Just read the disclosure of a severe vulnerability in libbitcoin's `bx` tool that limits seed entropy to 32 bits.

https://milksad.info/disclosure.html

Got me wondering about security of various multi/threshold signature wallets.

Traditional OP_CHECKMULTISIG adds one bit of entropy for each extra signer, given that the individual pubkeys are disclosed. A 2of2 multisig would be 33 bits of entropy and also easily identifiable as vulnerable once a spending tx is published.

But using taproot and musig2, the individual pubkeys are not disclosed, so the number of bits is doubled for each extra sig. A 2of2 multisig would be 64 bits of entropy, and not easily identifiable as vulnerable.

Amirite? nostr:npub1j5mp526z5fkz9wkrk6mt5nzu43xndyrwkr8mnqngdqwytgcpc5vqcnsd5c nostr:npub1vadcfln4ugt2h9ruwsuwu5vu5am4xaka7pw6m7axy79aqyhp6u5q9knuu7

Haven't thought about musig2 this way before. It's a belts and suspenders type of thing in case entropy turns out to suck.