Replying to Avatar jimbocoin 🃏

#Bitcoin key security levels:

Level 0: Not your keys.

Level 1: Hot wallet (keys on online device).

Level 2: Single-sig cold wallet (keys on eternally quarantined hardware)

Level 3: Single-sig cold wallet w/ passphrase

Level 4: Multisig

Level 5: Multi-vendor multisig

Level 6: Multi-vendor multisig w/ passphrases

Level 7: Multi-vendor multisig w/ passphrases, geographically distributed

Each level increases your security against particular vulnerabilities, but complicates your setup. Find the highest level you can confidently operate.
Avatar
Kensho 2y ago

Why no passphrase on a cold card and derived entropy for the other signers. Geographically distribute the one set of words also with coldcard functionality. No need for multiple devices. Never selling.

Reply to this note

Please Login to reply.

Discussion

Avatar
jimbocoin 🃏 2y ago

If your seeds are derived from shared data, then they are at the mercy of that data and anyone who has it.

Each of your signers’ seeds must come from different, original entropy. Deriving seeds from shared entropy reintroduces the single-point-of-failure that multisig is intended to fix.