Frequently Asked Questions

Everything you need to know about Legacy Encryption

It depends on whether you're still around to fix it.

If you're alive, nothing is lost. Your seed phrase — backed up physically, as it always should be — is the source of truth. Just choose new keys and re-encrypt. This is why Legacy is a protocol you maintain, not a one-time action: periodically confirm your keys still decrypt, and re-encrypt whenever a key is lost, forgotten, or possibly compromised.

If it's for inheritance and you're gone, a lost key means that encrypted copy can't be opened — and unless there's another means of retrieval, those coins are unreachable. Legacy stores no data and cannot recover keys for you. That's exactly why we recommend redundancy: multiple copies of the encrypted QR and a sealed break-glass fallback (see Who It's For).

The key principle: always maintain a physical backup of your seed phrase. Legacy does not replace your primary seed backup — it is a means of recovery and transfer, layered on top of it.

Yes. You can create as many Benefactor/Beneficiary key combinations as you like, each associated with a different seed phrase.

Download Legacy-offline.html from GitHub.

Recommended — fully air-gapped on SeedSigner: Load the file onto your SeedSigner. Your seed phrase never touches an internet-connected device at any point in the process.

Alternative: Disconnect from wifi and open the file in any web browser on your computer.

No. Beneficiary Key and Benefactor Key may contain all uppercase, lowercase, numbers, and special characters.

The Beneficiary needs to receive:

  1. Benefactor Key
  2. Encrypted Seed Phrase
  3. Legacy-offline.html

See Deadman Switch options for setup guidance.

The best keys are 4–5 random, unrelated words separated by spaces — for example, cloud mango river tuesday. This gives you high entropy while remaining memorable enough to carry in your head or communicate verbally to your Beneficiary. Never write both keys down together or store them with the encrypted QR.

Legacy uses PBKDF2 with 600,000 iterations of SHA-256, making even a modest passphrase extremely resistant to brute force. The two keys are the two halves of one combined password (joined by an untypeable separator), so an attacker who obtains only one half still has to brute-force the other — they need both to decrypt. Note this is a single split password, not threshold cryptography.

Keep the Benefactor Key and Beneficiary Key stored separately. Never store either key alongside the encrypted QR.

✓ Good keys — random, unrelated words with no personal connection:

  • cloud mango river tuesday
  • lamp orbit forest eleven quiet
  • thunder anchor velvet parade
  • seven bridge harbor silk moon
  • arctic bench window plum escape

✗ Bad keys — guessable by anyone who knows you:

  • bitcoin — single obvious word
  • satoshi2009 — predictable Bitcoin reference
  • john1985 — name + birth year, trivially guessable
  • password123 — among the most common passwords in existence
  • iloveyou — common and emotionally predictable for an inheritance tool

Note: the examples above are illustrations only — do not use them. Choose your own words at random.

SeedSigner is the recommended way to use Legacy — the entire workflow runs air-gapped. Encrypt on SeedSigner, scan the QR into your Deploy email, and your seed phrase never touches the internet.

For best results when scanning an encrypted QR into SeedSigner:

  • Printed QR codes scan most reliably — printing eliminates screen glare, pixel grid artifacts, and double-digitization blur. If you can, print the encrypted QR and store it with your estate documents.
  • Laptop or desktop screen is the next best option — larger display means larger QR modules and better contrast.
  • Phone screen: set brightness to maximum and display the QR full-screen. Hold the phone steady, parallel to the SeedSigner camera, at roughly 10–15 cm distance.
  • Back button: during active scanning, hold the back button for 1–2 seconds — it only registers between decode attempts.

Visit the Protocol page for a detailed summary.