20 sats \ 2 replies \ @pillar 7 Feb 2023 \ on: Why Multi Sig? Why not a Passphrase? bitcoin
Ignoring the low-level technical details, a single-sig + passphrase is like a 2-of-2 multisig. And a 2-of-2 is tipically discouraged, and for good reasons. You earn more security against attackers if you keep the seed and the passphrase (or your second seed) stored independently. But, and this is a huge but (huge enough for me to advice against doing this at all) you have dramatically increased the chances of locking yourself out. For most people, this is far more dangerous than external attackers.
Think about it. By going from simple seed to seed + passphrase, you have multiplied by two the amount of single points of failure. So, in simple terms, you have also multiplied by two the chances that you lose a critical part of your recovery scheme and lose your bitcoin.
On the other hand, if you go for a 2-of-3 multisig, you don't have any single point of failure. It is definetely more complex than a single seed setup, but if you know what you are doing, it's orders of magnitude more robust both against attackers as well as against your own errors.
My personal opinion is: either settle for a simple, single seed setup, or get your hands dirty and go for a 2-of-3 multisig.
I agree if someone generates a passphrase and needs to remember it or store it, however I am talking about a strong passphrase that few people would know the answer, and nobody would know you have a passphrase (ie. the name of the persone which whom you lost your virginity, the street name on which you were living when you were born/grew up, your high school crush, any events or name in the past that would be irrelevant to others but somewhat special to you).
reply
Sorry, I think you are missing the point.
Don't even think about not writing down the passphrase if you are going that path. A million things could go wrong. You could lose memory. You could mess up a single character and screw things up (been there, done that). And if you are going to rely on your memory... why not simply remember your seed instead? Simply, don't rely on your memory that way.
If you have a single sig, no passphrase setup, any of your backups falling into the hands of an attacker means you lose your bitcoin.
If you have a single sig + passphrase setup, and you store them together, it's the same thing as the single sig, no passphrase setup.
If you have a single + passphrase setup, and you store the seed and the passphrase in different locations (so that no single location falling into an attacker's hands means losing your bitcoin) you are effectively facing the same problem as a 2-of-2 multisig: you know have two pieces of information (the seed and the passphrase) which are both necessary for recovery, so you have two single points of failure. It's enough to lose one of the two things to lose your bitcoin.
If you have a 2-of-3 multisig, with 3 or more backup locations, there is no single point of failure. You can lose one of the keys and still recover.
So, again: if you compare a simple single sig against a single sig + passphrase or its lookalike, the 2-of-2 multisig, you are increasing security against attackers a bit while increasing security against accidentally losing your bitcoin a lot.
reply