Nostr Web Client

Replying to

Cyph3rp9nk

Why use a passphrase with more than 128 bits of entropy?

- To forget about the stupid market for hardware wallets with secure elements.

- So you don't have to worry if your seed is stolen.

"Politicians are thieves and bastards" has an entropy of 205.

nostr:nevent1qqs0zysnu92r60vnnkuptcwekara23wdjxdux3x3agfdahuy2vfdtpqpp4mhxue69uhkummn9ekx7mq8s7kms

Daedalus 9h ago 💬 3

Default seed phrase length is 12 which is about 128 bits of entropy. If you have to memorize a 128 bit passphrase just to unlock your Trezor then what's the advantage over just using a paper wallet. If you're already basically memorizing a seed phrase, just skip all hardware vulnerabilities and use a paper wallet.

The whole point of a hardware wallet is to use the security of the wallets software and hardware to encode a memorizable low entropy pin or password into the 256 bit or higher seed that's encrypted on the device. You rely on the firmwares brute force resistance. The secure element claims to do this better but is a major centralized black box that almost certainly has a backdoor.

Point is if you're at the level where you've memorized 128 bits of entropy, just use a paper wallet and plug it into an airgapped laptop when you need to spend. You've basically surpassed the need for a hardware wallet. Very conflicting information you're spreading.

Reply to this note

Please Login to reply.

Discussion

viper_1 6h ago

How do you just “use”

A #paperwallet ? Asking as a newbie and a genuine. Setting aside all the angst about “you will lose it etc”. Assume a competent adult that can keep a handwritten pen and paper document (and a copy remotely) and has dollars and wants bitcoin and only wants to use paper wallet or wallets. How would this happen?

Daedalus 6h ago 💬 2

Ideally you have a computer with no networking hardware installed running TAILS OS or Kicksecure in live mode. Then you open some sort of Bitcoin wallet software (I'd choose Sparrow) then you make a wallet, copy down the seed phrase then an address.

You could export view keys to a USB then load those into another computer with networking access. You're going to have to be careful with your network privacy while doing this as a malicious Electrum server can link your transactions to you, but using a view only wallet will give you assurance your transactions are recieved while the private keys are only written down on paper. You could also just watch the address you're sending to on a blockchain explorer like mempool.space

The problem with this is that on-chain all of your transactions are accumulating on one address. Terrible for privacy. There are stealth addresses in some wallets but the adoption is low thus far, I think Cake wallet and one other are the only ones that can recieve steath address payments.

viper_1 6h ago

Understood but basically need two computers, one which you had somehow made sure has no networking hardware, some OS that you also have and trust, a USB you also acquired and trust and even then it’s minimally paper and sounds very hard to do with any privacy. I am not trying to just complain and maybe this is all simple to more tech savvy people but my guess is like 99 out of 100 people would read that explanation and have no idea how to even start. And buried in the lines is a bunch of other stuff (just downloading without being on the network confuses me and sparrow isn’t so straightforward iirc comes with other steps like verification of keys and then will say you have to run your own node to really be able to trust sparrow anyway again iirc…. So I bet I’m being generous thinking 1% can handle all that). But even with all that, you have a wallet which is sort of 2 computers and a USB and some passphrase on paper, and you have some dollars, but still no bitcoin right? How do you cross that bridge? Literally once read to wear a disguise and find some sort of shady ATM somewhere (but somehow find these without using any internet search or maps that can track you) and expect to put in cash and get something out while getting photographed but just pull the brim low…

Daedalus 4h ago

Best way to get non KYC maximally private Bitcoin is to buy Monero either on an exchange or ideally via Retoswap non-KYC then swapping from a site on trocador.app or via Retoswap into Bitcoin.

For those ideologically opposed to non Bitcoin projects, Bisq is your best bet: Tor onion routing by default, high fiat liquidity etc. Others exist like Mostro, Vexl, Peach but they have more tradeoffs from an OPSEC perspective but generally are easier to use. Robosats is good if your lightning setup is private but most have an LSP setup or even worse, a custodial setup like Wallet of Satoshi in which you get less privacy than with on-chain Bitcoin from your custodian.

In my opinion, if you're trying to go as simple as possible, I'd get a Foundation Passport hardware wallet and just buy Bitcoin via Bisq using either cash by mail, USPS Money Orders (assuming US), or Zelle (assuming US). Ideally use a Linux computer for this but windows works (really use Linux though). Then transfer the Bitcoin to your Passport.

If you don't mind KYC or other projects you're better off buying Monero from Kraken, sending that to a Cake Wallet (app on iOS or Android or Desktop) address then swapping to Bitcoin mid app into your Foundation wallet. That's going to give you better on-chain privacy than even buying from Bisq (your UTXO will be linked to the information you give depending on payment method) while having a pretty simple UX and excellent air gapped security with the foundation wallet.

These are just my ideas I'm coming up with off the dome, there may be a better solution but these options provide a high degree of privacy and security with a smaller learning curve.

Daedalus 6h ago 💬 1

For spending you can sign a transaction and export it via a USB stick with Sparrow and broadcast it on another computer that has networking access. This is an airgapped solution that uses maximal security. You can also make a seed signer device with a raspberry pi. Lots of airgapped options.

Granted this setup is pretty unintuitive and laborious. Only for specific threat models and use cases. You can compromise by loading the seed phrase into a hot wallet, but greater risk of loss of funds due to malware or a 0day vulnerability.

Security is a spectrum depending on your risk tolerance and threat model. If you've got a few bitcoins, you're probably going to want to do an airgapped solution as I've described, likely with multi signature too so you need to recover multiple seed phrases to sign a transaction. All tradeoffs between usability and security.

What isn't going to help much is using a Trezor but adding what amounts to a second seed (128bit passphrase) onto your seed. You still will get wrenched and lose everything. The difference between brute forcing 256 bit keys and 384bit keys is the difference between impossible and impossible. You don't gain any cryptographic security, just security theater, thus my criticism of nostr:nprofile1qqs0eac2gh86s9l24qfmnw52xawhz0f3d862yleaetpafygjmanaxlspzdmhxue69uhhqatjwpkx2urpvuhx2ue0qy88wumn8ghj7mn0wvhxcmmv9uq3uamnwvaz7tmwdaehgu3dwp6kytnhv4kxcmmjv3jhytnwv46z7ramexg's "advice".

viper_1 4h ago 💬 2

Thanks. I am not critical or defensive of any approach I am trying to figure out what would really work for real people. It seems to me the most private cypherpunk (a word I parrot without pretending to really know) solutions are labyrinthian tech solutions using tech that probably was not available 5-10 years ago and may not be available 5-10 years from now. Seems unrealistic for almost everyone across space and time (successors need to be also expert). Again not trying to be cynical but there is hand waving towards free and open source software as if that’s a guarantee it will be usable and maintained into the future but I have no idea if that’s really more trustworthy than the alternative of profit motivated companies.

viper_1 4h ago

Should be clear I wrote cypherpunk above referring to the generic self described term many use - not referring to the particular poster.

Daedalus 4h ago

You're totally right. For most, secure element hardware wallet with a simple 6 digit pin will do. They're open to attack from the secure element manufacturer and state intelligence backdoors but they're also likely completely KYCed and have no on-chain privacy so the state is not in their threat model anyway.

If one has larger holdings hiring nostr:nprofile1qqs0w2xeumnsfq6cuuynpaw2vjcfwacdnzwvmp59flnp3mdfez3czpsprpmhxue69uhkummnw3ezumr0wpczuum0vd5kzmp0ksxxx2 and having his company or another competitor set up an elaborate multisig setup would be ideal. That way they handle all the cypherpunk security stuff.

For us autistically obsessed cypherpunk types, yeah we are going as hard as possible mainly for fun.