Multisig for cold storage, do you keep seed backups or hardware wallets or both?

PrimeNumber7

copper member

Activity: 1666

Merit: 1901

Amazon Prime Member #7

Quote from: o_e_l_e_o on September 08, 2021, 03:19:25 AM

Quote from: PrimeNumber7 on September 07, 2021, 12:57:09 PM

The typical threat model for most people is to have backups of your private keys in at least one off-site location.

Sure, but we both know that a lot of people don't do this. They write down their seed phrase, stuff it in the back of their desk drawer or inside the pages of book on their bookshelf or something similar, and that's that. Their hardware wallet or whatever is maybe not stored right beside their seed phrase, but it is still stored in their house/apartment and so they have zero redundancy against fire or natural disaster.

If you are doing something like storing your seed (either in written format or stored in a HW wallet) in an unlocked desk drawer, your coin is generally not very safe from theft. The fact that your written seed is stored with your HW wallet is not going to change this. I might argue that storing your written seed with your HW wallet might make some people realize that they are storing their seed in an insecure location.

Similarly, storing your seed in one location is going to put you at risk of loss due to fire/disaster. However, storing two copies of your seed at your home does not preclude you from storing your third copy off-site.

I was originally responding to the following statement:

Quote from: PrimeNumber7 on September 07, 2021, 01:28:10 AM

Quote from: dkbit98 on September 06, 2021, 08:36:17 AM

You should NEVER keep your hardware wallet in same place with your seed words!

There is a difference between saying to "never" store your HW wallet with your written seed and saying that you need to have at least one copy of your seed in an off-site location.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: PrimeNumber7 on September 07, 2021, 12:57:09 PM

I would operate under the assumption that most people operate under the assumption that nearly all bitcoin users have multiple copies of their seed stored in multiple locations. This means an adversary who incidentally obtains possession of a HW wallet will likely believe the owner will quickly take steps to move the coin away from private keys associated with that HW wallet.

All the more reason for them to attack again before you discover that they have possession of your hardware wallet or before you have a chance to secure the funds.

Quote from: PrimeNumber7 on September 07, 2021, 12:57:09 PM

The typical threat model for most people is to have backups of your private keys in at least one off-site location.

Sure, but we both know that a lot of people don't do this. They write down their seed phrase, stuff it in the back of their desk drawer or inside the pages of book on their bookshelf or something similar, and that's that. Their hardware wallet or whatever is maybe not stored right beside their seed phrase, but it is still stored in their house/apartment and so they have zero redundancy against fire or natural disaster.

Quote from: PrimeNumber7 on September 07, 2021, 12:57:09 PM

The OP is talking about having potentially 4 or 5 off-site locations to store his private keys, and keeping his HW wallets separate from his "written" seeds would mean he would have 8 or 10 off-site locations storing his private keys. IMO that is just excessive.

I agree. As I said above, I don't think using the hardware wallets as back up is wise for a number of reasons. He should just store his 5 seed phrases on 5 cryptosteels and be done with it.

PrimeNumber7

copper member

Activity: 1666

Merit: 1901

Amazon Prime Member #7

Quote from: o_e_l_e_o on September 07, 2021, 02:52:22 AM

Quote from: PrimeNumber7 on September 07, 2021, 01:28:10 AM

An incidental attack involving the theft of a HW wallet will probably not result in any additional attacks, however an incidental attack involving the theft of a seed stored in written from has a higher chance of additional deliberate attacks involving the attempt to steal the additional seeds.

I would say the exact opposite. If an attacker steals a hardware wallet, they get nothing unless they attack you again to discover your PIN code or the location of your seed phrase, so the incentive is there for a further attack since they know you have funds they cannot access. If an attacker steals a seed phrase, they can immediately steal the decoy funds you have left on that seed phrase and are none the wiser that the same seed phrase is also part of a multi-sig wallet. If they were to attack you again, there is no guarantee that you have any other funds to hand over, so there is far less incentive for a second attack.

I would operate under the assumption that most people operate under the assumption that nearly all bitcoin users have multiple copies of their seed stored in multiple locations. This means an adversary who incidentally obtains possession of a HW wallet will likely believe the owner will quickly take steps to move the coin away from private keys associated with that HW wallet.

Quote from: o_e_l_e_o on September 07, 2021, 02:52:22 AM

Quote from: PrimeNumber7 on September 07, 2021, 01:28:10 AM

If a HW wallet is stored via means that would be considered safe to store a plaintext seed, I don't see any issue if both a HW wallet and a plaintext seed are stored in the same location.

The risk of this is lack of redundancy and your storage location begin a single point of failure. If your single storage location is destroyed, then you lose everything.

The typical threat model for most people is to have backups of your private keys in at least one off-site location. This could mean having a single copy of your backup on an off-site location, or two copies at an off-site location. The former would mean you should have two copies of your private keys on-site, and the later would mean you have one copy on-site. In both cases, you have two copies of your private keys in at least one location. I am not aware of any security experts recommending having your private keys stored in multiple off-site locations for a threat model for an individual person.

The OP is talking about having potentially 4 or 5 off-site locations to store his private keys, and keeping his HW wallets separate from his "written" seeds would mean he would have 8 or 10 off-site locations storing his private keys. IMO that is just excessive.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: PrimeNumber7 on September 07, 2021, 01:28:10 AM

I am curious as to why you say this.

Can you read?
I explained in my previous post that multisig for most hardware wallets are insecure, and that is not just my fantasy thinking.
Please don't confuse newbies anymore with your words especially if you don't know anything about this subject, or if you never actually used multisig with hardware wallets.
There is still no one universal Multisig Standard for hardware wallets, but some people are working on this and that should make it much better in future.
I think that newbies should not mess with multisig setups and they should always keep seed phrase separate from their hardware wallets, that is just my opinion.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: PrimeNumber7 on September 07, 2021, 01:28:10 AM

An incidental attack involving the theft of a HW wallet will probably not result in any additional attacks, however an incidental attack involving the theft of a seed stored in written from has a higher chance of additional deliberate attacks involving the attempt to steal the additional seeds.

I would say the exact opposite. If an attacker steals a hardware wallet, they get nothing unless they attack you again to discover your PIN code or the location of your seed phrase, so the incentive is there for a further attack since they know you have funds they cannot access. If an attacker steals a seed phrase, they can immediately steal the decoy funds you have left on that seed phrase and are none the wiser that the same seed phrase is also part of a multi-sig wallet. If they were to attack you again, there is no guarantee that you have any other funds to hand over, so there is far less incentive for a second attack.

Quote from: PrimeNumber7 on September 07, 2021, 01:28:10 AM

If a HW wallet is stored via means that would be considered safe to store a plaintext seed, I don't see any issue if both a HW wallet and a plaintext seed are stored in the same location.

The risk of this is lack of redundancy and your storage location begin a single point of failure. If your single storage location is destroyed, then you lose everything.

PrimeNumber7

copper member

Activity: 1666

Merit: 1901

Amazon Prime Member #7

Quote from: o_e_l_e_o on September 06, 2021, 05:35:46 AM

Quote from: PrimeNumber7 on September 06, 2021, 12:47:14 AM

If your seed is written on a paper (or steel) wallet, there is the risk that someone will steal your seed while you are en route to your home, and if this happens, the thief will have access to the plaintext seed.

They will only have access to a single seed, meaning OP's multi-sig funds will still be safe. Any theif willing to physically attack you to steal a seed phrase is going to have no issues attacking you for the information required to access your coins, regardless of whether it is stored on cryptosteels or hardware wallets.

An attack may be deliberate or incidental. The risk of loss in incidental attacks (such as a random attack of a bank customer) is probably low. An incidental attack involving the theft of a HW wallet will probably not result in any additional attacks, however an incidental attack involving the theft of a seed stored in written from has a higher chance of additional deliberate attacks involving the attempt to steal the additional seeds.

Quote from: dkbit98 on September 06, 2021, 08:36:17 AM

You should NEVER keep your hardware wallet in same place with your seed words!

I am curious as to why you say this.

HW wallets typically have a lower threat profile than plaintext seed words, and as such, fewer security measures can be used when securing them. If a HW wallet is stored via means that would be considered safe to store a plaintext seed, I don't see any issue if both a HW wallet and a plaintext seed are stored in the same location.

I am also not aware of any widely accepted best security practices involving two backups of a private key stored via two mediums of storage needing to be stored in two locations.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: dkbit98 on September 06, 2021, 10:09:09 AM

I would much rather have hardware wallet loaded with some smaller decoy amount of Bitcoin than having it reset empty and with seed words on cryptosteel next to it.
Attacker could assume that you are probably some kind of using multisig setup.

There is nothing stopping you from using each of your 5 multi-sig seed phrases on their own to generate 5 separate single-sig wallets and loading each of them up with a decoy amount of crypto. If an attacker discovers one of your back ups and recovers it, they will take your decoy coins and be none the wiser that the same seed phrase is also part of a multi-sig set up.

Quote from: dkbit98 on September 06, 2021, 10:09:09 AM

Many hardware wallets showed some errors, invalid status or PSBT was too long:

It's disappointing to say the least. I also wonder how long it will take various hardware wallets to start implementing taproot, since taproot makes multi-sig a much more attractive option from both privacy and financial points of view.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: o_e_l_e_o on September 06, 2021, 09:45:24 AM

In this case, though, the redundancy is in the 3-of-5 multisig. One or two seed phrases and hardware wallets being damaged or destroyed does not lead to loss of funds as it would in a single sig set up. As far as I can see, there is no difference to the risk of storing 5 cryptosteels separately compared with storing 5 cryptosteels separately each alongside their respective hardware wallet.

Even in this content, you are increasing security by separating your seed words from hardware wallet devices.
I would much rather have hardware wallet loaded with some smaller decoy amount of Bitcoin than having it reset empty and with seed words on cryptosteel next to it.
Attacker could assume that you are probably some kind of using multisig setup.

I remember Jameson Lopp did a test of 3 of 5 Multisig with hardware wallets last year, and things are not that great as you increase the number.
Many hardware wallets showed some errors, invalid status or PSBT was too long:
https://blog.keys.casa/bitcoin-multisig-hardware-signing-performance/

One more interesting blog article frm 2020 showing how nearly all hardware wallet multisig setups are insecure:

https://benma.github.io/2020/11/05/multisig-xpubs-verification.html

PS
You can see what is the worst junk for multisig setup.... ledger you guessed it right

but trezor is not far behind.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: dkbit98 on September 06, 2021, 08:36:17 AM

You should NEVER keep your hardware wallet in same place with your seed words!

Ordinarily yes, but it also depends on the context here.

If you have set up a hardware wallet, backed up your seed phrase to paper, and stored them together in the same place, then you have zero redundancy. If your seed phrase is going to be damaged, destroyed, lost, or stolen, then your hardware wallet will be too and you will lose everything. If your seed phrase was going to be stolen, then an attacker gains nothing additional from also stealing your hardware wallet. This of course all assumes the security of your storage location. If your hardware wallet is somewhere not very secure, such as in your pocket or a desk drawer, then storing your seed phrase alongside it is of course a significant additional risk.

In this case, though, the redundancy is in the 3-of-5 multisig. One or two seed phrases and hardware wallets being damaged or destroyed does not lead to loss of funds as it would in a single sig set up. As far as I can see, there is no difference to the risk of storing 5 cryptosteels separately compared with storing 5 cryptosteels separately each alongside their respective hardware wallet.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: BlackHatCoiner on September 06, 2021, 08:57:25 AM

But, they're connected to a computer, which is in sequence, internet connected. How is their USB connection made in a more secure way?

Well your magical cold storage computer is also connected to the power source isn't it? That is dangerous also, lightning can strike it at any moment.
Not all hardware wallets have USB connection, Coldcard, Keystone and Passport for example are never connected with computer in any way (battery power),
and other hardware wallets (Trezor, Ledger, etc...) are connected in the similar way like YubiKey 2FA USB devices.
That is why they can be used for secure login to many websites, Kraken, Coinbase and Binance exchange for example all supports them, and other websites like google, twitter, github, proton mail, etc.
Seed words are kept OFFLINE because they are not exposed to internet, meaning there is NO internet connection.

n0nce

hero member

Activity: 924

Merit: 5943

not your keys, not your coins!

Quote from: BlackHatCoiner on September 06, 2021, 08:57:25 AM

Quote from: dkbit98 on September 06, 2021, 08:36:17 AM

You should NEVER keep your hardware wallet in same place with your seed words!

@n0nce assumes your steel backup is secure, which means no one will figure out where you've put it. Thus, whether you keep your hardware wallet there or not, it does not increase any risks. That's how I understand it.

Correct. This assumption was made because OP wanted to store the steel backups first and foremost anyway and destroy or reset the hardware wallets. This means they assume the steel backups can be stored in those locations safely anyway. Thus, there is no additional risk.

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

Quote from: dkbit98 on September 06, 2021, 08:36:17 AM

Hardware wallets are meant to be used exactly as cold storage, because they are small computers not connected to internet, some don't even have cable connection with computers, and if they do have USB connection it is made in a more secure way.

But, they're connected to a computer, which is in sequence, internet connected. How is their USB connection made in a more secure way?

Quote from: dkbit98 on September 06, 2021, 08:36:17 AM

You should NEVER keep your hardware wallet in same place with your seed words!

@n0nce assumes your steel backup is secure, which means no one will figure out where you've put it. Thus, whether you keep your hardware wallet there or not, it does not increase any risks. That's how I understand it.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: mariodario on September 05, 2021, 02:07:33 PM

We're now considering setting up the multisig with hardware wallets and then wiping the seeds off them and only storing the seed backups in the secure storage locations. When we need to spend we recover the wallets from the seeds at each location. Any issues with this?

Most important thing for single setup is to add passphrase as additional level of protection for your seed words and keep it in separate location, so even if someone finds your cryptosteel he can't use it without passphrase.
Topic of multisig wallets is more complex subject and not all hardware wallets are fully supporting Multisig, for example in case of Trezor and Ledger you can't construct and verify multisig and that is a big flaw.
You can however use those wallets in combination with Electrum cold storage and other hardware wallets that fully support Multisig like ColdCard, Keystone or BitBox.
Don't overcomplicate things with seed backups, some people keep them in deposit boxes, other give them to family or friends who don't know anything about Bitcoin, put them in ground, etc.
Reset of hardware wallet is a good option if you don't plan to send or receive funds for a while.

Quote from: BlackHatCoiner on September 05, 2021, 02:48:19 PM

Hardware wallets aren't meant to be used as cold storages, unless you haven't an air-gapped laptop left and taken the necessary security measures.

Hardware wallets are meant to be used exactly as cold storage, because they are small computers not connected to internet, some don't even have cable connection with computers, and if they do have USB connection it is made in a more secure way.

Quote from: n0nce on September 05, 2021, 06:19:41 PM

There is no increased risk in storing a hardware wallet together with its steel backup if we assume storage of the steel backup is secure.

You should NEVER keep your hardware wallet in same place with your seed words!

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: n0nce on September 05, 2021, 06:19:41 PM

It's possible to just store the steel seeds & destroy (overwrite + acid dump + burn down?) the hardware wallets.

This is probably overkill. Simply resetting the wallets to factory default and setting up a new seed phrase is enough to overwrite any data, and then you can still use the hardware wallet as a standars single-sig wallet or anything else you want to use it for.

Quote from: n0nce on September 05, 2021, 06:19:41 PM

There is no increased risk in storing a hardware wallet together with its steel backup if we assume storage of the steel backup is secure.

Yeah, storing them alongside the cryptosteel is fine, but you definitely shouldn't be relying on only the hardware wallet due to the reasons I gave above.

Quote from: PrimeNumber7 on September 06, 2021, 12:47:14 AM

If your seed is written on a paper (or steel) wallet, there is the risk that someone will steal your seed while you are en route to your home, and if this happens, the thief will have access to the plaintext seed.

They will only have access to a single seed, meaning OP's multi-sig funds will still be safe. Any theif willing to physically attack you to steal a seed phrase is going to have no issues attacking you for the information required to access your coins, regardless of whether it is stored on cryptosteels or hardware wallets.

OP, also remember that to restore your multi-sig wallet you will need all 5 master public keys. You either need to keep all five stored in your home securely, or store each of the other 4 along with each seed phrase back up.

PrimeNumber7

copper member

Activity: 1666

Merit: 1901

Amazon Prime Member #7

Quote from: n0nce on September 05, 2021, 06:19:41 PM

Quote from: PrimeNumber7 on September 05, 2021, 04:36:29 PM

Why would you wipe the seeds from the hardware wallets? Why don't you store the hardware wallets with the backup seeds? If you are already planning on storing the seeds someplace, storing hardware wallets containing the seeds will not increase risk of theft of your (friend's) seeds.

Keep in mind that it is a best practice to have your backups stored in at least two mediums of storage.

Yeah, if you have cryptosteels for each of the locations, you don't really need the hardware wallets at all. It's possible to just store the steel seeds & destroy (overwrite + acid dump + burn down?) the hardware wallets. But since you already bought them, you might as well store each of them together with their respective steel backup. It will be more convenient in case they turn out to be still working in the future.

There is no increased risk in storing a hardware wallet together with its steel backup if we assume storage of the steel backup is secure.

If you're lucky, when you'll want to spend the funds, the devices will still work and you can sign transactions with at least 3 working devices; if more than 2 are broken due to various circumstances, you can recover from steel wallets.

IMO a HW wallet will reduce risk over using a "written" wallet.

When you want to spend your coin, you will generally need to travel from where the private key is located to your home with your private key. If your seed is written on a paper (or steel) wallet, there is the risk that someone will steal your seed while you are en route to your home, and if this happens, the thief will have access to the plaintext seed. If you are using a HW wallet, and this was to happen, the thief will generally need specialized equipment, and advanced technical ability to potentially access your seed and the above will not guarantee access to your seed.

n0nce

hero member

Activity: 924

Merit: 5943

not your keys, not your coins!

Quote from: PrimeNumber7 on September 05, 2021, 04:36:29 PM

Why would you wipe the seeds from the hardware wallets? Why don't you store the hardware wallets with the backup seeds? If you are already planning on storing the seeds someplace, storing hardware wallets containing the seeds will not increase risk of theft of your (friend's) seeds.

Keep in mind that it is a best practice to have your backups stored in at least two mediums of storage.

Yeah, if you have cryptosteels for each of the locations, you don't really need the hardware wallets at all. It's possible to just store the steel seeds & destroy (overwrite + acid dump + burn down?) the hardware wallets. But since you already bought them, you might as well store each of them together with their respective steel backup. It will be more convenient in case they turn out to be still working in the future.

There is no increased risk in storing a hardware wallet together with its steel backup if we assume storage of the steel backup is secure.

If you're lucky, when you'll want to spend the funds, the devices will still work and you can sign transactions with at least 3 working devices; if more than 2 are broken due to various circumstances, you can recover from steel wallets.

PrimeNumber7

copper member

Activity: 1666

Merit: 1901

Amazon Prime Member #7

Why would you wipe the seeds from the hardware wallets? Why don't you store the hardware wallets with the backup seeds? If you are already planning on storing the seeds someplace, storing hardware wallets containing the seeds will not increase risk of theft of your (friend's) seeds.

Keep in mind that it is a best practice to have your backups stored in at least two mediums of storage.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Hardware wallets can fail. It's not common, but it does happen, so if you aren't going to touch them for years, then there is a risk they won't work when you do. They are also not very durable, and will easily be destroyed by water, fire, impacts, crush, explosions, etc. If it were me, I would do away with the hardware wallets altogether and just use the cryprosteels instead. If you are using a 3 of 5 set up, then the compromise of one of your back ups should not be an issue.

The biggest issue is when you come to spend the coins again. If you recover the three required seeds on to a single computer, then that computer has all the information required to sweep your wallets and is therefore a single point of failure/compromise.

Quote from: BlackHatCoiner on September 05, 2021, 02:48:19 PM

How are you planning to wipe off the seed from a hardware wallet?

You can either set it up again with a new seed to overwrite the old one, or just reset it to factory default.

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

How are you planning to wipe off the seed from a hardware wallet? I haven't ever had one know to know how it works, but booting a Linux from a CD and use that temporarily for generating the seeds is a proof that they're gone once you eject it.

Hardware wallets aren't meant to be used as cold storages, unless you haven't an air-gapped laptop left and taken the necessary security measures.

Quote from: mariodario on September 05, 2021, 02:07:33 PM

We're now considering setting up the multisig with hardware wallets and then wiping the seeds off them and only storing the seed backups in the secure storage locations. When we need to spend we recover the wallets from the seeds at each location. Any issues with this?

If we assume that the choices you made for the locations are fine, then there are no issues. At least none I can think of.

mariodario

newbie

Activity: 1

Merit: 6

Helping a friend setup 3/5 multisig for deep cold storage i.e. no need to spend for multiple years. We've identified 5 secure locations for each of his hardware wallets (1 at his home). However I'm not sure where to store the seed backups (cryptosteel). I know some store the seed backup with the corresponding hardware wallet but that obviously makes compromise of a key much more likely. Having to find and manage another 4 secure locations is too expensive and time consuming.

We're now considering setting up the multisig with hardware wallets and then wiping the seeds off them and only storing the seed backups in the secure storage locations. When we need to spend we recover the wallets from the seeds at each location. Any issues with this?

How do you manage your seed backups for multisig?

Topic: Multisig for cold storage, do you keep seed backups or hardware wallets or both? (Read 244 times)