avoided by the second method, which is more recommendable overall. One writes the seed on a piece of paper when creating it and never saves it digitally.
The advantage is obvious. No viruses, no hackers, only the person who has the physical copy in their hands has access. The disadvantages, however, present some challenges:
- If an unauthorized person finds the seed, he will have immediate access to the wallet.
- A fire in your home can be just as dangerous for the seed as a tipped-over cup of coffee or a playful pet.
- Distribution in terms of redundant backups is more difficult than with digital copies because the seed is unencrypted.
There are a number of steps that can be taken to address these issues. One way is to split the paper and deposit the individual pieces in different locations. This gives you a puzzle and only those who know all the storage locations can put the seed together.
In terms of avoiding the destruction of the copy, it is no different than with digital copies. One must have several locations available to deposit the seed. Since the paper is unencrypted, one needs a secure location that only trusted people can access.
Another solution is to create a so-called 25th word, which is known only to the rightful owner. Thus, in principle, anyone can hold the 24 words of the seed in their hands but would only get access to the coins if they know the secret additional word or password.
The Ledger, Trezor or BitBox hardware wallets, for example, offer this possibility.
FAQ on Seed Phrases
Do I need a separate seed for each cryptocurrency?
No, as a rule of thumb, several wallets with different cryptocurrencies can be derived from one seed. If you create the seed with a hardware wallet, for example, you automatically have a seed for the most important coins.
Can anyone guess my seed?
No, because the seed is randomly generated from a list of 2048 words. This is the so-called “BIP-39 Word List”. This results in such a high number of possible combinations that it is extremely unlikely to guess the correct 12 or 24 words. Seeds thus enjoy a similarly high level of protection as private keys.
Can I change the seed?
No, the seed is randomly determined when it is created and one or more wallets are derived from it accordingly. However, it is possible to simply create a new wallet and thus a new seed. In such case, the cryptocurrencies must also be transferred to the new wallet.
Can I choose my seed myself?
Yes, this is definitely possible with suitable tools but it is not without risk. If a seed is determined by humans, then there is a high risk of choosing a combination that can actually be guessed. Unlike machines, humans tend to follow patterns when creating a seed, even if they are not aware of it.
Do I have to use a seed?
In principle, there is the possibility to create a wallet that is not hierarchically deterministic. However, there is no advantage in doing so because you would be using an outdated standard.
What is the master key?
In a hierarchically deterministic wallet, all key pairs are derived from the master key. It is a 256-bit key that is derived from the seed. Therefore, the seed is the more human-readable version of master key.
