We've all seen the recommendation against storing our wallet seed phrases digitally. And while I understand the sentiment and reasoning, in reality, for many it could be even less secure to store a piece of paper with the seed phrase.
This morning I tested encrypting a seed phrase from my computer (Mac OS). I'm curious what people think about the safety of the following process. I tested this using a randomly generated BIP39 mnemonic code.
- Create a wallet and temporarily copy the seed phrase into a text file.
- Open a terminal.
- Encrypt the file with the following command
openssl aes-256-cbc -a -salt -in ~/path/to/seed.txt -out /tmp/walletName.enc
. - Enter a long but memorable string for the aes-256-cbc encryption password.
- Save the contents of the resulting file in password manager.
- Delete the text file from step 1.
Decrypting the wallet seed in the future then simply requires copying the contents from your password manager into a local file and using the encryption password saved in step 4 with the following command: openssl aes-256-cbc -d -a -in ~/path/to/walletName.enc -out /tmp/seed.txt
.
The main problems with this method, that I see, are 1) It requires a small amount of technical know-how, and 2) users who are using automated backups (TimeMachine, etc.) might expose the wallet seed text file if they don't delete it or if the backup system happens to run while they're encrypting it. Other security issues I'm missing?