Replying to viper_1

How do you just “use”

A #paperwallet ? Asking as a newbie and a genuine. Setting aside all the angst about “you will lose it etc”. Assume a competent adult that can keep a handwritten pen and paper document (and a copy remotely) and has dollars and wants bitcoin and only wants to use paper wallet or wallets. How would this happen?
Avatar
Daedalus 6h ago 💬 1

For spending you can sign a transaction and export it via a USB stick with Sparrow and broadcast it on another computer that has networking access. This is an airgapped solution that uses maximal security. You can also make a seed signer device with a raspberry pi. Lots of airgapped options.

Granted this setup is pretty unintuitive and laborious. Only for specific threat models and use cases. You can compromise by loading the seed phrase into a hot wallet, but greater risk of loss of funds due to malware or a 0day vulnerability.

Security is a spectrum depending on your risk tolerance and threat model. If you've got a few bitcoins, you're probably going to want to do an airgapped solution as I've described, likely with multi signature too so you need to recover multiple seed phrases to sign a transaction. All tradeoffs between usability and security.

What isn't going to help much is using a Trezor but adding what amounts to a second seed (128bit passphrase) onto your seed. You still will get wrenched and lose everything. The difference between brute forcing 256 bit keys and 384bit keys is the difference between impossible and impossible. You don't gain any cryptographic security, just security theater, thus my criticism of nostr:nprofile1qqs0eac2gh86s9l24qfmnw52xawhz0f3d862yleaetpafygjmanaxlspzdmhxue69uhhqatjwpkx2urpvuhx2ue0qy88wumn8ghj7mn0wvhxcmmv9uq3uamnwvaz7tmwdaehgu3dwp6kytnhv4kxcmmjv3jhytnwv46z7ramexg's "advice".

Reply to this note

Please Login to reply.

Discussion

c2
viper_1 4h ago 💬 2

Thanks. I am not critical or defensive of any approach I am trying to figure out what would really work for real people. It seems to me the most private cypherpunk (a word I parrot without pretending to really know) solutions are labyrinthian tech solutions using tech that probably was not available 5-10 years ago and may not be available 5-10 years from now. Seems unrealistic for almost everyone across space and time (successors need to be also expert). Again not trying to be cynical but there is hand waving towards free and open source software as if that’s a guarantee it will be usable and maintained into the future but I have no idea if that’s really more trustworthy than the alternative of profit motivated companies.

c2
viper_1 4h ago

Should be clear I wrote cypherpunk above referring to the generic self described term many use - not referring to the particular poster.

Avatar
Daedalus 4h ago

You're totally right. For most, secure element hardware wallet with a simple 6 digit pin will do. They're open to attack from the secure element manufacturer and state intelligence backdoors but they're also likely completely KYCed and have no on-chain privacy so the state is not in their threat model anyway.

If one has larger holdings hiring nostr:nprofile1qqs0w2xeumnsfq6cuuynpaw2vjcfwacdnzwvmp59flnp3mdfez3czpsprpmhxue69uhkummnw3ezumr0wpczuum0vd5kzmp0ksxxx2 and having his company or another competitor set up an elaborate multisig setup would be ideal. That way they handle all the cypherpunk security stuff.

For us autistically obsessed cypherpunk types, yeah we are going as hard as possible mainly for fun.