About CryptoCoinBackup
Learn about our backup methods and if it's safe to use this site.
The backup methods
All backup methods can be used as a backup for software wallets (where the private keys are stored on your computer or phone), for hardware wallets (where the private keys are stored on a secure thumb-drive-sized device), or for cold storage. You cannot back up a cloud-hosted wallet (such as Coinbase), since you don't have access to the private keys.
Backups for personal use
(Backups that can be created and restored by one person)
Locked Backup
- Encrypt your secret information with a password
- Create a QR code from the encrypted text
- Store multiple printed copies of the QR code and save the encrypted text to the cloud
- Store a written copy of your password in a safe deposit box
Scatter Backup
- Create several shards from your secret information
- Print each shard as a QR code
- Have trusted friends/family keep your shards safe or store them in safe places
- Only a few of the shards are required to restore your backup
Comparison
| Locked Backup | Scatter Backup | |
|---|---|---|
| Amount of risk during backup procedure | ||
| Amount of risk during backup procedure | Lower—your backup is safe from theft right after your recovery phrase is encrypted at the beginning of the backup process | Higher—your backup isn't safe from theft until after your shards are printed and distributed to trusted friends or family |
| Storage requirements | ||
| Storage requirements | No special requirements—can be stored in plain sight | Requires either multiple secret storage locations or a large amount of trust in a multiple people |
| What you have to remember | ||
| What you have to remember | Requires remembering a password you won't often use | Requires remembering where your shards are stored, or who is holding them |
| Death/disability contingency plan | ||
| Death/disability contingency plan | Requires rental of a safe deposit box | Requires rental of a safe deposit box, or requires that your shard holders give their shards to your survivor |
Summary
If you have a reliable way to remember your decryption password, use a Locked Backup.
If you're bad at remembering passwords but have very secure storage locations or very trustworthy friends, use a Scatter Backup.
Backups for corporate/group use
(Backups that require multiple people to create and restore)
Multilock backup
- Encrypt your secret information with multiple passwords
- Create a QR code from the encrypted text
- Store multiple printed copies of the QR code in secure locations
- Only a few of the passwords are required to restore your backup
Vault Backup
- Generate a vault key, which is encrypted with multiple passwords
- Create a QR code from the encrypted vault key
- Only a few of the passwords are required to use the vault key
- Create many encrypted backups with the same vault key
- Create a QR code from each encrypted backup
- Store multiple printed copies of each backup QR code and the vault key QR code in secure locations
- You can restore your backups by decrypting them with the vault key
- When team members leave or new ones join, re-encrypt the vault key with a new set of passwords
Comparison
| Multilock Backup | Vault Backup | |
|---|---|---|
| Storage requirements | ||
| Storage requirements | Secure access-controlled storage locations recommended, but not required | Secure access-controlled storage locations recommended for backups and the vault key |
| Plan for when team members join/leave | ||
| Plan for when team members join/leave | Decrypt and re-encrypt all copies of each backup with a new set of passwords, and destroy the old copies | Re-encrypt the vault key with a new set of passwords, and destroy the old copies of the key |
Summary
If you plan on making only a few backups, use the Multilock Backup.
If you are going to make a large number of backups, or want the highest level of security, use the Vault Backup.
More about our zero-risk strategy
If you haven't already, read the basics about the zero-risk strategy on the home page.
More about zero risk of theft
Encryption
The Locked Backup, Multilock Backup, and Vault Backup methods use the AES-256 (CBC mode) symmetric encryption algorithm, which has long been trusted by security professionals and governments. If someone gains access to your encrypted backup, they can learn absolutely nothing about encrypted information without the decryption key or password used to encrypt the backup.
These backup methods also use scrypt to derive an encryption key from a password. Scrypt is a slow hashing algorithm which makes it completely unfeasible for attackers to find your decryption key by brute force.
Sharding
The Scatter backup, Multilock Backup, and Vault Backup methods use Shamir's secret sharing scheme, which has already been used by many in the cryptocurrency community and is built-in to some bitcoin wallet software (such as Armory). If someone has fewer than the required number of shards, they can learn absolutely nothing about the original sharded information.
More about zero risk of a corrupt backup
Data corruption
The lifespan of a USB stick or SSD is estimated at 10 years. DVDs potentially live longer, but are very vulnerable to scratches. Over long amounts of time, the data in digital storage degrades, and files become corrupt.
Hardware obsolescence
Floppy drives are rarely used anymore, and even traditional USB ports are disappearing in favor of USB-C. If you backup your wallet on a digital storage device, will you even have the hardware to read it when you need to restore your backup years from now?
The superiority of a printed QR code
Photo prints and pigment-based inkjet prints on archival paper are estimated to last several decades before the image starts to fade, and even a faded QR code can be scanned (or digitally enhanced to increase contrast, and then scanned). QR codes have built-in error correction; at most, 30% of the QR code could be dirty, damaged, or destroyed and the QR code will remain readable. The only piece of hardware that a QR code relies on is a camera.
More about zero risk of third-party failure
We've set up several independent locations on "code playground" websites where you can easily restore your backup. While it is possible for these websites to shut down, it's very unlikely that all of them plus cryptocoinbackup.com will be unavailable when you need to restore your backup. If you don't want to rely on the availability of any website, you may download the restore tools from this site and keep them on your computer.
Proprietary software can become unavailable at the whim (or bankruptcy) of a company, but our backup methods only rely on open source algorithms which are well tested and have wide adoption..
More about zero risk of loss from disaster
If you store copies of your backup in different cities, you will still be able to recover your cryptocurrency even if your whole town is destroyed—your computer, your home, your bank, etc. The low cost of printing and mailing/transporting photos or pieces of paper makes distributing your backups very easy.
Storing your encrypted backup in the cloud decreases the security of your backup somewhat, but makes it much easier to access in any situation.
Our backup methods also include contingency plans in case of death or disability, so your loved ones or survivors can recover your cryptocurrency.
About this site's security
We don't even handle your sensitive information
This site sends no information to any server—all the code is browser-based.
This site saves none of your personal information to your computer.
This site uses no cookies.
We've made the site impenetrable to attack
This site uses no server-side scripting, and the server receives no input from the user.
The site loads no resources from other domains and no ads.
We don't even entirely trust the third-party code libraries we use—on the pages of the site, we've disabled the native browser functions that send and save data.
Even with all the security precautions we've taken, your device and network are still susceptible to attack, and there's nothing we can do about it. You may be targeted with DNS spoofing, SSL hijacking, keyloggers, or viruses. Follow the security guidelines on the other pages to mitigate the chances of theft of your sensitive information.