-
Notifications
You must be signed in to change notification settings - Fork 0
Security Considerations
Dennis Decoene edited this page Dec 28, 2024
·
1 revision
This document outlines critical security considerations when using Semantic Seed to generate cryptocurrency wallet seed phrases. Following these guidelines is essential to maintain the security of your digital assets.
- Always Generate Offline: Generate seed phrases only on air-gapped computers that have never and will never connect to the internet
- Clean System: Use a fresh operating system installation if possible
- No Network: Ensure all network interfaces (WiFi, Bluetooth, Ethernet) are physically disabled or removed
- No Peripherals: Remove all unnecessary USB devices and peripherals
- Private Location: Generate seed phrases in a private location away from cameras and other people
- Cover Cameras: Cover all cameras on devices in the vicinity
- Clean Desk: Ensure no recording devices, phones, or smart devices are present
- Paper Notes: If writing down the seed phrase, use fresh paper from a new pad to avoid imprinting
- No Screenshots: Never take screenshots of seed phrases
- No Digital Storage: Don't save seed phrases in digital format (documents, photos, password managers)
- Secure Deletion: Clear browser data and any temporary files after use
- Memory Clearing: Close the application and restart the computer after generating phrases
The application includes an optional online wallet checker feature that should be used with extreme caution:
- Security Risk: Using this feature compromises the air-gap security principle
- IP Exposure: Your IP address will be exposed to the Bitcoin network
- Address Leakage: Generated addresses become linked to your IP address
- Recommendation: Avoid using this feature on seed phrases you intend to use for real wallets
- Testing Only: Use only for educational purposes or testing with small amounts
- Don't Use Personal Words: Avoid selecting word categories that might create phrases related to your personal life
- Random Generation: Always use the built-in random generator, don't manually select specific words
- Equal Security: While phrases are more memorable, they maintain the same cryptographic security as random phrases
- No Personal Variations: Don't modify generated phrases to make them more meaningful to you
- Word Count: Ensure your structure contains exactly 12 or 24 words for valid BIP39 phrases
- Templates Available: Pre-built templates are provided for convenience but are optional
- Custom Structures: When building custom structures, ensure you maintain the required word count
- Category Selection: Choose categories that will result in sensible, memorable sentences
- No Shortcuts: Don't reduce the word count even if the sentence seems complete with fewer words
- Disconnect all network cables
- Disable WiFi and Bluetooth
- Boot from a clean operating system if possible
- Clear browser data and close unnecessary applications
- Verify you're in a private location
- Use the official release version of the tool
- Verify the checksum of the downloaded files
- Don't modify the generated phrases
- Don't use personal information in the process
- Generate multiple phrases and carefully choose one
- Clear browser data
- Close all applications
- Restart the computer
- Securely store the seed phrase (see Storage Recommendations)
- Use high-quality stainless steel storage solutions
- Consider redundant storage in multiple secure locations
- Use tamper-evident seals and containers
- Consider breaking the phrase into multiple parts stored separately
- Digital storage of any kind
- Cloud services or password managers
- Taking photos of written phrases
- Storing all words in one location
- Storing obvious recovery instructions with the phrase
- Create multiple backups using different methods
- Store backups in different physical locations
- Consider geographical distribution
- Use safety deposit boxes or other secure storage
- Document recovery procedures for heirs
- Use legal services for inheritance planning
- Consider multi-signature setups
- Create clear but secure instructions
- Network surveillance
- Physical surveillance
- Malware and keyloggers
- Social engineering
- Physical theft
- Supply chain attacks
- Air-gapped operation
- Clean operating system
- Physical security measures
- Proper storage procedures
- Regular security audits
- Limited access and knowledge sharing
- BIP39 seed phrases maintain full entropy regardless of sentence structure
- Word selection remains cryptographically secure
- Sentence templates don't reduce security
- Semantic meaning doesn't affect cryptographic properties
- All generated phrases are valid BIP39 seeds
- Word selection comes from official BIP39 wordlist
- Checksum verification is maintained
- Sentence structure doesn't affect validity
If you discover a security vulnerability in Semantic Seed:
- DO NOT create a public GitHub issue
- Email the security team directly at [security email]
- Include detailed information about the vulnerability
- Provide steps to reproduce if possible
- Allow time for the team to respond and address the issue
- Always verify the integrity of downloaded files
- Check GitHub releases for the latest secure version
- Verify security notices and announcements
- Follow the project's security advisories
Remember: The security of your cryptocurrency depends on the security of your seed phrase. When in doubt, err on the side of caution and take additional security measures.