Pages:
Author

Topic: Using Passphrase to avoid comingling funds? (Read 226 times)

legendary
Activity: 2828
Merit: 7315
Why two seeds? Couldn't you generate one and then use it again as a recovery along with a passphrase?
You could even use a nonce as password: your first wallet uses "1", the next one uses "2" and so on.

It's possible, i forget about it when made previus post.

1. It uses Tor (by default) and compact block filter, so even if you open 2 wallets at same time, 3rd party (Bitcoin full node) can't know 2 wallets belong to same person.
If you open two wallets in Wasabi simultaneously, does it automatically use a new Tor circuit for each? Or automatically connect to a different node for each? If not, then although your IP address will be hidden, the node in question will still see the same IP address (that of your Tor exit node) querying two sets of addresses at the same time and be able to reasonably deduce that they are linked.

IIRC each wallet use different circuit and connect to different full node, but i need to confirm this.

Combining Tor with a VPN is usually a bad idea. If you do it incorrectly then you can make your privacy much worse and completely negate the benefits of Tor. Tor on its own is usually a better option.
Any thoughts on Linux Kodachi? It's designed to use VPN + Tor by default.
I've only tested it in a VM, and it looks promising.

I never hear this OS is used by people with high risk activity (journalist, whistleblower, etc.), so it's risky to use this OS.
legendary
Activity: 2268
Merit: 18492
Just export a wallet file (containing my public key) from Coldcard to Blue Wallet... and hopefully / apparently my private key stays on the Coldcard.
If that's your intended plan then your Blue Wallet is also a watch only wallet rather than a spendable wallet, since you will not be able to spend the funds on it without the associated Coldcard device.

In the event that you set up both wallets in Blue Wallet (even if you never intend to spend from one of them using Blue Wallet), then yes, they could potentially be linked. Your phone will be querying all the addresses in both wallets, and can also be identified using its IP address, unique hardware codes, your Apple account, and so on.

The best method for keeping your two funds separate is not only to use two different wallets, but to keep those two wallets separated and only use them on two different devices.
legendary
Activity: 3262
Merit: 16303
Thick-Skinned Gang Leader and Golden Feather 2021
For mobile: I am looking at Blue Wallet for mobile. Is there anything better for iOS?
I've used BlueWallet (on Android) without problems. I read (on their Telegram channel) about implementing Tor support, but I haven't tested it. You could look into this for privacy.
But: BlueWallet LN is custodial. That's okay for small amounts, and they don't recommend to store large amounts. I wouldn't recommend storing large amounts on mobile in general.

Is it better if you use Tor over VPN or VPN over Tor?
Read what TorProject has to say.
newbie
Activity: 8
Merit: 20
If I set up a watch-only stack #1 wallet and spendable stack #2 wallet in Blue Wallet
Quote
More worrying than your privacy concerns and the security implications of this set up. If you import your seed phrase to a hot mobile wallet, then you have completely negated the point of your hardware wallet to keep your seed phrase permanently offline. If you want a hot wallet on your phone, then you should use a brand new seed phrase for this, and use a different seed phrase (+/- an additional passphrase) for your cold storage.

From what I can tell Blue Wallet is Coldcard compatible and I shouldn't have to enter any private keys into it. Just export a wallet file (containing my public key) from Coldcard to Blue Wallet... and hopefully / apparently my private key stays on the Coldcard.

legendary
Activity: 2268
Merit: 18492
Any thoughts on Linux Kodachi? It's designed to use VPN + Tor by default.
I've only tested it in a VM, and it looks promising.
The last time I checked out that OS (which was admittedly a few years ago), it used your CPU power to mine altcoins. I'm not sure whether or not that is still the case, but I do not trust the developer(s).

If I set up a watch-only stack #1 wallet and spendable stack #2 wallet in Blue Wallet
More worrying than your privacy concerns are the security implications of this set up. If you import your seed phrase to a hot mobile wallet, then you have completely negated the point of your hardware wallet to keep your seed phrase permanently offline. If you want a hot wallet on your phone, then you should use a brand new seed phrase for this, and use a different seed phrase (+/- an additional passphrase) for your cold storage.

Why that? Is it better if you use Tor over VPN or VPN over Tor?
If you use a VPN over Tor (i.e. bounce through Tor first and then end on your VPN) then your VPN still becomes a single point of failure and can link all your traffic back to the details you first used to sign up for the VPN. Using Tor over your VPN may be better if you trust your VPN more than a random Tor node, but will be worse if your VPN is evil. If your goal is to hide your Tor usage from your ISP, you can do this with Tor bridges and pluggable transports, rather than with a VPN.
newbie
Activity: 8
Merit: 20
I'm looking at Sparrow now and it says it has "internal tor." Does it have to be configured or does it just work like Wasabi?

Can someone familiar with both Sparrow and Wasabi confirm if Wasabi has any additional privacy advantage when it comes to your IP address?



legendary
Activity: 1344
Merit: 6415
Farewell, Leo
You could even use a nonce as password: your first wallet uses "1", the next one uses "2" and so on. It depends on your use case: If you're trying to memorize the seed phrase, it's easier if you have just one. But if you're afraid your seed gets compromised (by malware), different seeds reduce your risk.
You should absolutely use more than one seed if you're afraid of compromisation and only one if you just one to memorize it, which is the worse way to retain a seed phrase IMO. I just said that because OP wants two seeds.

Although he hasn't explained to us why that, so I'll recommend him to just change the derivation path to something like:
m/x'/0'/0'/0/y for wallet 1 and m/x'/1'/0'/0/y for wallet 2.

Combining Tor with a VPN is usually a bad idea. If you do it incorrectly then you can make your privacy much worse and completely negate the benefits of Tor. Tor on its own is usually a better option.
Why that? Is it better if you use Tor over VPN or VPN over Tor? I guess that if you've bought the VPN through Tor and you've never leaked your privacy, it can only be used to enhance it.

If I set up a watch-only stack #1 wallet and spendable stack #2 wallet in Blue Wallet - then Blue Wallet would know my IP address was connecting to both wallets? I would need to use a mobile VPN every time to block my IP address if I wanted a mobile 2 wallet setup in something like Blue Wallet?
Using a VPN is your best option on an iOS.

Can they tell information like my phone number or email address which is stored somewhere in iOS?
The wallet application? No, your closed-source operating system should warn you that Blue wallet wants to have access to your phone number and other stuff. But, it won't, because it doesn't require such information.
newbie
Activity: 8
Merit: 20
I got my Coldcard set up with a seed word for my main #1 stack of BTC (HODL only and hopefully not spend) and a passphrase that will be used to secure my, separate #2 stack of BTC / Lightning (will be spent from and replenished fairly frequently).

I am using OS X / iOS. I would like a desktop wallet for my main stack and also a mobile wallet to house my #2 stack so I could visit a Bitcoin ATM with ease, make Lightning purchases, etc.

For desktop: Sparrow looks like elegant & well-documented software and Wasabi looks a little less polished. It sounds like Wasabi is highly integrated with Tor and there is no logging of IP address whenever I connect to the network through it. It sounds like Wasabi is the most private option for beginners.

For mobile: I am looking at Blue Wallet for mobile. Is there anything better for iOS?

It sounds like if I export my Coldcard #2 passphrase wallet file to Blue Wallet and use Blue Wallet for my #2 small purchases / Lightning stack... then the Blue Wallet app developers or public server used by BlueWalet would know that my phone's IP address is associated with my #2 stack. But a chain surveillance firm or authoritarian government would not know who owned the #2 stack unless my purchasing habits left clues.

If I set up a watch-only stack #1 wallet and spendable stack #2 wallet in Blue Wallet - then Blue Wallet would know my IP address was connecting to both wallets? I would need to use a mobile VPN every time to block my IP address if I wanted a mobile 2 wallet setup in something like Blue Wallet? Can they tell information like my phone number or email address which is stored somewhere in iOS?

Thank you for reading and if you have any better suggestions for relatively private way for a new bitcoiner to keep 2 stacks.. one desktop and privacy not too important + stack #2 mobile, relatively private and separate from the first one... please let me know!

 

legendary
Activity: 3262
Merit: 16303
Thick-Skinned Gang Leader and Golden Feather 2021
Combining Tor with a VPN is usually a bad idea. If you do it incorrectly then you can make your privacy much worse and completely negate the benefits of Tor. Tor on its own is usually a better option.
Any thoughts on Linux Kodachi? It's designed to use VPN + Tor by default.
I've only tested it in a VM, and it looks promising.

The Security models:
Quote
    For best anonymity results:

    ISP > Router VPN or Host machine (XMR anonymous VPN) > Linux Kodachi VPN (Virtual machine – Vmware via NAT) > Torified System > TorDNS > Kodachi loaded browser (Best high anonymous but slow model)
    ISP > Linux Kodachi VPN (anonymous node) TOR end point > Torified System > Tor DNS > Kodachi loaded browser (high anonymous but slow)
    ISP > Linux Kodachi VPN (anonymous node) TOR end point > Tor DNS > Kodachi lite browser (high anonymous and fast)
    ISP > Linux Kodachi VPN with firewall forced VPN Traffic > Torified System > Tor DNS > Kodachi loaded browser (anonymous but slow)
    ISP > Linux Kodachi VPN > Torified System > TorDNS > Kodachi loaded browser
    ISP > Linux Kodachi VPN with firewall forced VPN Traffic > Torified System > Tor browser (Double TOR) > TorDNS
    ISP > Linux Kodachi VPN > Torified System > Tor browser (Double TOR) > TorDNS

     For best security results (Email – Banking – Cryptocurrency):

    ISP > Host machine (XMR anonymous VPN) > Linux Kodachi VPN (Virtual machine – Vmware) with firewall forced VPN Traffic > Kodachi browser > Dnscrypt (Best model)
    ISP > Linux Kodachi VPN with firewall forced VPN Traffic > Kodachi loaded browser > Dnscrypt
    ISP > Linux Kodachi VPN with firewall forced VPN Traffic > Kodachi loaded browser > TOR DNS
    ISP > Linux Kodachi VPN with firewall forced VPN Traffic > Kodachi lite browser > TOR DNS (Fast)
    ISP > Linux Kodachi VPN with firewall forced VPN Traffic > TOR browser > Dnscrypt
    ISP > Linux Kodachi VPN with firewall forced VPN Traffic > TOR browser > TOR DNS
legendary
Activity: 2268
Merit: 18492
1. It uses Tor (by default) and compact block filter, so even if you open 2 wallets at same time, 3rd party (Bitcoin full node) can't know 2 wallets belong to same person.
If you open two wallets in Wasabi simultaneously, does it automatically use a new Tor circuit for each? Or automatically connect to a different node for each? If not, then although your IP address will be hidden, the node in question will still see the same IP address (that of your Tor exit node) querying two sets of addresses at the same time and be able to reasonably deduce that they are linked.

and manage it using VPN with Tor.
Combining Tor with a VPN is usually a bad idea. If you do it incorrectly then you can make your privacy much worse and completely negate the benefits of Tor. Tor on its own is usually a better option.
legendary
Activity: 3262
Merit: 16303
Thick-Skinned Gang Leader and Golden Feather 2021
Why two seeds? Couldn't you generate one and then use it again as a recovery along with a passphrase?
You could even use a nonce as password: your first wallet uses "1", the next one uses "2" and so on. It depends on your use case: If you're trying to memorize the seed phrase, it's easier if you have just one. But if you're afraid your seed gets compromised (by malware), different seeds reduce your risk.
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
The downside are you need to backup 2 seed words and 2 different password, although you could use same password for both wallet.

Why two seeds? Couldn't you generate one and then use it again as a recovery along with a passphrase?
legendary
Activity: 1540
Merit: 1274
Or do I need two hardware wallets for better privacy?
Privacy is something valuable in Bitcoin and you need some experience to gain it. it is best to use Monero cryptocurrency if you focus on privacy.
any airggapped system (hardware wallet, PC, old android phone,...etc) will boost your security but privacy requires that you run a full node wallet and manage it using VPN with Tor.
Plus, avoid using any explorer and run your own explorer. Bitcoin block explorers are a fundamental distortion of privacy.
HCP
legendary
Activity: 2086
Merit: 4314
What is the easiest way to have two separate, relatively private (unconnected on the blockchain) stacks of BTC with the minimum number of devices, keys and passwords / phrases to manage?

Several options:

- 2x individual private keys (paper wallets) generated using dice/coin flips etc
or
- 2 wallets generated from 1 seed phrase and 2x BIP39 passphrases (addresses from each wallet cannot be linked to each other unless you specifically include UTXOs from different wallets in one transaction)
or
- 2 wallets generated from 2 different seed phrases (optionally protected with BIP39 passphrases).
or
- 1 hardware wallet device and use 2 different "Accounts" (in Ledger Live/Trezor Suite etc. this uses different derivation paths for each "Account")
or
- 1 hardware wallet device and use 2 different passphrases to generate 2 different wallets.


You will need to decide which option satisfies your requirements for "easy to manage" and "minimum number of seeds/keys/phrases" etc... and as long as you're careful with your coin control etc and don't spend coins from both stacks in the same transaction, then there really isn't anyway to "link" the stacks.

Note that if you just tried to use 2 different addresses generated from the same seed/passphrase/account combination and relied solely on "coin control" to prevent linking the addresses... in the situation where your XPUB "leaked", it would be possible to identify that the 2 addresses were indeed part of the same wallet, even if they had never been used in the same transaction.
legendary
Activity: 4228
Merit: 3101
I am new to Bitcoin and want to set up 2 separate wallets or "stacks" of Bitcoin to HODL in cold storage. What is the easiest way to have two separate, relatively private (unconnected on the blockchain) stacks of BTC with the minimum number of devices, keys and passwords / phrases to manage?

Trezor's wallet software allows you to set up any number of separate wallets on the same device.

Check out this image for an example: https://i.ytimg.com/vi/VM_ktWKjf68/maxresdefault.jpg
legendary
Activity: 2898
Merit: 3937
Is an airggapped Coldcard with a main wallet and a #2 passphrase wallet "pretty good privacy" & security for a beginner to hold 2 stacks of BTC that don't appear at all connected on the blockchain or elsewhere?

I can't really afford new wiped computers, running nodes, etc, after buying this latest dip.
Sufficient. Most third party cannot link the two sets of addresses generated by the two wallets as long as you don't unintentionally spend the funds from both the wallets in the same transaction or send the funds between them.

There also runs the risk of your wallet client tracking you. If possible, I'll just use Wasabi wallet. The next best alternative would be to use Electrum but use a separate and different Tor/VPN when using the two wallets.
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
Or do I need two hardware wallets for better privacy?
You don't need hardware wallets for better privacy so no, having more than one hardware device won't provide you any additional privacy. You'll have to understand how a hardware wallet works. Once you want to know your balance, you'll leak your addresses on some nodes compulsorily. You can't achieve the greatest privacy if you don't setup a node, let it be a pruned one if you can't afford a full node. If you also want anonymity, you can run it though tor.

Will that keep them separate on the blockchain or can 3rd party observers see that one public key controls both those 2 different wallets and see the balances for each?
If you create two wallets and one of them uses the other's seed and a passphrase, there is no way for someone to understand that they have anything related. Only if you signed a transaction from both of them, you'd expose that you're the owner of, let's say, two addresses.

Is an airggapped Coldcard with a main wallet and a #2 passphrase wallet "pretty good privacy" & security for a beginner to hold 2 stacks of BTC that don't appear at all connected on the blockchain or elsewhere?
Yes. If you want no connections to the block chain between your addresses, then you can do it with a hardware wallet. You can basically do it with every hierarchical deterministic wallet.
legendary
Activity: 3262
Merit: 16303
Thick-Skinned Gang Leader and Golden Feather 2021
I was considering putting Coinbase funds on a hardware wallet and then setting up a "passphrase" for an additional wallet (on the same device) to store my P2P coins. Will that keep them separate on the blockchain or can 3rd party observers see that one public key controls both those 2 different wallets and see the balances for each?
It depends: are you trying to hide the link between wallets from a random third party, or from everyone? Your hardware wallet provider for instance will (be able to) know the wallets have the same owner when you check the balances online from the same IP-address.
newbie
Activity: 8
Merit: 20
Is an airggapped Coldcard with a main wallet and a #2 passphrase wallet "pretty good privacy" & security for a beginner to hold 2 stacks of BTC that don't appear at all connected on the blockchain or elsewhere?

I can't really afford new wiped computers, running nodes, etc, after buying this latest dip.
legendary
Activity: 2898
Merit: 3937
Technically, you just have to practice proper coin control and avoid spending the funds from both the addresses at the same time. I understand that this is quite difficult so, that is not really an option.

Using passphrase will give you an entirely different set of address, so long as you keep the transactions separate, ie. not sending the funds to addresses between the sets of addresses, it is fine. However, passphrase isn't covered by the seed's checksum nor is there any fixed word list. If you lose the passphrase, there is no way to bruteforce it unless the passphrase is sufficiently weak.

Hardware wallet is not a cold storage. If you want, using Electrum with a cleanly wiped offline computer and having a watch-only wallet of that would make for a sufficiently secure airgapped cold storage.
Pages:
Jump to: