Who can explain me this? #asknostr
nostr:npub17u5dneh8qjp43ecfxr6u5e9sjamsmxyuekrg2nlxrrk6nj9rsyrqywt4tp evaluates passphrase backups as "mediocre" and considers SeedXOR the superior alternative. He argues that passphrases are flawed due to their 2-2 setup, posing a risk of losing funds if one part is lost. Nevertheless, the same vulnerability exists for SeedXOR (2-2, 3-3, …). I don’t see any downside as long as the passphrase has a 256 bit entropy. Multiple backups are essential for both solutions.
Lopp on Passphrase backup:
„This gives you a security model that's the same as a 2 of 2 multisig setup. Do you know why 2 of 2 multisig isn't popular? Because it has 2 single points of failure - if you lose either part, you're screwed. I've seen quite a few people over the years get locked out of their funds because they forgot or lost the passphrase that accompanied their seed phrase.“
Lopp on SeedXOR backup:
„Seed XOR is, in my opinion, a superior way to achieve the properties that folks try to get with a "25th word passphrase" or via naive seed splitting, while decreasing the complexity and improving plausible deniability. Note that this is essentially an N of N (2-of-2 / 3-of-3 / etc) split backup, so you're going to want multiple sets of XOR'd backups to ensure that losing a single plate doesn't cause catastrophic loss.“
Yes, both backups are brittle.
In my experience, people tend to
A) Create incredibly complex passphrases
B) Not back them up because they created the passphrase in their head
Also, I think folks fool themselves about the utility of durress wallets.
In general, I like seedxor more because you KNOW it's getting backed up AND the backups have plausible deniability.
Thanks Lopp, appreciate your feedback.
What do you precisely mean by "fooling themselves about the utility of a duress wallet"? Are you suggesting that a sophisticated attacker would be aware of this regardless?
Mainly that duress wallets are speculative.
1. You're speculating about the attacker's knowledge and motivation. For example, there was a physical attack recently in which the victim gave up their wallet pretty quickly, but the attacker kept torturing them for hours in case they were holding out.
2. You're speculating about how you'd act in a high stakes stressful situation.
Coldcard with a 28 day login countdown cause fuck em
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 thanks for this feature
So underrated imo
Good point. Thanks a lot.
Merry Christmas 🎄
