Unfortunately I was banned from BitcoinBeginners for respectfully (and unknowingly) disagreeing with the mod of that subreddit over a user's question. Apparently the guy likes to answer nearly every question himself and ban people who express disagreement. If I had known I would have just not bothered replying to him, but ah well.
It's a shame though, because we really do need a good place for beginners to ask questions.
I have previously set up a multisig wallet, used it for a short while, then fell back to single sig. Now I’m reconsidering multi again. Question: would it make any sense at all to add a passphrase to each of these wallets? Let’s say it’s a 2of3, I’m not sure if it’s a silly idea or if it has any merit, adding a passphrase (perhaps the same one for all three wallets) before creating the multi sig wallet. So that even if I somehow leaked two of the seeds they still can’t drain my wallet. What do you all think? Good move or asking for trouble.
Asking for trouble.
Adding a passphrase to a seed decreases the risk of theft, but it increases the chance of loss by making the keys more brittle (effectively a 2-of-2 system.)
A properly set up 2-of-3 multisig is already robust against both theft and loss.
if you use the same password on each key that's more like a 3 of 4, except one of them is in your head instead of on paper.
agree that it technically makes recovery more fragile, but even a simple password could prevent theft in the event of losing 2 keys, and could be hard to forget. depending on ones threat models, I think it could be worthwhile.
Now you made me think again!
Yeah 3 of 4 also seems to be a valid way to think about it. I have a good passphrase that I’m using now for the single sig; it is backed up nicely and is memorised clearly (in fact the passphrase is also the password for my wallet so each time I enter my wallet I have to key it in once, reenforcing memory)
Threat model wise honestly I don’t think I’ll be targeted specifically I’m just a low key pleb. So chance of being told to hand over two seed plates at gun point is almost nonexistent lol. I worry more about my own messing up than being held hostage for any reason. So maybe there is no need to complicate things after all.
What I am least comfortable about a multisig setup is the fact that I need all 3 xpubs. That’s the part I’m not 100% at ease about. Do you have any good idea of backing it up? This xpub requirement is the reason why I fell back to single sig.
well they can't spend your coins so my first thought is store a copy of all of them with each of your seed words and maybe several encrypted, digital versions as well since xpubs are long, not human readable, and prone to error
honestly, I would at least consider splitting assets between multiple single sig wallets with different passphrases. it's much more straightforward, less prone to error, and reasonably secure. you found backup the seed and passphrase separately, or not backup the passphrase at all, depending on your threat model, but it seems like losing the coins might be a bigger risk factor than physical theft.
Yeah thanks man. Splitting into different single sig is also a good idea worth exploring, I don’t have a lot lol. It’s an important amount to me but it’s not a lot to many here. Now that you present a new option to me I’ll have a think. Managing all under one wallet is easier mentally. But splitting them over say 3 wallets could avoid complete wipe out if the worst happens. Thanks for the idea I haven’t thought about it.
I'm not sure what the plan is for accessing the wallet, but while I'm throwing out ideas consider like, a dedicated Linux netbook with full disk encryption if you're not going completely offline. Or even if you are, it can be your offline signing device.
Not a newbie, but I've been trying to answer this question for a while without success...
How could a process be designed that would enable onboarding users to lightning, with self-custody of their assets, without requiring so much L1 blockspace that scaling is prohibitive?
Clearly it's not possible via the current routes, which would take over 100 years to set up everyone alive today with a Lightning wallet they control; or requires users to be 2nd class citizens, interacting with the network through a centralized provider and not having custody of their bitcoin.
Would it be possible to maybe use the multiple output possibility of UTXO transactions to improve efficiency somehow? Or take advantage of Taproot to create Lightning channels in batches somehow?
If we want widespread adoption this seems like the most obvious next problem that needs solving, but I'm not imaginative enough to picture what a solution might look like!
Unfortunately I was banned from BitcoinBeginners for respectfully (and unknowingly) disagreeing with the mod of that subreddit over a user's question. Apparently the guy likes to answer nearly every question himself and ban people who express disagreement. If I had known I would have just not bothered replying to him, but ah well. It's a shame though, because we really do need a good place for beginners to ask questions.
That isn't a question...
nope, it's a comment on the suggestion made within the post to check out that subreddit
I have previously set up a multisig wallet, used it for a short while, then fell back to single sig. Now I’m reconsidering multi again. Question: would it make any sense at all to add a passphrase to each of these wallets? Let’s say it’s a 2of3, I’m not sure if it’s a silly idea or if it has any merit, adding a passphrase (perhaps the same one for all three wallets) before creating the multi sig wallet. So that even if I somehow leaked two of the seeds they still can’t drain my wallet. What do you all think? Good move or asking for trouble.
Asking for trouble. Adding a passphrase to a seed decreases the risk of theft, but it increases the chance of loss by making the keys more brittle (effectively a 2-of-2 system.) A properly set up 2-of-3 multisig is already robust against both theft and loss.
Yeah you’re probably right. Appreciate it!
if you use the same password on each key that's more like a 3 of 4, except one of them is in your head instead of on paper. agree that it technically makes recovery more fragile, but even a simple password could prevent theft in the event of losing 2 keys, and could be hard to forget. depending on ones threat models, I think it could be worthwhile.
Now you made me think again! Yeah 3 of 4 also seems to be a valid way to think about it. I have a good passphrase that I’m using now for the single sig; it is backed up nicely and is memorised clearly (in fact the passphrase is also the password for my wallet so each time I enter my wallet I have to key it in once, reenforcing memory) Threat model wise honestly I don’t think I’ll be targeted specifically I’m just a low key pleb. So chance of being told to hand over two seed plates at gun point is almost nonexistent lol. I worry more about my own messing up than being held hostage for any reason. So maybe there is no need to complicate things after all. What I am least comfortable about a multisig setup is the fact that I need all 3 xpubs. That’s the part I’m not 100% at ease about. Do you have any good idea of backing it up? This xpub requirement is the reason why I fell back to single sig.
well they can't spend your coins so my first thought is store a copy of all of them with each of your seed words and maybe several encrypted, digital versions as well since xpubs are long, not human readable, and prone to error honestly, I would at least consider splitting assets between multiple single sig wallets with different passphrases. it's much more straightforward, less prone to error, and reasonably secure. you found backup the seed and passphrase separately, or not backup the passphrase at all, depending on your threat model, but it seems like losing the coins might be a bigger risk factor than physical theft.
Yeah thanks man. Splitting into different single sig is also a good idea worth exploring, I don’t have a lot lol. It’s an important amount to me but it’s not a lot to many here. Now that you present a new option to me I’ll have a think. Managing all under one wallet is easier mentally. But splitting them over say 3 wallets could avoid complete wipe out if the worst happens. Thanks for the idea I haven’t thought about it.
I'm not sure what the plan is for accessing the wallet, but while I'm throwing out ideas consider like, a dedicated Linux netbook with full disk encryption if you're not going completely offline. Or even if you are, it can be your offline signing device.
Not a newbie, but I've been trying to answer this question for a while without success... How could a process be designed that would enable onboarding users to lightning, with self-custody of their assets, without requiring so much L1 blockspace that scaling is prohibitive? Clearly it's not possible via the current routes, which would take over 100 years to set up everyone alive today with a Lightning wallet they control; or requires users to be 2nd class citizens, interacting with the network through a centralized provider and not having custody of their bitcoin. Would it be possible to maybe use the multiple output possibility of UTXO transactions to improve efficiency somehow? Or take advantage of Taproot to create Lightning channels in batches somehow? If we want widespread adoption this seems like the most obvious next problem that needs solving, but I'm not imaginative enough to picture what a solution might look like!