Securing mnemonic: split, or use password?

It seems like the recommendation for validator mnemonics is to just write them down (e.g., engraved on a metal card) and store them in a safe place. However, I am concerned about this “single point of failure” (e.g., bad guy robs my house and gets immediate access to withdrawing my stake). What is the typical solution to this? I am thinking either I can split the words in the mnemonic (e.g., 12 stored physically and 12 stored in a password manager), or use a mnemonic password (memorized and/or stored in a password manager). That way, it would require a breakdown of security in two separate places for things to be compromised. The password option also gives an additional possibility of a “decoy password” that points to a low-value account.


The mnemonic-password flag is supported by eth2-deposit-cli, but only for existing mnemonics. It seems like the use of this is discouraged. But I am not exactly sure why–it seems like a useful solution to me. Really appreciate any pointers here. Thanks!

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings


  1. Splitting into two sounds safe, given the math here:

    Another idea is to split into three pieces, where any two are needed to recombine: first 8 and last 8; first 16; last 16. I haven’t done the math to see how safe that is, though, against brute forcing. Intuitively I am thinking if 4 can be easily forced, and 12 can never, then 8 are too much to check, but my math intuition isn’t great.

    Edit: 8 words is 2^84 or 19 trillion trillion combinations (1.93e+25). At 143,000 combinations per second on a single GPU, this would take 4.3 trillion years. Okay yes this is safe. Please check my math!

    There’s also the idea to encode the phrase and then split the secret, that’s the NGrave idea.

  2. Splitting the words into two halves is a bad practice, from a cryptographic standpoint. Each half of the mnemonic is 2^132 (approx. 10^40) times easier to brute force than the original 24 word mnemonic.

    A more cryptographically “correct” way of doing this would to split the key into several keys using **Shamir’s Secret Sharing**. It’s complicated though and I have personally never bothered with it. But if you want to give it try, then [Trezor]( has support for SSS.

    A simpler method is to generate 2 mnemonics, convert them to binary, then `xor` the two binaries together, then convert the resulting binary back to a 3rd mnemonic, which you then use for staking. But here you are getting dangerously close to “roll your own cryptography” territory.

    Having said all that, “naive splitting” of the words is fine as long as you keep both halves offline. It’s very unlikely that a common burglar will have the recourse to brute force a key fragment.

    I would not place a naive split anywhere online though, like in a password manager.


Foundation Devices —Zach Herbert’s Crypto Con Artist Team Creeps into Bitcoin | by Fiach_Dubh | Coinmonks