Bitcoin recovery phrase

Bitcoin Recovery Phrase: Best Way to Secure It

Share this!

When you just bought some Bitcoin and are not willing to store it at an exchange(which is very wise) you have to take some precautions yourself. Being the owner of Bitcoin also means that you are the one who is responsible for storing your private keys. In other words, you have to be your own bank. All fine, so you maybe bought a Ledger nano or Trezor hardware wallet to store the private keys. What to do with the Bitcoin recovery phrase, which should be stored in a safe spot?

How does it all work

So let me rewind a little. Every time you create a new hardware wallet for storing your private keys, you also have to create a recovery seed. This Bitcoin recovery seed is a random array of words which should be written on a paper and stored on a separate device. Later on in this article, I will come with an alternative which levels up the security of this Bitcoin recovery phrase.

Bitcoin security private key

Bitcoin Recovery Seed: What’s the Idea

The recovery seed functions as a key to your hardware wallet which stores all the private keys. Furthermore, these private keys can be used to send your Bitcoins over the Blockchain network. Every private key is tied to a public key(or bitcoin-address) and this public key can be used to receive Bitcoin. As a result, the public and private keys are unique and can only be used by you. If you are in the possession of a hardware wallet then you also own several private keys. This is a very good thing, because of privacy reasons it’s favorable that you can use several public keys to send and receive Bitcoin.

Basics of the recovery seed is a very large number

The way the Bitcoin Blockchain works is that you can generate an unlimited amount of public keys. Similarly, the number of private keys is unlimited also because they relate to each other. With the Bitcoin recovery seed(just one) it’s possible to generate all the private keys. As a result, you can use this recovery seed to back-up and restore all the private keys in case they were lost.

public key and private key

At the moment when you create a new wallet, a very large number is randomly generated also. Furthermore, this very large number functions as a base to create several private keys.

Array of words

It’s very important to know that this very big number should be generated randomly, otherwise it could be hacked very easy. This very big number will be converted to an array of words which we call the Bitcoin recovery phrase. Mostly, the number of words are 12, 24 or more. In general 24 words is advisable, but 12 words are safe also. The reason we use a seed is to simplify it for writing down the words on a paper. Below an example of a Bitcoin recovery seed randomly generated:

runway have rocket foot rally short egg patience evidence choice true acquire

Recovery Seed to Public and Private key

Next, a very simple but technical explanation which covers the process of converting the Bitcoin seed phrase to public and private key. So how does this conversion process work?

The first step is to generate a master seed out of the original recovery seed. This is a very technical step and for simplicity, we will skip this and continue to hashing. Hashing works one way. In other words, it’s an algorithm that calculates and converts an input string to a certain output, but it can’t recalculate back to the original input string. A good example of this hashing technique is SHA-256. If I use the seed above and calculate it with the SHA-256 algorithm, it gives me this output:

3da4389dc1a62e4636f910935c50d1a6791241dbeac9544f1e39256d48b4941f

SHA-256

To keep things simple, the above string will be our newly generated private key. As we use SHA-256 hashing, the generated string cannot be converted back to the original recovery seed string:

runway have rocket foot rally short egg patience evidence choice true acquire

Base58Check function

The original Bitcoin source code follows now a few steps to go from this private key to the public key. Out of these steps, I will only explain one check which is being used for conversion. This step is called Base58Check and takes care of showing the proper Bitcoin public key formats. If I use this algorithm on the newly generated private key, I get the following result:

FGjQtYShC3PB4zdBBq4vvYCvR6y3wE26HRhACyaWMcxi

Infinite Bitcoin addresses

This result looks exactly like the public key addresses which Bitcoin is using. I explained earlier that with the Bitcoin recovery phrase it’s possible to generate infinite private and public keys. How does this work? This will be done by the algorithm to add a random number at the end of the original recovery seed, like this:

runway have rocket foot rally short egg patience evidence choice true acquire+7
runway have rocket foot rally short egg patience evidence choice true acquire+8
runway have rocket foot rally short egg patience evidence choice true acquire+4

The SHA-256 hashing algorithm will calculate the following private keys:

610fdd1f008cf71baead73ff432f8dc58a12b61b02dbea7d6305eae3b54007a2
27a6b37d4a82f9005809b3b7826348d7d40dd3813e7213e71b7fbb85414422e1
34349ea89cec530dc0c8394daa95367900562d04e6828ca5251106617e11001e

And finally the following fake Bitcoin public key addresses:

9qLR7AwXiqAFDynkSFhUoyCG6mghewYx6SqWPmnagGHt
AHByfumb3NBY74cc6BCcwDRRaCj8dmKgc1S4gG7VyPZF
6y5TiEhXY1vKPQeDnreprj1vJbyoRMp7sJS1WsPrkvRV

This algorithm makes it possible to generate infinite private and public keys based upon the original seed phrase. If you by accident lose access to your hardware wallet, then this isn’t the end of the world. Because with the Bitcoin seed phrase it’s still possible to re-generate all the private and public keys. However, if you lose your seed phrase, your Bitcoins could be lost forever!

What is the Best Way to Secure The Bitcoin Seed Phrase?

If you use a hardware wallet like Trezor or Ledger nano then the seller also will give you get some paper cards to write down the Bitcoin recovery phrase. Next step will be to store these cards at a very safe and secure place, which should be off-line. Every legit Bitcoin wallet, whether it will be a software or hardware wallet, will instruct you to write down the seed phrase. Below is the table the do’s and dont’s for securing your Bitcoin seed phrase.

Do’s Dont’s
Keep the card with the seed away from fire or water, like in a safe Don’t use cloud storage or Dropbox for storing your seed phrase
Use Cryptosteel to protect from water or fire Don’t type in the seed phrase at an infected computer or a computer which is online
Store the recovery seed at several places, geographically seperated Don’t use your e-mail account for storage
Split the 24 word seed phrase in three parts: 1-8, 9-16, 17-24 and store at three different places. Don’t use online back-ups at all
Avoid using a computer for storage even if it’s offline

A paper copy of your Bitcoin recovery phrase isn’t protected against fire or water damage. Alternatives like Cryptosteel could help you with storing your seed in a safe place. Of course, it’s totally up to you, but it could save you from a proper headache. Happy trading and stay #SAFU!

Disclosure: This post could contain affiliate links. This means I may make a small commission if you make a purchase. This doesn’t cost you any more but it does help me to continue publishing cool and actual content about Bitcoin & Crypto – Thank you for your support!

Follow me
Latest posts by Jelmer Steenhuis (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *