Sha-mir backup done securely online ?

dkbit98

legendary

Activity: 2212

Merit: 7060

Cashback 15%

Quote from: Maidak on August 07, 2022, 10:38:27 PM

So doing a shamir backup phrase an then storing the address but I was wondering if theres anyone out there whos got a detailed method on remotely creating a shamir phrase "securely?" was going to be doing 10 of 10 phrases but not quite sure the best method to do this for working strictly remotely ?

I think that doing 10 of 10 split is overkill, but it's still better protection than having just regular seed phrase.
Note that only two hardware wallets support Shamir Secret Sharing, that is Trezor model T and Keystone so you could also use them in your setup.
I would always prefer using more secure way of Multisis setup instead, so you can check comparison I made last year in one of my topics:
https://bitcointalksearch.org/topic/multisig-vs-shamir-secret-sharing-5328606

Quote from: ranochigo on August 08, 2022, 02:13:13 AM

That is fine. Shamir Secret Sharing allows full recovery with only a partial number of shares, and that is why it is acceptable for the secret to be split.

But it's also important to say that Shamir Secret Sharing has single point of failure, unlike multisig setup.

Cricktor

hero member

Activity: 714

Merit: 1010

Crypto Swap Exchange

Quote from: Maidak on August 07, 2022, 10:38:27 PM

So doing a shamir backup phrase an then storing the address but I was wondering if theres anyone out there whos got a detailed method on remotely creating a shamir phrase "securely?" was going to be doing 10 of 10 phrases but not quite sure the best method to do this for working strictly remotely ?

As already said by others, it isn't safe to do it online or in a remote connection. I wouldn't do that. You should use any tool solely in an offline and disposable environment.
I use TAILS for this and don't allow a TOR connection to be active rendering TAILS to be completely offline. After shutdown TAILS has forgotten everything. Import/export of safe scripts and data can be done with an additional USB stick before shutdown of TAILS.

As tools you can have a look at the provided three scripts here: https://iancoleman.io/ (download the scripts, verify, use only the offline versions!)
Or you choose some other verified tools. Electrum e.g. can import SLIP-39 but not create it.

You should thoroughly test your recovery! To my knowledge SLIP-39 is not commonly adopted by other wallets. Trezor T can create and import it, Electrum can only import it. I'm not aware of other wallets to use it.

With 10of10-shares you have no redundancy whatsoever. That makes no sense to me, except that none of the shares reveals any details as a normal non-SSS split-setup would do. You loose any single 10of10 share, you loose all data as you can't recover anymore.

Do you mind to explain your 10-of-10 setup?

Charles-Tim

legendary

Activity: 1512

Merit: 4795

I have seen Shamir secret sharing to be an option to protect seed phrase, it is true that it has shares (let me regard it as M) part of secret (let me regard the secret as N) that can be used to reconstruct the seed phrase, private key or anything it is used to encrypt, but I do not like the fact that what supposed to be words (seed phrase) encryption is converted to characters like the private key which is difficult to backup. I prefer multisig wallet instead.

Quote from: NotATether on August 08, 2022, 01:19:18 AM

May I ask what is the name of the wallet software that is giving you the backups in the form of Shamir shares? Note that the more parts of the whole you have scattered, the more risk there is that you lose one of them.

Assuming you have 7 secrets scattered, but you make it to require just 3 secrets to be used to reconstruct the whole words. If 4 are lost, the remaining 3 can reconstruct the word. So it depends. If it is 7-of-7, you are correct, because the whole 7 secrets would be needed.

ranochigo

legendary

Activity: 2954

Merit: 4158

Quote from: NotATether on August 08, 2022, 01:19:18 AM

Note that the more parts of the whole you have scattered, the more risk there is that you lose one of them.

That is fine. Shamir Secret Sharing allows full recovery with only a partial number of shares, and that is why it is acceptable for the secret to be split.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

May I ask what is the name of the wallet software that is giving you the backups in the form of Shamir shares? Note that the more parts of the whole you have scattered, the more risk there is that you lose one of them.

ranochigo

legendary

Activity: 2954

Merit: 4158

Generally, you want to create Shamir Shares in a secure environment and that would automatically rule out doing so remotely because that is an entire path for the attacker to exploit. You would first need to ensure that your remote environment is sanitized and your connection is secured.

Afterwards, you would probably want to stick to a known standard, SLIP39 is one that I would recommend. Here's a Python tool that Trezor uses: https://github.com/trezor/python-shamir-mnemonic/. You should try your best to find one that is more refined rather than this but I can't find any other reputable code myself.

Maidak

legendary

Activity: 1876

Merit: 1058

The OGz Club

So doing a shamir backup phrase an then storing the address but I was wondering if theres anyone out there whos got a detailed method on remotely creating a shamir phrase "securely?" was going to be doing 10 of 10 phrases but not quite sure the best method to do this for working strictly remotely ?

Topic: Sha-mir backup done securely online ? (Read 153 times)