This represents a genuine cold storage wallet, designed to safeguard your cryptocurrencies with the utmost security. Utilizing this system eliminates the vulnerability of potential hacking associated with 'hot' crypto wallets, the risk of malicious backdoors being embedded within software wallets, and the peril of losing physical devices like Tangem or Ledger, or exposing them to potential damage due to accidents.
With this solution, your wallet addresses remain exclusively accessible within the ledger and blockchain, while you retain an unlimited supply of cryptographic keys stored securely within your memory. This not only guards against the event of your home succumbing to a fire or your computer falling victim to compromise, but it also ensures the preservation of your valuable crypto assets.
How can one generate an endless number of seed phrases while utilizing a straightforward recovery system? This utility caters to individuals seeking a secure method for safeguarding their cryptocurrencies without the necessity of accessing them online. The assurance of reproducibility is guaranteed owing to the inherent mathematical constancy of the generated output.
For the setup you will need
β’ BIP30 tool: https://github.com/iancoleman/bip39/releases
β’ CyberChef: https://gchq.github.io/CyberChef/
β’ Live Linux: Fedora ( https://fedoraproject.org/workstation/download ) , Ubuntu, Debian, Kali or similar.
β’ A crypto wallet, available on Linux, such as OneKey ( https://www.onekey.so/ )
-
Create a live USB drive and boot your computer from it.
-
Connect to the Internet. In the software depository search for crypto wallet and install the wallet you need. For instance, if you use only BTC, just install Electrum. Otherwise, you can use OneKey wallet for multiple currencies.
-
go to Ian Coleman BIP39 and download the repository.
-
go to CyberChef and download the repository.
Check now that you have downloaded 1) wallet 2) BIP39 tool 3) CyberChef
!!! YOU CAN ALSO DOWNLOAD ONTO THE SECOND USB DRIVE ALL THESE FILES (point above 2, 3 and 4) ONTO YOUR REGULAR MACHINE, INCLUDING THE WALLET APP, AND BY DOING THIS YOU NEVER CONNECT TO THE INTERNET WHEN USING LIVE MACHINE. !!!
Warning
π΄ From now you will DISCONNECT from the internet. You will NEVER connect it again during this session. The safest way to ensure that you are completely offline is to both a) disconnect your computer from the network and b) TURN OFF YOUR NETWORK ROUTER/MODEM. π΄
We must generate seed entropy, and to accomplish this, we will employ CyberChef.
You are tasked with establishing a reproducible system, one that you can execute multiple times. The system should be something familiar to you but undisclosed to others. During this phase of the procedure, it is imperative that you meticulously write your chosen system onto paper by hand. Upon the completion of the wallet creation, the paper containing your system should be securely incinerated.
The system can use some known to you ideas for implementation such as:
β’ a book, you like the most.
β’ ISBN numbers of your top 3 books.
β’ phone numbers of your family members,
β’ chemical formulas
β’ engine numbers of Mercedes E class
β’ MIDI numbers of a musical piece.
Below will use a book to create 3 hashes, flush it through AES encryption, and make one numbered final hash.
We will use New King James Bible of 1611 to create our first seed entropy.
Warning
π΄ Please, do not use the same book. It is possible that it can be used by quantum computers in the future. Use an obscure book you like. Be very careful that you don't make any typo. Try the system twice: once following this tutorial, and once making your own seeds. π΄
Open CyberChef twice in two separate tabs or windows.
Under Hashing find Keccak and add to the βRecipeβ.
Choose size 256.
In the input window enter the first phrase of the Genesis 1:1:
In the beginning God created the heaven and the earth.
Warning
π΄ WARNING: The entered text must be completely identical. Nothing now can be approximate. A text without period dot is not the same as with dot. A text with an extra space on the end is not the same as without an extra space. The computer reads all information. So "earth" is not same as "Earth". It must be 100% identical input. Even a small difference gives you a totally different output. π΄
Click then on "copy to clipboard":
Go to new CyberChef window and under section Encryption find and insert a new recipe AES Encrypt
Make sure that it is CBC mode and all selected are HEX:
Now, paste the copied text
950b5cfa2facafab5c5bb71b86856832be322262e69eb4025fc170b58aeed2b8
from the previous window into the input window:
Now, go to the first CyberChef window and instead of the Genesis 1:1 enter content of 1:2:
And the earth was without form, and void; and darkness was upon the face of the deep. And the Spirit of God moved upon the face of the waters.
Copy the output
bf8cfd392cbce445e528c00028f62ffe59b2de4b23b9d6a17759383e7d5bcec9
and paste it into the second CyberChef window as key:
Now go to the first CyberChef window and insert Genesis 1:3:
And God said, Let there be light: and there was light.
Copy the text from the output again 8bc6485b22aeda0ea18c2695d64ee1831a610da3afef78e98f77340b471919f9 and insert it into the second CyberChef window into IV:
Finally you will get the following result in the output bef75166f4633c8dc060b26871cd2b74803ae2bbfa25869fed14932a4e36d8e6b3b7ab0317574388be127d3bc7615a19
In order to make an infinite number of the seeds (thus also wallets) we will flush it with MD2 hash with numbering ("rounds" or "passes"), before the AES encryption. Under "hashes" find MD2 and drop it before AES Encrypt:
Change number 18 into number 1 (but you can start with another as the #1 wallet, for instance year of your birth, in that case type 1980 or so, but here the example shows "1"):
So this will be used to generate our FIRST seed, or the first wallet. The final output looks like this: 86793e0d01c7169f8e0be36f0d1f01eba783d53368ad2ed921449997db6c154d
_In CyberChef we have created a long string of numbers and letters called a hex string. We will use it to create our seed.
_
Copy the output from CyberChef second window 86793e0d01c7169f8e0be36f0d1f01eba783d53368ad2ed921449997db6c154d and go to Ian Coleman BIP39 tool page.
Click on Generate to initialize (don't worry it stays 15 words):
Now, click on Show entropy details
When ckecked, a new field above called entropy will open. Select the text inside of the field and delete it. Next, paste the text you copied from CyberChef 86793e0d01c7169f8e0be36f0d1f01eba783d53368ad2ed921449997db6c154d:
IMPORTANT: Select 24 words as mnemonic length (or 12 if you prefer, here 24):
Finally we have got our 24 word mnemonic phrase:
The phrase is: accident angry rent manage fade foot sudden beauty parade deal maple among learn affair plug slim high depth urge swarm swallow lazy camera gain This is your seed for the Wallet #1.
Now we can proceed to get information about our incoming addresses, the Bitcoin is already selected. Be sure that you use BIP44 derivation path:
The Bitcoin is automatically selected, here is the address. Remember, do not change any other settings. Your first address (0, i.e. zero) is the correct first receiving address:
Your BTC address is:
1NWS1jfrtLSY2YwjNnLmWZkmtM2awuVeCY
For other coins select the desired coin:
Ripple/XRP:
Ripple XRP address is:
rQBWfyvfh1kMi5DFAdebUHKhTbWeEwpyin
Ethereum:
Ethereum ETH (and other L2 addresses) is:
0x5CCE7e6A7d2110B6ca93Ae572CDf173AfFFe0C36
We will use OneKey to import our seed and see if we get the same addresses.
Warning
π΄ REMEMBER: keep the computer offline all the time. π΄
Open OneKey, start by importing a wallet using the seed:
And paste the seed you have generated in BIP39 tool:
accident angry rent manage fade foot sudden beauty parade deal maple among learn affair plug slim high depth urge swarm swallow lazy camera gain
Click on Ethereum (here I am using online computer therefore the green dot. Because you use the offline computer, it will not be green and the icons will be missing, that is OK) and generate new address:
Click on Receive to see the address:
Good! It is the same address as in the BIP39 generator.
Now check XRP. Click on the dropdown icon of the network and choose Ripple, and then Create account:
Again, click on Receive to see the receiving address:
Good! It is the same address as in the BIP39 generator.
Now let us do the same with Bitcoin.
Choose: Legacy. Click again on "Receive" to see the address:
Good! It is the same address as in the BIP39 generator.
Now, if you want to use a newer type of the Bitcoin address, select NATIVE SEGWIT.
Click on the wallet dropdown:
Click on +:
Click on add account:
Choose Native Segwit, and click on the Receiving address:
Well, this is an unknown address. How it can happen?
Go to your BIP39 generator.
Instead of BIP44 use BIP84 as the Derivation path:
Well, this is the same address as in the OneKey wallet, so everything is good!!
- BTC uses BIP84 nowadays and you should use it as well.
- All other coins use BIP44. Please check Coinomi's tool (fork of the Ian Coleman's BIP39 generator) for missing coins. Search for it.
- Every coin wallet starts with derivation path that is 0 (zero). It is the FIRST wallet. You should use that address, but for the privacy reasons using a wallet "online", you can increase your privacy by using other addresses from the same wallet seed. However HERE WE WILL USE ONLY THE FIRST, because it will be our cold storage, and you don't need any privacy for that reason.
- Some networks still don't have import function (Hedera's HBAR), so you cannot use your own seed, unfortunately.
- Some coins are not available in BIP39 tool (Quant or Kaspa). Still you can use your 24-word seed phrase to create wallets for these coins in their respective wallets. In order to do it you need to use a separate wallet app just for these coins. However, be sure that you should always enter your seed into an offline device to get the receive address and afterwards you will wipe the device without one second connected on the Interntet. For that purpose you can use numbered wallets for different coins. Read below now Step 4!
After you have got the receiving addresses for your crypto, and confirmed in the wallet they exist, try to repeat the same process once again. I will lead you through this process.
- Reboot.
- Boot to Linux Live
- Go and download: wallet app (OneKey), CyberChef and BIP39 generator.
- Go offline.
- Repeat the process of getting the entropy for your seed, from your favorite poet:
- Generate three Keccak hashes (HEX hashes), 256 size of the three verses. The longer the text - the better.
- Create flow of AES encryption using CBC mode, the first hash above goes as the input, second as Key, third as IV.
- Check everything is HEX.
- add MD2 with "round 1" before the AES encryption.
- This output copy and go to BIP39 tool.
- click Generate to initialize
- click on "Show entropy details"
- delete the current Entropy and paste your HEX from the CyberChef.
- Choose 24 words length.
- Verify that you have got the same seed.
- If verification gives the same seed - you have succeeded!
- Try again to import into OneKey the same seed. Check and verify if the addresses are the same.
- π If yes, you can proceed by importing the receiving addresses into your phone. Just scan the receiving addresses in order to import in your phone wallet as WATCH ONLY. π
- Reboot normally.
- You can send a small amount of your crypto to the new address. Check on the chain explorer if it is present (visible as received). Pay attention that it is the correct address you watch.
- Repeat once again the process from 1.-11. and pay attention to the final receiving address. Is it the same? If yes, than good! Now you can send all your cryptos to the new addresses.
Finally, Our system looks like this:
You can use the tool above to create your first wallet (seed). But maybe in 10 years, you will become rich and want to move your coins somewhere, or split to multiple wallets or similar. Once your wallet #1 is exposed online, it can be compromised. For that purpose you will use again a brand new Linux Live, you will create the new seed #2 and new wallet address #2.
For that purpose you will do exactly the same as above: creating it OFFLINE.
And you will choose 2 as rounds in MD2:
This gives us a new entropy:
88faec756a149c734f59e8e216ccfbe9bccc3bf5790c86b4c61306bcadb3f331
And it gives us a new seed:
fit basic slender engine mechanic amazing easily welcome rack flock bridge occur finish space little limb prison devote harsh enact lizard mechanic swallow love
This wallet will be your new receiving address (Native SEGWIT):
bc1qmnhyhl38tf3rcljt6k70t39wmytel2fvwchz2m
So, if you have 100 BTC, and you want to move to an Exchange 10, and keep 90, do the following:
- move 90 to your wallet #2 and
- 10 to the Exchange.
So your wallet #1 will be now empty, and wallet #2 (never been online) with funds. Basically all wallets with funds will never go online. Once you wish to take it online, it is done:
a) on a brand new system, b) using a trusted app wallet, c) you will move your funds always to the next offline wallet.
Basically, you can right now create all wallet addresses and give them names.
- Wallet #1: bc1q8vye7d7s46qwuvaxzgjem2yufj6n4vax8w6s0t
- Wallet #2: bc1qmnhyhl38tf3rcljt6k70t39wmytel2fvwchz2m
- Wallet #3: bc1qhkk0xn42yjya5rf4zkn8xfrtg7crjv4sjzcmdk
- Wallet #4: bc1qchn4w2j2xk3wzpc4ars48tg9qnurvpwcfehn9a
- Wallet #5: bc1qhdtnvsxzckczpfv04yl9w6e6228fz552dtfr6t
- ...etc.
Now you have the list of all receiving addresses and you can use it in this order.
Warning
π΄ **Caution: It is imperative that you maintain the confidentiality and security of these incoming addresses. If your large funds are known, you might be attacked. Employ KeePass database or an encrypted text file, protected by a PGP key, to safeguard these addresses. While it may not pose an insurmountable issue if these encrypted files are lost, recreating them can be an arduous undertaking, particularly if it necessitates the repetitive booting into a Linux environment and executing the entire process. π΄
Act prudently by securing these addresses without delay, as this will enable you to effortlessly enter them into exchanges using a copy-paste method when acquiring your cryptocurrencies, facilitating their subsequent transfer to your cold storage wallets.
In order to replicate your actions consistently, it is imperative to retain a detailed recollection of your previous steps. It is advised against storing your system in an accessible manner, especially on digital devices such as computers or phones.
Instead, commit your system to paper, preferably within the pages of a physical book, such as a handwritten cookbook, where it can be subtly concealed amidst unrelated content. Employ cryptic references, including terms like 'Keccak 256,' 'AES,' and 'MD2 1...,' making it less conspicuous and challenging for any observer to discern its significance.
To ensure the permanence of your system, periodically engage in the practice of reiterating the process, thus reinforcing your memory.
Use always AES encryption + various hashes. Never use "only hash" to generate the entropy. Remember, in 10-20 years maybe we will have quantum computers, these will be able to check hashes of every single word or combination in all available books. So be smart.
As an idea, instead of three verses that generate three hashes, you can use following inputs:
- Use three ISBN numbers of exact edition of your top three books. This could be: ISBN 978-3828-4757-43-85, or similar.
- three phone numbers of your family, incl. international call (example: +44578439574389)
- Use three chemical formulas such as: (CH3)3CH, C12H16N2 or so for each of three hashes.
- three engine types of your beloved Mercedes cars such as: M260 E20 DE LA, M282 DE14 or similar
- The first 30 notes in a three-part fugue, each voice is the separate input, such as: 64,67,61,62,66,63,63,62,68,69,65,63,63,62,68,69,65,64,67,61 for voice 1 and so on for voice 2 and 3.
So be creative, but not too creative, otherwise you will forget it! You can use something like mathematical formulas with various lengths such as "pi^13.55". Remember: you should be able to remember it!
"But in 10 or 20 years these sites will maybe not work!"
Don't worry. Everything is the math. Creating Keccak 256 hash of a text string will always give the same hash string result even in other programs or tools. It is a mathematical principle that gives you the same result. It is the same with AES encryption. It will be same in forever. And it is the same with the seed. Everything is the math.
So, REMEMBER: you will be able to recreate the wallet using exact the same steps, even without CyberChef or BIP39 site above.
If you think this was useful, I will be grateful for any donation, thank you, my unknown friend!
Bitcoin:
bc1qhnudrj5jlkrak5lv57wpt9txq7ys4u8xukk0qk
XRP:
r4DZi6GoQGe4YWL9kgX6QEavcktuoN7XF7
Kaspa:
kaspa:qqcs4ytttqw0c6047sycjrw2k0wzre8kcarydsm7et0ptsnhgp26vssx2v05w
ETH /MATIC /Avalance /XDC:
0xE13Bbb95f56e4832de7C2DB968C2dbCFf6ca5fB6
Solana:
2VZ8a2nGa9T69hERERbSn4PPr3xcgr7nynX1Buy2pxxg
Hedera:
0.0.3495787
Monero:
488zAEiixaVJdLDyCqNLFaPzuwybmzbAXaSme1EoUBFAKPLZ6vRQiJpLWGr1tyBH5eXvDHVqcdebvWf998n5722EV7SfSeW
Dogecoin:
DCnsHRu71kVuNijE9pULRhifayooP9hRqP