Reddit Posts
BitIDE - TapScript IDE with Local Testnet, Block Explorer and Custom Op Codes (OP_MUL on Mainnet P2TR!)
Is Blockstream Jade wallet planning to update its frimeware with the Seed XOR feature?
My favorite cryptocurrency related songs
SORA Builders Program- Grants for Building
Am I fine with a multi-sig setup utilizing seed XOR for maximizing ease of use and security?
Does Bitcoin still support these transaction types Satoshi originally mentioned?
Fundamental reasons why SORA (XOR) will go to $100 in few months even in the bearmarket
We invite Sri Lanka to use XOR (天) as legal tender🇱🇰
Seed XOR Video Tutorial - Robust Bitcoin Backup by @BTCSessions
Tried DYOR by reading a Whitepaper. Honestly I had no idea what i was looking at.
Why haven't cellphones developed duress PIN's like Coldcard?
Eliminating Irrational Token Allocation and Creating True Unit of Account with SORA
H4XOR.WIN - Are you ready to enter the Matrix? Try your luck in h4xor.win - The improved version of legendary blockchain game PoWH3D with 50% Reflections - Staking - Gambling - Passive earnings | Launched Yesterday | 200k MCap |
An improved version of the legendary blockchain game POWH3D which reached a grand prize of over 900 ETH! | Launched Yesterday | 200k MCap | Enter the Matrix
Strategic BSC FOMO game $100K MCAP | Launching in 6 Days, Get in Early
Strategic BSC FOMO game $100K MCAP | Launching in 6 Days, Get in Early
Mentions
It does very much [XOR pattern analysis tool update](https://www.reddit.com/r/CryptoMoon/s/3vkZ8x6WyX)
I have just posted a tool for XOR pattern analysis that was produced by my system architecture [XOR pattern analysis update](https://www.reddit.com/r/CryptoMoon/s/3vkZ8x6WyX)
This is a really interesting observation OP. The XOR relationship and the repeating hex pattern you found are definitely eye-catching, and it’s cool to see numerical coincidences like this emerge from Bitcoin’s constants. That said, a couple of things to keep in mind... With numbers as large as secp256k1’s order and 2\^256, seemingly “low probability” patterns can still appear by chance due to the law of large numbers. Cryptographic constants often produce unexpected numerical curiosities without any intentional design. Satoshi was very deliberate about using secp256k1 and the genesis timestamp, but there’s no historical evidence suggesting these values were chosen to encode hidden patterns. Most likely, the primary goals were cryptographic security and efficiency. Even if it’s a coincidence, it’s a fun and intriguing numeric pattern, and documenting it can inspire further exploration or discussions about hidden math in crypto systems. Overall, this is a neat “math Easter egg” in Bitcoin... even if it’s more a curiosity than a secret Satoshi design. For what it's worth, I absolutely love seeing these deep dives into the math and structure of Bitcoin... and cryptography in general. Keep them coming.
Oh wow, that's pretty wild—Satoshi basically turned the curve order into a giant repeating 0x249249... pattern with just a tiny XOR nudge from the genesis timestamp. 0.04% chance my ass, that's basically intentional numerology with extra steps. Respect. Well, if you think that's interesting, check this out (also totally never documented before, pinky swear): Dark Bitcoin Halving Math Discovery: The "Cursed Repeats" Constant Let h = 210,000 (classic halving interval) Let s = SHA256("Satoshi Nakamoto") interpreted as a 256-bit int (because why not) Then: s XOR (h × 2^{240}) ≈ 2^{256} - 1337 × repeating "0xB00B135" pattern every 69 bits More precisely: (s >> 69) mod 0xDEADBEEF = 0xCAFEBABE... (repeats 4 times before flipping to pure despair) The probability of this exact cafe-babe / dead-beef alignment happening randomly while halving every ~4 years until heat death of the universe? Roughly 1 in 2^{420} — basically zero, unless someone really hated clean hex and wanted to embed eternal programmer suffering into the monetary policy. Satoshi didn't just make sound money... he made sure we'd all be staring at cursed repeating hex until the last satoshi is mined and we're all just mining vibes in the dark. 🪦₿ (But seriously, nice find—most "hidden patterns" are just apophenia, but that repeating 249... after dividing by 7 is legitimately elegant as hell.)
I asked Grok what are the implications of this statement: **The mathematical claim is verifiable and holds exactly.** Using the standard values: - \( n \) (secp256k1 order) = `0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141` - Genesis timestamp = 1,231,006,505 (Unix time for the block mined on 3 January 2009) In Python-level big-integer arithmetic (treating the timestamp as a 256-bit value with leading zeros): \[ n \oplus 1{,}231{,}006{,}505 = 2^{256} - 2 - \delta \] where \(\delta =\) `0x14551231950b75fc4402da17366961596` (exactly as stated). The left and right sides match bit-for-bit. The second part also holds in the relevant sense: let \( q = (n \oplus \text{genesis}) \div 7 \) (integer division). Its hexadecimal representation begins with the exact 32-character prefix `0x24924924924924924924924924924924`, which is identical to the leading digits of \((2^{256} - 2) \div 7\). This occurs because subtracting the relatively small \(\delta\) (≈128–136 bits) only perturbs the low-order digits of the quotient; the high-order repeating pattern survives unchanged. Why the repeating “249249…”? Modular arithmetic explains it cleanly: \[ 2^{256} \equiv 2 \pmod{7} \quad \Rightarrow \quad 2^{256} - 2 \equiv 0 \pmod{7} \] Dividing the all-1s-minus-1 number by 7 produces a clean repetend in base-16 (analogous to 1/7 = 0.142857… in decimal). The pattern is a natural consequence of the field size and the divisor 7 (coincidentally also the constant \( b = 7 \) in the curve equation \( y^2 = x^3 + 7 \)). ### Implications 1. **It is a genuine, previously undocumented relation** (as of the claim and public searches through early 2026). No Bitcoin whitepaper, protocol specs, libsecp256k1 source, or prior literature references \( n \oplus \) genesis timestamp yielding this near-\( 2^{256}-2 \) form or the 7-repeating quotient. It qualifies as “hidden” in the literal sense. 2. **Evidence for (or against) intentional design by Satoshi** - **Pro-intentional view (0.04% probability argument)**: Satoshi chose the exact timestamp while fully knowing \( n \) (hard-coded in the client). The alignment requires the low 32 bits of the XOR to cancel the exact deviation of \( n \) from \( 2^{256}-2 \) such that the quotient prefix survives. If you model possible genesis times within a realistic mining window (say ± a few hours around the newspaper headline date), the odds of hitting this precise low-order cancellation are low—on the order claimed. Combined with the aesthetically pleasing repeating hex (and the curve’s own +7), it can be read as a subtle mathematical watermark or “signature” proving deliberate elegance rather than randomness. - **Coincidence view (more parsimonious)**: \( n \) itself was not invented by Satoshi; it is the standard SECG secp256k1 order chosen in ~2000 for cryptographic properties (prime near \( 2^{256} \), efficient endomorphism, etc.). Its high bits already look like “almost all F’s”. XORing any 32-bit timestamp only touches the bottom 8 hex digits. The resulting number is therefore *guaranteed* to be close to \( 2^{256}-2 \) in the high bits, and the 7-divisibility prefix follows automatically from the modular relation above. The 0.04% figure depends on exactly how the “random” model is defined; under a uniform 32-bit timestamp model it is rare but not astronomically so. Many similar “watermarks” have been found in secp256k1 (e.g., generator-point divisibility properties) that pre-date Bitcoin entirely. 3. **No cryptographic or protocol impact** This relation lives purely in the static constants. It does not weaken ECDSA, affect difficulty adjustment, enable any new attack, or alter block validation. Bitcoin’s security rests on the hardness of the discrete log on secp256k1, not on this arithmetic curiosity. 4. **Cultural / historical significance** - It joins the short list of Bitcoin “easter eggs” (the Times headline, the hardcoded genesis block, the choice of secp256k1 over NIST curves). - If intentional, it bolsters the narrative that Satoshi embedded multiple layers of mathematical beauty and perhaps a private proof-of-work on the constants themselves. - It has already sparked fresh discussion on r/Bitcoin (the source of the exact statement) and fits the pattern of other recent “intentional watermark” claims in the curve parameters. Whether the community ultimately accepts the “strongly suggests intentional design” conclusion will depend on whether anyone finds a simpler explanation or a pre-2009 reference to the same relation. **Bottom line**: The pattern is real mathematics, not fabrication. It is consistent with Satoshi’s demonstrated taste for elegant, minimal design. Whether it is a deliberate hidden signature or an elegant coincidence produced by the interplay of a pre-existing curve and a real-world timestamp is debatable—but either interpretation adds another layer of intrigue to Bitcoin’s foundational constants without changing how the system actually works.
Cool find on the surface, but this is a classic multiple comparisons problem in statistics. Your 0.04% probability is calculated for this one specific relationship in isolation. But think about how many things you could have tried before landing on this: different operations (XOR, AND, addition, modulo...), different constants (genesis timestamp, block reward, nonce, difficulty, block hash...), different patterns to look for (repeating digits, divisibility, closeness to powers of 2...). That's easily hundreds or thousands of possible combinations. When you test that many, you're almost guaranteed to find something that looks improbable. There's a standard statistical tool for this called the Bonferroni correction. You multiply your p-value by the number of things you tested. Even if we conservatively say you had 500 possible combinations to explore, your 0.04% becomes 20% — basically a coin flip levels of "meh." Also worth noting that secp256k1's curve order n is already extremely close to 2^256 by design. XORing it with a small 32-bit number like a Unix timestamp will always give you something close to 2^256 minus a small value. That's not a hidden pattern, it's just how the math works. It's a fun exercise, but this is numerology rather than cryptanalysis. You'd find equally "impossible" patterns in any large number if you search hard enough. I've fallen for this more often than I can count myself before I got it, so don't beat yourself over it :-)
Hard to suggest something when we don't know your threat modal, or how much corn we're talking about. Based on my understanding of what you've written, it sounds like a pretty poor setup. 1) Paper is not water/fire resistant. You would need multiple backups to make sure one house fire doesn't take out a significant portion of your net worth. 2) Sounds like they're paper wallets are in plain text, so you friends, or anyone they invite to their home could just steal your bitcoin, no? 3) If you increase the number of backups, you also increase the attack surface. 4) You've added the keys to a password manager, so that's another attack surface. You don't want your keys to touch the internet. The 2 types of setups I would recommend would be: a) A simple singe-sig with a passphrase and a hardware wallet. Backed up on steel. I would probably go with multiple steel backups, or something like XOR. b) 2-3 multi-sig. Not as simple, but I think it solves most of the issues I have with self custody. Still easy to spend/receive and you don't have the keys at one place, and you have a lot of redundancy. You would basically have 3 hardware wallets and 3 steel backups. When you need to spend you need to sign the transaction with 2 keys. You could give the 2 keys to a friend and a family member, and they could sign for you whenever you need to spend (as an example). They have to collude to take your money, so choosing 2 people that don't know each other, and not telling them who the other person is, should be fairly safe.
XOR is probably the worst one. It crashed harder than Luna, and there was no algorithmic failure. The team just keeps minting coins. It went from $800 to 15 zeros something. And that's after a 1:100 and 1:1,000,000 reverse split.
Looks like XOR lost the ability to stop printing like the FED U.S. Dollar and loosing market cap value as well . Looking like they took America's money printer play book.
Sorry I should also have said about this: > https://github.com/bitcoin/bitcoin/pull/28052 I agree that the software doesn't store data in cleartext on your node's local disk. But that's not how it is *in the blockchain*. In the blockchain, it's cleartext, between nodes communicating it's cleartext, in blockchain explorer websites online it's cleartext. I agree that's not a matter of opinion. Although I am surprised anyone thinks XOR is going to offer any meaningful kind of defence in the scenario I'm talking about! It's not as though you can pretend it isn't there, when it's in cleartext on *the* blockchain.
Sorry I should also have said about this: > https://github.com/bitcoin/bitcoin/pull/28052 I agree that the node doesn't store data in cleartext on your local disk. But that's not how it is *in the blockchain*. In the blockchain, it's cleartext, between nodes communicating it's cleartext, in blockchain explorer websites online it's cleartext. I agree that's not a matter of opinion. Although I am surprised anyone thinks XOR is going to offer any meaningful kind of defence in the scenario I'm talking about! It's not as though you can pretend it isn't there, when it's in cleartext on *the* blockchain.
Sorry I should also have said about this: > https://github.com/bitcoin/bitcoin/pull/28052 I agree that Bitcoin Core doesn't store data in cleartext on your node's local disk. But that's not how it is *in the blockchain*. In the blockchain, it's cleartext, between nodes communicating it's cleartext, in blockchain explorer websites online it's cleartext. I agree that's not a matter of opinion. Although I am surprised anyone thinks XOR is going to offer any meaningful kind of defence in the scenario I'm talking about! It's not as though you can pretend it isn't there, when it's in cleartext on *the* blockchain.
hopefully that's not the case, but i suspect it is. Maybe requiring the data to be encrypted / not plaintext can help ? But that doesn't appear to be the case at the moment. I think things a obscured via XOR, but not purely encrypted.
You could simply use a delayed email to send a secret key at a future date to unlock the wallet (XOR with half the key so the email security doesn't matter).
Learn steganography. Hiding secret material in innocuous data. A necklace with a series of 128 black or white knots? Worn under your shirt, never seen? One time pad: XOR to make it so two completely innocuous 128 binaries must be combined.
Shamir Secret Sharing is easier than multisig for individual users (it might be a more formal way to do Seed XOR, I'm not familiar with that method). Wallets that support it (like the newer trezors) can generate a 2 of 3 (or any number you want) of pieces to the seed for backup. Pro is that compared to multisig you can use your HW like normal (no need for multiple signatures). Con is that you only have one signer, which might not be good if you want different people signing off on a transaction (like a corporation or estate)
Offsite backup. If you have a passphrase, it should still be safe. Or on-site backup. Have it in a notebook and also in steel. Multisig. 2 of 3 seeds needed to spend funds. But again, don't store all at the same location. Seed XOR. Take one seed and break it down into 2 or 3 different seeds that need to be combined to get the original seed back. Don't store them all in one location. Collaborative custody. Have a company like Unchained or Casa hold your hand through multisig. Some HWWs can do an encrypted backup in the form of a file. The key to unencrypt is a 12 word seed. Do that and store multiple copies on flash drives around the house.
I am just now this past week running 15 nodes ok and earning nanos convertible to the new as yet to be named WEB3 Internet 2 Autonomi Network token in October , in the beta wave 2, They have about 30,000 nodes in operation on which they are debugging the logs generated... There will be more and larger beta waves where you earn tokens for running nodes on pretty well anything that generate logs to help the team debug before launch Buxton has them working like a professional software and marketing outfit... I have been following these guys since 2015, Maidsafe took some wrong turns for sure, one into the dPoS consensus wasteland, it turns out peer 2 peer wallets with digital bearer certificates (digital cash) make it all work right, your keys, your data, pay once to upload with nanos you earned from running a node, the files are triple encrypted and tripple distributed there as long as the network lasts. Autonomi Network DAO has a client+wallet with secure peer2peer comms as well to support super secure WEB3 meshes, its an XOR Addressed Contents Addressable Network with a kademlia variant which uses GOSSIP No reason why you can't run your crypto project on it, once they boot their Autonomi Name Service, completely securely away from prying eyes...
Is the passphrase a + function? I thought it was like a SHA256 and XOR with the original or anything like this. I will search a little bit, this is interesting
Here is a smart way of storing the 24-word seed phrase: Take 4 pieces of paper / metal and split the seed phrase into 3 pieces: The words 1-8, 9-16 and 17-24. Write down the splits to 3 of the 4 pieces of paper / metal. The 4th piece will become your recovery piece. It is an XOR of the binary values of the BIP39 word list standard. Translate the XOR binary values back into words using the BIP39 word list. Write down these words on the 4th piece of paper / metal. Optionally, use a passphrase and/or create the hexadecimal values if using metal to reduce the amount of metal stamps required for each plate. Now, distribute those pieces to safe places and take them to wherever you wanna go - one by one. If you loose one, no worries: You have the recovery piece. Never ask anyone for help - especially no one called Trevor.
generate a secret phrase, then calculate the phrase that XOR w that phrase gives your seed. Then you can put the hard to remember part in your will, and they can combine it with the phrase you told them to safeguard. This way, nobody can access your crypto until you die, and then only the person you want has access
I also like to secure through obscurity. In my case, I have a multisig setup with hardware wallets each using a complex 24 character passphrase that I have memorized. How do I access it when I forget the seed words and the hwws are destroyed in a fire? Easy! I convert the passphrase to hexidecimal, split it and combine parts together in such a way that those 48 characters become a 36 character hexidecimal string which is then used as a XOR cipher with an encrypted physical copy of seed words I have written down. I only need 3 things to restore my wallet. My passphrase, physical copy of encrypted seed words, and knowledge of the process. The complexity will probably be my downfall but I get some peace of mind knowing even if both my seed words and passphrase are compromised there’s still a couple more hoops to jump through.
I understood you just fine. Describing my plain vanilla method has nothing at all to do with misunderstanding yours. Not everyone who disagrees is retarded. If I were determined to do something like you're doing I might XOR the keys with some binary passphrase. But hey, whatever, good luck.
It's nice seeing someone bringing this topic up and especially that you did your research about some already QR projects. The Vitalik's plan is interesting, but has serious flaws. We've discussed it on Discord also with lead developer of QRL and came to interesting points. Vitalik in his article said what he would do if the quantum computers attack happened tomorrow -> the chain would be stopped and transactions reverted before the hack (that's itself bad, but he did it once in the past, so why not do it again, who cares about immutability, right?). And that people would need to verify wallet ownership using zk-STARKs (which is post-quantum, so good) to be able to send transactions. But: 1) There is no post-quantum support implemented in the Ethereum today. So the chain would be stopped and everyone will be waiting for devs to quickly implement some support it there for how long, weeks, months, years? Everything must be prepared BEFORE it happens, not AFTER. 2) He mentioned that it would save "most" wallets, not all of them. So there will be many people whose coins would be lost and he is okay with that. It's because not everyone has wallet created through the hashing derivation path he mentions. But there is a problem: 3) As told by the QRL dev, the zk-STARK is NOT compatible with all hashing algorithms. It requires specific hashing algorithm which uses only operators like +,-,\*,/, while the commonly used hashing algorithms like keccak, SHA... are using also bitwise AND, OR, XOR, etc. which makes it incompatible with STARK. So since basically everyone has private keys derived using the incompatible hashing algorithms, it cannot be used to prove ownership in this way. And so the plan cannot practically work. 4) You may then say that all people should regenerate their wallets using the compatible hashing algo to make the plan work in future. But this means that every single user needs to do an action and then send all their coins to new wallet -> congest whole chain with millions of transactions, pay enormous fees... and for what? To still have their coins completely vulnerable? Better would be to just implement the new post-quantum cryptography directly into the Ethereum and let each user create new wallet - in this case already quantum-resistant one - and have it done BEFORE the attack happens. But this means there is no backup plan. The issue is same as always has been for chains which aren't post-quantum since genesis. They need to implement the post-quantum secure upgrade, let users migrate all their wallets and coins, and then burn all the old unmigrated wallets/coins. With all issues this brings (which there are plenty). So, it's not looking good. ---- About the other projects I will copy here a comment I wrote 3 months ago as it's still valid: The current leader is QRL - which is using post-quantum cryptography (currently XMSS) since their mainnet launch in 2018. They are professional and serious in their goals, the project is open-source and actively developed. They will soon be releasing a major upgrade which will bring Proof of Stake (currently it's PoW) and EVM-compatible smart contracts, together with support for new CRYSTALS-Dilithium signature scheme, to their blockchain. You can buy it on MEXC or currently still mine it (RandomX algo). There are some other projects which are claiming to be using post-quantum cryptography, but they: * feels just as a hobby project or an experiment, and are also dead (e.g. Tidecoin, Arielcoin, Abcmint) * are only using post-quantum algo in some insignificant part, but still rely on elliptic-curves, so they are still completely vulnerable (e.g. Algorand) * are in fact just a ERC20 token on Ethereum network (so completely vulnerable), promising real product for years but still not delivering anything (e.g. QANplatform, which had also their bridge hacked and tokens stolen from their users) * are claiming to be quantum secure, but internally they still use vulnerable cryptography (e.g. xx\_network, which feels closed/centralized as the source code has restricted license + you need to be approved by them to run a node) * are claiming to be quantum secure, but are closed-source, so who knows what's going on inside (e.g. Abelian) * ... Always be careful and verify the post-quantum claims, because there will be many projects just trying to scam you.
My first response to you was to show that Trezor have designed devices that may be easily compromised. Your defence of this bad design is that those insecure models do not have a secure element. I then provided evidence that even with a secure element Coldcard have designed wallets that are insecure and have been compromised; demonstrating that secure elements are not the be all and end all of security. You side stepped this issue with "well, they have two secure elements now". You have stated that any wallet that "exports" your seed is insecure. This is one of the many false premises you are using to make your argument. By your own admission you have not read the Ledger Recover whitepaper yet you still state seeds are being "exported". Meanwhile ignoring the fact that using your own "seed export" argument all other wallets do the same thing either in the form of SLIP-49 or Seed XOR. I don't think you are being objective here. So, I am deluded and you lack objectivity. The world is doomed.
Same as Sora people with XOR token. Strangely run by Japanese as well !!! 🫤🫤🫤
I don't know if this is a criticism, but Bitcoin is a form of technology which is too complicated for its general-use purpose. Learn SHA256. Convoluted? It's supposed to be. That's how it gets its security. Many people will just zone out when shown a Youtube video about it. And that's not going into the details of Bitcoin (which I haven't done myself). I don't know what a UTXO is yet. That's going to cost me money unless I learn before I sell. I can figure out with mental imagery that makes sense to me, cryptographic algorithms presented in the general, in a nice Youtube video. This is not because I'm smart. It's because I grew up with computers. I know that whoever in the NSA created SHA-256 and the previous ones thought in terms of low-level coding, probably with a start on simpler processors. This is because it's a no-brainer to XOR with a key, slam it in a register, move to the next, continue operation until end-of-file. All built-in easy-to-use functions in early programming languages such as C. How would I even begin to explain this stuff to a builder? Do I start with computer architecture? The layer-2 functionality requires numeracy and a facility with arithmetic. Carrying your phone up to an ice cream seller, having the right wallet, doing the transaction and working out what it cost you all require a base level of intelligence (because why else would you have that app in the first place, unless you had a functioning understanding of Bitcoin). I think this base intelligence requirement is underestimated as a potential problem. Even Gensler told his MIT students to read the White Paper and he expected they would understand maybe two thirds of it. MIT students. People are not made for this level of abstraction. Just wanted to say that. Bitcoin is useful. A light bulb is useful. Explain a light bulb to a 90-ish IQ individual and they will understand it instantly. But Bitcoin?
$XOR because polkaswap.io is the best DEX.
XOR what changed? Just a pump and dump?
But if you XOR it, one location can burn down and you can still recover the full seed phrase. I agree with you on almost everything you say and yes, you should use multisig. But XORing your seed phrase and storing it in 3 different locations doesn't weaken it when compared to storing all of it in a single place. XORing is easy to do and recovery with 2 of 3 "halves" can be done by hand in about 20~ minutes. Ideally you should use multisig, but lets be honest, most people will not. XORing is easy to do and can be done with a paper wallet by hand.
Split in half and XOR your seed phrases people! Don't store them all at the same place. That way you need 2 out of 3 to reconstitute and no one can get them all. Here's a script with an example seed phrase you can use to XOR. It can be used offline (and I recommend doing it offline, air-gapped): https://gist.github.com/Slyke/f785807dce62810122662ecbd2db6ccf
The ColdCard firmware and Coinkite's worksheet only supports 2, 3 or 4 XOR splits. The XOR method itself works on infinitely many splits. I just tested it successfully on paper for a six-way split.
XOR is NOT the same thing as Shamir's Secret Sharing. XOR supports only N-of-N splits. SSS supports M-of-N, where any M shares are sufficient to recreate the secret. 2-of-3, 2-of-4, 3-of-7, 6-of-10, etc.
yeah i clearly need to look into it more. XOR can be split up to 4 times i thought. i’ll do some research. thx !
I'm explaining to you that XOR isn't limited to 2 shares. I'm not just telling you, I'm showing you how to prove it to yourself. Don't trust; verify.
XOR splits a seed into N parts. Any N, as large as you like. Try it yourself: 1. Given a secret, write the secret in binary. 2. Create (N-1) random binary strings, each of which is identical in length to the secret. 3. XOR everything from steps 1 and 2. Order doesn't matter. You now have N binary strings--(N-1) from step 2 plus 1 from step 3, ALL OF WHICH look equally random and NONE OF WHICH reveal anything about the secret other than its length. To reconstruct the secret, XOR all N parts in any order.
XOR splits the seed into 2 parts. If you lose one your bitcoin is gone unless it’s memorized.
While it could be safer as long as there's no information available that each seed is part of a XOR'd setup, I wouldn't recommend it.
Would you say that seed XOR obviates the rule of never saving the seed electronically? For example, one seed in an encrypted local password vault, and the other in a similar scheme on a separate device? Assuming redundant physical backups in case of failure/data loss.
This is VERY cool. Especially combining master seed with seed XOR.
I'll write something up after work, but essentially you split your seed phrase in half and, and XOR the bits each word relates to, to produce a third "half". IE, lets say your 1st and 13th word are `strategy` and `heart` respectively. According to BIP39 ( https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt ), that's `1719` and `851` respectively. If you XOR them together (just type `1719^851` into your browser's developer console) you'll get a result of `1508`. Which is `round` according to BIP39. So on one plate the 1st word is `strategy`, on the another plate the 1st word is `heart` and on the final plate the 1st word is `round`. You can XOR any of the 2 numbers representing the words to get the 3rd. Just don't mix them up. You continue XORing until you've done 12. Lets say you need to recover your seed phrase and you find the 1st and 3rd plate. You plug it in, and you have no bitcoins! Oh no! Don't stress though, that just means you need to XOR the words on the plate to get the original 2nd plate. Practice though this, multiple times to ensure you understand it, and can do it if you ever need to recover.
Thanks for recommending an XOR rather than the "just split your seed into three parts" shit people say all the time. !lntip 1000
> store at a bank safety deposit box Do not do this. Or at least XOR half your key with the other half and place the 3 plates at different banks/locations. You'll only need 2/3 to restore your key then.
>you can do millions of guesses per seconds. Did you guess at that, or do you know it to be true based on engineering analysis? Converting a BIP-39 mnemonic sentence plus passphrase to testable private keys isn't as straightforward as hashing Bitcoin block inputs to satisfy the target difficulty. When you hash the inputs for a block you can test the result after one hash operation. With BIP-39, which specifies PBKDF2 for key derivation, you have to do 2048 sequential 512-bit hash operations before you can test the result. You'll need quite a bit of horsepower to do one million XOR operations over 2048 *sequential* (non-parallelized) HMAC-SHA512 hashes of the presumably-known password (mnemonic sentence) and salt (candidate passphrase). Even with an ASIC doing the HMAC-SHA512 heavy lifting at 200+ MHz you're not likely to get better than a couple million hashes per second. PBKDF2 requires those 2048 hashes to be done sequentially (with the output of one iteration used as an input to the next), **so even a 1 GHz HMAC-SHA512 ASIC would only be able to chew through a thousand or so guesses per second.** For each final output (candidate seed), you'll need to do HMAC-SHA512 again to get the master private key, then more hash operations to get the child private keys, then more to get the public keys, then more to get the addresses which you can finally cross-check against your index of the blockchain to see if the result is fruitful. The industry has found it profitable to create multi-terahashes-per-second ASICs for mining Bitcoin blocks because finding an acceptable SHA-256 hash of user-specified inputs (plus a random nonce) yields immediate profit. The scenario you're talking about only applies when the attacker knows the mnemonic sentence and is trying to brute-force (by guessing or by rainbow table) the passphrase. I doubt anyone is going to invest tens of millions of dollars to manufacture specialized hardware for that.
XOR-split it, carry one seed on paper, and the other online e.g. on a Google drive. Or use steganography.
Hey, this is very insightful and comprehensive. Ever since I heard about BIP85, I was thinking about this. However, I was thinking of using the seed at index 0 for the second hardware wallet. Why are you destroying the original seed on the coldcard and starting over? Also, the only thing I can think of regarding inheritance is that you have the original master seed phrase A and take another seed phrase B XOR them to get a new seed phrase C. Give seed C to the heir and seed B to a trusted party only accessible after death of the owner? So, if you have seed C and B you can get back A? Would love to hear your thoughts on the inheritance part and how BIP85 plays into it. Thanks!
> What happens if you get hit by a bus? Guess I'm donating those coins to the pool lol. > Does anyone else know these instructions to access your seed phrase? Nope, no one. Someone savvy could probably figure it out if they are lucky and found all 3. Chances they'll figure it out with just 2 is 50/50 (since they may find the XOR output, which would create a different wallet). > Are they recorded in a will to be passed on when you pass, or will it be bye bye sats at that sad time? They are not. It's bye bye sats.
I have 3 steel plates. I split my seed phrase in 2, so 12 words, and XOR'd them together (the number that each word stands for, that is). Put them in 3 different storage places. Only need 2 to figure out the original 24 words. Will take 2 or 3 tries because the order might be wrong, or I might be using the XOR'd output, but still constructable.
Sora (XOR) and Luna Clasic/LUNA are my worse all time bad bag holds. ​ Additionally, there were so many alts I held during the 2021 run that became shitbags. Too many to count.
Seed XOR does not offer redundancy and is for obfuscation/deniability not for redundancy.
**This method does nothing to improve the entropy of the mnemonic/seed, which is what actually matters.** If you use a coin to generate the mnemonic, writing down a 0 for heads and a 1 for tails, and the coin in question always shows heads, you will always get a mnemonic that is all zeros. The mnemonic/seed will obviously have zero bits of entropy. Now, if you invert the result of every other toss, you always get a mnemonic that is a repeating pattern of 01. What you've essentially done is XOR the mnemonic with 010101... That is still a mnemonic/seed with zero bits of entropy. In either case, the entropy, in bits, of a seed generated from a biased coin can be calculated as follows: entropy = n * (h * log2(1 / h) + (1 - h) * log2(1 / (1 - h))) where `h` is the probability of a toss showing heads and `n` is the number of tosses. **A coin with a 51% probability of showing heads would still provide 99.97% of the entropy of a perfectly fair coin.** For a 256-bit seed, to lose even a single bit of entropy, you would need a coin with a 54:46 probability. Even something as ridiculous as a 70:30 coin would still provide 225 bits of entropy for a 256-bit seed or 112 bits of entropy for a 128-bit seed, which is more than enough to withstand any brute-force attempt. If following the BitBox guide with something as absurd as dice whose faces have a probability distribution of 5%, 10%, 14%, 19%, 24%, 29%, then in the worst case you have a seed with 220 bits of entropy. That is secure even against an attacker that already knows half of the seed. **So no, you absolutely do not need a perfectly fair coin or casino-grade dice.** Note that certain kinds of cryptographic keys may be significantly weakened by biased randomness, but that is not the case with a mnemonic, which [gets hashed to produce the seed](https://bips.xyz/39#from-mnemonic-to-seed), removing any bias in the process. If you still really want to generate perfectly random bit strings from a coin with unknown bias, you can employ a [von Neumann extractor](https://en.wikipedia.org/wiki/Fair_coin#Fair_results_from_a_biased_coin), assuming there is no correlation between successive tosses: * Toss the same coin twice. * If the two results match, output nothing. * Otherwise, write a 0 for a heads followed by tails, 1 for a tails followed by heads. You can also extend the method to dice, which is a little more efficient, but still only outputting ones and zeros: * Roll the same die twice. * If the two results match, output nothing. * Otherwise, write 1 if the second result is greater, 0 if the first result is greater.
I would use a Coldcard for a hardware wallet and if you need a hot wallet I'd go with electrum. This video goes over the basics of the Coldcard hardware wallet if you wanna know more about it and skip the bullshit intro/sponsors and other crap. TIMESTAMPS: Intro: 0:00 - 0:57 Sponsors: 0:57 - 3:46 What you need to know: Video Layout & Prerequisites: 3:46 - 9:35 Initial Setup 1/2: Pin & Seed Creation: 9:35 - 21:14 Initial Setup 2/2: Export from Coldcard Import to Sparrow Wallet: 21:14 - 26:48 Air Gapped Transactions 1/2: Receiving: 26:48 - 32:00 Additional Tips after the fact: 32:00 - 33:42 Air Gapped Transactions 2/2: Sending: 33:42 - 40:31 Restore your Coldcard from Seed Phrase: 40:31 - 44:11 Upgrading your Firmware: 44:11 - 47:52 \----Conclusion of Basics / Beginning of Advanced Features of Coldcard-------- Seed Generation with Entropy (Dice Rolls) 47:52 - 51:44 Pins: Resetting, Trick Pins, Duress Wallets & More 51:44 - 1:09:50 \---Resetting: \[ 51:44 - 54:08 \] \---Trick Pins \[ 54:08 - 1:02:15 \] \---Duress Wallet \[ 1:02:15 - 1:09:50 \] BIP-85: 1:09:50 - 1:17:44 Using a Passphrase: 1:17:44 - 1:25:47 Virtual Disk Mode: 1:25:47 - 1:34:33 Encrypted Backups (Micro SD Card): 1:34:33 - 1:38:22 Seed XOR: 1:38:22 - 1:42:20 Cloning (Migrating over your Old Coldcard to a new Device): 1:42:20 - 1:46:35 Additional Settings: 1:46:35 - 1:50:45 Final Thoughts: 1:50:45 - 1:53:02 Outro: 1:53:02 - 1:54:49
If true, it sucks. Sorry for your loss OP. Especially when you’ve been diligently carrying it for years. To everyone else: it’s time to check our seed phrase. Once a year, once every six months, whatever. Make sure the seed and passphrase and XOR and your decoy and nursery rhyme and Charles Dickens and whatever clever fragmenting scheme you come up with, actually DO get your back a valid wallet.
I got ETH @ £200 & got ADA @ 0.10 & sold at @ £1.50 Worst moment was getting XOR - it went up to £600 & not is worth £0.02
I agree with everything you just said. And, yeah, I'm a big fan of Andreas Antonopoulos. I'm basically paraphrasing him when I say that the best form of security is the best that you can handle without leaving yourself in a position to be robbed. For me, the happy-medium of security and comfort with being able to handle it flawlessly is a 24 word seed with a strong passphrase. So many times in these forums, we see people post about their hardware wallet being hacked, but what actually happened was somebody found their seed words. With the words, you don't need the hardware wallet to access the coins. You can put those words into any wallet and swipe the coins. But if they'd used a passphrase, all the thief would have found is a wallet that's never been used (or a wallet with a little Bitcoin if the owner was using it as a decoy. I just leave mine empty). > As Andreas Antonopoulos usually puts it, every non-stantard decision you take regarding the storage of your BTC needs to be very carefully justified. Keep in mind: Seed+Passphrase is a Bitcoin standard. Multisig is also a Bitcoin standard. I would never recommend anything non-standard for securing Bitcoin. No way. Play it safe. > In a way it reminds me of seed-XOR I'm not a fan of Seed XOR at all. Multisig is actually a form of smart contract which says "these coins cannot be moved unless certain conditions are met." The conditions are based on the wallet was set up. 2 of 3 keys is the most common form.
Thanks for that detailed explanation, I see your point. You are adding one more hoop you need to jump-through to access the funds. Which increases security, but also makes the process a bit more convoluted, also increasing the probability that one day you forget WTF you did to store your funds. In a way it reminds me of seed-XOR, a cute idea, but I would use it carefully. As Andreas Antonopoulos usually puts it, every non-stantard decision you take regarding the storage of your BTC needs to be very carefully justified.
Flaky pseudo-random number generators strike again. Compare and contrast: https://coldcard.com/docs/faq > **Where does the entropy (randomness) come from?** > > It's very important the entropy (randomness) used to pick your master seed phrase is good quality. The COLDCARD primarily uses the hardware TRNG (True Random Number Generator), inside the main chip. This is a dedicated hardware subsystem that measures analog noise produced by a special transistor. > > The TRNG from the MCU would be sufficient, but we also maintain a PRNG which is mixed (by XOR) into the TRNG output. That PRNG is seeded once at boot up from the TRNG in each of SE1 and SE2. We limit the of use the TRNG present in the secure elements because the protocol involved is complex and slow. > > The 256-bit number from the TRNG⊕PRNG is then "whitened" to remove bias, by running it through SHA256. This means if your attacker was somehow able to make the bits be 10% ones and 90% zeros (but still random otherwise) it would not help them, because after SHA256 the bit distribution will be 50/50 again. > > During seed picking process, you have the option of "adding dice rolls" to increase the entropy and/or mitigate any possible manipulation. You can add as many rolls as you wish, and the entropy (about 2.5 bits per roll) will be added to the 256 bits of entropy already picked. > > You may completely bypass the above seed picking method, and use just dice rolls if desired. This process is documented in great depth here on our docs and includes a number of different ways to verify our SHA256 math for yourself. We even sell a package of 100 tiny dice so you can roll 256 bits of your own entropy in a single toss. > > If you do choose to roll your own dice, it is critical that you do it honestly and truly rely on how your dice fell. Do not press buttons arbitrarily or repeat the same roll a bunch of times. Humans are very bad at generating entropy!
Flaky pseudo-random number generators strike again. Compare and contrast: https://coldcard.com/docs/faq > **Where does the entropy (randomness) come from?** > It's very important the entropy (randomness) used to pick your master seed phrase is good quality. The COLDCARD primarily uses the hardware TRNG (True Random Number Generator), inside the main chip. This is a dedicated hardware subsystem that measures analog noise produced by a special transistor. > >The TRNG from the MCU would be sufficient, but we also maintain a PRNG which is mixed (by XOR) into the TRNG output. That PRNG is seeded once at boot up from the TRNG in each of SE1 and SE2. We limit the of use the TRNG present in the secure elements because the protocol involved is complex and slow. > > The 256-bit number from the TRNG⊕PRNG is then "whitened" to remove bias, by running it through SHA256. This means if your attacker was somehow able to make the bits be 10% ones and 90% zeros (but still random otherwise) it would not help them, because after SHA256 the bit distribution will be 50/50 again. > > During seed picking process, you have the option of "adding dice rolls" to increase the entropy and/or mitigate any possible manipulation. You can add as many rolls as you wish, and the entropy (about 2.5 bits per roll) will be added to the 256 bits of entropy already picked. > > You may completely bypass the above seed picking method, and use just dice rolls if desired. This process is documented in great depth here on our docs and includes a number of different ways to verify our SHA256 math for yourself. We even sell a package of 100 tiny dice so you can roll 256 bits of your own entropy in a single toss. > > If you do choose to roll your own dice, it is critical that you do it honestly and truly rely on how your dice fell. Do not press buttons arbitrarily or repeat the same roll a bunch of times. Humans are very bad at generating entropy!
The weakness of singlesig, in all its forms, including BIP-39 passwords, XOR and even shamir's secret sharing, is that in order to sign a transaction, every bit of the private key -- or all of the information requisite to assembling the private key -- must exist at the same time and place. And every time the private key is physically and temporally in one place, there is risk of it being intercepted. That's an unavoidable single point of failure. Every single time it is used to sign a transaction. The strength of multisig is that you can sign transactions without assembling all of the keys in one place. I can partially sign the transaction at one place and time, and finish signing it in a completely different place and time. There is no single point in time where you can take or coerce the key(s) from me. - Singlesig hot wallet is fine for petty cash amounts. If it is lost, no big deal. - Singlesig cold wallet is fine for amounts of money one might have in a checking account or small savings account at the bank. Losing it would sting, but you'd be fine. - Multisig cold wallet is the way to go when you have an amount of Bitcoin that would devastate you if you lost it.
Don't "split" seed on your own. Use either shamir(i think its not good anymore, research) or XOR or multisig.
XOR or (xor?) are we allowing for the possibility of doing both? In either case, Yes.
I have a similar setup but I added some complexity. For each of the keys I include a 24 character memorized passphrase during the multisig setup. For the physical copies of the keys, I split the passphrase, convert to hex and add them together to form a 12 word phrase which is the XOR cypher key you combine with the physical words to get the actual keys. If someone gets 3/5 of your stored keys you're safe as they don't have the cypher. If someone gets your passphrase and keys you're still safe until the attacker figures out how you manipulated the passphrase to decrypt your seed phrases. There's some additional detail here I'm leaving out for opsec.
get a cold card, use a duress pin and brick your HW. Dont attempt to memorize seeds, geographically disperse backups of either shamir, XOR, multisig or even just a passphrase so that the time delay it takes for them to get there even if you give them the correct place under duress, is so great they can't hold you for that long without increasing the risk theyre caught by a substantial amount.
\>XOR splitting is not necessarily cryptographically strong, consider SSSS instead. Sure you can decrypt a XOR cypher easily with paper and a pencil and all it's really doing is adding to the time required to brute force the passphrase if a sophisticated attacker finds both parts. Multisig and a strong passphrase lengthen that time much further. I haven't heard about SSSS but I'll look into it. \>its probably a lot better to memorize the mnemonic itself and not bother with extra word passphrases or splitting. Passphrases have the advantage of misdirection. If you have a small amount of btc on the non-passphrased wallet, the attacker may not look any further. I have the mnemonic memorized but it's good practice to protect yourself in the event of memory loss and store it in a manner that if someone finds it, it's not sufficient by itself. If you happen to forget your passphrase, there's a chance you'll still remember some parts of it and can make use of a script like btcrecover.
XOR splitting is not necessarily cryptographically strong, consider SSSS instead. > Passphrase memorized. extra words have no inherent opsec standards, so depending on how you chose the extra word it may have zero value. In general, if you dont have the ability to memorize 12 words, you dont have the ability to memorize a good enough passphrase its probably a lot better to memorize the mnemonic itself and not bother with extra word passphrases or splitting. In summary, nearly 100% of extra words are low value by definition - because doing what is necessary to make them strong makes you realize they are redundant. > it's just one key of a multisig. you still have the same storage issues for the other keys to overcome.
Seed phrase XOR split into 2 parts and stored on paper in different locations. Passphrase memorized. Even if you find both parts and the passphrase, it's just one key of a multisig.
Everyone has to determine for themselves the level of op sec that they're comfortable with. There are some advantages to being on the extreme end (multisig, passphrases, XOR ciphers, etc): If you know what you're doing you can eliminate any single point of failure. I think it takes some diligence to understand and test your recovery process and identify all possible attack vectors. If you're someone who has a portion of your life savings in bitcoin then it's worth considering.
No, not really feasible unless maybe you dedicated your entire life to it. The BIP-39 algorithm requires 2048 iterations of PBKDF2, which itself uses HMAC, which is 2 SHA-512 applications, which are each 80 rounds of compression, which each require hundreds of 32-bit binary gates (XOR, AND, bit shift, etc.) So you are looking at something like \~30 million applications of binary arithmetic that have to all be exactly correct. Oh, and also there is the elliptic curve math you have to do by hand, but that is nothing compared to the hashing.
1. Trezor is trash, Coldcard is the way. Don't trust USB. 2. A compromised phone could have snapped a picture of your seed phrase or recorded you inadvertently speaking it aloud while writing it down. 3. In the future if you are REALLY paranoid use two coldcards in separate locations and an XOR wallet. Then an attacker would need to compromise two devices.
https://github.com/mmgen/mmgen/wiki/XOR-Seed-Splitting:-Theory-and-Practice
Look at seed XOR. It helps you in this
I can't speak for the others, but since you've successfully implemented BIP85, to improve the security of the master seed phrase, for IRL security reasons, I'd appreciate the Seed XOR feature.
Here’s another article. [https://thebitcoinmanual.com/articles/achilles-heel-btc-hardware-wallets/](https://thebitcoinmanual.com/articles/achilles-heel-btc-hardware-wallets/) I think it’s important to note that it would be hard for a wallet manufacturer to hide this attack. It would probably have to come via the secure element manufacturer. Shift’s approach is no better than the multisig approach with heterogeneous hardware wallet strategy suggested in the above article. Because a general purpose machine running their companion app could just as easily have a hardware backdoor as a secure element chip. Honestly I think a better “protocol” for dealing with this attack would be as follows: 1. When setting up a new hardware wallet, prompt the user to generate enough entropy via button mashing or dice rolls, to seed a PRNG. 2. Allow the user for each Tx to view the internally-generated nonce, along with the next value in the seeded PRNG sequence, as well as view the value of them XOR’d together. 3. Use the XOR’d value for the nonce. 4. On another machine, a researcher or user can verify over time that the sequential values from the seeded PRNG sequence are as expected (since it is a deterministic sequence). This should only be done on a forever-offline machine though to make sure the seed doesn’t get leaked. 5. On any machine (even internet-connected), can verify that the XOR’d nonce displayed on the screen in (2) is actually the one in the Tx. I’m not very familiar but it seems like the companion app approach that Shift Crypto is taking means that it is hard to do with air gap, because there is this communication that needs to take place. For me air gapping is more important than this possible covert channel attack which would require IIUC a backdoor in the secure element or the MCU. Unless hidden inside some chip, it would be possible for researchers to detect by probing the hardware. But if my sketch “protocol” above is good, I think coldcard and other wallets might as well implement it; there is basically no cost, the normal workflow stays the same, there is just one additional initial setup step for an ordinary user; they get prompted for some entropy to generate the seed.
XOR No point typing anything further about it since no matter what I say I will just be seen as shilling. It's a pity we can't really all have an unbiased discussion about some of these coins we're all mentioning, without it degenerating into a shiller's paradise.
OP has no clue # Seedphrases also doesn’t tell you much Are we going to do Seed XOR Passphrases Multisig There are too many possibilities to answer OP’s question with a one-dimensional metric
This is what the original trezor used as their main recovery method, but it is not very good. With 24 word seed phrases you're reducing entropy from 256 bits down to 79 bits, which might be enough currently but not in the future. With 12 word seed phrases this is not safe at all. It's much better to use seed XOR or SSS.
There's a bunch of stuff you can do to your seed phrase, that can help with safety and recovery. 1. Make multiple copies. Obvious, but you'll be so glad you did. 2. Password-protect it. There are techniques to safely encrypt text using a password (I personally just XOR the ascii). Then save both the password and the encrypted seed separately. 3. Cut it up. Cut the key in two equal halves (or 3 thirds), and store each separately (ideally multiple copies of each). Best done with a 24 words seed. 4. Save it in multiple formats. I personally save both the bip38 "word-based" seed, and the hexadecimal separately. You can also convert the data into qrcodes, on top of normal storage, not instead of it. 5. Add a checksum. There are plenty of ways to checksum both text, and the hexadecimal private key. This allows making sure it hasn't been corrupted when you recover it, and if something does go wrong, it might help with reconstituting the correct key. 6. Use multiple wallets, save your funds in multiple different private keys/wallets/locations, this makes it so if you lose any of them (you shouldn't if you follow good procedure), you will only lose a part of your funds, not all of it. 7. Use multiple techniques: I personally use most of what is listed here, with different "parts" of the key stored on different continents, password protected, in multiple formats, in very safe places, including one part somebody else chose/I don't personally know, making it so I can't say where it is even under torture. My lawyer has a letter explaining how to recover everything, for my next of kin. Part of the process means it would take at least a few weeks to recover everything, which would probably be too long a wait for thieves. Of course I don't own that much Bitcoin, this is all more of a fun exercise, but maybe someday I'll actually need all this.
Polkaswap on the Sora(XOR) Network. Polkadot ecosystem
Cold card is not difficult at all. If you want to use it the same way as a Trezor and plug it in via USB, go for it. With a cold card, you can upgrade to more secure features like passphrases, air gapped psbts, seed XOR, ephemeral seeds, etc, whenever you feel comfortable. Nothing is forced on you. I would try to stay away from using a HWW with the manufacturer's software. To me, that's putting your eggs and trust all in one basket. Use a software like Sparrow wallet or Electrum to access your signing device's keys. Sparrow is very user friendly IMO.
Again personal experience only, people may disagree. Out of the three, trezor and ledger are pretty similar when it comes to ease of use. I like trezor for its higher res screen showing more info at one time. My old ledger has a lower res screen but the new one these days seems to have caught up on that. Coldcard is infinitely more customisable and has a bit of a learning curve to it. And to be honest I prob don’t need half of the features it offers, you can get really fancy and nerd out on all these brick pin and decoy pin and XOR and multiple passphrases saved on SD etc etc etc. It certainly feels a bit more intimidating when using a coldcard compared to the other two, because I feel that I don’t fully understand the implications of each of the weird options and I fear that I may mess things up without knowing. but that’s just me. I love the way I can throw some dices to come up with truly random seed phrase myself on coldcard. Not aware it could be done easily on the two others. What I like about Ledger the most is this pretty unique feature where you can assign one pin to a wallet, and then another different pin to the same seed but with a passphrase. So I can plug in the nano, typing either of the pin and get me to two wallets both protected by the same seed, one with passphrase one without. one could be a decoy another could be the real stack etc. Coldcard with all its deep fancy features, do lack something similar afaik. On the coldcard you can either enter manually the long passphrase each and every single time (dozens even hundreds of clicks), or you can save the passphrase on the SD card so that it reads the passphrase. Advantage is you can have more than one passphrase but personal I really like the simplicity of the ledger implementation. I get that ledger is not fully open source and so on, but I just feel that it’s a good product overall. It’s cheap, it has a secure element that a trezor lacks, it works well with sparrow and electrum if you don’t like its ledger live software. I hate the fact that it caters for all the shitcoin rainbows out there, I only have the bitcoin app installed but i think it’d be even better if it offers a bitcoin only firmware like Trezor does, oh well nothing is perfect.
Complexity is your enemy in a multi sig setup. I would use three different keys, all etched in steel, without a passphrase. Think about what your family would need to restore in the event you are gone. A passphrase is something that would be far more difficult to determine and use after the fact. Just use a 2 of 3 scheme with standard everything. If you want to get real fancy, use seed XOR as a secondary back up to your main keys. https://seedxor.com/ Again. Keep multiple copies of everything on metal so it won't burn it dissolve. And keep a copy of the descriptors and xpub info with every seed.
Splitting words is really bad. Get shamir or XOR or multisig.
OP is either a troll or a complete idiot. This is an “OR” and not an “XOR” operation.
Yes we can; Information is Not (0 XOR 1)
This is not what I mean. I have limited knowledge about quantum computers but in terms of breaking SHA I mean a way to effectively find the nonce used in mining. Maybe something similar to Simon’s algorithm. Because of the symmetries in unitary gates, unobserved XOR/CNOT states are reversible, thus something similar to performing SHA on 256 qubits in superposition then applying Simon’s algorithm and reversing it could find the 256 -> 256 bit mapping of inputs and hashes. Not reversing a 4TB hard drive but given a hash produce the 256 bit input that would produce it. Although as I said my knowledge is limited and Simon’s algorithm might be of no use here.
[Here](https://cp4space.hatsya.com/2021/09/10/hamming-backups-a-2-of-3-variant-of-seedxor/) is an interesting read for a 2of3 XOR seed backup. Kind of like multisig behaviour but with a single sig footprint on chain, so you have plausible deniability in a wrench attack and can surrender a less valuable quantity of BTC attached to one of the N parts.
Or seed splitting: https://github.com/mmgen/mmgen/wiki/XOR-Seed-Splitting:-Theory-and-Practice
I mean, it's not impossible, but again, that would be weird and I've never seen it before. Google around for HEX to WIF conversion tools I guess, but obviously be aware that anything you find could be stealing private keys that get entered. It could also be possible you have two values that XOR to the private key, or that the real private key is every even bit, or a thousand other weird things. Of course, that way lies madness, because you can't prove it *isn't* secretly one or more bitcoin private keys.
Yeah I also think of that as a weakness in my potential setup. I find everything a bit too complicated. Between having a 2 of 2 multi sig (ColdCard x Blue Wallet) and having a single sig using seed XOR ( one ColdCard), which one would you recommend and why for ease of use if it’s for long term holding?
XOR has another pretty serious disadvantage. It's something subtle that many people miss. With true multisig, you don't ever have to bring all of the keys together. You can partially sign a transaction, one key at a time, until enough keys have signed it. Which means there need never be a single point in time and space where the keys sufficient to sign can be lost or stolen in one fell swoop. If the keys are always geographical dispersed, it would take a much larger effort to take them. With other multi-key schemes, the keys themselves must come together which provides a convenient opportunity to steal them all at once.
Yes, XOR is a solid choice as long as you're absolutely sure you're not going to lose any of the pieces. Its main disadvantage compared to multisig is it only supports N-of-N splits whereas some of the more advanced methods can do M-of-N (e.g. 2-of-3, 3-of-6, etc.).
There is SORA XOR, considered a currency and used for productive purposes, not degenerate speculation like the examples presented above
Fuck it let’s ban it entirely because we all know better and nobody listens anyways. BTW have you seen the great yields you can get on Binance? Many people say they are really reputable and CZ is a great dude, good friends with SBF. We need to stop catering to the new people, and only post things for the *real* Bitcoiners. We need PSA’s about coin control and proper UTXO management. How and why your xpub should be private. The privacy implications of connecting a wallet to a public node. Which node implementation to run, and how/why it should be run behind tor. Multi-sig cold storage and proper execution of the glacier protocol. Using seed phrase encryption methods like seed XOR. How fedimints leverage chaumian mints to created distributed federations and increase privacy through blinded signatures. Air gapping your hardware wallet, and introducing proper entropy through dice rolls when generating your private keys. Coin joins and the differences between whirlpool and Wasabi. Layer 2 protocols, Segwit, Taproot, Taro, Drive Chains, Side Chains oh my!
How do you get data for coins such as XOR and PSWAP? Ceres works with Sora network and doesn’t have all the data that CoinGecko has such as market cap like you do. But you also don’t have burn rates and data like that. That would be nice. Token supply predictions as well for directional inflation-deflation
XOR- its the only token in which creation and allocation of purchasing power makes sense in terms of a monetary system.
So how does the mathematics of Spiral work? You don't have to dumb it down too much but is it a similar idea to how we can XOR random data with real data, and the output looks very random (just as random as our XOR sheet) and then later, when we want to "Decrypt" we just re-XOR with our original random data, and we get back our real data Is it a mathematical magic trick like that?
Correct, “or” here need not be an XOR. 😆