For individuals - split seed phrase, seed phrase and passphrase, or multisig? \ stacker news ~bitcoin

pull down to refresh

For individuals - split seed phrase, seed phrase and passphrase, or multisig?

1776 sats \ 18 comments \ @BitcoinHandsOn 23h bitcoin

I'm writing another book called More Bitcoin Hands-On (my first book was Bitcoin Hands On, https://www.amazon.com/dp/B0F4SZSCH8).

In this new book, I'd like to include some exercises that include other options, besides just standard single sig wallets Specifically, I want to explore needing 2 different (geographically separately stored) secrets for spending. The most talked about way to do this is multisig, of course. But I want to present other choices as well.

So, I'm thinking of having exercises that go through these options, each of which has 2 secrets.

Having a 24 word seed phrase, and splitting it in 2 sets of 12 words.
Having a 12 word seed phrase, and a 12 word passphrase (both using the BIP 39 word list).
Having a 2 of 2 multisig (the public keys of both 2 keys would be stored with each of them.)

In all these cases, the 2 secrets would be stored in different locations.

Am I correct in thinking that these 3 options offer precisely the same security, assuming that this is owned by a single person?

In terms of the complexity of setup - for me, the very simplest option by far is the 24 word seed phrase, split. Next is the 12 word seed phrase, 12 word passphrase, split. And by far the most complicated would be the 2 of 2 multisig.

Multisig would of course be better for joint ownership, because it's designed for joint control. You can use the PSBT to sign transactions, without one party having access to both keys.

But if this is for an individual person who wants more security, it seems like multisig would NOT be an improvement. Of course, this would assume a "vault" type wallet, one that would rarely be spent from.

I understand that there's no redundancy at all here, and if one of the secrets are completely lost, you're screwed (assuming you didn't have decent backups).

And I'd probably have a separate exercise for 2 of 3 multisig later on, since that's the most common multisig setup.

Just for some background - here's the exercises from the book Bitcoin Hands On.

Exercise 1: Install Sparrow Bitcoin Wallet 5 Exercise 2: Create Alice wallet in Sparrow 9 Exercise 3: Buy Bitcoin 13 Exercise 4: Receive bitcoin into your Alice wallet 17 Exercise 5: Recover your Alice wallet 22 Exercise 6: Create wallet Bob 24 Exercise 7: Your first send—transfer bitcoin from Alice to Bob 26 Exercise 8: Review the Alice to Bob transaction 29 Exercise 9: Explore the Settings window of the Alice wallet 32 Exercise 10: Create watch only wallet based on Alice 35 Exercise 11: Explore the Alice Watch Only wallet 37 Exercise 12: Receive bitcoin via a watch only wallet 39 Exercise 13: Use the Alice Watch Only wallet to send a transaction 41 Exercise 14: Create wallet Bob Legacy Script Type 43 Exercise 15: Create wallet Alice With Passphrase 46 Exercise 16: Review some transactions 49 Exercise 17: Send bitcoin from Alice to Bob—review fees 53 Exercise 18: Bitcoin fees—what you pay, and why 56 Exercise 19: Install Blue Wallet and create the Carol wallet 60 Exercise 20: Send bitcoin from Bob in Sparrow to Carol in Blue Wallet 63 Exercise 21: Send bitcoin from your exchange to Blue Wallet Carol 65 Exercise 22: Import the Alice wallet to Blue Wallet via the public key 67 Exercise 23: Import the Alice wallet to Blue Wallet via the descriptor 69 Exercise 24: Set up password protection on Blue Wallet 71 Exercise 25: Recover the Bob wallet in Blue Wallet 73 Exercise 26: Send all bitcoin from the Bob Recovery wallet in Blue Wallet to Alice in Sparrow 76 Exercise 27: Bonus—use Blockstream wallet 78 Exercise 28: Clearing practice wallets and creating a long-term wallet 80

view all related items

100 sats \ 4 replies \ @025738dda8 22h

Instead of splitting the seed mnemonic (according to BIP-39), use SLIP-39 - shamir backup that is designed exactly for this purpose. The most recent version allows you to start with a single seed mnemonic and later create n-of-m shares scheme when you know that you need it.

0 sats \ 3 replies \ @BitcoinHandsOn OP 21h

SLIP-39

How does it improve on just splitting the seed mnemonic, could you give me the lowdown?

100 sats \ 2 replies \ @optimism 20h

Shamir's lets you split it into a 2-of-3 for example, so you are hardened against loss. Loss is still the #1 enemy.

100 sats \ 1 reply \ @BitcoinHandsOn OP 20h

So, is that like having a 24 word seed phrase, then you split it into 3 parts - one with say the first 8 and the last 8, the other with the middle 8 and the last 8, and the third with the first and middle 8, that type of thing?

(never mind, I did a little research on Shamir's Secret Sharing. seems very different).

0 sats \ 0 replies \ @optimism 19h

The idea is like splitting 24 words in 3 parts of 12, or 4 parts of 12, or 4 parts of 8, but so that you can form the whole 24 with only 2x 12, not 3x 12.

32 sats \ 2 replies \ @hasherstacker 22h

Better use a 2 of 3 multisig, rather than a 2 of 2. Keep it simple to handle, but hard to crack

0 sats \ 1 reply \ @BitcoinHandsOn OP 21h

I think people may be overestimating how simple multisig is.

132 sats \ 0 replies \ @jamesviggy 20h

Multisig has become much easier to use. If you already have three signing devices, just open Sparrow Wallet on your desktop and create a new wallet using those three signatures (set it as 2-of-3).

Once it’s created, make sure to back up or export the wallet configuration file - you’ll need this if you ever need to reconstruct the multisig wallet later.

When you want to spend, simply create the transaction in Sparrow, then export the unsigned transaction file and take it to your signing devices to collect their signatures. Once you’ve gathered the required number of signatures (for example, 2 of 3), bring the signed transaction file back into Sparrow and broadcast it to the network.

32 sats \ 4 replies \ @Scoresby 22h

I would never use a 2 of 2 -- either splitting a seed phrase, doing a single sig with pass phrase -- it seems to me that you only increase complexity and risk that something goes wrong for very little increase in security. I'd sooner do a single sig or jump up to a multisig.

A 2 of 3 multisig is really easy to make in Sparrow or things like Bitcoin Keeper, Liana, Nunchuk, and Bitcoin Safe.

While multisig is a little more complicated, you gain a number of great benefits (most of which you point out): you can lose a key without a catastrophe, you can sign txs without bringing the keys together, and you can use different signers with each key so you aren't dependent on any one manufacturer.

0 sats \ 3 replies \ @BitcoinHandsOn OP 21h

Multisig is definitely the solution everyone points to, and I know it's a good solution in many cases.

But I'd love to hear some more about how exactly something that is a WHOLE LOT more simple and accessible to people (the first 2 options I list, geographically splitting either a 24 word seed phrase, or a seed phrase/passphrase), is such a bad idea, if you want to upgrade from standard single sig. I don't understand what's wrong with it, if you have some redundancy.

Also here's an interesting video - https://www.youtube.com/watch?v=7BAg5h4Lf2o - it's an interview with Peter Kroll, inventor of the paper wallet. He has a new setup now, that he's teaching, with 4 levels. level 1 - custodial lighting wallet level 2 - self custody bitcoin, in something like blue wallet, on phone, and steel seed phrase backup somewhere in house level 3 - new phone, always cold, no sim card, no email except decoy always turned off for cold storage with blue wallet , hide cold phone in home, also steel seed phrase backup at home level 4 - 2 of 2 multisig in Blue Wallet. Get another phone, same setup. Both phones have to authorize in order to sign. This phone, with steel backup, is given to family member. Another backup of seed B is in bank safety deposit box.

He's also not a fan of hardware wallets.

53 sats \ 0 replies \ @jamesviggy 20h

I’m not sure splitting a recovery seed is much of an upgrade from single-sig - at least not in the way multisig is. It’s definitely better than keeping your private key sitting in one place, like your sock drawer, but if your Bitcoin is still secured by a single signature, then someone with a gun can still coerce you to unlock your hardware wallet.

The real advantage of a 2-of-3 multisig setup is that there’s never enough information to spend the Bitcoin in any one location. No single compromise gives an attacker control - and that’s a true security upgrade.

32 sats \ 1 reply \ @Scoresby 20h

I suppose I'd say splitting your seed in half is not an upgrade at all. Youve actually made yourself more vulnerable because you have two secrets you need keep safe. If either one is lost, you lose your coins. I don't know that you even get much resistance to theft. You still need to bring the full seed together to sign a transaction. What is the value of this construction?

0 sats \ 0 replies \ @BitcoinHandsOn OP 20h

Here's my thoughts on it:

This is only valuable for a very cold storage situation - your stash that you want to keep safe, and (almost) never spend from
It's an upgrade from single sig, in terms of resistance to violent theft. If you're keeping your seed phrase in your house, and someone breaks in and threatens you, you may give it up. If you have to actually go to another location, you're more resistant to this kind of attack
Multisig is better, but much more difficult than just splitting the seed. Splitting the seed makes intuitive sense. Multisig does not. People who are knowledgeable about bitcoin often have a hard time putting themselves into the mind of a beginner - or even an intermediate user.
Each "site" (location that you're keeping the secret) would have a backup. Like, you'd have a hardware wallet, and steel backup.

I'm not saying that splitting your seed, or doing a seed phrase/pass phrase as written up above is THE BEST security, better than multisig.

But, it really does seem that it might be a good step, between single sig and multisig.

I'm definitely interested in people's feedback, though. Maybe check out the video from above, see what you think.

32 sats \ 0 replies \ @denlillaapan 23h

@remindme in 3 days

0 sats \ 0 replies \ @000w2 4h

They don't offer the same security. 2of2 is more secure because the keys never need to be in the same location. With single sig, key generation and transaction signing can be single points of failure.

0 sats \ 0 replies \ @Corey_San_Diego 9h

Look into seed XOR. another option similar to splitting but better in some ways.

0 sats \ 0 replies \ @realBitcoinDog 17h

Multisig

32 sats \ 0 replies \ @035736735e 19h outlawed

stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.