QR

na3than

Sending Bitcoin means: 1. Creating a transaction that specifies which coins are being sent to whom (inputs and outputs, and the associated unlocking and locking scripts) 2. Signing the transaction (using private keys). 3. Broadcasting the transaction to the network. ColdCard does #2. #1 typically requires many more features than you'd want to build into a hardware device (copying and pasting addresses, scanning QR codes, coin control, fee selection, etc.), and the more features you add to a system the bigger its attack surface area becomes. Best practice in cyber security is to minimize the attack surface area, so ColdCard expects you to do these things elsewhere. #3 obviously requires an Internet connection, and we don't want our private keys on a device that can speak to the Internet.

Bolognapony666

I think you’re good until the wrong person scans it & then back to the no coiner statement. However, a QR code going straight to your cold wallet…it’d probably be worth trying this in every major city lol.

alexcorsogr

Holding a sign with a QR code.

pullupman

I see your point, but it's incredibly shallow thought. How will you replace the QR code on my phone that my wallet generates? Maybe you should spend some time actually leveling up instead of calling people smarter than you nerds... Last time I checked we nerds are pretty well taking over this planet. Cheers though.

dontblamemeivotedfor

Instead of screwing around with QR codes and webcams, just use a USB flash drive (or SD card or microSD card) to move the transaction between computers.

FunWithSkooma

I use TailsOS with persistent for Electrum. And I have my watch only wallet on my Android. Then, if I need to move funds, I connect my pendrive to my phone, then generate the PSBT on Electrum for Android, save in my pendrive, connect my pendrive to my TailsOS running on my computer without Internet, sign the PSBT and generate the QR Code on Electrum Wallet (TailsOS) so I can just scan with my phone and broadcast it. TL;DR: It safer, minimize the attack vectors.

Blockchainauditor

The Seed for your wallet is used to create private keys. The BIP39 12 or 24 word phrase is a method of making it easier to reenter the Seed if necessary. Another common alternative representation for the Seed is a QR code. The QR code, BIP39 phrase, or original string of the Seed will reestablish the private keys.

NoiceMcGroice

It’s a good decision imo because I’m supporting a network that I ultimately believe in. There are no cards. The app generates a one time use QR code that gets scanned by the merchant.

puffman123

This. Also, it’s much easier to sign multisig transactions w QR code instead of sc card ime. I like foundation passport. With each signing device keep your pdf descriptor on sd card and an also printed copy and your seed backup. Use 2 of 3. Can also consider seed signer for QR code psbt signing. Cc is clunky and difficult to teach your family. Qr is more natural and easier for family to learn.

Aussiehash

SparrowWallet and Specter can create a PDF export of the multisig wallet descriptors with all derivation paths, fingerprints and QR codes. You can print this out and save the PDF also with your backups. 2of2 multisig with passphrases is not a great choice, especially if you are a multisig newbie, you are increasing the odds of losing access to your coins.

analogOnly

Use Lightning network. Accept only LN transactions. There are PLENTY of mobile hot wallets that accept and send LN transactions. If you wanted to be slick about it you could create a wallet address per item/sku and that way you can keep track of what was bought easily. Then you could print out a QR code next to each item, so to buy they just scan and pay.

Heffdog116

My friends more of a QR kinda guy

leaflavaplanetmoss

You can use a third party password manager like 1Password or ProtonPass (both of which have passkey support) and then the passkeys are stored as encrypted data in that account, meaning you can access them on any supported device without being tied to a specific piece of hardware. For example, I can access my passkeys in 1Password on macOS, Windows, iOS, and Android through the dedicated app, or via the browser extension. If for some reason I can’t use the manager’s dedicated app locally, I can still use the manager’s mobile app on my phone and scan the QR code to log into a site with a passkey, the same way you would have to if your passkeys were stored locally on an iOS or Android device. I believe ProtonPass works the same way as 1Password.

joekki

I'd send them all to my paper wallet, and fold it so the private key QR stays hidden. Then put it to my wallet. If I needed some cash, I'd send some to an exchange via Electrum by scanning the QR code. Why?

Raphae1

Seedsigner does not save your key. It can generate a key, but you have to write the seedphrase down and enter it again every time you start the seedsigner. Alternatively you can draw your Seed-QR code and scan your key.

Raphae1

No you don't need to protect your seedsigner microSD card. Seedsigner does not store your seed. After every boot, you have to enter your seed phrase (or scan your seed-QR code)

MPH2025

Uh….because that’s thee ideal situation. Keep a QR code for scanning in your private key, then when the device is powered down, RAM clears the key.

wh977oqej9

Google Electrum cold mode. Basically you prepare transaction on online PC, copy it to cold PC (with usb, SD card or QR code), sign it there. Then you copy signed TX back to online PC and broadcast it.

lntipbot

Hi u/Generationhodl, thanks for tipping u/eyedude2898 **⚡︎1000** (satoshis)! You didn't have enough balance, you can pay the following invoice [[QR](https://xnf5cwpq73.execute-api.us-west-2.amazonaws.com/prod/qr?id=95b36e41510c4b9c8fe4d6f8ffb139e0 "Generate QR") / [URI](https://xnf5cwpq73.execute-api.us-west-2.amazonaws.com/prod//uri?id=95b36e41510c4b9c8fe4d6f8ffb139e0 "Generate URI")] instead. *** >!lnbc10u1pn9at58pp5qpx8k7lcdmsvt6s4gmdqf6kwhfy0g0tukmqgfas9v8ful03rxgasdp58y6kyvekv56rzdf3xp3ngc3evvuxvef5vsmxvwrxve3rzveev5cqcqzzsxqyz5vqsp5gefn56ym9l5laupr0pxk9h2xkpls09unurdgq56l9xpmrznzn0es9qxpqysgqzjj8w4yquahvljqfqcuyfnd9ecy8ctpx6dsnq7xx7et9v03xd2qk49l4wz93hf3mwl8svl2s4t8sd9zq4wv7amgkxq3ccpa8wwdy09sqgcme62!< *** *[^(More info)](https://xnf5cwpq73.execute-api.us-west-2.amazonaws.com/prod/info) ^| [^(Balance)](https://www.reddit.com/message/compose/?to=lntipbot&subject=balance&message=!balance) ^| [^(Deposit)](https://www.reddit.com/message/compose/?to=lntipbot&subject=deposit&message=!deposit 10000) ^| [^(Withdraw)](https://www.reddit.com/message/compose/?to=lntipbot&subject=withdraw&message=!withdraw put_invoice_here) ^| ^(Something wrong? Have a question?) [^(Send me a message)](https://www.reddit.com/message/compose/?to=drmoore718)*

ConfidentialX

I love Algorand and have held it for a long time. My understanding is that whilst the network is now QR, the tokens themselves (i.e., those held in a variety of wallets) may not be. As an ALGO holder, it is good to see the team protecting the network.

Elum224

Yes using the same passphrase is fine. Actually sounds like a fine setup. As for the hardware wallets, do you mean that's how you are going to generate the keys? Because for instance you can use dice to generate wallets using a script and a hardware wallet (validating that both are producing a wallet from your entropy). So you don't actually need 5 devices. You only need 3 for signing. A question are there even 5 hardware wallets that show you and verify the multi-sig on-device? When using the Ledger / Trezor in Multi-sig you're basically trusting the software on the computer at that point. In addition you can use the air-gapped devices to do transaction signing via QR code so even if the vendour gets compromised it's not touching the internet to give up your keys. I would potentially consider 2 of 3. The transactions are bigger in 3 of 5. 2of5 already gives you the "multiple signer" security, 3of5 is diminishing returns. And you're throwing a seedphrase on-top anyway. This obviously varies on personal circumstances. I would consider 3of5 if I lived in Japan and there's a possibility a whole building could be swallowed by the earth. One can also consider splitting the keys themselves with Shamirs if you want them to be more redundant or more secure, allowing keeping at a lower multi-sig scheme size. Here are some guides [SmartCustody](https://www.smartcustody.com) [TordlWallet](https://github.com/fresheneesz/TordlWalletProtocols) [Glacier](https://glacierprotocol.org) to compare notes with. Careful with glacier, you may end up making a tin foil hat literally. Hope these thoughts help.

Aussiehash

Multisig with passphrases is fine, hardware wallets and desktop coordinator wallets show the wallet fingerprint, so you can confirm that you have entered it correctly. As you are talking about Multisig for longterm, you need to think about how you are going to store the xpubs for all of your cosigners, these are laborious to manually stamp into metal with a hammer, and would be prone to mistakes. Sparrow and Specter make nice PDF exports with QR codes that you can print and save to USB of your wallet descriptors, but these are not water proof, fireproof and USB flash may not last for a decade. You might consider Seedhammer, but thus far the developer is against adding passphrase support.

Unlucky-Citron-2053

lol it does now w QR codes and drudging the address. Blockstream jade and seed signer let you verify the address in the wallet as well. Really helps w the sweating

RorySailor

Use QR codes whenever possible

DaVirus

Honestly way prefer using QR codes, in part for that reason.

decentralized_bass

Yes I think that's what's probably happening, still strange to see it in real time. There are three streams all with their own QR codes on the screen and fake sites: [https://www.youtube.com/watch?v=M9tBuvUVL2Q](https://www.youtube.com/watch?v=M9tBuvUVL2Q)

selfcustodynerd

I don't think the attack surface is smaller. In fact with QR, most people don't even verify the address, which I believe is the biggest attack vector considering your PC/smartphone is compromised. In the case of USB, even if the communication contains malware, a secure hardware wallet only responds to the request in the protocol that the firmware allows it to. Hence a malware can only infect th device if there is a malicious firmware update which the right hw wallets already have well defined protections against.

it0

While I agree with most of the article, I do not agree with its conclusion except that firmware integrity is key. The issue with usb is that malware could interact with the device without you knowing it. In the case of QR multiple things need to fail. A compromised firmware that I need to install manually, the manual steps make it harder since I can check the file hash to see if it is tampered. Of course the parsing of the qr code itself can have bugs. But that would require that the bug would allow singing or sending of an address that I would not notice, this assumes that there is already malware on my computer and that before signing I do not notice the address change. These are all possible attack vectors but harder to pull off then usb and also better to mitigate than usb. So the attack surface is smaller and the smaller the attack surface the easier it is to mitigate.

heyitscory

I miss those. I used to give my friends fractions of a Bitcoin all done up like currency with the QR codes for the paper wallet. A couple of them found them and gave them back. I bet a friend 10 or 15 bucks that his ex would get back with him in the next year, and a year later, I gave him his 1/10 of a Bitcoin. He sat on that until it was worth $6000.

Bunker_Beans

I, too, but pharmaceuticals using crypto, since doing so provides me a with a nice 30% discount. Step 1: Relax. Crypto is not that hard to understand. Step 2: Download a reputable CEX app, e.g., Coinbase, Kraken, and open an account. Step 3: Buy Bitcoin via the exchange. Step 4: Send the Bitcoin from Coinbase to the address of the wallet belonging to the person you intend to pay. You should see an address or QR code when you go to checkout method. Either scan the QR or copy and paste the address. Double check the address, then send it. Note: This is the easiest way. You can also do this using non-KYC methods such as Bisq. In this case I believe you would send a ACH transfer to Bisq from your bank account. You would then buy your Bitcoin.

jamespayne0

Yeah the scam angle probably need to think about maybe people won’t want to even scan a qr in public. QR to a webpage with info on setup and links to other sources and then maybe some sort of mechanism to send an invoice over lightning I can then pay could be an option.

waffleboi999

Ohhhh, I see. It's been awhile since I messed around with my Jade! It's my understanding that QR codes are meant to be able to be read even if a few dots are blurry so I'm not sure why it's not reading it. My only thought would be that it's looking for a different kind of data input and so it's "ignoring" what is being presented. That or a glare on the device vs. your seed signer?

Puzzleheaded-Ad4769

Only the QR code you print on paper is your seed. The QR the jade gives to your phone is just signging a transaction as the seed never leaves the jade. Now if you were to take a photo of the paper seed phrase with your phone to try and help the jade to read it, that would be compromising your seed phrase onto your phone->the internet.

gandrewstone

The QR spec is very particular about details, for example the size of the border and black vs white. Some reader sw is pretty rigid about this (notably some common FOSS libs), whereas others are much more robust. The only "fix" for this is to generate a more standards compliant QR. Another common issue is getting too close to the QR code -- many readers need the hard contrast of in-focus dots more than filling the entire frame with the QR

waffleboi999

Wait, isn't the QR code a representation of your private key? You shouldn't be importing the QR code to anything but your hardware wallet. If you import/scan the QR code from your computer it is no longer air gapped and is a security risk. The workflow should go from your QR code > Jade (or other air gapped hardware wallet) > import key on Sparrow > import from Hardware wallet. That way you're not directly exposing the private key to your computer or the wallet software.

I_Hate_Reddit_69420

Because most people only care about stuff before it gets rolled out. Once it exists they claim the government has your best interest in mind and you have nothing to worry about. I’m still surprised how many people were OK with forced vaccinations and QR codes to prove you got it in order to be allowed to enter places.

Yodel_And_Hodl_Mode

Krux and SeedSigner are very similar concepts. Here are the differences - keeping in mind, I'm not an expert though I own both: They run on different hardware. SeedSigner runs on a Raspberry Pi Zero with a camera, tiny screen, etc. You assemble it yourself or buy a kit. Krux runs on K210 devices, some of which require no assembly at all. Just buy the device and flash Krux firmware onto it. Done. Some K210 devices have large touchscreens, which is amazing for a hardware wallet. As for the firmware itself... Krux is more advanced overall than SeedSigner, but SeedSigner is more tailored to multisig. For example, for multisig, SeedSigner makes it easy. SeedSigner lets you load multiple seeds onto the device's memory. Want to do a 2-of-3 multisig? Load the seeds into SeedSigner & click from one to another. It's a little clumsy, but it does work well. Krux, on the other hand, only loads one seed at a time. On the other hand, Krux is much more advanced. Krux offers encrypted SeedQR, which SeedSigner doesn't. With SeedSigner, you create a seed QR by hand and you have to keep it somewhere safe. Krux lets you create encrypted seed QRs, which you don't have to hide since you're the only one who knows what the decryption key is (I'm not saying to leave them out in the open, but they *are* encrypted, so even if somebody finds it and copies it, they can't use it). Encrypted seed QR is a game changer of a feature. Scan the encrypted seed QR. Scan the decryption key QR. Done. That's quicker and easier to do than it is to enter a PIN on a typical hardware wallet. And if you're using encrypted seed QRs, it means nothing is saved on the device, so there's no need for the device to even have a PIN since there's nothing on it to lock. Also, since Krux uses K210 devices, which tend to have larger screens, they can display more info clearly. If you have to manually enter a seed phrase, it's muuuuuch easier on Krux thanks to the large touchscreen (if your K210 device is a Maix Amigo, which looks like a chunky smartphone). Krux also does a better job for BIP85. SeedSigner shows you the seed words for BIP85 child seeds. Krux shows you the seed words for BIP85 child seeds & then it gives you a QR code. I think SeedSigner is great, but Krux is at a whole other level. It's amazing. I could go on and on about this project. It's fantastic, and it's under active development, so it keeps getting even better.

EarlyWin21

I had the same problem with Jade / Sparrow. My workaround was to make a video of the Jade QR Code with my mobile. After that, I played the video on a larger Screen (on the PC) and scanned the QR Code from that video instead of directly from the Jade Display. I know that this process is not very elegant, but as it is still airgapped - nothing more then the QR Code is transmitted via the video file to the computer (which would be anyhow via QR recognition) - and I only very seldom need this process step, I find that solution ok.

Ready_Garage_7865

My camera is new and it recognizes all other QR codes in an instant. There must be some magical combination of Jade display brightness, QR density, frame rate, background lighting, foreground lighting, ambient temperature, ideal angular distance, time of day, latitude/longitude, and moon phase.

Individual2020

Some of these cameras don’t auto focus and are fixed. We take these things for granted because we have these smart phones with amazing camera tech. But smart phones are closed sourced and controlled by the powerful few. This leads to and issue with QR code standards in general, as they assume quality cameras to read them. QR code standards should change so they’re reliably read by inferior cameras.

BTCMAXE

I only have Jade wallets and love them. And yes, my only complaint is the QR functionality, as I tried it one time and wasn’t impressed…. But, I’m not convinced “air-gap” is as much a thing as it claims to be. I don’t even use it. I think it’s all bullshit, actually. Listen, no matter how you use that Jade, don’t be convinced for a second that that thing can’t connect to the internet without you knowing about it. When you buy ANY cold wallet, you ARE putting some amount of trust in the people who created that product. That’s just the way it goes. I still think it’s a better alternative to the exchanges or custodians.

Ready_Garage_7865

…to clarify, I can’t get Sparrow to recognize the Jade QR code. Sparrow recognizes my SeedSinger QR codes before I even get it centered. In a split second. I’ve been trying to get Sparrow to recognize the Jade QR code for 30 minutes.

Yodel_And_Hodl_Mode

This is another reason why my favorite hardware wallet is [Krux](https://selfcustody.github.io/krux/getting-started/). Krux is free and open source firmware that runs on K210 devices ([device list here](https://selfcustody.github.io/krux/parts/)). Krux is airgapped, can be used stateless, and it uses QR codes for pretty much everything. Seed QR, passphrase QR, decryption key QR. It's really great. **Want to travel with a seed phrase?** Use Krux to create an encrypted QR. [Here's an encrypted seed phrase](https://imgur.com/a/tsC2eda). I kept the decryption key easy. It's 4 words, all from the BIP39 wordlist. Even with just 4 words as a decryption key, it's unhackable. The decryption for my real seed is much stronger. Loading an encrypted seed QR on Krux is really easy. Scan the encrypted seed QR, then scan the decryption key (or type it manually). Scan, scan, done. For traveling, you could put the encrypted QR in an encrypted app like a password manager or an encrypted notes app. Actually, you don't even have to put it in an encrypted app since it's already encrypted, but I'd do it anyway. I think Krux is one of the best under the radar Bitcoin projects. Pair Krux up with BlueWallet for mobile and/or Sparrow wallet for desktop & you've got a killer combo.

Frogolocalypse

> Oh of interest, what do you need the printer for? I imagine to print a QR code that can be read by the watch-only component of the wallet. With a printer and a camera, it *could* be a truly cold-storage solution. But I agree, unless you are extremely technically competent, no-one should be experimenting on bitcoin key storage products.

MikeBackAccess

It claims to accept Bitpay -- only. And when you click on that option there is no QR or destination address code. They say it is Bitpay's side than, but there is no way to tell Bitpay to send the money. There is no 'linkage.' Maybe it is because I am physically outside of the USA when I try this. I only see the Bitpay option when using the US NewEgg site. The NewEgg app on my mobile phone does not offer the Bitpay app. So my best guess it that the option only works if you are inside the USA. I note that confirmation SMS PINs sent by NewEgg do not show up on my VoIP app with a US TN and I was told by PayPal that they have technology to tell them if a VoIP phone or VPN is in use. These things are not allowed when you go into their "Finance" (bitcoin) area. \[I had to go to a lot of work, with Bitpay, to just get on the wait-list for the, sometime in the future to be released, debit card. I had to prove I was a US citizen, because both their website and app places me outside the USA and that assumes I don't have a right to get the card.\] So, I am guessing, but I can't make it work from where I am.

ConfidentialX

People will try to pull out of crypto, but the irony is such that when Q Day arrives and people are scrambling to withdraw their funds, the exchanges will either 1. be ghost towns , or 2, it will be a wild-west type shoot out for the available liquidity whilst billions/trillions is wiped off the face of the market. Many may opt to exchange their non-QR tokens for quantum resistant alternatives, which I suppose could induce some degree of stability.

Aussiehash

Coldcard can export wallet descriptions, and receive/sent PSBTs via QR code without using a MicroSD, provided your computer's camera can focus on the Coldcard's display

puffman123

This post is 169 days old. Looks like you support cypherock which is a shitcoin wallet, an air gapped btc-only seed signer using a third party wallet is going to be way more secure my friend. The link is a post for bitbox because they support QR codes, of course they’re going to say air gapped isn’t secure. Nothing is perfect. A shitcoin wallet supporting 1000s of coins ain’t secure either my friend.

MadManD3vi0us

There's a restaurant called Dora's Tacos that's already pioneering this and has been taking orders not just with Algorand but with ASAs as well. It's truly smooth and instant, as fast as your camera can see the QR code it's pretty much done.

DingDongWhoDis

It's a single minute with a comedic slant. It's not going to address everyone and everything. >Crypto people might care but it’s showing a situation which isn’t reality so not really. Might not exactly be reality YET, but it is making the point. If we created different lines of people with QR codes primed for transactions, ALGO's line would absolutely move much faster than BTC, ETH, & SOL. Generally speaking and not necessarily aiming this at you, but I gotta say, the haters have embarrassed themselves all over the internet today. Reactions have been very revealing and entertaining. The butthurt attacks in this thread are tame in comparison. Best part is the concept was suggested by a community member, one of us, and people known in the community were in the video along with the Algo foundation CTO. No idea the cost involved, but gotta be pretty cheap for the end result.

only_merit

When I open the page it asks me how much I want to send to you. Then it shows me QR code that it says I should open in LN wallet. So it will simply generate LN invoice that I can pay and it will put it one your account you have with them. Doesn't sound complicated.

Shade_008

Build them a raspberry pi, install BTCPayServer, setup digital storefront and generate QR code. Done. Self-hosted BTC payment processor.

doubleknocktwice

You can visit coinatmradar online to find a local crypto ATM where you download a wallet on your phone, scan the QR code so the machine knows where to send the crypto and then you insert cash into the crypto ATM. Then a minute later you have crypto in your wallet on your phone. Then you can transfer it to your cold wallet.

btc21million

Show them how to setup a lightning wallet and put the QR code on their website so people can donate to show their appreciation. It also helps adoption.

lntipbot

Hi u/predatarian, thanks for tipping u/captainprice213 **⚡︎1000** (satoshis)! You didn't have enough balance, you can pay the following invoice [[QR](https://xnf5cwpq73.execute-api.us-west-2.amazonaws.com/prod/qr?id=e6b90b1a2244481788d3ed0c50763b92 "Generate QR") / [URI](https://xnf5cwpq73.execute-api.us-west-2.amazonaws.com/prod//uri?id=e6b90b1a2244481788d3ed0c50763b92 "Generate URI")] instead. *** >!lnbc10u1pnym3jypp5cf6uekyftswl2t49fndlmkt0grnfphan8ymegu097tkxqw86d0tsdp5v5mxywfsvgckzv3jxs6rgwp3xuursepnv4jrqce4xqmnvvmz8yeqcqzzsxqyz5vqsp5vm0c5k7e37hslzhlr5swwkykha0hsxz8q3sudkeq25u3gdyydxrs9qyyssqm4slx05xjaxn249ln79evz2zk78q7lleamf7n2u677xdensz2ufsh3lg9lt2h6xpuacfrgundcaa55y2a8xv6dzkc3htwt5t3rm9f4qql8j0zw!< *** *[^(More info)](https://xnf5cwpq73.execute-api.us-west-2.amazonaws.com/prod/info) ^| [^(Balance)](https://www.reddit.com/message/compose/?to=lntipbot&subject=balance&message=!balance) ^| [^(Deposit)](https://www.reddit.com/message/compose/?to=lntipbot&subject=deposit&message=!deposit 10000) ^| [^(Withdraw)](https://www.reddit.com/message/compose/?to=lntipbot&subject=withdraw&message=!withdraw put_invoice_here) ^| ^(Something wrong? Have a question?) [^(Send me a message)](https://www.reddit.com/message/compose/?to=drmoore718)*

labago

On Nunchuk when I go to sign a transaction, it only asks for QR since I set it up with QR, how would I sign it in another way with a new device using the same seed?

only_merit

> but what if at that time I cannot get a coldcard device?. If you have a mnemonic seed as specified by BIP39, then there are numerous hardware devices as well as software wallets that you can use. If you have the words you do not need a device that supports QR.

Aussiehash

Things have almost reached a level where Multisig is beginner friendly. It goes all the way back to Bitcoin Armory Lockboxes in approx 2012. https://bitcoiner.guide/multisig/ There are paid services like Casa, Unchained and Nunchuk that can hold your hand and take you through it, for a fee. The nuisance at the moment is the evolution of standards, and subsequent desktop wallet and hardware wallet updates. Hardware wallets use PSBT, BIP48, Animated QR codes, and Blockchain Commons UR/Envelope formats for the multisig wallet descriptor. Then there will be PSBT2, MuSig, Taproot, BBQr. Every time there is a major software update, you need to download a new desktop wallet version, a new hardware wallet firmware, update PGP keys, check the PGP and SHA256 signatures match, flash the new firmware via MicroSD card. Far too complex and tedious for a beginner, let alone the actual steps of backing up 3 - 5 mnemonic seeds and storing a full copy of **all cosigners' XPUBs** and wallet descriptor, with each geographically separated mnemonic seed, plus then remember the hardware wallet PIN for 3 - 5 different hardware wallets.

AbsoIution

At the start I was like, ok I'll have it uninitialised every time and scan the QR Then I was like... Wait that means getting my seed QR out every time, and we're meant to keep this protected. So I thought, ok, I'll just keep it initialised and put a pin on it. Enters pin, now you gotta scan the QR code on the blockstream website, Christ. It was quicker to just scan the seed QR! What I don't get about it, is I don't find how scanning the qr on blockstream is any more secure, because anyone with your device and pin can do it, you can open the scan bit on any web browser or phone, there is no additional pin or anything to bring up the option to communicate with the blind oracle. Also I've barely used my jade but when I move the scroll thing to the left, it always skips 2 characters, whilst moving it to the right is fine

CappyJax

A lot of misinformation here. Your CB wallet is a custodial wallet. That means CB has control over it and they hold the seed phrase. You want a non-custodial wallet which will give you full control over your assets. Non-custodial wallets can be hot or cold. A hot wallet is one in which the seed is stored on your device in a wallet app such as MetaMask. A cold wallet stores your seed offline. It could be a piece of paper with your seed written on it in a lock box in your home. Or it could be a device that stores your seed and doesn’t connect to your computer. Some devices, such as Ledger, I call a warm wallet, because you have to connect your wallet to a computer to use and Ledger may have the ability to capture that seed. If you do a lot of trading, a cold wallet can slow down transactions a bit. It takes me about an extra 15 seconds to execute a transaction with my AirGap wallet. However, that is because I use a passphrase and I have to enter with each transaction. If I didn’t have that passphrase, it would only take 5 seconds more. The AirGap uses an old iPhone that I have the cellular and Bluetooth disabled on. I use MetaMask to start a transaction on my regular phone then it shows me a QR code. I scan the QR code with the AirGap phone, then it asks for my fingerprint and passphrase, and then provides a signature in the form of a QR code. I scan that with my regular phone in MetaMask and that completes the transaction. Now, I also have a hot wallet address on MetaMask that I keep a small portion of my assets for trading so I don’t need to carry two phones all the time. I move assets to and from the cold wallet address to keep the cold wallet secure. I never connect the cold wallet to any dapps. I highly recommend AirGap.it and use it with MetaMask. I also recommend you look into 13 or 25 word seed phrases. Those are normal 12 or 24 word seed phrases, but then you select a 13th or 25th word or phrase that creates different wallet addresses from the original passphrase. That means someone could get my passphrase and they still wouldn’t be able to access my wallet without that passphrase. They could brute force it, but it would take a long time and give me time to move my assets. I keep my passphrase on a metal wallet as well in case my device is lost or stolen. I have a cypher that it needs to be entered into so that the real seed is known, which means even if that gets lost or stolen, my seed is still secure. The cypher is a script on my computer that turns the stored numbers into a seed phrase. Take your security as serious as a bank, because there is zero recourse if you lose your funds in defi.

Yodel_And_Hodl_Mode

> Thanks for the information! I don't quite follow on the quote above. Do you generate QR codes of your seed phrases? How do generate them and encrypt them? As I said above, I'm using Krux as my hardware wallet. I already had a seed phrase (though I could have used Krux to generate one). I loaded my seed phrase into Krux and made an encrypted SeedQR. I also used the feature in Krux tools to make a QR for my decryption key. So... to use Krux, I scan my encrypted SeedQR and then scan the decryption key to decrypt it. I'm shocked that more hardware wallets aren't offering encrypted SeedQRs yet. That feature is a real game changer. I can load my seed and decrypt it faster than people can enter a PIN to unlock a traditional hardware wallet. Since Krux is stateless (meaning, the seed & passphrase are wiped out when the device is turned off) there's no need for a PIN, since there's nothing on the device to lock. And since encrypted SeedQRs are encrypted, they can be stored anywhere. Obviously, it still makes sense to keep them locked somewhere safe, but they don't really need to be hidden since they're encrypted. Since I'm using a 24 word BIP85 child seed as the seed phrase for my wallet and a 12 word BIP85 child seed as the passphrase for my wallet, I don't need to save those QR codes. I only need the parent seed QR code. Parent Seed --> Generate 24 word child seed. There's my seed phrase! Parent Seed --> Generate 12 word child seed. There's my passphrase! BIP85 is amazing. It's like a master key for millions of wallets, all of them yours, and all of them backed up by a single parent seed phrase. Obviously, I back up the child seeds I use... but I keep my parent seed backed up on metal in 2 locations (a safe and a safe deposit box), plus I have my encrypted parent SeedQR.

Gambimrel

>I use a 24 word seed *as my seed,* and a 12 word seed *as a passphrase.* Both are encrypted [like this](https://imgur.com/a/mfO8c4c) Thanks for the information! I don't quite follow on the quote above. Do you generate QR codes of your seed phrases? How do generate them and encrypt them?

JamesTDennis

Naturally the greatest FOMO points are adjacent to new all time highs (ATH points). I recommend 25% sell orders at ATH, with additional 25% for each +20% above that ATH point — but less than 25% of total holdings in the active trading tranche (>75% in "cold" storage — offline in hardware wallets as secured by metal seed recovery mnemonic or manually scribed QR plates). For cold storage, consider learning about multi-signature self custody and paper (volvelle) secret sharing schemes (https://secretcodex32.com/faq/index.html). But beware that these are nascent efforts requiring considerable commitment to learn, utilize, and routinely drill on. I wouldn't commit more than 25% of your savings to any of these yet. Adopt in slow stages; commit only nominal funds for at least a year of usage and recovery drills. In any event, commit to annual key/seed recovery drills — with any life partner or heirs involved!

nickneuman

Good questions! One overall note is that we have built Casa's security system specifically to secure hundreds of millions in BTC by one person/entity, and we secure much more than that across all of our members. One resource that might be helpful is our Wealth Security Protocol, which has more details about all the different security decisions we've made. Here is a link to the [Inheritance page](https://docs.casa.io/wealth-security-protocol/chosen-features/inheritance), but you can also check out the rest of it to learn about Casa's overall security model. [Our blog](http://blog.casa.io) also has technical posts. The WSP inheritance page doesn't go into full technical details like what you're asking about, so here are some answers. >all I know is typically Casa sets up a 2-of-3 multisig wallet where the 3 keys are: >H: hardware wallet key >M: mobile key >C: a key held by Casa on their server-side infrastructure This is correct for our 3 Key Vaults. We also offer 5 Key Vaults and would recommend that for your level of holdings. This is a 3-of-5 multisig where 1 key is on the phone, 3 keys are on hardware wallets (different hardware to protect against single manufacturer problems), and 1 is held by Casa. >Is my understanding correct? Your run through of how the inheritance process works for the 3 Key Vault is all correct. In a 5 Key Vault, you would also need to provide for access to at least one hardware wallet. The nice thing is that this is all managed within the app, so it makes it easy for family members to use. >And Casa's Android app does not appear to be open source, but has it been audited by a third-party? Yes, we do yearly external security audits and frequent internal audits + have many security checks in place around code that is deployed to customers. You can also verify everything we do using open source software like Sparrow in a watch-only wallet, and the hardware wallets act as checks on our software since we don't control them. >What is the source of entropy used to generate M\_k? We generate the entropy on the user's device using the standard iOS/Android entropy functions. >What if the recipient's phone is destroyed: can they recover M\_e? Yes, this key is encrypted and backed up to the cloud (iCloud/Google) in a quasi 2of2. If your/the recipient's phone is destroyed, you would get a new phone, log in to your cloud provider, log into Casa, and it restores the key. You can also back up this key on paper using an encrypted QR code if you don't trust the cloud providers. The mobile key is meant to be highly resilient, which means we add in some trust with cloud providers, but that is balanced by the other keys in the multisig being held offline. LMK if that doesn't fully answer your questions, or if you have others. ------ A final big reason people use Casa, which you didn't ask about but which I think is important, is that our advisors are highly knowledgable and work directly with our members *and their families/attorneys/etc* every day on this stuff. They get very hands on, over video, and ensure everything is set up properly & help think through security, opsec, estate planning, etc. Some of our members are technical enough to do this themselves, but really like that our team can help their family or designated executors in the scenario where they've passed away.

wh977oqej9

You engraved QR into steel? 😃

Knurlinger

That’s exactly my setup. Using a seedsigner so I have the words in metal and also the QR in a metal seed QR

SteveW928

Yeah, I was so paranoid about how to manage the seed phrase, but since I discovered the passphrase thing, I don't even mind keeping a seed phrase QR code around\*, and using the Jade more as a signer. I'd still keep it in steel, just in case of disaster, but it doesn't have to be kept as hidden or secured. (\* I mean, I'm not going to try and expose it, but it doesn't have to be quite so secret.)

SteveW928

I think there may be some confusion of issues going on here... not sure. When you mention BIP39... you're already backing up a seed phrase, correct? You're just asking about having a hardware wallet generate it? (vs what? software wallet on a computer? generating it by throwing dice?) Also, when you say password... do you mean passphrase? (ie. 13th or 25th 'word') If you mean passphrase, I think combining the seed phrase and passphrase is an excellent idea, so long as you really understand the concept (ie. a new wallet is being created), and come up with a proper method for keeping track of both the seed phrase and passphrase. It adds a lot of security (if done correctly), w/o upping the complexity a whole lot. I'm not sure I see the point in storing anything on an offline USB. You'd have to explain that more... but it would be hard to put anything on a USB w/o being completely certain you weren't somehow compromised in the process. I'd just stick to physical backup methods... get the seed phrase down on paper, then make a more durable backup (like metal plates, washers, etc.). The nice thing about adding a passphrase, is you could keep it in a cloud-backed password wallet, so one is physical in your home, while the other is digital. Neither work on their own, so the seed phrase is useless if compromised by the bugler or house-guest, while the passphrase is useless if a hacker cracks the password wallet, or your computer had a key-logger when you entered it in or created it. As for generating your own seed phrase vs a hardware wallet generating it... that is a pretty big debate within the community. It depends on how random you think you'd be possible of generating, vs how much you trust the mechanisms of the hardware wallet. I'm just using my HW wallet, as I've read up on their process, and feel pretty confident in it. It might be harder than one thinks to do it themselves, but certainly not impossible, and then you're not trusting anyone. (There was a pretty good method using a deck of playing cards I looked at, that might be a good alternative to buying casino grade dice. It's just that the HW wallet's generator seems even better to me.... trust issue, aside.) I'd honestly avoid Ledger. I hate to say that, but they've been careless and some of their options seem reckless (even if there is zero bad intent). I'm a fan of the Blockstream Jade for it's simplicity/flexibility/price, but have heard great things about ColdCard and Passport, too. They are more expensive, and have additional features... though the camera on the Jade for air-gapped QR codes is a huge feature for me!

SteveW928

Using a Bitcoin wallet might be especially unfamiliar to a non-tech native person, but it was even a learning experience for me as a 30+ year tech professional. Since it isn't something you've done before, you'll have a bit to learn. That said, they aren't especially hard to use. There are only a few concepts involved, combined with a few user-interface choices utilized by most wallets. Once you make your choice of a wallet(s), you should be able to learn the basics about it in just an hour or two. The basic stuff is really not difficult... just a bit first-time intimidating, especially since money is involved. (ie. wouldn't you be a bit nervous too, the first time setting up a bank money transfer?) Pick a wallet. I'd suggest a hardware wallet if you're going to be dealing with anything over like $1000 worth of Bitcoin, maybe even $500. In other words, unless you're just experimenting with small amounts, you'll need to make this jump anyway... so just plan on getting one right from the start. I like the Blockstream Jade, as it is inexpensive, flexible, open-source tech, and fairly easy to use. You'll also want a software wallet to interface with the hardware wallet. I'd recommend BlueWallet, or maybe Blockstream's own Green Wallet (but I prefer splitting vendors, here). Start by doing small test transactions between the exchange and BlueWallet (the software wallet you picked). There are a few concepts to learn here, like generating/recording the seed phrase, generating receive addresses, calculating fees, and awaiting/watching the transaction. You'll be able to find videos walking through these things on YouTube using these pieces of hardware & software, so you aren't going in blind. For extra credit (and a good learning experience), you can even delete the app/wallet and start over by restoring your seed phrase. (This is good to know, but will also teach you that the Bitcoin is 'out there' on the blockchain, not 'in' your wallet. The wallet is like a viewport and control-key.) Once you're comfortable with that, go on to watching some videos about the Jade (hardware wallet) and a few of the extra concepts there (including deciding which way you're comfortable interfacing the Jade with your phone/computer... ie. Bluetooth, USB, QR-code). There are ease of use/security tradeoffs to each, but none are bad or especially unsafe. BUT.... that's mostly the technical stuff. The biggest things you will need to learn is how Bitcoin works (concepts, not necessarily on the technical level), and how to responsibly protect it (many of the things banks and credit card companies do for you in the fiat world). That's where most of the learning curve comes in, and we're all a bit in the same boat there. Time spent here will be well worth it... and there is a LOT of information out there, and the experience of the community to learn from (including people who've lost it all). If you're unwilling to put some time in... just invest in Bitcoin ETFs.

Odd_Monk_132

Air-gap limits the surface of attack. Really bloody hard to squeeze a virus into a QR code.

halfbillion2

I have some very specific technical questions about Casa, which I actually asked Pete Rizzo just yesterday: I had started my research and encountered your product. However I don't trust it enough yet to hold hundreds of millions of dollars' worth of bitcoins. Do you have a truly detailed whitepaper explaining all technical aspects? My cursory research led me to [https://cointelegraph.com/news/casa-multi-key-solution-bitcoin-inheritance](https://cointelegraph.com/news/casa-multi-key-solution-bitcoin-inheritance) And after reading this article, all I know is typically Casa sets up a 2-of-3 multisig wallet where the 3 keys are: - H: hardware wallet key - M: mobile key - C: a key held by Casa on their server-side infrastructure Then the bitcoin owner (who wants, upon his death, his bitcoins to be transferred to a recipient) generates a random cryptographic key (M\_k) and encrypts M with it (M\_e). If someone possesses both M\_k and M\_e, they could decrypt it and obtain M. From what I understand, the owner shares M\_e via a QR code with a recipient. So I presume M\_e is never sent to Casa's server-side infrastructure as it is read directly from the QR code. And M\_k is sent to Casa, I think. Later, if the owner dies and the recipient requests access to the wallet, Casa tries to ping the owner for 6 months, and after this period they send M\_k to the recipient, who can then decrypt M\_e and obtain M. Now the recipient can use M and C and thus has 2 of the 3 keys to access the wallet. That's how I think Casa implements things, according to my understanding of the vague [cointelegraph.com](http://cointelegraph.com) article linked above. Is my understanding correct? And Casa's Android app does not appear to be open source, but has it been audited by a third-party? What is the source of entropy used to generate M\_k? What if the recipient's phone is destroyed: can they recover M\_e? All these unanswered questions are the reason I don't yet fully trust Casa. Perhaps you could shed some light. I would prefer if you posted your response as a reply to this comment. But you can also email me at [halfbillion2@gmail.com](mailto:halfbillion2@gmail.com) Thanks.

Read-it_Lurker

Electrum works really well for this. Try to use a old camera that isnt connected to the internet for copying your QR pub keys Look into Down Loading Tails OS to a thumb drive. It has Electrum preloaded and will be beneficial.

thicckar

Can someone explain how a QR code controls the wallet into looping infinitely?

courtrye

You can brighten the little screen on your jade and slow down how fast it transitions the QR code. I believe you can also turn up the resolution of the camera. I agree that this aspect has some room for improvement. Also, one of mine had a faulty USB-C cable. Otherwise great product at a great price.

the_real_RZT

You had me at QR code. Soon as I see those things I think scam

BitcoinAcc

If you have Blue Wallet connected to Umbrel, you can import the xpub from Green Wallet as a watch only wallet in Blue Wallet and will see your balance. I know that it works with Umbrel and BW because I have the same setup. But I'm not sure where you can see the xpub in Green wallet. Shouldn't be hard to find though. Probably even as a QR that you can scan with Blue wallet. Be aware that afaik Blue Wallet doesn't work with TOR anymore, so you need to connect it using your Umbrel's local IP, which of course means that the watch only wallet only works while you are in your local network, not on the go. For me that's good enough.

SoggyHotdish

I was about to be really scared that they could build the transaction approval into the QR. The wallet &others need to figure out how to stop that spam attack or whatever. Did you try unplugging it?

OppositeAd7989

Hi, I'm trying to do this but I don't know where to make the deposit. It gave me a QR code, what's the next step?

lntipbot

Hi u/PunxAlwaysWin45, thanks for tipping u/Stock_Administrator **⚡︎500** (satoshis)! You didn't have enough balance, you can pay the following invoice [[QR](https://xnf5cwpq73.execute-api.us-west-2.amazonaws.com/prod/qr?id=5cfcfe0e9b1f441d8ac5fe060b4b23ff "Generate QR") / [URI](https://xnf5cwpq73.execute-api.us-west-2.amazonaws.com/prod//uri?id=5cfcfe0e9b1f441d8ac5fe060b4b23ff "Generate URI")] instead. *** >!lnbc5u1pny9rttpp535x8423fvergps60qfnkfa8tmyjaeuyc5y55jzqty4e5kspap6usdp5x43kvcmxv5cx2wtzx9nrgdp3vsuxzce4vejnqd3svg6xyv3nvenqcqzzsxqyz5vqsp5yr9vw26ugrf8dmpx5h9djmhky7hxk30r358dn4ma7x6s3kvuf44q9qyyssq7wgzlx8pl2nvvggw2x3r4faesy3dat02s8xj79cj4w3u335fyujqu88wnvmz2tc0zv2a88s4pvz6v6g2eynsg0czf6yme8eleqx6nacpuagjpd!< *** *[^(More info)](https://xnf5cwpq73.execute-api.us-west-2.amazonaws.com/prod/info) ^| [^(Balance)](https://www.reddit.com/message/compose/?to=lntipbot&subject=balance&message=!balance) ^| [^(Deposit)](https://www.reddit.com/message/compose/?to=lntipbot&subject=deposit&message=!deposit 10000) ^| [^(Withdraw)](https://www.reddit.com/message/compose/?to=lntipbot&subject=withdraw&message=!withdraw put_invoice_here) ^| ^(Something wrong? Have a question?) [^(Send me a message)](https://www.reddit.com/message/compose/?to=drmoore718)*

bigbarryb

Why "pen style"? This implies that you want it to be connected over USB but using QR Codes or other airgapped methods are more desirable. They are just a lot more future proof because USB connections give malware a super speed and super wide highway to your hardware device. Air gapped solutions are less convenient, but this is a feature, not a bug. They also have much less room to fuck about in. For example, QR Codes can't send a lot of data without becoming too small and detailed to scan, and files on an sd card are READ, but they don't get to send randomised spam to a multi-pin connection that could cause the device to malfunction or misbehave. This is typically how vulnerabilities are found and exploited remotely. USB, radio features like bluetooth, they are convenient and secure for now, but not very future proof.

charlyAtWork2

Some old glory hole are turned into annon crypto exchanges . Show your QR code through the hole... Done.

SmoothGoing

Buy a Walmart gift card add it to your Walmart app. Scan any Walmart gas pump QR code. Go inside and buy anything Walmart sells and pay with Walmart app.

courtrye

Keep in mind that you can adjust the screen brightness and slow down the QR code that Jade generates in the case that your webcam is slow or low fidelity. It’s not what you were mentioning about its camera, but is tangential and perhaps useful to others who are using it air gapped.

Accomplished-Hunt802

Hmm interesting, I did use a QR code. I did not see a warning tho. I will try testing again

Amber_Sam

It's on r/TheLightningNetwork. Scan the till QR code and pay directly from your LN wallet. https://youtu.be/5SiYFilO0Jw

SaltSpecialistSalt

do you sign via QR code ? my version of electrum cannot include the whole transaction in QR code so i need to use an USB stick to transfer the TX. there is a a warning under the QR code about this

x2manypips

Hmmmm this is very secure with a giant QR code on screen lol

BHN1618

Couldn't someone with a good camera just sit back and steal the QR codes? Is this very secure?

diradder

Near isn't the issue... I literally have a 100x zoom on my phone and I can scan a small QR code from pretty far, especially a large one like this. This desperately needs at least a privacy screen like normal ATMs.

SN0WL30P4RD

So someone puts up a camera near that and scans my QR code faster than I do?

poco

With Bitcoin, and particularly lightning network as this store advertises, you don't need a card. Assuming you have a wallet on your phone it is as simple as scanning a QR code at the register in the app and clicking "send". Not entirely different than using tap and pay on your phone with a credit card.

LunaGuardian

It's just the address and private key printed on paper, sometimes with QR codes that represent them. To spend them, import the key by typing/scanning the private key into a software wallet.

GMPWack

With lightning basically have a separate wallet with some bitcoin stored off chain and new transact directly through invoices. The store creates an invoice you scan the QR code and a payment is set up directly between you and the vendor later you can close the channel and settle on chain.

Latter_Box9967

You generated a random seed, and the application would generate a private key-public key pair, and a Bitcoin address. The public, Bitcoin address would be visible on the front of the paper wallet as a QR code and the string of the address, and you would hide the QR code and string of private keys by folding the paper over a couple times. If you wanted to send to the paper wallet you scan the QR address and send to it. If you wanted to spend from it you would scan the private key and sweep it into a software wallet. Importantly (and this was written in the paper wallets), you’d spend ALL of the bitcoin from that address when using it, as there was no change address, and fuck knows where the change might go. As you can see there are a few security issues, such as “is the paper wallet generator *really* generating me my own, unique, random private key?”, that the private key is easy to see if anyone finds the paper wallet, and newbies not understanding how to fully sweep a wallet. (Even I got that slightly wrong but can’t be added retrying it)

zigzrx

I keep an Electrum watch only wallet on a TAILS usb that is cloned and keep them in two safe corners of the world. I a picture of the QR code and deposit Bitcoin and don't ever touch the USB's. I just peek at the numbers from a device when I remember to.

IndependentSpeck

My explanation is not perfect. I left out the difference between hot and cold wallets, how bitcoin can be used outside of lightning and the fact you can transact bitcoin ten different ways besides just QR codes...but yeah, I'm glad you like the post!! If you do get into Bitcoin, please DYOR!! Without research, you won't understand what you are doing and why it is important to be careful. There are countless scammers out there and if you don't know what you're doing, you could lose a lot or everything. Good luck! Welcome to Bitcoin!! Its truly for everyone.

proof-of-conzept

You don't need to turn the bitcoins back into some other thing and put that into the cash register. They have bitcoin lightning. They just create an invoice QR, you can it, then send it and publish it to the network, then the network routs it from your wallet to their wallet and then they have it.

IndependentSpeck

Bitcoin is held in 3 possible forms. First, it can be sitting on an exchange. Second, you could be holding it in a hardware wallet (offline only). The third is called lightning, it's a second layer for the bitcoin network that allows instant, low-fee settlements of bitcoin, usually referred to as Sats or Satoshis, which are each 1/100,000,000th of a bitcoin. So if you wanted to pay for something small and cheap, you would ideally use the lightning network. It's not the same as using a debit card, but it's easy as that; all you need to do is have the merchant scan a QR code (or vice versa) to send or receive the Sats you want to transact. Voila. Fast, easy, reliable and irreversible transaction. If the other party wanted to refund you for any reason, they'd simply press a few buttons to send it back to your lightning wallet. I've been into Bitcoin for a few years, so this is knowledge I've gained over years, all distilled into one easy-to-digest ELI5. I hope it helps you, because if you use it and use lightning, it will benefit everyone on the entire network. Greater adoption is one of the best things happening in the bitcoin space right now. Be warned, lightning can be VERY difficult to use if you self-custody it. When you self-custody, there are sometimes opening and closing fees for lightning channels, which just means you pay more money over time to operate the channels if you don't know what you're doing. I use Strike for custodial lightning in the USA. It's controlled by someone else, but it basically guarantees your Sats are safe and useable whenever you want to use them, no worry about opening or closing channels involved. Good luck, and hopefully, welcome to Bitcoin!

Sneudles

Bitcoins are very divisible. They divide down into 100 million units per coin called satoshis, which are plenty small enough to be useful to buy things like coffee with. Around 1500 will buy a dollar right now and vice versa. You can get and use several types of tap-to-pay or nfc solutions, but most people just use QR codes for this sort of thing. For smaller payments for things such as a cup of coffee, a layer 2 network that references the main network, but has lower transaction fees can optionally be used.

YouKhanSeeMe

How to you think community driven projects work? There is no paid marketing and no paid callers so how does awareness of the token spread? By community members creating that awareness and adding value. It’s at a market cap of $16m now without advertising. It will go much higher because the community are based af and are out telling people in real life, posting QR codes in different cities around the world, one has got an energy drink at the prototype stage and a 100 other things. Come and check out the Telegram group and you will understand.