Reddit Posts
BitIDE - TapScript IDE with Local Testnet, Block Explorer and Custom Op Codes (OP_MUL on Mainnet P2TR!)
Is Blockstream Jade wallet planning to update its frimeware with the Seed XOR feature?
My favorite cryptocurrency related songs
SORA Builders Program- Grants for Building
Am I fine with a multi-sig setup utilizing seed XOR for maximizing ease of use and security?
Does Bitcoin still support these transaction types Satoshi originally mentioned?
Fundamental reasons why SORA (XOR) will go to $100 in few months even in the bearmarket
We invite Sri Lanka to use XOR (天) as legal tender🇱🇰
Seed XOR Video Tutorial - Robust Bitcoin Backup by @BTCSessions
Tried DYOR by reading a Whitepaper. Honestly I had no idea what i was looking at.
Why haven't cellphones developed duress PIN's like Coldcard?
Eliminating Irrational Token Allocation and Creating True Unit of Account with SORA
H4XOR.WIN - Are you ready to enter the Matrix? Try your luck in h4xor.win - The improved version of legendary blockchain game PoWH3D with 50% Reflections - Staking - Gambling - Passive earnings | Launched Yesterday | 200k MCap |
An improved version of the legendary blockchain game POWH3D which reached a grand prize of over 900 ETH! | Launched Yesterday | 200k MCap | Enter the Matrix
Strategic BSC FOMO game $100K MCAP | Launching in 6 Days, Get in Early
Strategic BSC FOMO game $100K MCAP | Launching in 6 Days, Get in Early
Mentions
It's nice seeing someone bringing this topic up and especially that you did your research about some already QR projects. The Vitalik's plan is interesting, but has serious flaws. We've discussed it on Discord also with lead developer of QRL and came to interesting points. Vitalik in his article said what he would do if the quantum computers attack happened tomorrow -> the chain would be stopped and transactions reverted before the hack (that's itself bad, but he did it once in the past, so why not do it again, who cares about immutability, right?). And that people would need to verify wallet ownership using zk-STARKs (which is post-quantum, so good) to be able to send transactions. But: 1) There is no post-quantum support implemented in the Ethereum today. So the chain would be stopped and everyone will be waiting for devs to quickly implement some support it there for how long, weeks, months, years? Everything must be prepared BEFORE it happens, not AFTER. 2) He mentioned that it would save "most" wallets, not all of them. So there will be many people whose coins would be lost and he is okay with that. It's because not everyone has wallet created through the hashing derivation path he mentions. But there is a problem: 3) As told by the QRL dev, the zk-STARK is NOT compatible with all hashing algorithms. It requires specific hashing algorithm which uses only operators like +,-,\*,/, while the commonly used hashing algorithms like keccak, SHA... are using also bitwise AND, OR, XOR, etc. which makes it incompatible with STARK. So since basically everyone has private keys derived using the incompatible hashing algorithms, it cannot be used to prove ownership in this way. And so the plan cannot practically work. 4) You may then say that all people should regenerate their wallets using the compatible hashing algo to make the plan work in future. But this means that every single user needs to do an action and then send all their coins to new wallet -> congest whole chain with millions of transactions, pay enormous fees... and for what? To still have their coins completely vulnerable? Better would be to just implement the new post-quantum cryptography directly into the Ethereum and let each user create new wallet - in this case already quantum-resistant one - and have it done BEFORE the attack happens. But this means there is no backup plan. The issue is same as always has been for chains which aren't post-quantum since genesis. They need to implement the post-quantum secure upgrade, let users migrate all their wallets and coins, and then burn all the old unmigrated wallets/coins. With all issues this brings (which there are plenty). So, it's not looking good. ---- About the other projects I will copy here a comment I wrote 3 months ago as it's still valid: The current leader is QRL - which is using post-quantum cryptography (currently XMSS) since their mainnet launch in 2018. They are professional and serious in their goals, the project is open-source and actively developed. They will soon be releasing a major upgrade which will bring Proof of Stake (currently it's PoW) and EVM-compatible smart contracts, together with support for new CRYSTALS-Dilithium signature scheme, to their blockchain. You can buy it on MEXC or currently still mine it (RandomX algo). There are some other projects which are claiming to be using post-quantum cryptography, but they: * feels just as a hobby project or an experiment, and are also dead (e.g. Tidecoin, Arielcoin, Abcmint) * are only using post-quantum algo in some insignificant part, but still rely on elliptic-curves, so they are still completely vulnerable (e.g. Algorand) * are in fact just a ERC20 token on Ethereum network (so completely vulnerable), promising real product for years but still not delivering anything (e.g. QANplatform, which had also their bridge hacked and tokens stolen from their users) * are claiming to be quantum secure, but internally they still use vulnerable cryptography (e.g. xx\_network, which feels closed/centralized as the source code has restricted license + you need to be approved by them to run a node) * are claiming to be quantum secure, but are closed-source, so who knows what's going on inside (e.g. Abelian) * ... Always be careful and verify the post-quantum claims, because there will be many projects just trying to scam you.
My first response to you was to show that Trezor have designed devices that may be easily compromised. Your defence of this bad design is that those insecure models do not have a secure element. I then provided evidence that even with a secure element Coldcard have designed wallets that are insecure and have been compromised; demonstrating that secure elements are not the be all and end all of security. You side stepped this issue with "well, they have two secure elements now". You have stated that any wallet that "exports" your seed is insecure. This is one of the many false premises you are using to make your argument. By your own admission you have not read the Ledger Recover whitepaper yet you still state seeds are being "exported". Meanwhile ignoring the fact that using your own "seed export" argument all other wallets do the same thing either in the form of SLIP-49 or Seed XOR. I don't think you are being objective here. So, I am deluded and you lack objectivity. The world is doomed.
Same as Sora people with XOR token. Strangely run by Japanese as well !!! 🫤🫤🫤
I don't know if this is a criticism, but Bitcoin is a form of technology which is too complicated for its general-use purpose. Learn SHA256. Convoluted? It's supposed to be. That's how it gets its security. Many people will just zone out when shown a Youtube video about it. And that's not going into the details of Bitcoin (which I haven't done myself). I don't know what a UTXO is yet. That's going to cost me money unless I learn before I sell. I can figure out with mental imagery that makes sense to me, cryptographic algorithms presented in the general, in a nice Youtube video. This is not because I'm smart. It's because I grew up with computers. I know that whoever in the NSA created SHA-256 and the previous ones thought in terms of low-level coding, probably with a start on simpler processors. This is because it's a no-brainer to XOR with a key, slam it in a register, move to the next, continue operation until end-of-file. All built-in easy-to-use functions in early programming languages such as C. How would I even begin to explain this stuff to a builder? Do I start with computer architecture? The layer-2 functionality requires numeracy and a facility with arithmetic. Carrying your phone up to an ice cream seller, having the right wallet, doing the transaction and working out what it cost you all require a base level of intelligence (because why else would you have that app in the first place, unless you had a functioning understanding of Bitcoin). I think this base intelligence requirement is underestimated as a potential problem. Even Gensler told his MIT students to read the White Paper and he expected they would understand maybe two thirds of it. MIT students. People are not made for this level of abstraction. Just wanted to say that. Bitcoin is useful. A light bulb is useful. Explain a light bulb to a 90-ish IQ individual and they will understand it instantly. But Bitcoin?
$XOR because polkaswap.io is the best DEX.
XOR what changed? Just a pump and dump?
But if you XOR it, one location can burn down and you can still recover the full seed phrase. I agree with you on almost everything you say and yes, you should use multisig. But XORing your seed phrase and storing it in 3 different locations doesn't weaken it when compared to storing all of it in a single place. XORing is easy to do and recovery with 2 of 3 "halves" can be done by hand in about 20~ minutes. Ideally you should use multisig, but lets be honest, most people will not. XORing is easy to do and can be done with a paper wallet by hand.
Split in half and XOR your seed phrases people! Don't store them all at the same place. That way you need 2 out of 3 to reconstitute and no one can get them all. Here's a script with an example seed phrase you can use to XOR. It can be used offline (and I recommend doing it offline, air-gapped): https://gist.github.com/Slyke/f785807dce62810122662ecbd2db6ccf
The ColdCard firmware and Coinkite's worksheet only supports 2, 3 or 4 XOR splits. The XOR method itself works on infinitely many splits. I just tested it successfully on paper for a six-way split.
XOR is NOT the same thing as Shamir's Secret Sharing. XOR supports only N-of-N splits. SSS supports M-of-N, where any M shares are sufficient to recreate the secret. 2-of-3, 2-of-4, 3-of-7, 6-of-10, etc.
yeah i clearly need to look into it more. XOR can be split up to 4 times i thought. i’ll do some research. thx !
I'm explaining to you that XOR isn't limited to 2 shares. I'm not just telling you, I'm showing you how to prove it to yourself. Don't trust; verify.
XOR splits a seed into N parts. Any N, as large as you like. Try it yourself: 1. Given a secret, write the secret in binary. 2. Create (N-1) random binary strings, each of which is identical in length to the secret. 3. XOR everything from steps 1 and 2. Order doesn't matter. You now have N binary strings--(N-1) from step 2 plus 1 from step 3, ALL OF WHICH look equally random and NONE OF WHICH reveal anything about the secret other than its length. To reconstruct the secret, XOR all N parts in any order.
XOR splits the seed into 2 parts. If you lose one your bitcoin is gone unless it’s memorized.
While it could be safer as long as there's no information available that each seed is part of a XOR'd setup, I wouldn't recommend it.
Would you say that seed XOR obviates the rule of never saving the seed electronically? For example, one seed in an encrypted local password vault, and the other in a similar scheme on a separate device? Assuming redundant physical backups in case of failure/data loss.
This is VERY cool. Especially combining master seed with seed XOR.
I'll write something up after work, but essentially you split your seed phrase in half and, and XOR the bits each word relates to, to produce a third "half". IE, lets say your 1st and 13th word are `strategy` and `heart` respectively. According to BIP39 ( https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt ), that's `1719` and `851` respectively. If you XOR them together (just type `1719^851` into your browser's developer console) you'll get a result of `1508`. Which is `round` according to BIP39. So on one plate the 1st word is `strategy`, on the another plate the 1st word is `heart` and on the final plate the 1st word is `round`. You can XOR any of the 2 numbers representing the words to get the 3rd. Just don't mix them up. You continue XORing until you've done 12. Lets say you need to recover your seed phrase and you find the 1st and 3rd plate. You plug it in, and you have no bitcoins! Oh no! Don't stress though, that just means you need to XOR the words on the plate to get the original 2nd plate. Practice though this, multiple times to ensure you understand it, and can do it if you ever need to recover.
Thanks for recommending an XOR rather than the "just split your seed into three parts" shit people say all the time. !lntip 1000
> store at a bank safety deposit box Do not do this. Or at least XOR half your key with the other half and place the 3 plates at different banks/locations. You'll only need 2/3 to restore your key then.
>you can do millions of guesses per seconds. Did you guess at that, or do you know it to be true based on engineering analysis? Converting a BIP-39 mnemonic sentence plus passphrase to testable private keys isn't as straightforward as hashing Bitcoin block inputs to satisfy the target difficulty. When you hash the inputs for a block you can test the result after one hash operation. With BIP-39, which specifies PBKDF2 for key derivation, you have to do 2048 sequential 512-bit hash operations before you can test the result. You'll need quite a bit of horsepower to do one million XOR operations over 2048 *sequential* (non-parallelized) HMAC-SHA512 hashes of the presumably-known password (mnemonic sentence) and salt (candidate passphrase). Even with an ASIC doing the HMAC-SHA512 heavy lifting at 200+ MHz you're not likely to get better than a couple million hashes per second. PBKDF2 requires those 2048 hashes to be done sequentially (with the output of one iteration used as an input to the next), **so even a 1 GHz HMAC-SHA512 ASIC would only be able to chew through a thousand or so guesses per second.** For each final output (candidate seed), you'll need to do HMAC-SHA512 again to get the master private key, then more hash operations to get the child private keys, then more to get the public keys, then more to get the addresses which you can finally cross-check against your index of the blockchain to see if the result is fruitful. The industry has found it profitable to create multi-terahashes-per-second ASICs for mining Bitcoin blocks because finding an acceptable SHA-256 hash of user-specified inputs (plus a random nonce) yields immediate profit. The scenario you're talking about only applies when the attacker knows the mnemonic sentence and is trying to brute-force (by guessing or by rainbow table) the passphrase. I doubt anyone is going to invest tens of millions of dollars to manufacture specialized hardware for that.
XOR-split it, carry one seed on paper, and the other online e.g. on a Google drive. Or use steganography.
Hey, this is very insightful and comprehensive. Ever since I heard about BIP85, I was thinking about this. However, I was thinking of using the seed at index 0 for the second hardware wallet. Why are you destroying the original seed on the coldcard and starting over? Also, the only thing I can think of regarding inheritance is that you have the original master seed phrase A and take another seed phrase B XOR them to get a new seed phrase C. Give seed C to the heir and seed B to a trusted party only accessible after death of the owner? So, if you have seed C and B you can get back A? Would love to hear your thoughts on the inheritance part and how BIP85 plays into it. Thanks!
> What happens if you get hit by a bus? Guess I'm donating those coins to the pool lol. > Does anyone else know these instructions to access your seed phrase? Nope, no one. Someone savvy could probably figure it out if they are lucky and found all 3. Chances they'll figure it out with just 2 is 50/50 (since they may find the XOR output, which would create a different wallet). > Are they recorded in a will to be passed on when you pass, or will it be bye bye sats at that sad time? They are not. It's bye bye sats.
I have 3 steel plates. I split my seed phrase in 2, so 12 words, and XOR'd them together (the number that each word stands for, that is). Put them in 3 different storage places. Only need 2 to figure out the original 24 words. Will take 2 or 3 tries because the order might be wrong, or I might be using the XOR'd output, but still constructable.
Sora (XOR) and Luna Clasic/LUNA are my worse all time bad bag holds. ​ Additionally, there were so many alts I held during the 2021 run that became shitbags. Too many to count.
Seed XOR does not offer redundancy and is for obfuscation/deniability not for redundancy.
**This method does nothing to improve the entropy of the mnemonic/seed, which is what actually matters.** If you use a coin to generate the mnemonic, writing down a 0 for heads and a 1 for tails, and the coin in question always shows heads, you will always get a mnemonic that is all zeros. The mnemonic/seed will obviously have zero bits of entropy. Now, if you invert the result of every other toss, you always get a mnemonic that is a repeating pattern of 01. What you've essentially done is XOR the mnemonic with 010101... That is still a mnemonic/seed with zero bits of entropy. In either case, the entropy, in bits, of a seed generated from a biased coin can be calculated as follows: entropy = n * (h * log2(1 / h) + (1 - h) * log2(1 / (1 - h))) where `h` is the probability of a toss showing heads and `n` is the number of tosses. **A coin with a 51% probability of showing heads would still provide 99.97% of the entropy of a perfectly fair coin.** For a 256-bit seed, to lose even a single bit of entropy, you would need a coin with a 54:46 probability. Even something as ridiculous as a 70:30 coin would still provide 225 bits of entropy for a 256-bit seed or 112 bits of entropy for a 128-bit seed, which is more than enough to withstand any brute-force attempt. If following the BitBox guide with something as absurd as dice whose faces have a probability distribution of 5%, 10%, 14%, 19%, 24%, 29%, then in the worst case you have a seed with 220 bits of entropy. That is secure even against an attacker that already knows half of the seed. **So no, you absolutely do not need a perfectly fair coin or casino-grade dice.** Note that certain kinds of cryptographic keys may be significantly weakened by biased randomness, but that is not the case with a mnemonic, which [gets hashed to produce the seed](https://bips.xyz/39#from-mnemonic-to-seed), removing any bias in the process. If you still really want to generate perfectly random bit strings from a coin with unknown bias, you can employ a [von Neumann extractor](https://en.wikipedia.org/wiki/Fair_coin#Fair_results_from_a_biased_coin), assuming there is no correlation between successive tosses: * Toss the same coin twice. * If the two results match, output nothing. * Otherwise, write a 0 for a heads followed by tails, 1 for a tails followed by heads. You can also extend the method to dice, which is a little more efficient, but still only outputting ones and zeros: * Roll the same die twice. * If the two results match, output nothing. * Otherwise, write 1 if the second result is greater, 0 if the first result is greater.
I would use a Coldcard for a hardware wallet and if you need a hot wallet I'd go with electrum. This video goes over the basics of the Coldcard hardware wallet if you wanna know more about it and skip the bullshit intro/sponsors and other crap. TIMESTAMPS: Intro: 0:00 - 0:57 Sponsors: 0:57 - 3:46 What you need to know: Video Layout & Prerequisites: 3:46 - 9:35 Initial Setup 1/2: Pin & Seed Creation: 9:35 - 21:14 Initial Setup 2/2: Export from Coldcard Import to Sparrow Wallet: 21:14 - 26:48 Air Gapped Transactions 1/2: Receiving: 26:48 - 32:00 Additional Tips after the fact: 32:00 - 33:42 Air Gapped Transactions 2/2: Sending: 33:42 - 40:31 Restore your Coldcard from Seed Phrase: 40:31 - 44:11 Upgrading your Firmware: 44:11 - 47:52 \----Conclusion of Basics / Beginning of Advanced Features of Coldcard-------- Seed Generation with Entropy (Dice Rolls) 47:52 - 51:44 Pins: Resetting, Trick Pins, Duress Wallets & More 51:44 - 1:09:50 \---Resetting: \[ 51:44 - 54:08 \] \---Trick Pins \[ 54:08 - 1:02:15 \] \---Duress Wallet \[ 1:02:15 - 1:09:50 \] BIP-85: 1:09:50 - 1:17:44 Using a Passphrase: 1:17:44 - 1:25:47 Virtual Disk Mode: 1:25:47 - 1:34:33 Encrypted Backups (Micro SD Card): 1:34:33 - 1:38:22 Seed XOR: 1:38:22 - 1:42:20 Cloning (Migrating over your Old Coldcard to a new Device): 1:42:20 - 1:46:35 Additional Settings: 1:46:35 - 1:50:45 Final Thoughts: 1:50:45 - 1:53:02 Outro: 1:53:02 - 1:54:49
If true, it sucks. Sorry for your loss OP. Especially when you’ve been diligently carrying it for years. To everyone else: it’s time to check our seed phrase. Once a year, once every six months, whatever. Make sure the seed and passphrase and XOR and your decoy and nursery rhyme and Charles Dickens and whatever clever fragmenting scheme you come up with, actually DO get your back a valid wallet.
I got ETH @ £200 & got ADA @ 0.10 & sold at @ £1.50 Worst moment was getting XOR - it went up to £600 & not is worth £0.02
I agree with everything you just said. And, yeah, I'm a big fan of Andreas Antonopoulos. I'm basically paraphrasing him when I say that the best form of security is the best that you can handle without leaving yourself in a position to be robbed. For me, the happy-medium of security and comfort with being able to handle it flawlessly is a 24 word seed with a strong passphrase. So many times in these forums, we see people post about their hardware wallet being hacked, but what actually happened was somebody found their seed words. With the words, you don't need the hardware wallet to access the coins. You can put those words into any wallet and swipe the coins. But if they'd used a passphrase, all the thief would have found is a wallet that's never been used (or a wallet with a little Bitcoin if the owner was using it as a decoy. I just leave mine empty). > As Andreas Antonopoulos usually puts it, every non-stantard decision you take regarding the storage of your BTC needs to be very carefully justified. Keep in mind: Seed+Passphrase is a Bitcoin standard. Multisig is also a Bitcoin standard. I would never recommend anything non-standard for securing Bitcoin. No way. Play it safe. > In a way it reminds me of seed-XOR I'm not a fan of Seed XOR at all. Multisig is actually a form of smart contract which says "these coins cannot be moved unless certain conditions are met." The conditions are based on the wallet was set up. 2 of 3 keys is the most common form.
Thanks for that detailed explanation, I see your point. You are adding one more hoop you need to jump-through to access the funds. Which increases security, but also makes the process a bit more convoluted, also increasing the probability that one day you forget WTF you did to store your funds. In a way it reminds me of seed-XOR, a cute idea, but I would use it carefully. As Andreas Antonopoulos usually puts it, every non-stantard decision you take regarding the storage of your BTC needs to be very carefully justified.
Flaky pseudo-random number generators strike again. Compare and contrast: https://coldcard.com/docs/faq > **Where does the entropy (randomness) come from?** > > It's very important the entropy (randomness) used to pick your master seed phrase is good quality. The COLDCARD primarily uses the hardware TRNG (True Random Number Generator), inside the main chip. This is a dedicated hardware subsystem that measures analog noise produced by a special transistor. > > The TRNG from the MCU would be sufficient, but we also maintain a PRNG which is mixed (by XOR) into the TRNG output. That PRNG is seeded once at boot up from the TRNG in each of SE1 and SE2. We limit the of use the TRNG present in the secure elements because the protocol involved is complex and slow. > > The 256-bit number from the TRNG⊕PRNG is then "whitened" to remove bias, by running it through SHA256. This means if your attacker was somehow able to make the bits be 10% ones and 90% zeros (but still random otherwise) it would not help them, because after SHA256 the bit distribution will be 50/50 again. > > During seed picking process, you have the option of "adding dice rolls" to increase the entropy and/or mitigate any possible manipulation. You can add as many rolls as you wish, and the entropy (about 2.5 bits per roll) will be added to the 256 bits of entropy already picked. > > You may completely bypass the above seed picking method, and use just dice rolls if desired. This process is documented in great depth here on our docs and includes a number of different ways to verify our SHA256 math for yourself. We even sell a package of 100 tiny dice so you can roll 256 bits of your own entropy in a single toss. > > If you do choose to roll your own dice, it is critical that you do it honestly and truly rely on how your dice fell. Do not press buttons arbitrarily or repeat the same roll a bunch of times. Humans are very bad at generating entropy!
Flaky pseudo-random number generators strike again. Compare and contrast: https://coldcard.com/docs/faq > **Where does the entropy (randomness) come from?** > It's very important the entropy (randomness) used to pick your master seed phrase is good quality. The COLDCARD primarily uses the hardware TRNG (True Random Number Generator), inside the main chip. This is a dedicated hardware subsystem that measures analog noise produced by a special transistor. > >The TRNG from the MCU would be sufficient, but we also maintain a PRNG which is mixed (by XOR) into the TRNG output. That PRNG is seeded once at boot up from the TRNG in each of SE1 and SE2. We limit the of use the TRNG present in the secure elements because the protocol involved is complex and slow. > > The 256-bit number from the TRNG⊕PRNG is then "whitened" to remove bias, by running it through SHA256. This means if your attacker was somehow able to make the bits be 10% ones and 90% zeros (but still random otherwise) it would not help them, because after SHA256 the bit distribution will be 50/50 again. > > During seed picking process, you have the option of "adding dice rolls" to increase the entropy and/or mitigate any possible manipulation. You can add as many rolls as you wish, and the entropy (about 2.5 bits per roll) will be added to the 256 bits of entropy already picked. > > You may completely bypass the above seed picking method, and use just dice rolls if desired. This process is documented in great depth here on our docs and includes a number of different ways to verify our SHA256 math for yourself. We even sell a package of 100 tiny dice so you can roll 256 bits of your own entropy in a single toss. > > If you do choose to roll your own dice, it is critical that you do it honestly and truly rely on how your dice fell. Do not press buttons arbitrarily or repeat the same roll a bunch of times. Humans are very bad at generating entropy!
The weakness of singlesig, in all its forms, including BIP-39 passwords, XOR and even shamir's secret sharing, is that in order to sign a transaction, every bit of the private key -- or all of the information requisite to assembling the private key -- must exist at the same time and place. And every time the private key is physically and temporally in one place, there is risk of it being intercepted. That's an unavoidable single point of failure. Every single time it is used to sign a transaction. The strength of multisig is that you can sign transactions without assembling all of the keys in one place. I can partially sign the transaction at one place and time, and finish signing it in a completely different place and time. There is no single point in time where you can take or coerce the key(s) from me. - Singlesig hot wallet is fine for petty cash amounts. If it is lost, no big deal. - Singlesig cold wallet is fine for amounts of money one might have in a checking account or small savings account at the bank. Losing it would sting, but you'd be fine. - Multisig cold wallet is the way to go when you have an amount of Bitcoin that would devastate you if you lost it.
Don't "split" seed on your own. Use either shamir(i think its not good anymore, research) or XOR or multisig.
XOR or (xor?) are we allowing for the possibility of doing both? In either case, Yes.
I have a similar setup but I added some complexity. For each of the keys I include a 24 character memorized passphrase during the multisig setup. For the physical copies of the keys, I split the passphrase, convert to hex and add them together to form a 12 word phrase which is the XOR cypher key you combine with the physical words to get the actual keys. If someone gets 3/5 of your stored keys you're safe as they don't have the cypher. If someone gets your passphrase and keys you're still safe until the attacker figures out how you manipulated the passphrase to decrypt your seed phrases. There's some additional detail here I'm leaving out for opsec.
get a cold card, use a duress pin and brick your HW. Dont attempt to memorize seeds, geographically disperse backups of either shamir, XOR, multisig or even just a passphrase so that the time delay it takes for them to get there even if you give them the correct place under duress, is so great they can't hold you for that long without increasing the risk theyre caught by a substantial amount.
\>XOR splitting is not necessarily cryptographically strong, consider SSSS instead. Sure you can decrypt a XOR cypher easily with paper and a pencil and all it's really doing is adding to the time required to brute force the passphrase if a sophisticated attacker finds both parts. Multisig and a strong passphrase lengthen that time much further. I haven't heard about SSSS but I'll look into it. \>its probably a lot better to memorize the mnemonic itself and not bother with extra word passphrases or splitting. Passphrases have the advantage of misdirection. If you have a small amount of btc on the non-passphrased wallet, the attacker may not look any further. I have the mnemonic memorized but it's good practice to protect yourself in the event of memory loss and store it in a manner that if someone finds it, it's not sufficient by itself. If you happen to forget your passphrase, there's a chance you'll still remember some parts of it and can make use of a script like btcrecover.
XOR splitting is not necessarily cryptographically strong, consider SSSS instead. > Passphrase memorized. extra words have no inherent opsec standards, so depending on how you chose the extra word it may have zero value. In general, if you dont have the ability to memorize 12 words, you dont have the ability to memorize a good enough passphrase its probably a lot better to memorize the mnemonic itself and not bother with extra word passphrases or splitting. In summary, nearly 100% of extra words are low value by definition - because doing what is necessary to make them strong makes you realize they are redundant. > it's just one key of a multisig. you still have the same storage issues for the other keys to overcome.
Seed phrase XOR split into 2 parts and stored on paper in different locations. Passphrase memorized. Even if you find both parts and the passphrase, it's just one key of a multisig.
Everyone has to determine for themselves the level of op sec that they're comfortable with. There are some advantages to being on the extreme end (multisig, passphrases, XOR ciphers, etc): If you know what you're doing you can eliminate any single point of failure. I think it takes some diligence to understand and test your recovery process and identify all possible attack vectors. If you're someone who has a portion of your life savings in bitcoin then it's worth considering.
No, not really feasible unless maybe you dedicated your entire life to it. The BIP-39 algorithm requires 2048 iterations of PBKDF2, which itself uses HMAC, which is 2 SHA-512 applications, which are each 80 rounds of compression, which each require hundreds of 32-bit binary gates (XOR, AND, bit shift, etc.) So you are looking at something like \~30 million applications of binary arithmetic that have to all be exactly correct. Oh, and also there is the elliptic curve math you have to do by hand, but that is nothing compared to the hashing.
1. Trezor is trash, Coldcard is the way. Don't trust USB. 2. A compromised phone could have snapped a picture of your seed phrase or recorded you inadvertently speaking it aloud while writing it down. 3. In the future if you are REALLY paranoid use two coldcards in separate locations and an XOR wallet. Then an attacker would need to compromise two devices.
https://github.com/mmgen/mmgen/wiki/XOR-Seed-Splitting:-Theory-and-Practice
Look at seed XOR. It helps you in this
I can't speak for the others, but since you've successfully implemented BIP85, to improve the security of the master seed phrase, for IRL security reasons, I'd appreciate the Seed XOR feature.
Here’s another article. [https://thebitcoinmanual.com/articles/achilles-heel-btc-hardware-wallets/](https://thebitcoinmanual.com/articles/achilles-heel-btc-hardware-wallets/) I think it’s important to note that it would be hard for a wallet manufacturer to hide this attack. It would probably have to come via the secure element manufacturer. Shift’s approach is no better than the multisig approach with heterogeneous hardware wallet strategy suggested in the above article. Because a general purpose machine running their companion app could just as easily have a hardware backdoor as a secure element chip. Honestly I think a better “protocol” for dealing with this attack would be as follows: 1. When setting up a new hardware wallet, prompt the user to generate enough entropy via button mashing or dice rolls, to seed a PRNG. 2. Allow the user for each Tx to view the internally-generated nonce, along with the next value in the seeded PRNG sequence, as well as view the value of them XOR’d together. 3. Use the XOR’d value for the nonce. 4. On another machine, a researcher or user can verify over time that the sequential values from the seeded PRNG sequence are as expected (since it is a deterministic sequence). This should only be done on a forever-offline machine though to make sure the seed doesn’t get leaked. 5. On any machine (even internet-connected), can verify that the XOR’d nonce displayed on the screen in (2) is actually the one in the Tx. I’m not very familiar but it seems like the companion app approach that Shift Crypto is taking means that it is hard to do with air gap, because there is this communication that needs to take place. For me air gapping is more important than this possible covert channel attack which would require IIUC a backdoor in the secure element or the MCU. Unless hidden inside some chip, it would be possible for researchers to detect by probing the hardware. But if my sketch “protocol” above is good, I think coldcard and other wallets might as well implement it; there is basically no cost, the normal workflow stays the same, there is just one additional initial setup step for an ordinary user; they get prompted for some entropy to generate the seed.
XOR No point typing anything further about it since no matter what I say I will just be seen as shilling. It's a pity we can't really all have an unbiased discussion about some of these coins we're all mentioning, without it degenerating into a shiller's paradise.
OP has no clue # Seedphrases also doesn’t tell you much Are we going to do Seed XOR Passphrases Multisig There are too many possibilities to answer OP’s question with a one-dimensional metric
This is what the original trezor used as their main recovery method, but it is not very good. With 24 word seed phrases you're reducing entropy from 256 bits down to 79 bits, which might be enough currently but not in the future. With 12 word seed phrases this is not safe at all. It's much better to use seed XOR or SSS.
There's a bunch of stuff you can do to your seed phrase, that can help with safety and recovery. 1. Make multiple copies. Obvious, but you'll be so glad you did. 2. Password-protect it. There are techniques to safely encrypt text using a password (I personally just XOR the ascii). Then save both the password and the encrypted seed separately. 3. Cut it up. Cut the key in two equal halves (or 3 thirds), and store each separately (ideally multiple copies of each). Best done with a 24 words seed. 4. Save it in multiple formats. I personally save both the bip38 "word-based" seed, and the hexadecimal separately. You can also convert the data into qrcodes, on top of normal storage, not instead of it. 5. Add a checksum. There are plenty of ways to checksum both text, and the hexadecimal private key. This allows making sure it hasn't been corrupted when you recover it, and if something does go wrong, it might help with reconstituting the correct key. 6. Use multiple wallets, save your funds in multiple different private keys/wallets/locations, this makes it so if you lose any of them (you shouldn't if you follow good procedure), you will only lose a part of your funds, not all of it. 7. Use multiple techniques: I personally use most of what is listed here, with different "parts" of the key stored on different continents, password protected, in multiple formats, in very safe places, including one part somebody else chose/I don't personally know, making it so I can't say where it is even under torture. My lawyer has a letter explaining how to recover everything, for my next of kin. Part of the process means it would take at least a few weeks to recover everything, which would probably be too long a wait for thieves. Of course I don't own that much Bitcoin, this is all more of a fun exercise, but maybe someday I'll actually need all this.
Polkaswap on the Sora(XOR) Network. Polkadot ecosystem
Cold card is not difficult at all. If you want to use it the same way as a Trezor and plug it in via USB, go for it. With a cold card, you can upgrade to more secure features like passphrases, air gapped psbts, seed XOR, ephemeral seeds, etc, whenever you feel comfortable. Nothing is forced on you. I would try to stay away from using a HWW with the manufacturer's software. To me, that's putting your eggs and trust all in one basket. Use a software like Sparrow wallet or Electrum to access your signing device's keys. Sparrow is very user friendly IMO.
Again personal experience only, people may disagree. Out of the three, trezor and ledger are pretty similar when it comes to ease of use. I like trezor for its higher res screen showing more info at one time. My old ledger has a lower res screen but the new one these days seems to have caught up on that. Coldcard is infinitely more customisable and has a bit of a learning curve to it. And to be honest I prob don’t need half of the features it offers, you can get really fancy and nerd out on all these brick pin and decoy pin and XOR and multiple passphrases saved on SD etc etc etc. It certainly feels a bit more intimidating when using a coldcard compared to the other two, because I feel that I don’t fully understand the implications of each of the weird options and I fear that I may mess things up without knowing. but that’s just me. I love the way I can throw some dices to come up with truly random seed phrase myself on coldcard. Not aware it could be done easily on the two others. What I like about Ledger the most is this pretty unique feature where you can assign one pin to a wallet, and then another different pin to the same seed but with a passphrase. So I can plug in the nano, typing either of the pin and get me to two wallets both protected by the same seed, one with passphrase one without. one could be a decoy another could be the real stack etc. Coldcard with all its deep fancy features, do lack something similar afaik. On the coldcard you can either enter manually the long passphrase each and every single time (dozens even hundreds of clicks), or you can save the passphrase on the SD card so that it reads the passphrase. Advantage is you can have more than one passphrase but personal I really like the simplicity of the ledger implementation. I get that ledger is not fully open source and so on, but I just feel that it’s a good product overall. It’s cheap, it has a secure element that a trezor lacks, it works well with sparrow and electrum if you don’t like its ledger live software. I hate the fact that it caters for all the shitcoin rainbows out there, I only have the bitcoin app installed but i think it’d be even better if it offers a bitcoin only firmware like Trezor does, oh well nothing is perfect.
Complexity is your enemy in a multi sig setup. I would use three different keys, all etched in steel, without a passphrase. Think about what your family would need to restore in the event you are gone. A passphrase is something that would be far more difficult to determine and use after the fact. Just use a 2 of 3 scheme with standard everything. If you want to get real fancy, use seed XOR as a secondary back up to your main keys. https://seedxor.com/ Again. Keep multiple copies of everything on metal so it won't burn it dissolve. And keep a copy of the descriptors and xpub info with every seed.
Splitting words is really bad. Get shamir or XOR or multisig.
OP is either a troll or a complete idiot. This is an “OR” and not an “XOR” operation.
Yes we can; Information is Not (0 XOR 1)
This is not what I mean. I have limited knowledge about quantum computers but in terms of breaking SHA I mean a way to effectively find the nonce used in mining. Maybe something similar to Simon’s algorithm. Because of the symmetries in unitary gates, unobserved XOR/CNOT states are reversible, thus something similar to performing SHA on 256 qubits in superposition then applying Simon’s algorithm and reversing it could find the 256 -> 256 bit mapping of inputs and hashes. Not reversing a 4TB hard drive but given a hash produce the 256 bit input that would produce it. Although as I said my knowledge is limited and Simon’s algorithm might be of no use here.
[Here](https://cp4space.hatsya.com/2021/09/10/hamming-backups-a-2-of-3-variant-of-seedxor/) is an interesting read for a 2of3 XOR seed backup. Kind of like multisig behaviour but with a single sig footprint on chain, so you have plausible deniability in a wrench attack and can surrender a less valuable quantity of BTC attached to one of the N parts.
Or seed splitting: https://github.com/mmgen/mmgen/wiki/XOR-Seed-Splitting:-Theory-and-Practice
I mean, it's not impossible, but again, that would be weird and I've never seen it before. Google around for HEX to WIF conversion tools I guess, but obviously be aware that anything you find could be stealing private keys that get entered. It could also be possible you have two values that XOR to the private key, or that the real private key is every even bit, or a thousand other weird things. Of course, that way lies madness, because you can't prove it *isn't* secretly one or more bitcoin private keys.
Yeah I also think of that as a weakness in my potential setup. I find everything a bit too complicated. Between having a 2 of 2 multi sig (ColdCard x Blue Wallet) and having a single sig using seed XOR ( one ColdCard), which one would you recommend and why for ease of use if it’s for long term holding?
XOR has another pretty serious disadvantage. It's something subtle that many people miss. With true multisig, you don't ever have to bring all of the keys together. You can partially sign a transaction, one key at a time, until enough keys have signed it. Which means there need never be a single point in time and space where the keys sufficient to sign can be lost or stolen in one fell swoop. If the keys are always geographical dispersed, it would take a much larger effort to take them. With other multi-key schemes, the keys themselves must come together which provides a convenient opportunity to steal them all at once.
Yes, XOR is a solid choice as long as you're absolutely sure you're not going to lose any of the pieces. Its main disadvantage compared to multisig is it only supports N-of-N splits whereas some of the more advanced methods can do M-of-N (e.g. 2-of-3, 3-of-6, etc.).
There is SORA XOR, considered a currency and used for productive purposes, not degenerate speculation like the examples presented above
Fuck it let’s ban it entirely because we all know better and nobody listens anyways. BTW have you seen the great yields you can get on Binance? Many people say they are really reputable and CZ is a great dude, good friends with SBF. We need to stop catering to the new people, and only post things for the *real* Bitcoiners. We need PSA’s about coin control and proper UTXO management. How and why your xpub should be private. The privacy implications of connecting a wallet to a public node. Which node implementation to run, and how/why it should be run behind tor. Multi-sig cold storage and proper execution of the glacier protocol. Using seed phrase encryption methods like seed XOR. How fedimints leverage chaumian mints to created distributed federations and increase privacy through blinded signatures. Air gapping your hardware wallet, and introducing proper entropy through dice rolls when generating your private keys. Coin joins and the differences between whirlpool and Wasabi. Layer 2 protocols, Segwit, Taproot, Taro, Drive Chains, Side Chains oh my!
How do you get data for coins such as XOR and PSWAP? Ceres works with Sora network and doesn’t have all the data that CoinGecko has such as market cap like you do. But you also don’t have burn rates and data like that. That would be nice. Token supply predictions as well for directional inflation-deflation
XOR- its the only token in which creation and allocation of purchasing power makes sense in terms of a monetary system.
So how does the mathematics of Spiral work? You don't have to dumb it down too much but is it a similar idea to how we can XOR random data with real data, and the output looks very random (just as random as our XOR sheet) and then later, when we want to "Decrypt" we just re-XOR with our original random data, and we get back our real data Is it a mathematical magic trick like that?
Correct, “or” here need not be an XOR. 😆
It's not so much *won't work* as *it depends*. "Shamir style" splitting of a seed could mean many things. Shamir's Secret Sharing Scheme is a SPECIFIC solution to the general problem of splitting a secret (such as a seed) into multiple shares *such that no share, by itself, reveals any part of the secret*. Contrast this with simple splitting, for example breaking a 24 word seed into three 8-word shares (for 3-of-3 splitting) or three 16-word shares (for 2-of-3 splitting) and giving them to trusted friends for safekeeping. A friend with one 1-of-3 share knows 1/3 of the secret. A friend with one 2-of-3 share knows 2/3 of the secret. We can use math to split a secret into shares such that each share by itself reveals NOTHING about the secret. The simplest solution, which works only for N-of-N splits, is to use XOR-based bitwise operations: Create N-1 strings of random bits exactly as long as the binary representation of the secret (excluding any checksum bits), then XOR all of those random strings with the secret. The result will appear just as random as each of the input strings. Only the result and each of the random strings TOGETHER reveal information about the secret. To reconstruct the secret, just XOR the result string with each of the inputs, in any order (which, if you think about it, proves there's nothing special about the "result" string; once you've calculated it it's just one of the N shares, same as every other). Coinkite's [Seed XOR](https://seedxor.com/) works this way, and while Seed XOR is implemented in firmware on their ColdCard wallets, they also make it available in PDF worksheets so you can do it completely offline, by hand, to prove to yourself that it works. The shortcoming of XOR secret splitting is that it only works for N-of-N splits. To do 2-of-3, 2-of-4, 3-of-5, etc., you need a more advanced algorithm. SSSS is one, but there are others. This is where vendor dependence becomes an issue: if you don't know which method the vendor used to split the secret, or if you don't know EXACTLY AND PROVABLY HOW they split the secret, you may run into trouble reconstructing the secret years down the road.
I have Sora(XOR)/Polaswap(PSWAP) and they sent an Open Letter to SriLanka to use it’s crypto. It’s one of the only cryptos with a Physical bank and it sells NOIR Wine to help fund the developers. Not tryna advertise, but it’s a crypto with good Tokenomics They release DEO Arena(Game) in 2 days or so.
What’s been your biggest win & loss? Mine is selling Ada for 10x purchase price & loss is XOR
Another option is seed XOR, splitting the seed into two (or more) parts but still only one master seed that is derived from those parts. This might be less complicated and have fewer constraints than multi sig
It’s almost quite amusing seeing my £6 XOR being what it is
Try not to choke on the orange pill too hard. The average Joe the Normie will not want to bother with passphrases and live the risk of losing access to their funds because of their error. There will always by cypherpunks who have their seed XOR distributed, run their own node etc., but for the vast majority of people the future is to hold their funds with centralized entities where their funds are insured from fraud and there are legal means to recover them (which is not the state of game currently with crypto pseudo-banks the likes of Celsius or BlockFi).
https://sora.org/pub/The-Case-for-XOR.pdf
There's a good explanation for this in the link I shared. It's under the "use case for XOR" PDF
I might be mistaken about their firmware, I can't remember the details. > I guess the other gripe I have with ledger is, they aren't bitcoin focused. They keep adding more shitcoins. I too hate this about ledger. > Also, I own 2 ledgers. One for me personally and one for my business. I can use Ledger Live to view the wallets/accounts on both at the same time. Their only capability to connect to your own node is experimental and it only allows you to connect one device, AND you have to run a sidecar app. My favorite hardware wallet is the ledger but I would use it only for signing, I would not use ledger live whatsoever. I would watch the wallet using Electrum and Electrum Personal Server. > Thinking about XOR seed phrases with a passphrase on the resolved private key. I prefer multisig over user space shenanigans such as XORing seed phrases, SSS, etc. You could still use a passphrase.
Thanks, I was unaware of this. However it still appears to be a slice of their code... Just the bitcoin app that gets invoked from the parent app? I would also be very interested to find out their firmware is open source. I guess the other gripe I have with ledger is, they aren't bitcoin focused. They keep adding more shitcoins. Also, I own 2 ledgers. One for me personally and one for my business. I can use Ledger Live to view the wallets/accounts on both at the same time. Their only capability to connect to your own node is experimental and it only allows you to connect one device, AND you have to run a sidecar app. I can use Sparrow wallet with both ledgers and easily connect to my own node. I have a ColdCard mk4 in hand, but I'm deliberately moving very slowly setting this up because I want to be absolutely certain I have the right security strategy in place. Thinking about XOR seed phrases with a passphrase on the resolved private key.
Yes, coldcard makes it easier and they were the ones that introduced it afaik. But what makes it even cooler is how it isn't hardware dependent and can all be done on paper. It works with any hardware wallet is my point, but of course thank you coldcard and of course it can be easier to produce your seed XOR words with a coldcard. If you are looking for one, I definitely recommend it. If not, you can still use the seed XOR technique.
Seed XOR is supported by Coldcard out of the box. Someone stealing your seed plate wouldn’t recover all funds without knowing which other plates you have 😎
\> \[citation needed\] [https://www.rfc-editor.org/rfc/rfc6979#section-3.2](https://www.rfc-editor.org/rfc/rfc6979#section-3.2) You are right, it HMACs a blob carrying the private key at some point. You could maybe XOR R with the private key and try to extract bits of the key that way, across thousands of transactions. Then again the general recommendation is to never reuse addresses. Then again, a lot of people/exchanges don't abide by it >\_< \> Other than the signatures, there's probably some margin too with the order of inputs and outputs, and others. You can extract a few bits at a time to get the xprv after multiple transactions. Segwit let's you generate the txid prior to signing. But... you can still embed about anything you want in the witness data. Life is never so simple. \> Don't get me wrong, I understand that all that is nothing more than theoretical concerns, and that there are good reasons that the Ledger is closed source. Indeed, I prefer their more secure design over the alternatives (Trezor, Coldcard), but it'd be great if it could be fully open. I'm not defending Ledger here. I wouldn't use software manipulating private keys that isn't open source, regardless of what hardware it runs on. My point is that if you doubt the signer software, extracting the raw signed tx to decode with another piece of software is as good a sanity check you're going to get. This of course is only works in the context of offline signing.
It depends on what you expect of the passphrase. Imagine a physical key (the important parts of it) split into 2 parts. The bigger part of the key has most of what is needed to open a lock. Most setups are like this. If your passphrase is compromised, it's all good, the seed is impossible to guess but if someone gets your seed, the passphrase is as secure as a password to a website. It's often less than you think. So as long as you concede that the seed is still the most important part, it shouldn't be considered safe because of the passphrase, then you can treat the passphrase as a time delay protection. An attacker *will* break into your wallet, but the passphrase dictates how long it would take. As long as you get all of that, then you understand that the passphrase gives you the ability to empty the wallet before anyone else as long as you have a way to know when the seed has been compromised. If you will monitor the seed yearly, you need a very secure password. Song lyrics is not a great idea as that will probably be in a hackers dictionary attack tool (including variations) If you will monitor it weekly, it might be good enough as long as you take concerns seriously. I like seed XOR btw. It gives you 2 parts that are both hard as fuck to guess making it pretty versatile. Call Paula
The whole Sora network coins, XOR , PSWAP, CERES.. sold them few months ago for ETH.
I hear you, and I feel you. Too many of us go through the journey and the forget what it was like when they got involved. Everyone starts from zero, catches up, and then reads new articles thinking that everyone else is on the same page. The problem is that no one knows everything, there is still a lot to learn, and a lot of the new content coming out is often already known to many but re-written from a new angle or with more recent supporting data. Don't worry about the critics, they're just trying to make themselves feel better, to feel like they've made it past a milestone, but until they realise that they still know nothing, they haven't really learned what they think they have learned. My knowledge is not from any single source, and so I cannot recommend a single one, but I can try to list a few that I have seen recently or that I remember: - Hot to Cold wallets: https://www.youtube.com/watch?v=Aji_E9sw0AE - Reviews for seed backup products: https://jlopp.github.io/metal-bitcoin-storage-reviews/ - BTC Sessions does reviews of many warm (hardware) and hot wallets: https://www.youtube.com/channel/UChzLnWVsl3puKQwc5PoO6Zg - Seed XOR: https://seedxor.com/ - Shamir's secret sharing scheme & multi-sig: https://medium.com/clavestone/bitcoin-multisig-vs-shamirs-secret-sharing-scheme-ea83a888f033 - The extent to which someone can go to crack a hardware wallet: https://www.youtube.com/watch?v=dT9y-KQbqi4 Ultimately, you will need to learn a lot and take your time; honestly, keeping your funds with a custodian while you are learning and familiarising yourself with this new security paradigm is not a bad idea. Custodians can go bad at any time, but it's less likely that a custodian will go bad by the time you are ready for self custody, than it is likely that you lose or compromise your bitcoin trying to practice security without first learning and then practicing with small amounts first.
Very bad idea. Use FULL mnemonic on one, passphrase on the other stored apart. SSS sucks too, XOR maybe a bit better. Multisig best but complicated.
A tamper evident bag provides a simple way for the user to potentially identify whether someone has attempted to access the contents of the bag. Seed XOR seems like it can become pretty difficult to manage on top of multisig, it seems like it’s better suited for single sig. Most people don’t have enough physically secure locations to do multisig plus split their seeds into multiple parts. It also seems like it would make doing regular health checks of each seed more involved.
It seems like seed XOR would be more risky in the sense that you have to combine the pieces in 1 spot vs multisig you can go from location to location signing the transaction in a separate location on a separate device. Is there some advantage to seed XOR?
Coldcard Seed XOR is a plausibly deniable way of storing secrets in two or more parts that look and behave like the original secret. One 24-word seed phrase becomes two or more parts that are also BIP-39 compatible seed phrases. With Seed XOR, you can split the words you have already in your Coldcard, making two, three or four new seed phrases. You can also combine many seeds into one. Take any number of existing seeds you have, and combine them to make a new random wallet that is the XOR of their values – creating a new 24 word seed. These new seed words (parts) can be individually loaded with honeypot funds as each one is a unique 24 word seed phrase.You can store funds on the seeds of any part, and any subset of parts, which opens even more duress options. A honeypot in this instance is a decoy wallet used to mislead attackers and protect your main bitcoin stash. https://www.keepitsimplebitcoin.com/coldcard-seed-xor/ Note: You don’t have to have a ColdCard. There’s a worksheet you can use. https://seedxor.com/files/worksheet.pdf
seed phrase + passphrase is essentially a 2-of-2 setup. If you lose either part, you're locked out of your funds. I'd suggest either multisig that has extra redundancy or buying a few pairs of backup plates and doing [Seed XOR](https://seedxor.com/). Comparing self custody to a custodial retirement account is applies and oranges. Only one of them is unrecoverable if you experience a failure.
Here’s a small story of misfortune on your Wednesday.. I bought an XOR coin for £100 a year ago, I then watched it rise to £600 but didn’t sell, that coin is now worth £49, and I think it would cost me more in ETH fee’s to sell it than I’d get back for the coin.. happy Wednesday!!
Multi-sig is a tool. We usually say that there is a spectrum between Security <--- and ---> Convenience. The thing is, there is no such thing as absolute security, and removing too much convenience becomes a security risk. Making a spend 10 steps provides 10 ways you can make a mistake and the more times you spend, the more at risk your setup becomes. In some cases, you might expose enough to lower your security but not in any meaningful way, but over time, in a world where data is never lost, these small breaches may end up exposing the whole setup. So what do I think about multi-sig? It is a good system to help distribute the responsibility of security of funds across multiple people to secure a large sum of money, but we should never mix large pools of money with frequently moving pools of money. ALWAYS have a smaller wallet with which to do business with and a larger one for savings. This is basically the checking + savings account model, and it may sound obvious, but it isn't to many because we tend to think of Bitcoin as one thing that should be kept in one place for ease of mind. What do I think of nunchuk? It is a tool to help people coordinate by giving them private messaging and an automated way of signing transactions in collaboration. It brings back convenience but of course it also removes from security a little too. Bugs, hacks, etc on the software level can automatically leak data just like people can. The good news is that if you are not the most technical person, the software is 100x less likely to expose your security than yourself. This makes nunchuk a great tool to manage a multi-sig across people when your weakest link is not super technical. It enables families and businesses to reasonably have access to share responsibility over large funds. That is a great tool IMO. It just isn't a silver bullet. It also allows people who are scared to use Bitcoin share the responsibility with someone(s) who is more competent. What I dislike about multi-sig: Many people talk about the personal security you can gain by distributing the keys geographically. Multi-sig for an individual makes much less sense to me. If you are worried that someone might break into your home and steal your keys, then having the key fragmented is a good idea and splitting your backup manually is not secure. Multi-sig is a safe way to split your key, but there are other solutions too like Seed XOR or memorising long passphrases. Geographically distributing keys increases the risk of human error. If you need to travel physically to move funds, how do you ensure that you are not being tracked? You can make the key accessible online but surveillance is MUCH easier in a digital internet connected environment in the same way as access is much more convenient. In both realms, you have constant tracking and data collection: CCTV's vs Data sniffing of your internet activity. Both are constantly on, although not necessarily actively searched unless you are a person of interest. TLDR; nunchuk is great in theory. I need to play with it sometime in the future. I like that they are looking to get rid of the email integration since the Canada incident, but I raised this with them a while before and they didn't have the appetite back then. They said "you can use a fake or unique email, but we need it for secure messaging and account recovery" but when cooperating with family, that's not good enough, family isn't going to create fake emails with you. Look forward to seeing their non-email solution.