Subnostr

Ok, been chatting about bitcoin wallets, and here's a UX problem.

Let's say I moved my bitcoin off exchanges, now on to the later stages of diamond hands.

I then backed up my seed phrase on steel (plates, washers, whatever).

Ok, now I want to make a change. Maybe do some coin joins, or switch to multi-sig. Now I have a problem, I'm going to need to save another seed phrase. Even worse, that seed phrase in steel? Not needed anymore.

How often would you want to do this? Buy more steel. Stamp more. Test.

Consider that password hygiene includes changing your password. Shouldn't seed hygiene be similar, sweeping or joining to a new set of addresses under a new private key?

Not sure how to approach this. Maybe use a TOTP? Base the address off of something else entirely? Encoding a phrase as RGB values and storing it in an image is interesting.

I might spend the weekend thinking about how I would store anything for a long period of time, but be able to update/change it easily whenever I want.

Reply to this note

Please Login to reply.

Discussion

ShiShi21m 2y ago

Multisig means you just add a couple more seeds to your current one.

It's definitely not to be disposed of unless it was compromised obv.

Sedj 2y ago

Yeah, but compromised - maybe you accidentally (or ignorantly) mixed kyc coin with non-kyc coin in your multi-sig. Maybe one of your storage locations is sketchy.

And why not dispose every so often? Let's challenge that belief.

Really thinking hard about things I've kept or remembered for 30 years.

ShiShi21m 2y ago

In this scenario just use a different address,

Your seed won't be tracked back to each address.

Sedj 2y ago

This is actually a really important point that most novices probably don't really understand.

The addresses where Bitcoin are sent are derived from your private key (or more than one private key) However, they are derived in a way that does not reveal your private key.

Your seed phrase is also derived from your private key. But it is derived in a way that can be reversed, so your private key is encoded into a seed phrase, which can be decoded into your private key.

Taking an address from a bitcoin transaction, you are not able to use it to derive a private key, or to derive any other addresses that may be able to be derived from your private key.

You can make assumptions about related addresses, based on transactions between them, and even more assumptions if addresses are used in multiple transactions. This is why many privacy-minded folks try to NOT re-use addresses.

If you use a coin-join or whirlpool or ither coin mixing service that moves your coins from one address to one or more other addresses, it doesn't really matter if those addresses are derived from the same private key(s) or not, as long as the addresses are new.

If you are trying to remove the KYC stink from your transaction history, and build the story that those KYC coins are no longer under your control, and you accidentally dox an address that you used previously in your hidden wallet by sending some KYC transactions to it, you can send the contents of that wallet back through mixing to new addresses under your same private key. You haven't doxed thr private key, or any other addresses derived from it.

I had this scare once when I accidentally withdrew from Strike to the wrong wallet. It was to a new address, though. Took me a long night of thinking to realize I was fine. My only danger would be combining that utxo with other utxos in my secure wallet when creating future transactions, so I just swept that utxo (by itself) into a new address of the wallet it was supposed to go to, where I normally collect KYC withdrawals.

How did I learn all this? I largely credit Sparrow Wallet, which separates a lot of this stuff out and shows you a lot about how everything works and the steps involved.