1 sat \ 9 replies \ @timechain 22 May 2022 \ on: why don't we use Android phones as seed signers? bitcoin
I like the idea of it in a multisig. I will say an android phone is an internet-connected device. All hardware wallets (signing
devices) are cold wallets, aka not internet-connected. I have heard an idea where you have a phone that doesnt have service (mobile data), and has wifi turned off and using that as a device in a multisig, by scanning a qr code. This is cool because EVERYONE has an old android laying around. Way more people than have signing devices.
If you remove the sim, factory reset the phone, install only the wallet apk via the sdcard (bluewallet) and never connect it to the internet (keep in airplane mode and radios off), it's as good as any custom device. No doubt you can get your hands on an old phone for under $40
reply
Exactly, that's what I was thinking. I love when hardware is repurposed for Bitcoin purposes. Bitcoin specific hardware is awesome, but its also an attack vector, as jurisdictions can outlaw hardware that is considered "bitcoin specific." Thats why raspi's are cool too.
reply
I don't think you even need that. I'm thinking a 3 of 7 multisig between friends and family. Extremely unlikely for someone to be able to hack exactly the 3 phones right?
reply
It depends on what the purpose is of such a system. That means any three of the 7 can conspire to take the funds without consent of the other 4. It seems like a terrible idea to me, but maybe I don't understand the purpose.
reply
Ideally, they wouldn't know what the other parties are. The purpose it to simplify access to your funds in a secure manner. Single-sig is obviously out of the question. Having HW seed signers at home is weak against fires. Having HW seed signers distributed in several locations is slow and costly.
What do you suggest?
reply
Depends if your family or friends turn on you.
You need to think deeply about all the potential problems. Perhaps friends that don't know each other & in different countries
reply
Exactly! I'm envisioning they getting a notification like "@2bithits wants you to sign this" then they click "Sign" and BOOM! New tx signed. Because this is a seed signer not a wallet they wouldn't even really know much about your UTXOs.
reply
How would you broadcast transactions?
Turn internet on momentarily just to broadcast?
reply
No, their phones would be on 24/7, as they're today. It depends on your threat model but having multisig across several up-to-date android phones seems relatively secure to me.
reply