Seed Security

Taken from https://nanocenter.fandom.com/wiki/Comprehensive_Nano_Wallet_Guide

What is a NANO seed?

A NANO seed is a 256-bit hexadecimal key, or 64 characters consisting of the letters A-F and the numbers 0-9

Your NANO seed is what allows you to store, send, and receive NANO from the NANO ecosystem. A secure seed is randomly generated by the wallet in most cases. Wallets use a good source of entropy for random seed generation, ensuring that no one will ever generate the same seed again. In fact, the odds of generating the same random seed is so difficult, that even if every supercomputer in the world was randomly computing NANO seeds for the entire age of the universe (roughly 13.7 billion years), these computers would still be unable to generate the same seed twice. There are more permutations of NANO seeds than there are atoms in the entire universe. In short, no one will ever be able to steal your funds by simply guessing your wallet seed if it is generated properly (never create your own seed without the help of a secure random hexadecimal key generator).

Storing your seed securely

If anyone obtains access to your seed they will have free access to the funds associated with your seed.

This point cannot be emphasized enough. By using your seed, anyone with access to the NANO network will be able to steal your funds. As a result, the most important part of maintaining your wallet is to store your seed in a way that it cannot be stolen by malicious software (a virus on your computer, perhaps) or by a malicious third party. Additionally, you must keep a reliable backup of the seed so that if you lose access to your wallet you can still access your funds elsewhere. As these points are so critical, they will be summarized again:

1. If you do not store your seed in a secure way, it can lead to all of your funds being stolen.

2. If you do not backup your seed in a secure way, you will lose your funds forever if you lose access to your wallet.

Seed Storage Essentials

When you open your NANO wallet software for the first time, it will prompt you to save your seed. So how do you store your seed in a safe and secure way? There is no single right answer (and you can definitely be creative), but there are best practices for seed storage:

  • Store your seed in an encrypted file. Password managers (such as KeyPass or LastPass) are popular for this. Make sure the password you use for this is strong, known only to you, and not used for any other purpose. Sharing passwords for your Gmail account and your encrypted seed file, for example, would allow a hacker to easily open your encrypted file if they determine your Gmail password and have access to the seed file.
  • Store your seed in multiple locations. This could be on paper in a safety deposit box and in an encrypted file on your computer. If your computer is destroyed, or your house burns down, will you lose your seed?
  • Practice good cybersecurity. Don’t visit dangerous or sketchy websites, use strong passwords for your websites, use different passwords for each website, and use anti-virus and anti-malware software. Be aware of phishing attempts that might ask for your seed, and never reveal it.

Common Seed Storage Mistakes

Be aware of the following guidelines to avoid accidentally compromising your seed:

1. Verify that your seed is correct after you have copied it to a secure file. If you mistype even one letter or number of the seed, the resulting public address will be incorrect. Always double check by re-inputting the seed into the wallet from your storage file before you send funds to that account.

2. Never take a screenshot or picture of the seed and use that image file for seed storage.

3. Don’t store your seed in a plain-text file without encryption.

4. Don’t write your seed on paper and store it in a single place. Will fire, water, or other disaster destroy the only access to your funds?

Advanced Storage Methods

When storing large amounts of NANO, the above security precautions are likely not enough. Although your seed is safely secured in the encrypted file, the seed is still exposed for the moment that you transfer it to the encrypted file, or out from the encrypted file. If your computer or mobile device is compromised during this moment, your seed could be revealed to a hacker. So how do you defend against this?

  • Use a cold wallet. Using this method, you create your wallet seed using a computer or device that never connects to the internet. You can then determine your public address using the wallet software and send the funds to that public address, where they will sit indefinitely in the “pending” state. When the funds need to be accessed (which requires an internet connection), the transaction can be signed on the offline computer and sent using an online computer. This method of sending NANO is for advanced users that understand how to sign transactions themselves, which is usually done automatically by the wallet, but ensures that your seed is never revealed to the online computer. If your cold wallet is only used one time, offline signing is not usually necessary as the funds will be permanently moved before the hacker could move them himself.
  • Use a hardware wallet. Currently, the only hardware wallet that supports nano is the Ledger Nano S. Hardware wallets store the seed on the wallet device itself, which is a small USB-sized device. Like a cold wallet, the seed is never revealed to the online computer, and sends/receives from the hardware wallet must be confirmed physically on the device itself, not the online computer, which will thwart any attempt by malicious software to misuse your funds. The hardware wallet has its own seed that must be securely saved in case the device is lost, stolen, or destroyed. This seed can be saved safely using an offline computer or paper wallet stored in a secure location.

You can read more about Nano’s seed and address properties at https://nanocenter.fandom.com/wiki/Comprehensive_Nano_Wallet_Guide