Replying to Avatar jimbocoin 🃏

Ultimately—and I hope you’ll forgive me for going philosophical—in #Bitcoin, ownership is knowledge, and security is measured in time.

Knowledge can either be kept in one’s head or encoded in the world. One can encrypt information, but as you rightly point out, now you have the decryption key to store as well.

You can write words down by hand, or save a plain text file, perhaps in a secret location. But the location is now knowledge that has to be stored, and we’re right back where we started—memorizing secrets.

Because ownership is knowledge, exclusive ownership demands secrecy. But a secret written down can be discovered. Therefore the only way to exclusively own Bitcoin is to keep some amount of knowledge exclusively in one’s own head. Any configuration in which all of the knowledge is encoded in the world is exploitable.
Avatar
Laser 2y ago

Note that even with multivendor multisig, the software originating the transaction needs to be secured. Generally speaking, it's best to use a dedicated machine for this purpose.

Reply to this note

Please Login to reply.

Discussion

Avatar
jimbocoin 🃏 2y ago

Correct.

During initial wallet creation, use at least two different vendors to generate lists of addresses from metadata. Confirm that these lists match. This protects you from a malicious software wallet at setup time.

Bonus points: save off a copy of these addresses with the metadata, in offline storage. Before receiving coin, confirm that the address is the next one on the saved address list. This protects you from a software wallet that became malicious between setup and receive time.

Bonus bonus points: keep two machines running different OS’s for the coordinator wallet. This way, if either has a vulnerability (revealed by the above) you still have another wallet ready to use.