Avatar
Bert 1y ago

What is your passphrase best practice?

Was asked about the following setup:

nostr:npub1s0vtkgej33n7ec4d7ycxmwt78up8hpfa30d0yfksrshq7t82mchqynpq6j Passport, uses encrypted backup with SDcard. Access code to unencrypt is in physical distributed location that would take significant time to travel. SDCard only is a risk as it can burn/break etc.

So the client uses a physical steel backup with 24 words, again a different location. On a different location holds the passphrase on steel.

How do you rate this setup? There’s redundancy in both the SD Card, Steel seed phrase and steel passphrase. Do you think a double backup for the passphrase is required?

Would love more input on best practices around this. nostr:npub15c88nc8d44gsp4658dnfu5fahswzzu8gaxm5lkuwjud068swdqfspxssvx nostr:npub17h7h2jzhq3hn06h93jvz67sfjxaq3jvk7kenjrazht28aun33hks42sd76

Reply to this note

Please Login to reply.

Discussion

Avatar
ThyLobster 1y ago

It's literally more frequent to lose the steel plate or the device than being attacked. Redundancy does help, but there's better ways to do security like a multisig wallet in paper, one copy for you, one for dad and one online behind a password.

Avatar
Bert 1y ago

There are pros and cons for many solutions.

How did you store the derivation path for the multisig?

Avatar
ThyLobster 1y ago

I don't know exactly what you mean. I simply created a multisig wallet and wrote down each one of the recovery seeds in 3 pieces of paper, plastified them, placed them inside fireproof and waterproof cans, and distributed them. I only need 2 out of 3 to move the coins, and only I know where all the seeds are.

Avatar
Bert 1y ago

That’s not how multisig works. You need the descriptor of the setup too. With seedhammer you hammer the descriptors on the steel plates in combination with the seedqrs and the seeds. You need two descriptors to be able to complete the multisig configuration. When you lose the descriptors or not sufficiently backed them up you can’t access your bitcoin. Just having the seeds is not sufficient.

Avatar
ThyLobster 1y ago

Mmmm interesting.

Ok. Let me try a small experiment this weekend and I'll let you know how it went. Thanks for this Bert.

Avatar
Bert 1y ago

If you need any help or additional info let me know.

Avatar
ThyLobster 1y ago

So I have done my "experiment" and you are right, I need to store the descriptor.

So I guess that my only option would be a digital key for a multisig, but it basically breaks the whole point of the multisig security and makes it a single point of failure :(

I was just so hoping this could be a simple solution, but its not :(

So what was the solution you came up with for the descriptor?

Avatar
Bert 1y ago

With seedhammer you can easily store the descriptor in steel. Really great to hear you checked this out! If you need a seedhammer to try and you’re in the Netherlands, let me know.

Avatar
ThyLobster 1y ago

I'm sorry. In in London. But I would love to see what you mean. The descriptor is like 4 lines long and not really human readable, so the best way to store it should be a digital file. Are you saying we should write it down in steel?

Can you post an photo of what seedhammer looks like?

Avatar
ThyLobster 1y ago

Oh shit!

Avatar
ThyLobster 1y ago

I sometimes take a little time but eventually I get there :) Thanks for showing me this.

But I wonder if I can achieve the same thing by printing a QR code on paper, laminating it and storing it inside a fire and waterproof container?

Its probably cheaper....

Avatar
QnA 1y ago

If the passphrase is strong enough (it should be) then it won't be easy to memorize, so a second passphrase backup makes sense.

SD card, USB drive, Password manager are all viable options, in the right hands of course.

Avatar
Theo Hague 1y ago

You can memorize 6 words of a seed phrase and use that as password, in addition to redundant backups. That's good entropy

Avatar
Jeroen Ubbink 1y ago

Backup is actually a 2 part process with the first part being actually creating the thing that allows you to restore it later.

The second part is what is just as important And what i've learned is that people do not go often enough, or sometimes at all, through this process. I am of course talking about actual recovery. Your backup is worthless without this part.

Whatever your prefered method may be, if you are unable to read the words on your steel properly, or if you have never tried any recovery attempt from the backup procedure you came up with the whole "how safe is it?" question becomes insignificant.

Like with everything else in life keeping it simple probably beats adding extra layers of security because they add complexity to your restore procedure and might make it impossible to restore over decennia.

Avatar
Bert 1y ago

Great points Jeroen. Most people lose access through losing the backup or making it too complex so they forgot how they set it up.

It’s still weird for me that people don’t take time to do this properly. As if everything has to be a click of a button and you can be fully self sovereign. That’s a contradictio in terminis.

Avatar
Marcelinho 1y ago

I'm not a fan of passphrase. I would always prefer a classic 2v2 multisig to a passphrase.

Avatar
ChipButty 1y ago

A passphrase can be safely stored in a Password Manager.