Nostr Web Client

#asknostr, is a 2-of-2 multi-sig wallet when 1 of the seeds has been compromised any less secure than a single-sig wallet? I'm pretty sure the answer is 'no', but am I missing something?

Let me elaborate a little more:

Most people will be familiar with a single-sig setup on a mobile wallet that uses an external hardware device to sign transactions. In this setup, the seed is on the hardware wallet, and you would have backup(s) of the seed stamped onto steel, or written on paper; stored in a safe, or whatever you feel works best for you.

I'm wondering if it would make sense to just turn this setup into a 2-of-2 multi-sig simply by adding a 'hot' key seed in the mobile wallet. Then, put copies of this 2nd 'hot' seed anywhere you can to make sure it's virtually impossible to lose. Heck, even store it on the blockchain if you have to (sorry for the arbitrary data 😉). Even if everyone knows the 2nd 'hot' key, it's still no less secure than a single-sig setup. Also, since you really only have to keep track of and guard the other key (which you would have to for single-sig setup anyway), the extra effort is negligible.

It seems to me one of the downsides of storing a backup of a single-sig seed is if someone happens to stumble across that 1 item (for whatever reaseon), they could easily take your funds. At least with this 2-of-2 setup, there's a very good likelihood they wouldn't even be aware that there is a 2nd key involved to even go looking for it.

I hope I've explained my thinking well enough. Again, am I missing something here?

*PLEASE NOTE: I'm well aware of passphrases, and that a conventional 2-of-3 mult-sig, etc. scattered geographically/jurisdictionally would be much better. I'm just curious if my proposed 2-of-2 setup would be at least marginally better (and absolutely no less secure) than a single-sig. I'm trying to come up with an easy noob setup that I feel comfortable recommending for smallish amounts; and, I've never liked the idea of being outright screwed if someone happens to stumble across the backup of your single-sig seed.

db 7mo ago

nostr:npub1hqva2radggqltaj8n7vqpj9pkddc7lf6cmsuchm3dp4kr52syeqsrap4sd any insights here?

Reply to this note

Please Login to reply.

Discussion

modulo 7mo ago

Single sig with a strong passphrase could be constructed to be like a 2-of-2 without a passphrase, secrecy speaking.

That’s the simple take. There are many other considerations for 2-of-2 to take into account, like opsec, evil maids, etc.

db 7mo ago

So for arguments sake, hypothetically, if you had a 2 of 2 and one seed was compromised, would your ₿ stack be more in danger than if you just had a single sig setup?

Also if you had a single sig w/ passphrase and your passphrase was compromised, would that impact the security of your ₿ stack?

modulo 7mo ago

All things equal and no other risks taken into account in the hypothetical, no.