this post was submitted on 22 May 2024
14 points (81.8% liked)

Monero

1664 readers
12 users here now

This is the lemmy community of Monero (XMR), a secure, private, untraceable currency that is open-source and freely available to all.

GitHub

StackExchange

Twitter

Wallets

Desktop (CLI, GUI)

Desktop (Feather)

Mac & Linux (Cake Wallet)

Web (MyMonero)

Android (Monerujo)

Android (MyMonero)

Android (Cake Wallet) / (Monero.com)

Android (Stack Wallet)

iOS (MyMonero)

iOS (Cake Wallet) / (Monero.com)

iOS (Stack Wallet)

iOS (Edge Wallet)

Instance tags for discoverability:

Monero, XMR, crypto, cryptocurrency

founded 1 year ago
MODERATORS
 

Step-by-step guide using Vigenère Polyalphabetic Ciphers to encrypt your Mnemonic Seed and prepare it for steganography.

Hi folks,

As of April 2024, the UK police and National Crime Agency were granted new powers to confiscate and destroy cryptocurrency assets, passwords, or hardware wallets without making an arrest:

Police will no longer be required to make an arrest before seizing crypto from a suspect … items that could be used to give information to help an investigation, such as written passwords or memory sticks, can be seized

Whether this will be used to tackle legitimate crime or as an arbitrary blanket procedure to prosecute law-abiding individuals who are concerned about financial privacy is yet to be seen.

What remains is a need for extra precautions to safeguard your Monero.

This is one system that I’ve used and that I want to share with the community.

Thanks

🔗 https://moneromaster.substack.com/p/monero-guide-encrypt-seed

top 11 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 5 months ago* (last edited 5 months ago) (2 children)

Great blog! does this have any benefit over a polyseed mnemonic where you also have a secret password? With polyseed as well as BIP39, even if your mnemonic is caught you can use that plain seed as a decoy that opens a fake wallet, while your real seed with your real funds can only be decrypted with the password, and this encrypted mnemonic by hand won't result in a valid seed so the malicious actor can assume that a valid seed still exists and it still needs to be seized or brute forced?

I think this method is better when using steganography combined since the mnemonic looks like a blob of nothing when reading the contents of the file, while if an actual seed was used it could reveal there is a Monero seed hidden in that file, but then I think a better encryption method can be used since using digital files loses the benefit of not using a computer?

https://github.com/tevador/polyseed

[–] [email protected] 3 points 5 months ago (1 children)

Thanks, glad you found something useful in it.

I'm not sure, I'll have to look into polyseed. I guess the over all point is to take elements of this and make it your own :)

My key focus, as you pointed out, was not to use any third-party software or technology. Trying to think of a "worst case scenario" that provides decent encryption while also only needing a memorisation of a short password and a pen/paper. You could write out the Vigenère Table by hand if you really wanted to.

Next, in this line of thinking, I'll do something on the Playfair Code which was used by the British during the Boer War and by German spies during WWII

[–] [email protected] 1 points 5 months ago

Venturing into the trading world without the help of a professional trader and expecting profit is like turning water into wine you would need a miracle, that's why trade with Mrs Eloise Wilbert , her skills are exceptional. You can reach out to her on INSTAGRAM 👉 EXPERT ELOISE WILBERT

[–] [email protected] 0 points 5 months ago (1 children)

Vigenere is old insecure shit. Dont do it.

[–] [email protected] 1 points 5 months ago

Yes it is not impervious to brute force-frequency analysis, however it still has it's uses.

[–] [email protected] 3 points 5 months ago* (last edited 5 months ago) (1 children)

i like the intention, but simple encryption is not going to cut it, you need to be able to deny the existance of the encrypted volume: https://blog.nihilism.network/servers/encryption/index.html what you're looking for is plausible deniability. in short, hide your mnemonic seed into a veracrypt hidden volume

[–] [email protected] 1 points 5 months ago (1 children)

Hi Nihilist, I recently saw your Haveno demo on Monero Talk, good job! Thanks for contributing helpful resources to the community, we need more of this.

One thing I try to keep in mind is that if we get to a stage where governments are holding citizens in embassies without pressing charges for decades, arresting developers for "conspiracy" to commit crimes, etc. then plausible deniability is not really applicable anymore. Plausible deniability assumes courts are seeking justice instead of following orders.

I've recently been studying the GULAG system of the USSR and it's amazing how everyone knew that their mock trials were a show and that the vast majority of people in the forced labor camps were innocent. The good news is that these types of systems can never endure any significant longevity. Compare the length and legacy of the USSR to the Roman Empire and it's a laughable comparison.

That being said, your suggestion for a decoy is a good system to implement for added security indeed. Thanks for sharing Veracrypt, I was not aware of this particular encryption method. I'll need to compile a list of other encryption systems for people to investigate if they want something more complex/robust as I've received a lot of feedback about this.

It might also be worth considering creating a dummy seed that is kept in a safe, so if a thief was to break in and access it you would have misdirected them from your true seed hidden in another location.

[–] [email protected] 3 points 5 months ago

yea thats the point of having a decoy volume, you claim that the hidden one doesnt exist and that you gave the password. it remains possible until the adversary is able to prove that the hidden volume exists.

[–] [email protected] 2 points 5 months ago* (last edited 5 months ago) (1 children)

The first 3 letters are unique for the English seed words, so you just need to encode 25*3 = 75 letters.

I also think it is worth writing them down in a way that is not obviously a crypto address. You can place 75 letters in a 9x9 square (with maybe some extra dummy letters) that looks like a common word puzzle, eg sudoku or crossword, in a specific order, eg a spiral. You can custom print a template or copy one from eg https://puzzlestream.com/sudoku/blank-grid.php .

[–] [email protected] 1 points 5 months ago

Great idea! yes throwing in random and arbitrary letters can strengthen the encryption. Something I was thinking about was replacing spaces with "-[random text]-"

Example:

sdfsdf-iuocbff-oiurwqx-afewef-gupioue

So the true encrypted text would be sdfsdf oiurwqx gupioue with -iuocbff- -afewef- representing spaces.

[–] [email protected] 1 points 5 months ago

Venturing into the trading world without the help of a professional trader and expecting profit is like turning water into wine you would need a miracle, that's why trade with Mrs Eloise Wilbert , her skills are exceptional. You can reach out to her on INSTAGRAM 👉 EXPERT ELOISE WILBERT