💾How to hide and store securely 24 words online — (Part 1)

By Orfeo Morello

Human memory is not infallible, we live in the digital age and we are full of passwords to remember. We need a password for Facebook, an email password, an Instagram password and for every other website we need to access. The number of passwords we have to remember increases every day more.

The websites usually provide features that allow the recovery of the password but this can not always be done. For example, if you forget a password there is a risk of losing all your savings if we think to the crypto currencies (Bitcoin, Ethereum, Litecoin …). A cryptocurrency is a digital or virtual currency designed to function as a medium of exchange. Like all paper or metal currencies, a crypto currency is nothing more than a payment system.

When we decide to create a wallet to accumulate crypto currencies, we are given a list of 24 words. This word list is called a wallet recovery seed and is a standard way to recover funds in the event of a wallet loss. It is not necessary to say that these 24 words must be kept out of unknown eyes and above all must not be lost. Anyone who knew these 24 words would have access to all your funds.

The easiest thing that comes to mind is to write this list of words on a piece of paper and make two or three copies to keep them in different places, but this solution is not to be considered safe anyway. Paper can last a very long time, but it depends on what it is made out of and the environmental conditions that it has been kept in, the transcription of the words can be done incorrectly and the list could be used by anyone who came into possession of the sheet of paper.

The best choice is to save words in digital format but with many precautions, we must make sure that the information is protected, easily accessible but also not available to strangers.

Not having found solutions that could meet these needs, I decided to create something that works even in offline mode without requiring internet connection. The application that i named “bip39seed.com” is special because it allows you to make a backup of the words without saving them on any remote server. All the code works only in your browser, you can download the source code and run on your PC.

This repo contains the original source-code, explore it. https://github.com/orfeomorello/bip39seed

Well, let me describe now the steps to achieve the result using this app. The 24 recovery words are usually in English even if the bip39 standard also includes other languages, so the website first asks you which dictionary to use, once chosen you can go to the transcription part of the words you want to save. The system works in autocompletion, you do not need to write the whole word but it will suggest some words based on the letters you have entered, so the insertion is quick and in addition you take shelter from the possible presence of keyloggers on your PC or smartphone that could spy on what you type.

Entering the words the system asks you to create and store an unlock gesture code and a color. Instead of requesting a password (which of course nobody ever remembers) I thought that remembering a gesture like those you do to unlock the phone and remember a color, was a much more natural and simple thing. Some might argue that using this method instead of the normal password is less secure than what you would offer instead using a free field as a password, but what interested me is to give the ability to easily remember how to unlock the information saved.

The security can be safeguarded by not saving all the words together but by repeating this operation by splitting the words into groups and perhaps omitting a few words that you can keep in mind without saving it, in this way even if someone discovered the unlock gesture code and the color, he would not have access to your cryptocurrencies.

Then enter the words, the unlock code and the color by pressing the button “Backup my seed phrase” the system generates an url, an internet address that is copied to the clipboard. You can save this address where you want. When you need to recover the words just visit the internet address saved and re-enter the unlock code and color.

But what happen if the website no longer exists and is closed? No problem, the words as I said are not stored on the site but are stored in the same URL, in the same address. By installing a local version of the site on your PC you can then retrieve the words and unlock them changing the domain name in localhost (ps. read the second part of this article to have more informations).

When the system is asked to backup the words, they are compressed and crypted using the Advanced Encryption Standard (AES) algorithm, the result (the encrypted words) will form the web address that the application generates.

In the second part of the article we will see a practical example how to install the application locally on a windows or linux machine. In the meantime you can use the online version to take a test https://bip39seed.com/