Multi-sig, Non-Custodial Wallet | Bitcointalksearch.org

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Quote from: virasog on August 19, 2023, 03:46:32 AM

I heard that using a simple non-custodial wallet like Electrum on your system may be less secure but if we combine it with Multi-Sig, it would be impossible for the hacker to get hold of our funds even if he manages to hack the system Is it true?

Almost impossible, but it's still possible to happen with a gun/wrench in your head, or if you didn't store backups correctly.

Quote from: virasog on August 19, 2023, 03:46:32 AM

Also, I would like if anyone can provide the step by step instructions (any link to guide) on setting up a Multi-Sig wallet.

It all depends what wallets you are using for multisig setup and how many devices you are using, but there is no universal instruction for everything.
I would avoid using ledger and trezor wallets in any multisig setup, as they can have issues that is not allowing construction of multisig or it can't be verified or it's not secure.
If you are doing this for a first time maybe it's best to first try creating multisig with bitcoin testnet coins before you switch to mainnet.

Here is one good multisig step-by-step instruction from Bitbox hardware wallet blog:
https://bitbox.swiss/blog/bitbox02-electrum-bitcoin-multisig/

There is a list I made with most wallets that curtently support multisig:
https://bitcointalksearch.org/topic/list-multisig-wallets-5324749

Z-tight

hero member

Activity: 854

Merit: 1031

Only BTC

Quote from: Bureau on August 22, 2023, 10:45:44 AM

I would rather have a hardware wallet and use my online wallet for trading purposes. I understand that wouldn't suffice for my security.

Surely it is a secure set up if you do everything correctly, a mix of a good hardware wallet and an online wallet is good enough, the hardware wallet which hold your keys offline will store your main funds, and you'll use your online wallet to hold trading and spending funds. A multi-sig wallet isn't the only secure method of storing your funds, a single hardware wallet with an additional passphrase if you want, is also very secure.

Bureau

sr. member

Activity: 406

Merit: 262

Eloncoin.org - Mars, here we come!

Quote from: Charles-Tim on August 22, 2023, 03:50:24 AM

Quote from: Z-tight on August 21, 2023, 06:58:08 AM

Even in a multi-sig set up, you must have backups of your seed phrases and master public keys. Take note that while you are right that an attacker needs your seed phrase or keys to steal your funds, if your wallet is online or has a single point of failure, the chances of a successful attack increases, that is the purpose of extra layers of security like multi-sig wallet, passphrase, etc.

Yes, that is the purpose of multisig wallets. You can have the wallet setup on different devices and which increases its security. But as for passphrase, it is most helpful against offline attack. There are many wallets that their seed phrase and passphrase can be seen on the wallet and this makes the passphrase not to be that helpful online as an attacker that compromised such wallet already can know both the seed phrase and passphrase.

I understand both of you, and I am not in conflict with your reasoning. What I said was clear and concise. I don't want a multisignature wallet with all its configuration mumbo jumbo. I would rather have a hardware wallet and use my online wallet for trading purposes. I understand that wouldn't suffice for my security. Then it is better to have more than one wallet and use it according to my personal needs. I am not a businessman. I am a user who is not disclosing his identity and does constantly change his wallet address.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Quote from: Z-tight on August 21, 2023, 06:58:08 AM

Even in a multi-sig set up, you must have backups of your seed phrases and master public keys. Take note that while you are right that an attacker needs your seed phrase or keys to steal your funds, if your wallet is online or has a single point of failure, the chances of a successful attack increases, that is the purpose of extra layers of security like multi-sig wallet, passphrase, etc.

Yes, that is the purpose of multisig wallets. You can have the wallet setup on different devices and which increases its security. But as for passphrase, it is most helpful against offline attack. There are many wallets that their seed phrase and passphrase can be seen on the wallet and this makes the passphrase not to be that helpful online as an attacker that compromised such wallet already can know both the seed phrase and passphrase.

Z-tight

hero member

Activity: 854

Merit: 1031

Only BTC

Quote from: Bureau on August 21, 2023, 05:38:47 AM

Mutisig is good strategy to safeguard your wallets from hacker. But, it is not that easy to configure if you plan to use it on two different devices.

A multi-sig wallet ought to be on different devices, not on a single device which will defeat its purpose. A multi-sig set up provides more security to your funds, and the main purpose of setting it up is that it is difficult for an attacker to compromise more than one device to get the required number of keys to spend the funds, it is even more secure when some of the devices are airgapped or offline.

Quote from: Bureau on August 21, 2023, 05:38:47 AM

It is better to follow the old ways wherein you keep your backup phrases and Private key somewhere safe. Without the access of those two I don't think a hacker can get access to anyone's wallet.

Even in a multi-sig set up, you must have backups of your seed phrases and master public keys. Take note that while you are right that an attacker needs your seed phrase or keys to steal your funds, if your wallet is online or has a single point of failure, the chances of a successful attack increases, that is the purpose of extra layers of security like multi-sig wallet, passphrase, etc.

un_rank

hero member

Activity: 644

Merit: 661

- Leo -

Quote from: Bureau on August 21, 2023, 05:38:47 AM

It is better to follow the old ways wherein you keep your backup phrases and Private key somewhere safe.

Private keys are not easy to manage and we should not handle them if we do not know what we are doing. The seed phrase or backup phrase is what can be written down and stored safely and not the keys which is a combination of different characters including numbers and alphabets.

An airgapped device is an alternative to a hardware wallet or a multi sig wallet and is not as complicated to set up while providing same level of security.

- Jay -

Bureau

sr. member

Activity: 406

Merit: 262

Eloncoin.org - Mars, here we come!

Mutisig is good strategy to safeguard your wallets from hacker. But, it is not that easy to configure if you plan to use it on two different devices. It is better to follow the old ways wherein you keep your backup phrases and Private key somewhere safe. Without the access of those two I don't think a hacker can get access to anyone's wallet. Other option is to have hardware wallet as they are not always connected to the internet. The cost of hardware wallets at the moment is not that high considering the level of security they provide. I would still prefer having a hardware wallet then a software one.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Quote from: Z-tight on August 19, 2023, 07:24:32 AM

If your multi-sig is set up online, or in a single device, it defeats the purpose of a multi-sig wallet and hackers can compromise your wallet and steal your funds.

Having a multisig wallet on two devices defeats the purpose of multisig and that will render the wallet vulnerable. Also it is good to backup the seed phrase properly as you have mentioned, but having your multisig wallet online on different devices is safe and secure as long as you avoid malware. Although, cold storage will make multisig wallet safer, but having it online does not mean it is not safe and secure, and also it does not mean it is vulnerable like single key wallets.

Z-tight

hero member

Activity: 854

Merit: 1031

Only BTC

Quote from: virasog on August 19, 2023, 03:46:32 AM

I heard that using a simple non-custodial wallet like Electrum on your system may be less secure but if we combine it with Multi-Sig, it would be impossible for the hacker to get hold of our funds even if he manages to hack the system Is it true?

If your multi-sig is set up online, or in a single device, it defeats the purpose of a multi-sig wallet and hackers can compromise your wallet and steal your funds. Also if you don't have a proper backup of your seed phrases and master public keys, you can either lock yourself out of your funds or lose the funds easily if your backup is compromised.

Let's say you want to set up a 2-of-3 multi-sig wallet, for strong security it should be stored in a hardware wallet, airgapped device and maybe an online wallet. Take note that in a multi-sig set up you need all your master pub keys to recover your wallet, so this is a great way to back it up:
- Seed phrase 1 and Master public key 2
- Seed phrase 2 and Master public key 3
- Seed phrase 3 and Master public key 1

So if you lose one back up, you can still recover the wallet, and if an attacker compromises one backup, they can't spend the funds because they have just one key and you'll be able to move your funds to a safe wallet. Setting up a multi-sig wallet is kind of complicated, and if you don't know what you are doing, you may want to get a hardware wallet and add a passphrase to it as an extra layer of protection.

Yamane_Keto

sr. member

Activity: 406

Merit: 443

Quote from: virasog on August 19, 2023, 03:46:32 AM

I heard that using a simple non-custodial wallet like Electrum on your system may be less secure but if we combine it with Multi-Sig, it would be impossible for the hacker to get hold of our funds even if he manages to hack the system Is it true?

There is no impossible to hack but not a single point of failure/hack, and if you do not prepare your Multi-Sig well you may end up losing your coins.

By single point of failure I mean it could be multiple signatures (2of3) can be cold stored using electrum, cold stored using another wallet (check list link,) cold stored using a hardware wallet, so even if one of those wallets gets stolen or is found to be technically defective the other two signatures can be used.

In terms of software, points of failure/hack will be distributed, but if you leave all the keys in one place, there will still be a point of failure.

LIST Multisig Wallets
http://docs.electrum.org/en/latest/multisig.html
https://bitcointalksearch.org/topic/guide-how-to-create-multisig-electrum-wallet-for-beginners-5039220

Findingnemo

hero member

Activity: 2310

Merit: 757

Bitcoin = Financial freedom

Quote from: virasog on August 19, 2023, 03:46:32 AM

Also, I would like if anyone can provide the step-by-step instructions (any link to guide) on setting up a Multi-Sig wallet.

unofficial guide Creating a multisig wallet

I want you to know that managing a multi-signature wallet is complex compared to the hardware wallet but in case if someone can't afford HW then they can use Multi-signature wallets for enhanced security which mitigates the risk of losing your funds due to single point for failures like compromised device or exposed private keys.

Zaguru12

hero member

Activity: 672

Merit: 855

Quote from: virasog on August 19, 2023, 03:46:32 AM

Still, Some people do not have hardware wallets so in that case a Multi-Sig Non-custodial wallet can be handy.
I heard that using a simple non-custodial wallet like Electrum on your system may be less secure but if we combine it with Multi-Sig, it would be impossible for the hacker to get hold of our funds even if he manages to hack the system Is it true?

The idea behind it is the fact that the private keys or seeds are stored in multiple devices so compromising just one of the keys will not allow the access to the funds. Yo can use the link provided by Charles-Tim to set it up. But make sure the keys to the multi sig are not stored on online device and most importantly not on just one device.

Also aside using multi sig if the intention is for you to have all the keys to your self and not share with someone I will advise a single sig setup on an airgapped device. This way you have less keys to save or protect rather than storing 2 to 3 keys and seeds yourself

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Multisig wallet makes it difficult for hackers to hack your wallet because the wallet is setup on different devices, not just one device. If an hacker wants to hack your wallet, he will need to compromise all the devices you setup the multisig wallet which makes it harder.

If you avoid malware, it is one of the most secure option to go for if you want to have an online wallet.

This would help you:
Creating a multisig wallet
https://electrum.readthedocs.io/en/latest/multisig.html

virasog

legendary

Activity: 2954

Merit: 1159

These days there are hackers everywhere trying to intrude on our systems or exploit the loopholes, inject malware and all such hacker stuff.

Still, Some people do not have hardware wallets so in that case a Multi-Sig Non-custodial wallet can be handy.
I heard that using a simple non-custodial wallet like Electrum on your system may be less secure but if we combine it with Multi-Sig, it would be impossible for the hacker to get hold of our funds even if he manages to hack the system Is it true?

Also, I would like if anyone can provide the step by step instructions (any link to guide) on setting up a Multi-Sig wallet.

Topic: Multi-sig, Non-Custodial Wallet (Read 223 times)