Add sample backup config #48
Conversation
ramontayag
force-pushed
the
sample-backup-config
branch
2 times, most recently
from
eb8e6d2 to
3666830
Compare
|
@mflaxman I would like some input before I mark it as ready for merging |
ramontayag
force-pushed
the
sample-backup-config
branch
5 times, most recently
from
948c4e9 to
a5e9804
Compare
|
+1 i was surprised that this info wasnt included in the guide already why do you recommend having copies of core and specter on a usb drive stored with the wallets? |
|
Less chances of having incompatible versions. Also, if your heirs have to
find copies of the software they may get malware instead.
It's still not simple, but anything to lessen the complexity will help
…On Tue, 22 Dec 2020, 13:42 mmikeww, ***@***.***> wrote:
+1 i was surprised that this info wasnt included in the guide already
why do you recommend having copies of core and specter on a usb drive
stored with the wallets?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#48 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAGF5EAQPGMF2KCNXOGGB3SWAWTNANCNFSM4ULUQVMA>
.
|
|
@mflaxman this is ready for review |
ramontayag
force-pushed
the
sample-backup-config
branch
from
a5e9804 to
75d7b3e
Compare
ramontayag
force-pushed
the
sample-backup-config
branch
from
75d7b3e to
5ef70bd
Compare
|
The cobo vault requires that you set up a password, and the Coldcard requires that you set up a PIN. So both of those should be backed up somewhere as well |
|
Thanks. I realized this should be talked about as well. Generally speaking, the seed, PIN/password of the device should be with the corresponding device. However, where do you suggest the seed, PIN/password for the device/s that stay with you (in your house, or on your person if you're traveling) are stored? |
|
I don't have a good recommendation. This other guide suggests to spread that information out with other seeds, but also recommends keeping a digital copy somewhere, such as in an encrypted file in the cloud, or I guess in a password manager. He calls it a "digital note": https://github.com/DriftwoodPalace/guides/blob/master/hodl-guide/hodl-guide_50_storage.md That link also mentions having backup copies of the hww seedphrases in other locations as well. I don't know if thats necessary. Interestingly, the Casa paid product, recommends NOT backing up seed words on paper, citing that its just another hassle to backup that seed somewhere else, as well as secure it. They rely on multisig, and their product allows you to quickly switch in a new seed into their 3of5 if one is compromised. Too bad their product is paid and isn't open source: https://docs.keys.casa/wealth-security-protocol/chosen-features/seedless-hardware-wallets |
There was a problem hiding this comment.
Sorry for the delay, I left some review comments.
Re PIN/passphrase, for non-expert users I think the default should be the least secure option (no passphrase and either write your PIN on the hardware wallet device and/or rely on the backup seed phrase not having a passphrase). A thief is will still have to break into m secure locations. For advanced users who want to add passphrases and take advantage of PINs (and HWW secure elements to enforce their proper use), they can add them as they see fit but they'll need to understand the security/backups tradeoffs.
| | Wallet | 2 of 3 | 3 of 5 | | ||
| |--------|-------------------------------|-------------------------------| | ||
| | #1 | Safe at home | Safe at home | | ||
| | #2 | Bank or trusted friend/family | Safe at home | |
There was a problem hiding this comment.
For 3-of-5 I'd sub the second "Safe at home" for "Safe at workplace or secondary residence. Obviously, not everyone has a secure work environment and/or secondary residence, but keep 2 seeds at home somewhat defeats the purpose of having a larger quorum (just stick with 2-of-3).
| | #4 | - | Bank or trusted friend/family | | ||
| | #5 | - | Bank or trusted friend/family | | ||
|
|
||
| ### Items to include with each wallet |
There was a problem hiding this comment.
I think by wallet this section means "hardware wallet"?
| - in a storage medium (i.e. SD card, thumb drive): | ||
| - current version of bitcoin core (all platforms) | ||
| - current version of Specter Desktop (all platforms) | ||
| - in a plain text document (.txt or .md), all the wallet's master public keys again, for easier access |
There was a problem hiding this comment.
Specter-Desktop now has a PDF export feature for pubkey info, this could be highlighted (and added to the guide)!
| - all the wallets' master public keys[^1] (xpub), on paper | ||
| - in a storage medium (i.e. SD card, thumb drive): | ||
| - current version of bitcoin core (all platforms) | ||
| - current version of Specter Desktop (all platforms) |
There was a problem hiding this comment.
While backups of the software is nice-to-have, I don't think it's strictly necessary.
This was a bigger problem in the past when people used non-standard wallets, but p2wsh with output descriptors will be supported forever by many platforms (Nunchuk, Sparrow, Blue wallet, Gordian/Noded, etc).
| ### Items to include with each wallet | ||
| - With each wallet, include the following: | ||
| - the wallet's seed, on paper or metal | ||
| - all the wallets' master public keys[^1] (xpub), on paper |
There was a problem hiding this comment.
I didn't know markdown supported footnotes, neat! I think it's probably still better to include the link/disclaimer inline though.
| - Place everything in a fireproof document bag | ||
|
|
||
| #### Checklist | ||
| - If storing in a bank, choose different banks, definitely different branches |
There was a problem hiding this comment.
Have m-1 keys in different geographies (think of a flood, evacuation, etc)
This adds sample backup configurations for 2 of 3 and 3 of 5. Instead of giving step by step instructions, this just shows examples and talks about what the reader needs to consider.