Subnostr

Wouldn’t it make sense if you’ve got a 3 of 5 multisig solution to keep the seed phrase with the signing device?

What’s the best practices for securing the seeds of your signing devices?

At a minimum you should keep your seed recovery mnemonic sealed in a tamper evident pouch. It’s more important to keep it secret and secure than it is to keep the signing device secured (because loss of the secret puts not only current holdings at risk, but any future balance as well).

Loss or (malware/Trojan) compromise of a signing device MIGHT result in exposure of your secret. But the PIN and any wipe threshold on repeated PIN failures MIGHT save you.

So, keep the seed MORE secure than your hardware wallet.

I recommend deriving new seeds (BIP85) off the one that you secure for your hardware wallet (or air gapped, dedicated transaction signing system).

I derive new seed (sub-keys) for mobile, desktop wallets, wife’s mobile wallet, and (so far) one for other applications (like NOSTR identities). (You can use the supplemental pass phrase support to derive different nsec keys).

Reply to this note

Please Login to reply.

Discussion

Brad Mills 2y ago

Dang this is good advice

Brad Mills 2y ago

cc #[3] #[4]

HODL 2y ago

The above comment is spot on. Don’t Comingle your seed and device locations

matata 2y ago

how do i derive new seeds from the existing ones securely?

JimD 2y ago

Start with a wallet (seed securing device or software) which supports BIP0085 (https://github.com/bitcoin/bips/blob/master/bip-0085.mediawiki).

Use that support. Optionally you can add use of "pass phrases" or other strings which can be mixed into the seeds encoded in BIP0039 recovery mnemonics by and for some applications.

For instance, the seed I used to generate my alternative nsec for NOSTR (my @iris account) adds "nostr" to the key I derived for such purposes. I plan to used other post-derivation key strings for WireGuard, Signify, and age/rage encryption.