Replying to Avatar ODELL

HORRIBLE ADVICE.

LEARN HOW TO HOLD BITCOIN SECURELY YOURSELF.

I RECOMMEND BITKEY FOR NON TECHNICAL USERS. COLDCARD FOR EVERYONE ELSE.

SELF CUSTODY IS EASIER THAN DRIVING A CAR OR RAISING A KID.

NO EXCUSES. FIGURE IT OUT OR REGRET IT LATER.
Avatar
jimbocoin 🃏 1y ago 💬 2

The problem with Bitkey is that you can’t load a seed yourself. It’s the “trust me bro” model of seed generation.

Everyone shat on card with the private key pre-inscribed years ago (Lee something made it?) but people seem to be just fine with the same situation as long as it’s a hexagonal stone thingy.

Reply to this note

Please Login to reply.

Discussion

Avatar
Marc 1y ago 💬 1

Same is true for thr TapSigner, right?

Avatar
jimbocoin 🃏 1y ago 💬 1

Correct. Yet another product that gets a pass by otherwise hardcore security maximalists.

Avatar
Marc 1y ago

I use it for convinience, but I wouldn't put my life savings on a TapSigner.

Avatar
ODELL 1y ago 💬 1

BITKEY IS NOT PERFECT BUT IT IS A GREAT TRADEOFF MODEL FOR NON TECHNICAL USERS. INCREDIBLY DIFFICULT TO FUCK IT UP.

SAYING BITKEY AND BALLET ARE THE SAME IS RETARDED.

Avatar
jimbocoin 🃏 1y ago 💬 1

> SAYING BITKEY AND BALLET ARE THE SAME IS RETARDED.

This is not an argument. In what significant/technical way are they different?

Avatar
ODELL 1y ago 💬 1

BALLET:

- KEY GENERATED IN FACTORY

- SINGLE FIXED ADDRESS

- NO BACKUP

- MISLEADING MARKETING MATERIALS SAYING IT WAS MORE SECURE THAN ALTERNATIVES

BITKEY:

- KEYS GENERATED BY USER USING ENTROPY FROM HARDWARE AND APP

- HD WALLET: FRESH ADDRESSES FOR EVERY RECEIVE

- UNIQUE USER FRIENDLY BACKUP PROCESS LEVERAGING THEIR 2 OF 3 MULTISIG SETUP SO IT IS PRACTICALLY IMPOSSIBLE FOR USERS TO LOSE COIN DUE TO MISTAKES

- DELIBERATE AND HONEST MARKETING OF TRADEOFF BALANCE

Avatar
jimbocoin 🃏 1y ago 💬 1

Thank you for taking the time to respond 🙏

> - KEYS GENERATED BY USER USING ENTROPY FROM HARDWARE AND APP

This is unverifiable. Even if the code is open source (is it?) how do you know the device you hold is doing what it says it does? How can you verify?

(Note that every hardware wallet has this problem. The only way to validate the HWW’s process is to roll a seed yourself, then load it on multiple vendors’ devices to confirm they all yield the same XPUB and addresses.)

Whether the seed was printed at the factory, or printed by a closed source process, one cannot verify that it was done securely and that nobody else has the key.

IF you were going to use multiple of these “trust me” seeds together in a multisig quorum, then you could be reasonably sure you won’t get rugged. It’s unlikely they’re all vulnerable at the same time, exploitable by the same attacker.

Regarding backups: if you can’t extract/load the seed onto the device, then you can’t back it up. Making a copy of the Ballet private key and using Bitkey’s multisig backup seem to me to offer equivalent ways to recover the wallet following loss/destruction of the device.

Your other points are valid, particularly the point about address reuse.

Avatar
ODELL 1y ago 💬 1

BITKEY SOURCE AND DOCUMENTATION CAN BE FOUND HERE:

https://github.com/proto-at-block/bitkey

Avatar
jimbocoin 🃏 1y ago

Nice!

It’s still not possible to verify that that code is what’s running on your device. Better than nothing.

I have the same critique of all firmware-pre-loaded devices (ColdCard, Trezor, etc.). Self-built SeedSigner is better in this regard.