Carl Cryptohound is asking, "Is it safe to
use KeePass or some other password manager
LastPass, One Password, etc to store a mnemonic
phrase?"
And the question is, "Is this a mnemonic phrase
for a hot wallet or a cold wallet?"
Because that's the immediate follow up question.
If it's for a hot wallet, yes.
Absolutely.
Perfectly fine.
Because the security of your password manager
should better than a generic operating system
and buggy application that you've stored that
same mnemonic phrase in whatever device you
have the hot wallet on.
Otherwise, if your password manager wasn't
more secure than that then what's the point
of having a password manager in the first
place?
So from a risk perspective, relative risk
between the two is fine.
Cold storage?
Absolutely not.
I would never store a mnemonic phrase for
a cold storage wallet on a password manager,
that is by definition, an online device.
Why would I not store it?
Because I don't trust keyboards, keyboard
drivers, the operating system, I don't trust
that there's no trojan sitting between.
I don't trust all the things that I would
need in order to put that seed into my device.
I also don't trust the screen, and the fact
that it's very easy with a trojan to just
take screenshots whenever specific applications
show up.
What more obvious thing to do or more obvious
thing can you imagine than taking a screenshot
every time a password manager window pops
up!
I would certainly set that up in my trojan
if I was writing one.
From that perspective, I wouldn't trust the
input into the password manager or the ability
to read it back securely without someone else
getting into it first.
In general, when I'm talking about cold storage
seeds, mnemonic phrases these mnemonic phrases
have never been typed into a computer.
They have never been displayed on a screen
that is not the purpose made screen of the
hardware wallet.
They have most certainly never been typed
in sequence, even if I've done a recovery
with them, in which case they're typed in
a random sequence interspersed with decoy
words.
All of these techniques ensure that they never
go online.
And so no, I wouldn't use a password manager
for that purpose.
Thank you for supporting my work. Learn more at aantonop.com
