Nostr Web Client

jimbocoin 🃏 2y ago

#Bitcoin key security levels:

Level 0: Not your keys.

Level 1: Hot wallet (keys on online device).

Level 2: Single-sig cold wallet (keys on eternally quarantined hardware)

Level 3: Single-sig cold wallet w/ passphrase

Level 4: Multisig

Level 5: Multi-vendor multisig

Level 6: Multi-vendor multisig w/ passphrases

Level 7: Multi-vendor multisig w/ passphrases, geographically distributed

Each level increases your security against particular vulnerabilities, but complicates your setup. Find the highest level you can confidently operate.

Reply to this note

Please Login to reply.

Discussion

Greeny 2y ago

Best hww? Cold card? Blockstream jade, passport??? Just threw my ledger in the trash😂😂

jimbocoin 🃏 2y ago

The best #Bitcoin hardware wallet is to have multiple different vendors working together in a multisig quorum, where no vendor can make quorum on their own.

That way, if any of your vendors has a key-leaking vulnerability, your stack is still safe.

Greeny 2y ago

Yeah ok But if u had to pick one for level 3…. What would it be?

jimbocoin 🃏 2y ago

Something that either lacks USB, or that you never plug into USB. Must support PSBT via microSD card or camera/screen.

But the risk isn’t worth it, IMO. If the complexity of multisig is scaring you off, try Sparrow wallet. It’s easy to make multisig hot wallets with Sparrow to play around with.

Shawn C. 2y ago

Saw an article they all use same secure element so common failure mode regardless of HWW vendor?

jimbocoin 🃏 2y ago

It depends on the nature of the vulnerability. More variety would be better through.

Shawn C. 2y ago

I like the look of the new Coldcard that looks like a Blackberry.

Kensho 2y ago

Why no passphrase on a cold card and derived entropy for the other signers. Geographically distribute the one set of words also with coldcard functionality. No need for multiple devices. Never selling.

jimbocoin 🃏 2y ago

If your seeds are derived from shared data, then they are at the mercy of that data and anyone who has it.

Each of your signers’ seeds must come from different, original entropy. Deriving seeds from shared entropy reintroduces the single-point-of-failure that multisig is intended to fix.

Shawn C. 2y ago

Dedicated vs stateless HWW is another decision tree of risk management. I am leaning toward stateless and making a SeedSigner or doing Tails/Electrum for a stateless PC instead of HWW. Thoughts?

jimbocoin 🃏 2y ago

To me, there’s no big difference between stateless and stateful, because the purpose of a signing device is to protect the keys from leaks during use. In between uses, other key security measures apply (physical security, operational security).

I would not reuse a signing device for multiple seeds though. Especially seeds that make up a wallet quorum. One hopes that each device’s erase function works, but it’s safer to assume that they’re each forever stateful.

ᴄʏʙᴇʀɢᴜʏ 👽 2y ago

Paper wallet? HD wallet? Which level they fit?

jimbocoin 🃏 2y ago

All of these are assumed to be hierarchical-deterministic (HD) wallets.

Depends on what you mean by paper wallet. If you just mean that the seed words are written in paper, then all of the above are basically that.

If you mean a printed private key / address QR code pair, this is worse than single-sig hardware. Level 0.5 basically. To print the paper wallet, you expose yourself to vulnerabilities in the printer firmware (which is notorious for being vulnerable).

ᴄʏʙᴇʀɢᴜʏ 👽 2y ago

Yes, paper wallet was an "escape" way before the hard fork between BTC and BCH (and others...). This contained the private key (as I remember HD wallets haven't exist those days). I think this is the zero level. But if you close this paper to a safe it could be Level 0.5 😁

Thanks for the reply!

StackinBeets 2y ago

Nice ranking system but Multi-sig could still be rated equal to or worse than single sig, depending on the situation.