Thursday, August 23, 2018

If you can’t provision a good hiding place for your hardware wallet seed phrase… maybe you don’t need to back it up in the first place. (Use multiple wallets plus pin instead)

Hiding stuff is hard. Too easy, and an attacker can find it. Too hard, and you may wind up hiding it from yourself. Or from the people that should inherit if you die.
This is the dilemma of people who hold their bitcoin in hardware (HW) wallets, where the ultimate backup is the seed phrase. For the purposes of this article, we are talking about bip39 compatible HW wallets, of which the two top contenders are the Trezor and the Ledger Wallet.
From conversation with large bitcoin holders, I think there is a population of users that would like to be “in control” of their crypto assets, but is uncomfortable with the idea of hiding the seed phrase in the event of an ultimate failure scenario.
The obvious thing is to hide the seed phrase in a safe deposit box.
But
1) bank safe deposit boxes are starting to become hard to come by (long waiting lists)
2) maybe you don’t trust the bank
Here’s a thought.
If you
  • want quick access to high value bitcoin wallet
  • are bad at hiding things (can’t keep seed phrase safe)
  • are bad at, or too lazy for, high paranoia computer security (no offline computer, no live cd boot)
  • don’t trust your bank — or the government — not to swipe your bitcoin
The following is a solution such that you don’t need to keep the seed phrase backed up *anywhere*.
The trick is, instead of backing up the seed phrase, you set up multiple HW wallets with the same seed phrase, and then destroy the seed phrase.  Keep main wallet handy, backup wallets in car, office, and give a few other backups to friends for safe keeping.  Friends can’t do anything with just the wallet, they need second factors (pin code for trezor, plastic card with long code for ledgerwallet).
Keep the second factor(s) somewhere safe yet obvious — and separate from hardware wallet — in case you have a head injury or something and forget the pin, or you die and your heir needs to dig up the bitcoin. Ideally a safe deposit box. Even if bank employees are crooked, they can’t access coins with just the second factor but no HW.  Safe deposit box should be accessible by heirs if you die.  An easy, no-lawyers, hacky way to do this is to have joint account for box but keep both keys.  Your heir will have to drill the box to recover pin code if you die.  An evil heir could have box drilled without your permission… so don’t have an evil heir.
Now, a few words about second factors. Trezor wallet second factor is a pin, which can be memorized.  Ledger wallet second factor is a long code printed on a plastic card, which really can’t be memorized unless you take up some strange hobbies.  Trezor can get away with the simpler second factor because it has a built in screen.  So all things being equal, Trezor is more convenient.  But all things aren’t equal, because Trezor is about $100 and you can get ten el-cheapo hw.1 Ledger wallets for the same price.
To keep costs down but security high, you could use Trezor as primary wallet and Ledger as backup.  Since both HW wallets use bip39, their word lists are compatible. You will need ledger starter bootable usb to reset the seed on the ledgers, which is a little more work, but not a deal breaker.  Keep all second factors in the bank box — both Trezor pin, and all Ledger security cards. For the Ledger wallets, take care to clearly label which device is paired to which card. Or if money is no object, I would just use Trezor for all backup HW wallets, using same pin for every device.
If all HW wallets are destroyed the coin is gone, but then again if the seed phrase is forgotten or destroyed, same thing. Hardware does wear out, so you need to set a calendar item to test hardware every six months or so, and replace all wallets every couple years. This involves moving coins to new seed phrase, since you don’t have old phrase any more.
A superficially similar, but inferior, approach would be to write down the seed phrase and keep several copies of it distributed among your friends, but use a (memorizable) supplementary pass phrase on top of this, and keep a backup of the pass phrase in the safe deposit box. (Note that supplementary pass phrase is Trezor only.  Ledger does not currently support this feature of the bip39 spec.)
I don’t like this though.
The main advantage is cost.  Paper wallets among your friends, and a pass phrase in the safe deposit box, saves you from having to buy multiple HW wallets.
But, it’s a lot less safe.
  1. with the hardware backups you retain the ability to move bitcoin immediately if the main wallet stops working.  My thinking is that with seed phrase backup only, one might panic and enter the seed phrase on an unsafe machine, rather than wait for new hardware to arrive in the mail.
  2. supplemental pass phrase can be stolen on compromised computer, whereas second factors cannot.  Pin number is scrambled on trezor screen, and the Ledger security card is just additional entropy that is paired with the device (nothing for hacker to sniff).
So with seed + pass phrase, the attack is merely stealing one of the backup seed phrases (or betrayal by friend) plus stealing the supplemental phrase by bugging the owner’s laptop.  Pin number which is stored only in owner’s head plus very secure place (like safe deposit) is much, much safer than supplemental pass phrase.
To summarize it all, you can keep bitcoin safe on a hardware wallet plus a few backups, without storing the seed phrase anywhere.  If you are bad at hiding things, but don’t mind a bit more work at setup time, plus more work testing HW wallets and moving to new wallets periodically, this might be a good way to keep your bitcoin safe. Or at least keep your peace of mind that no one has gotten to the seed phrase. Trezor as main wallet keeps things convenient — just need to memorize a pin code. Handful of Ledger HW.1 backup wallets with same seed saves on costs.
Keep calm and bitcoin on!
UPDATE: One potential flaw is that you are not guaranteed access to coins on forks if you don’t have the secret. In the case of BCH both trezor and ledger did support the fork without seed phrase, but this is a case by case thing. (More comments below.)

5 comments:

  1. csino - Free Play | Shootercasino
    csino | Free Play | Shootercasino.com - 메리트카지노 Best Online matchpoint Casino Games for Desktop or Mobile 온라인카지노 Gambling ➤ Play Hundreds of Casino Games for Free ✓ No Download &

    ReplyDelete
  2. Roulette is a casino recreation named after the French word that means little wheel which was doubtless developed from the Italian recreation Biribi. The spin result history and other betting information, coupled with the graceful UI and trendy visual design, all mix to make this a recreation a true delight to players. From the super-slick chip and wager choice course of, to the lavishly rendered 3D wheel and splendid soundscape, roulette fans will love playing in} this recreation. For the entire bets coated on this article, on a European type wheel the house edge is actually at all times 2.70%, as all reward payouts as if there is be} one fewer quantity 헤븐카지노 on the wheel. The real distinction between the 2 games lies on the desk, particularly, within the French desk.

    ReplyDelete
  3. A number of on-line casinos use software program offered by the well-known Medialive Casino firm. It makes a speciality of stay dealer games, and the standard and a focus to 카지노사이트 detail in the games is simply excellent. Players expertise an extremely sensible feeling of being in a real-life casino.

    ReplyDelete
  4. Moreover, with the free version, clients will be pleased to start out|to begin} enjoying in} right away with out the extra value of filling in data and making a deposit. We also ensured that the most effective on-line casinos we reviewed come with Practice Play mode – a characteristic the place players can play free slot machines with no strings 카지노 attached. It’s as if you’re enjoying in} real cash slots, besides haven't got anything} to lose. Free spin bonuses on most free on-line slots no obtain games are gotten by landing 3 or extra scatter icons matching symbols.

    ReplyDelete
  5. Since Hurricane Katrina, Mississippi has 메리트카지노 eliminated the requirement that casinos on the Gulf Coast function on barges and now permits them on land alongside the shoreline. Delaware permits slot machines at three horse tracks; they are regulated by the state lottery commission. In Wisconsin, bars and taverns are allowed to have a lot as} five machines. These machines usually permit a player to either take a payout, or gamble it on a double-or-nothing "side sport". A scatter is a pay mixture based on occurrences of a chosen symbol landing anywhere on the reels, quite than falling in sequence on the same payline. A scatter pay usually requires a minimal of three symbols to land, and the machine might supply elevated prizes or jackpots relying on the number that land.

    ReplyDelete

If you can’t provision a good hiding place for your hardware wallet seed phrase… maybe you don’t need to back it up in the first place. (Use multiple wallets plus pin instead)

Hiding stuff is hard. Too easy, and an attacker can find it. Too hard, and you may wind up hiding it from yourself. Or from the people that...