Secure Seed Management#
This guide will lead you through the basics of wallet and seed management. It doesn’t matter if you use Sia, or Bitcoin or anything else. This guide will help you to do it securely.
Not your keys, not your coins#
Managing your keys is extremely important, and many people don’t take it as seriously as they should. I’m not saying this to scare you, but in the crypto-world, for decentralized blockchains there is nothing like ownership based on your identity and there is no number you can call to ask for access or refund. You have absolute power over “your” assets, but also absolute responsibility.
The private key, in the world of Sia called a seed is a unique sequence of words that is used to generate wallet addresses and process the transactions of your wallet. Every single seed
lets you manage exactly one wallet (1:1 relation) and every wallet lets you create many wallet addresses (1:many relation).
You’ve maybe heard it – “not your keys, not your coins.” It’s best known in reference to exchanges that effectively manage the keys for you. It’s like giving someone else your wallet and asking them when you can use your money. Sometimes they’ll be around, sometimes they won’t. Nothing is safer than holding your own coins and being the only one with the seed. All you need is to make sure it survives the most common disaster scenarios like computer failure, physical loss of the paper you wrote it on, mistakes in writing it down or even your own death. The last one is most tricky.
Wondering why you cannot see your recent transactions? That’s because there is no centralized server to ask. When you load your wallet from the seed, Sia-UI scans entire blockchain (transaction by transaction) and every transaction matching your seed’s signature is remembered locally on your computer and used to count your current balance as a sum of all incoming and outgoing transactions. This also explains why you need to wait until you are 100% synchronized (especially if you made some transaction recently), because only then your local copy of the blockchain knows all transactions to show you correct current balance.
By now, it should be crystal clear to you that protection of your seed is your own responsibility and no one else should do this for you. But no worries, it’s not as hard and scary as it sounds. The only reason to worry is if you ignore this advice.
Preserving your seed#
So how do you keep a string of words safe? You have many options like writing it down on paper, embossing it into metal, putting it in your last will and let a legal firm protect it, or other ways. You can even split it into several pieces or combinations where you might need any two of three, but that depends on you and what risks you can live with. Each has pros and cons, but I’m going to share with you a method I personally find quite good and requires low effort for a vast majority of users. After all, simplicity is the ultimate form of sophistication.
So, how do you store your seeds, keys, passwords or even important files and documents?
- Obtain a
password manager
that lets you have a local encrypted database protected by a custom password. In this example we will use KeePass. It is free, open source, easy to use and has several implementations available for each platform. I personally use KeePassX on MacOS, but you can use any other implementation or even a different password manager that lets you use an encrypted database protected by password. - Create
master password
. You can come up with your own password, but the most secure method of doing so is to draw from a large list of words that might not normally be in your vocabulary. Longer passwords are inherently more secure, and using random words instead of ones you pick reduces the likelihood that it could be brute forced.
One password to rule them all#
The point of the master password
is to create a security layer and a place where you can keep your most important data. The longer a password is, the better. There are a variety of password strength checkers online, and each of them will return different results, but an easy to remember password consisting of multiple words without any special characters is stronger than a hard to remember password consisting of multiple numbers and symbols.
In this case I suggest to use it only for the most sensitive information that you won’t access a lot (like your Sia seed), but if you want to use it for other data too, just repeat the process and create a second password and database.
- Find a list of words like this one where you can see numbers and words. Don’t use any automated generator or even random number generator in the process we describe below. Just find a physical 6-sided dice and stick with it. If you have five of them, it will be faster, but you can do the same just with one. Then take a paper and a pen and start rolling your dice to create a truly random sequence of five numbers. If you roll this as your first sequence — 1, 1, 1, 1, 2 — your word would be “abdomen”. Repeat this 7–9 times depending on how many words you want to have in your password. You can also read more details about coming with random numbers in this article on the Sia blog.
- Pair each sequence with a word from the list. Let’s say your words are: monastery sudoku zombie bucket amazingly amount debate (sorry if it’s someone password). You can memorize it like this if you want, or you can include non-random words and even replace some to create a long secure phrase, but easy to remember. Like: “amount of zombies with buckets debate amazingly in sudoku monastery”. It’s like creating a random set of words and then putting it together in some kind of absurd story you can very easily memorize. xkcd had a great comic on this topic.
- You can write it on paper and repeat. Once confident you remember it, destroy the paper or emboss it into some durable and water/fire/physical damage resistant material (here is excellent stress test by Jameson Lopp) and hide while letting only your closest ones to know where to find it (preferably in a fireproof safe). It should take you about three minutes to memorize it and it’s good practice to repeat if every few hours, then days until you are 100% sure. Share this master password and its location only with someone you absolutely trust, someone who should be able to find it if something happened to you.
- Open your password manager (I use KeePassX) and create a new database protected by your master password. Remember, this will be the only place where you will ever enter your master password. If you want to increase security even further, run this on computer that will never get connected to the internet.
- Once you get the database file created, add any information you want to protect. Seeds and private keys, exchange credentials, wallet files or other information you rarely access, but let you control your assets. You can also write instructions and notes for yourself, or even for those who would read it in case you couldn’t, so the assets wouldn’t be lost permanently and continue to hands of other family members for example. You can even leave advice on how to make sure that it will get passed properly to further generations. These notes can contain information about your contracts and other assets, for example if you are mining. You can hide all of this behind one super secure password. Kind of a digital last will.
- Now that your database is ready, you should create a backup. If you run it on a computer without internet, make backups on flash drives or local network drives. You can use a timestamp for these backups to know when they were made (I usually never delete older versions, keep them all as there is nothing bad in having it multiple times, but only recent ones contain everything), so the database can be named liked “KeePass_31_12_18”. If you run it on a computer with an internet connection, you can even use some service like iCloud or Google Drive to have it automatically backed up in cloud (linked to your identity and belonging to you which makes it easier for you to get to it from anywhere if needed). Just one warning, if you are unable or worried to keep your computer protected from crypto-viruses, keyloggers and remote-control and you have a significant amount of money in crypto, think about using a separate machine for this that will never connect to internet. Better be safe than sorry, because if anyone gets to both your database and the password, you have a problem.
So… now you are able to save important data without worries and always be able to recover them (even remotely if you had to run away with empty hands and only your master password in your head). And (optionally) you instructed your close ones where they can find the database (drives or cloud) and master password (locked in place that noone can get to without you noticing). Be careful who you give these information to, but this is the kind of stuff you would want included in your last will if you want to make sure someone gets to it while you are alive — the location of databases and where to find the password.
Now, fully aware of what this all means and being all set, we are finally ready to begin with Sia-UI or other wallet app – see our Siacoin Wallets guide.
Written by: Danger & Covalent, Last Edit: October 29, 2021