Replying to Avatar SeedSigner

Going to pause my technical masturbation and point out a few things. First, OCR is a ubiquitous thing now, everyone’s phones & the cloud do it as easily as they will scan a QR code, so it makes little difference whether your private key is encoded as words or a QR code if there is a malicious camera spying on you.

Next, you glossed over the fact that with a hardware wallet, you have to store two copies of your key — one electronic copy on the device and then an analog copy for if/when the digital storage device fails. Is your seed protected by a passphrase? Most likely not b/c entering a passphrase w/ a HWW can be cumbersome, and besides, the wallet is keeping the seed safe, right? So where do you keep that second, backup copy? It doesn’t make any sense to store a seed right next to the hardware wallet that is “protecting” it. So now you need two locations to store private key material…

One advantage of a stateless device is that if someone finds / steals your signer, they get nothing. But another advantage is that the analogue copy of a given key can be the only copy of that key you have to worry about storing / maintaining. For a multisig setup, this means you can just worry about storing one copy of each key without figuring out where to put all of the backups as well.

SeedSigner (and the stateless, airgapped signing model) was conceived with long-term storage of generational wealth in mind. This means geographically distributed multisig, and it also means a little less convenience when signing. For medium-sized bitcoin wallets, a HWW can make a TON of sense b/c you have the convenience of a nearby key that is protected by reasonable access-control mechanisms. But for the bitcoin I’m going to be passing to my children, I want accessing the funds to involve a little more friction, because that inconvenience is going to make it exponentially harder for an adversary.

SeedSigner’s model not right for everyone and it may not be right for every bitcoin storage use case, but it does force you to think through these kinds of issues for your bitcoin stack that really matters, the long term one. Anyhow, going to get back to beating off now…
Avatar
Haths Hayward 2y ago

lol, I certainly didn't mean any offense. Honestly, this is exactly the response I was looking for to help me better understand when and where this would be used.

Thank you!

Reply to this note

Please Login to reply.

Discussion

Avatar
SeedSigner 2y ago

Sorry if that came across as brash, was feeling a little cheeky this morning. One more thought that I neglected to mention. SeedQR was just created as a shortcut to quickly get a private key loaded into a stateless signer. If for whatever reason you prefer to store a PK with words, on paper or washers or whatever, you can easily type seed words into a SeedSigner, it just takes a bit longer than scanning a QR. And if you’re comfortable with your HWW and your setup, 100% stick with what you’ve got. We’re all different animals with different quirks and insecurities, and it’s when you’re having trouble sleeping at night that it may make sense to think about a change in one’s security posture.