Thursday, August 23, 2018

If you can’t provision a good hiding place for your hardware wallet seed phrase… maybe you don’t need to back it up in the first place. (Use multiple wallets plus pin instead)

Hiding stuff is hard. Too easy, and an attacker can find it. Too hard, and you may wind up hiding it from yourself. Or from the people that should inherit if you die.
This is the dilemma of people who hold their bitcoin in hardware (HW) wallets, where the ultimate backup is the seed phrase. For the purposes of this article, we are talking about bip39 compatible HW wallets, of which the two top contenders are the Trezor and the Ledger Wallet.
From conversation with large bitcoin holders, I think there is a population of users that would like to be “in control” of their crypto assets, but is uncomfortable with the idea of hiding the seed phrase in the event of an ultimate failure scenario.
The obvious thing is to hide the seed phrase in a safe deposit box.
1) bank safe deposit boxes are starting to become hard to come by (long waiting lists)
2) maybe you don’t trust the bank
Here’s a thought.
If you
  • want quick access to high value bitcoin wallet
  • are bad at hiding things (can’t keep seed phrase safe)
  • are bad at, or too lazy for, high paranoia computer security (no offline computer, no live cd boot)
  • don’t trust your bank — or the government — not to swipe your bitcoin
The following is a solution such that you don’t need to keep the seed phrase backed up *anywhere*.
The trick is, instead of backing up the seed phrase, you set up multiple HW wallets with the same seed phrase, and then destroy the seed phrase.  Keep main wallet handy, backup wallets in car, office, and give a few other backups to friends for safe keeping.  Friends can’t do anything with just the wallet, they need second factors (pin code for trezor, plastic card with long code for ledgerwallet).
Keep the second factor(s) somewhere safe yet obvious — and separate from hardware wallet — in case you have a head injury or something and forget the pin, or you die and your heir needs to dig up the bitcoin. Ideally a safe deposit box. Even if bank employees are crooked, they can’t access coins with just the second factor but no HW.  Safe deposit box should be accessible by heirs if you die.  An easy, no-lawyers, hacky way to do this is to have joint account for box but keep both keys.  Your heir will have to drill the box to recover pin code if you die.  An evil heir could have box drilled without your permission… so don’t have an evil heir.
Now, a few words about second factors. Trezor wallet second factor is a pin, which can be memorized.  Ledger wallet second factor is a long code printed on a plastic card, which really can’t be memorized unless you take up some strange hobbies.  Trezor can get away with the simpler second factor because it has a built in screen.  So all things being equal, Trezor is more convenient.  But all things aren’t equal, because Trezor is about $100 and you can get ten el-cheapo hw.1 Ledger wallets for the same price.
To keep costs down but security high, you could use Trezor as primary wallet and Ledger as backup.  Since both HW wallets use bip39, their word lists are compatible. You will need ledger starter bootable usb to reset the seed on the ledgers, which is a little more work, but not a deal breaker.  Keep all second factors in the bank box — both Trezor pin, and all Ledger security cards. For the Ledger wallets, take care to clearly label which device is paired to which card. Or if money is no object, I would just use Trezor for all backup HW wallets, using same pin for every device.
If all HW wallets are destroyed the coin is gone, but then again if the seed phrase is forgotten or destroyed, same thing. Hardware does wear out, so you need to set a calendar item to test hardware every six months or so, and replace all wallets every couple years. This involves moving coins to new seed phrase, since you don’t have old phrase any more.
A superficially similar, but inferior, approach would be to write down the seed phrase and keep several copies of it distributed among your friends, but use a (memorizable) supplementary pass phrase on top of this, and keep a backup of the pass phrase in the safe deposit box. (Note that supplementary pass phrase is Trezor only.  Ledger does not currently support this feature of the bip39 spec.)
I don’t like this though.
The main advantage is cost.  Paper wallets among your friends, and a pass phrase in the safe deposit box, saves you from having to buy multiple HW wallets.
But, it’s a lot less safe.
  1. with the hardware backups you retain the ability to move bitcoin immediately if the main wallet stops working.  My thinking is that with seed phrase backup only, one might panic and enter the seed phrase on an unsafe machine, rather than wait for new hardware to arrive in the mail.
  2. supplemental pass phrase can be stolen on compromised computer, whereas second factors cannot.  Pin number is scrambled on trezor screen, and the Ledger security card is just additional entropy that is paired with the device (nothing for hacker to sniff).
So with seed + pass phrase, the attack is merely stealing one of the backup seed phrases (or betrayal by friend) plus stealing the supplemental phrase by bugging the owner’s laptop.  Pin number which is stored only in owner’s head plus very secure place (like safe deposit) is much, much safer than supplemental pass phrase.
To summarize it all, you can keep bitcoin safe on a hardware wallet plus a few backups, without storing the seed phrase anywhere.  If you are bad at hiding things, but don’t mind a bit more work at setup time, plus more work testing HW wallets and moving to new wallets periodically, this might be a good way to keep your bitcoin safe. Or at least keep your peace of mind that no one has gotten to the seed phrase. Trezor as main wallet keeps things convenient — just need to memorize a pin code. Handful of Ledger HW.1 backup wallets with same seed saves on costs.
Keep calm and bitcoin on!
UPDATE: One potential flaw is that you are not guaranteed access to coins on forks if you don’t have the secret. In the case of BCH both trezor and ledger did support the fork without seed phrase, but this is a case by case thing. (More comments below.)

No comments:

Post a Comment

If you can’t provision a good hiding place for your hardware wallet seed phrase… maybe you don’t need to back it up in the first place. (Use multiple wallets plus pin instead)

Hiding stuff is hard. Too easy, and an attacker can find it. Too hard, and you may wind up hiding it from yourself. Or from the people that...