The objective here is to build a wallet strategy that's impervious to my own forgetfulness, potential house BBQs (aka house fires), theft, hackers breaking in to my cloud account, and even the notorious $5 wrench attack.
That's the holy grail of seed storage. I've never been able to find one that I'm completely happy with, it's always a compromise between not losing access by yourself and preventing others from gaining access.
Step 1: I'm going to concoct two passwords, hidden in plain sight within a book. I'll pick twenty random words and mark them with underlines or circles, interspersed with entire sentences and decoy notes for good measure. This book will be stored inconspicuously at home, and a duplicate copy (markings included) will be kept at my workplace or a relative's house.
This part sounds like a brain wallet. How will you be sure you still remember the exact decoy notes after 10 years? I've seen people lose access to their coins while they used a less complicated (but also made-up by themselves) system.
They'll be none the wiser about its significance.
If a relative asks me to keep a book with weird markings, I'd be curious.
I'll also make a mental note of these passwords. I do realize that this approach might not generate the most random or high-entropy passwords possible (compared to, let's say, picking 20 totally random words from a dictionary), but I believe they will be robust enough for the job at hand.
Take a look at
Collection of 18.509 found and used Brainwallets. Creating your own random is risky (although, with 20 words, I don't think it's terrible).
Step 2: I'll use Ian Coleman's BIP39 tool on an offline computer to create a 24-word seed
Being offline isn't enough: the OS should never be connected to the internet again. So use a Linux Live DVD.
using a deck of cards for randomness
A deck of cards is great to
store randomness, but
creating real randomness is tricky. Why don't you use many coinflips instead?
This mnemonic phrase will be encrypted with the first password and tucked away into a .txt file
What encryption will you use?
I like
BIP38 because it's very hard to brute-force, but unfortunately there's still no standard way to encrypt seed phrases.
which will reside both locally and on the cloud.
No matter how you do it, when you want something to remain private, don't upload it.
A physical copy will also be safely stashed among my belongings at home.
Since you were using cards: why not just keep the deck? Just don't drop it when you need to restore your stash
Step 3: The 24-word seed will be transferred to a hardware wallet, where I'll deposit a small amount of funds as a honeypot. This will alert me if someone manages to get their hands on my seed. Then, I'll add a passphrase using the second password and transfer the lion's share of my funds there.
That means, each time you want to make a transaction, you'll have to remember 20 words (or browse through a book) and
type 20 words into your hardware wallet using 2 tiny buttons. How long does that take? If you make it
that complicated, why not just go for a BIP38 encrypted private key that you'll use offline and air-gapped?
Now, for the worst-case scenarios:
Memory lapse: The marked book serves as my cheat sheet. If I can't even remember which book I used, well, that's probably dementia and at that point, I guess my wallet will be the least of my worries.
The human memory is a funny thing. I wouldn't rely on it entirely, I've remembered useless things and forgotten more important things. It happens.
House fire: Should my home pull a spontaneous BBQ act, I can retrieve my encrypted seed phrase from the cloud, and the passwords can be found either from my memory or from the book's doppelgänger.
If you remember your cloud passwords, it's probably not very strong
Theft: I doubt that any burglar moonlighting as a literary critic will decipher the marked book and connect it with my seed phrase. In a worst-case scenario, they might just stumble upon the honeypot and stop there.
Granted: this sounds quote burglar-proof. But it's tipping far too much into the "losing access by yourself" end of the deal for my liking.
Cloud account hacking: Even if a hacker manages to breach my cloud accounts, they'd still need to crack two robust passwords to access my seed phrase. They might just call it a day after draining the honeypot.
This stands or falls with the encryption you use.
$5 wrench attack: In such a case, I'd lead the attacker to the honeypot. If they still insist on more, I guess there isn't much more I can do.
I wouldn't expect a $5 wrench attack to be random. If it's targeted, they'll know what they're looking for.
I look forward to hearing your thoughts on my plan. Thank you for your time and insight!
TL;DR:
KISS.
