I sure hope that when anyone is comparing hardware wallets, they consider the fact that Ledger hardware has key extraction firmware which means it's less safe than other options, not to mention how Ledger Live tracks everything they'll do.

Ledger should be avoided like the plague.  Even if they offered a 100% discount, making their hardware free, I wouldn't recommend Ledger.  Well, actually, if I really disliked somebody, I suppose I'd recommend Ledger to them.

P.S.  How's that STAX order coming?  Ledger Stax, announced in 2022.  Still hasn't shipped, and when it finally does it'll probably be more buggy than a beehive.

The attacker would have to brute force a combination of secrets: the child seed used as a seed, and the child seed used as a passphrase.

To do this, the attacker would have to have access to the parent seed and would have to know the person is using BIP85 and know the wallet uses a passphrase.  And the attacker would have to check all combinations of all possible indexes at all possible child seed lengths.

I'd say using a seed with a standard passphrase is only more secure than my approach if the passphrase is at least 6 words long - but that introduces risks such as typos and loss, not to mention the need for easy access to the passphrase every time the wallet is used, which means greater risk the passphrase will be found.  My method eliminates the possibility of typos, it includes redundant backups, and since the version of my parent seed kept in my home is encrypted with a very strong key, there's no risk of it being accessed by a thief.  If somebody broke into my safe deposit box at the bank, they'd find a metal backup of a seed, which means they'd find 24 words, but they'd have no way of knowing how they're used.  If somebody breaks into the safe in my home they probably need an ambulance.

All of that being said...  the most important part of my setup is security of the parent seed.  As we know, all Bitcoin owners should back up their seed on paper and metal, secured in 2 locations only they have access to...  but sadly, most Bitcoin owners don't do that.  I definitely do.

P.S.


That's one of my (many) favorite things about Krux.  The clarity and simplicity of your interface makes testing so easy, not to mention the fact that Krux does Testnet.  I recommend Krux to people even if they're not going to use it as their hardware wallet / signer because it's so easy to test and prove just about every aspect of a wallet is what you think it is.

I'm already testing it.  And loving it.

This update simplifies my overall setup while GREATLY increasing my security.

I use 2 Kruxes.  One does BIP85.  The other is my wallet.

Load the 24 word child seed via BIP85 on one Krux.  Scan it with the other.  Reboot the first Krux & load the 12 word passphrase via BIP85.  Scan it with the other.

Load, scan.
Load, scan.
Done.

This allows me to use my wallet stateless without ever needing to get my wallet's seed or passphrase out of the safes where they're locked up.  My parent seed (which is encrypted) generates the child seeds to build my wallet.  This takes just a few seconds.


In terms of security:

If my Krux devices get stolen...  there's nothing on 'em.  If my parent seed gets found or stolen...  it's encrypted, but it wouldn't matter anyway since it's backed up on metal and it's never been used as a wallet.

Pair it up with a companion app, such as BlueWallet for mobile and/or Sparrow for desktop.  Both are free and open source.  Electrum is great too, but I find it clunky for making airgapped transactions, whereas that's easy to do on BlueWallet or Sparrow.

I assume you know this, but if not, what you'll do is get the zpub from your hardware wallet and import it into the companion app of your choice.  Then you'll use the app as your wallet app (it'll be watch-only), and you'll use Krux to sign transactions.

To get the zpub on Krux, select "Extended Public Key" & you can see the text and the QR code.  Scan the QR code to import it into BlueWallet, Sparrow, Electrum, or whatever wallet app you prefer.  Easy!

I really like BlueWallet for mobile, with its simple interface, and Sparrow for desktop.

Krux is the one I'd recommend.

SeedSigner is great too, but Krux is a huge step up.

Krux features:

Free and open source.
Airgapped - hackers can't reach it.
Stateless - nothing on it for a thief to steal.
SeedQR - with optional encryption.
Passphrase QR - no more typing!
Etc etc etc.

Krux runs on Kendryte K210 devices like the M5StickV Stick, the Maix Cube, and my favorite, the Maix Amigo.  The M5StickV looks like a Blockstream Jade.  The Maix Cube is a tiny cube with a screen.  The Maix Amigo is a device that looks like a chunky iPhone & has a large touchscreen.

Krux on a Maix Amigo is a killer combo.  The large touchscreen makes the device easy to use, and having a large screen means everything is easy to see and shown clearly.  This matters a lot when confirming things.  Have you ever used one of those tiny Ledger screens where you have to scroll through an address to make sure its right?  Tiny screens are a safety issue, in my opinion.  The Amigo's large screen has room to show you everything, which makes using it so much safer.

My favorite feature is probably the encrypted SeedQR.  This gives you the ability to store a seed QR on your desktop or phone without worrying that somebody will find it.  Choose a strong decryption key (use a long passphrase) and your SeedQR is unhackable.  Oh, and you can create a QR for your decryption key too.

If you do TinySeed metal backup, Krux can scan it.  I'm not sure if this feature is part of the current firmware yet, but it's on the latest beta.

Since Kendryte devices are meant for development & hobbyists, buying one doesn't put you on a crypto mailing list that can get leaked like Ledger's was.  The clowns at Ledger leaked users names, phone numbers and home addresses.  YIKES.

When it's in stock, the Maix Amigo sells for as little as $50.

Krux is such a fantastic project.

Some hardware wallets have limits.  Trezor limits to 50 bytes.  Ledger limits to 100 characters.  A 12 word passphrase tends to average around 75 characters.

I love using BIP85 to have redundant backups.  I still back everything up the proper way: paper & metal, secured in locations only I have access to.  But BIP85 gives me redundant backups of everything.  And really, once you have more than one seed, I think using BIP85 to create mathematically generated redundant backups makes a lot of sense.

The catch, of course, is that you have to start your entire wallet setup from scratch, because in order to use BIP85 the way I do, you need a parent seed.  For me, I felt like starting over with my wallets was a necessity after Ledger announced their key extraction firmware.  I didn't feel like there was an immediate risk, but long term, that nonsense is a time bomb waiting to go off.  So I started over with everything, from scratch.

On the other hand, for somebody who only wants to keep using the seed they already have but start using passphrases for different wallets (perhaps a trading wallet, a DeFi wallet, and a hodl wallet), BIP85 is perfect, because using BIP85 child seeds as passphrases protects against loss of a passphrase, since they can easily be regenerated.

EDITED to add:  By the way...  I realize that a 24 word seed with a 12 word passphrase is massive massive overkill in terms of entropy, but it's not about that.  It's about ease of use and redundant backups.

That would be fantastic.

UPDATE!  BIP85 has been added to the Krux beta.  Sweeeeeet!

BIP85 is an option more Bitcoiners should discover.

Here's how I use it:

I created a parent seed.  I never use this seed as a wallet.  I've backed it up, backed it up, backed it uuuuup.

I use 24 word child seeds as my actual "seeds."  Encrypted, thanks to Krux.

I use 12 word child seeds as passphrases for my wallets.  There are many benefits of using a child seed as a passphrase: It's impossible to have a typo since the seed has a checksum.  It's easy to load since Krux does Passphrase QR.  It's incredibly secure.  The parent seed is encrypted, thanks to Krux.

Because my seeds & passphrases are all child seeds, if any of them is ever lost, they can easily be regenerated by the parent seed.

EASY.

I name my wallets with a simple system that tells me the BIP85 child seed index numbers.

I realize some people will read this and think "Yikes!  That's complicated!"  It's really not.

Krux A:  Load the 24 word child seed.
Krux B:  Load the 12 word child seed (to use as a passphrase).
Krux A:  Scan the plaintext QR on Krux B to load the passphrase.
Done.

Airgapped: Unhackable.
Stateless:  Nothin' on it, if stolen.
Encrypted Seed QR:  Unhackable if stolen.

And if anything is ever lost...  any seed or any passphrase...  it can easily be regenerated by the parent seed (which is backed up on paper and metal & the metal copy is locked in a safe deposit box).  And, I can keep the child seeds, which are the seeds and passphrases for my actual wallets, locked up in a safe.  I never need to access them in order to use my wallets, since I use the parent seed to quickly generate them each time.

I can't think of a way to make security better than this for a long term hodl wallet, and Krux makes it easy.  Everything is backed up, plus I have a backup of the backups that can regenerate everything.

Any chance you folks are planning on adding encrypted passphrase QR as a feature?  That would be fantastic.

I updated my backup Amigo to the latest Krux beta binary by odudex, and holy cow is that sucker FAST!  Krux was already snappy, but the latest binary on a Maix Amigo is screaming fast.  It boots fast.  Response to clicks is crazy fast.  Fast fast faster than fast.

Jade charges via USB.

Plug it in using one of those USB power adapter plugs to use an electric outlet instead.  No internet-connected machine required.  I keep one of those in my travel bag for devices that charge via USB.

Your seed phrase generates millions of private keys.  Each address in your wallet has a unique private key.  And each wallet type (Segwit, Native Segwit, Taproot) generates an entirely different list of millions of addresses and private keys.

With Ledger hardware, your main PIN unlocks the device using your seed phrase.  You can also set up a second PIN to unlock the device using your seed phrase plus a passphrase (please don't unless you fully understand what a passphrase is and how to use one safely.  A passphrase is not a password).

Using your seed phrase, you can create different wallet types.

If all of this seems confusing, that's because it is.  Most wallet apps do a very poor job of explaining all of this, especially to newcomers, and they try to be too clever, which makes it hard for newcomers to understand what the app is actually doing.  And most hardware wallets make matters worse for the same reasons, which piles on more confusion to the confusion.


I probably shouldn't have said "old school" since there have been various wallet types.  I meant Segwit vs Native Segwit (or did Ledger use Wrapped Segwit before adding Native Segwit?  I don't remember).

Anyway...  you might have a Segwit wallet and a Native Segwit wallet, depending on how you originally set things up in Ledger Live.

I wonder if you originally set up an old school Bitcoin wallet, and then you set up a Native Segwit wallet?  If I recall correctly, that's what I did when I set up my first Ledger back in 2019.

If I were you, I'd start over from scratch with a new seed, and move your coins to that wallet.  And if you own more than maybe a thousand dollars worth of Bitcoin (or if you plan to), I'd switch to a Trezor or a Blockstream Jade.  I don't trust Ledger anymore, so I started over with a new seed that was never used on Ledger hardware.

If you do start over with a new wallet, write down your seed words on paper.  Make a metal backup in case of fire, flood, moisture, etc.  But also, open a note somewhere on your computer or phone and write down info about how you set up your new wallet.  Write down as many details as you can.  Write down everything except the seed words (never enter seed words on a computer or phone.  Only enter them in your hardware wallet).  I like keeping this info in a locked note on my Mac, but even if the note somehow gets hacked, my keys aren't in that note so my coins are safe.

Absolutely, Jade.

Both are great in terms of security, but ColdCard is much less user friendly, especially for a first hardware wallet.

+1

And adding to what you said: the Passport appears to be a much easier device to use.  Over the past few years, I've seen a bunch of newcomers buy a ColdCard but not end up using it.  Ease of use matters a lot, in my opinion.

It's not about quantity.  Clearly, you're not familiar with BIP85, so you're not really understanding the conversation we're having or the use case.  That's fine, since BIP85 isn't something you have experience with or use for.  No worries.

Yeah, I just made up that scenario as an example, but it's not what I'm using BIP85 for.

I think BIP85 is a very powerful tool that more advanced Bitcoiners who do self custody will find great use for in years to come because it provides an extra layer of backups for everything.  Lost a key?  Regenerate it.  Want to confirm a word in a seed?  "Is that an l?"  Regenerate it.  It's so easy.

For the average Bitcoiner doing self custody, the way the Foundation Passport does BIP85 is probably very useful, and I'd definitely recommend Passport users check it out.  But for my needs, I think it's not what I'm looking for.  I want quick access to plaintext child seed QRs.  I don't want to save the child seeds since I won't actually be using this hardware wallet as my hardware wallet (and also because I use my hardware wallet 100% stateless).  For me, this is about recovery from a parent seed, not general use of the child seed itself.

I'm starting to think about forking SeedSigner (or doing a DIY Raspberry Pi app) to make a Quick BIP85 device that does nothing but scan a parent seed, ask for a BIP85 index number and seed length to generate, & then display the child seed words followed by a plaintext QR.  That'd be a huge project for me, and it's beyond my current abilities, but it might be something to work on for the fun of it.

Sorry!  I didn't know that.  I'll fix it when I have a minute.  EDIT:  Fixed!

You're still not seeing it.

BIP85 turns a parent seed into the ultimate backup of anything you'd want to secure using words, not just Bitcoin.  I use a 12 word child seed as a decryption key.  12 words means it's unhackable, and being a child seed means it can easily be regenerated from the parent seed.  So, there's no danger of losing the decryption key since it can be regenerated by the parent.

That's why I'm trying to find a hardware wallet that makes generating BIP85 child seeds quick and convenient.


I have no interest in saving them on the device.  In fact, I specifically do not want to save them on a device.  I just want to be able to quickly regenerate a child seed if I need it.

Sorry if I was rude before, but being asked "Why would you need that?" is like asking "Who needs deterministic wallets?  Isn't that overkill?" or "Why have a seed use words instead of numbers?  Who needs that?"

I've become a huge advocate of using BIP85.  There's no such thing as a lost multisig key if they were generated by a parent seed since the parent can easily regenerate every child seed.  All you need to know is the index number to get a key back.  It's a brilliant system.  I'm actually surprised BIP85 hasn't caught on among more experienced Bitcoiners.


Can you explain the 20 key limitation?  I assume that's a limitation of your device, since BIP85 can generate millions of child seeds - not that I need millions.  I'm just trying to understand the device since it requires extra steps such as saving and naming the child, for example.  I don't need to create the child seeds.  I did that last year.  I'm looking for the easiest way to regenerate one of them if it's lost, or if I'm traveling and need one for whatever reason.  In a perfect world, a device would just ask for the BIP85 index # and the child seed length, then show me the words so I can confirm it's correct, then give me the QR code to scan with my main hardware wallet (which doesn't do BIP85).

I don't have a high number of child seeds yet, but I do already have more then ten, and I assume I'll have more in the future since a child seed is backed up by the parent seed, which means so long as the parent seed is securely backed up (paper, metal, safe deposit box, etc), child seeds become a foolproof way to avoid loss.  Lose a key?  Regenerate it using the parent seed.

BIP85 makes managing seeds so easy, in terms of keeping track of which is for what.

Do you have a passphrase set up?  If you do, you need to open your Ledger hardware wallet using the PIN for the seed only, not the PIN for the seed+passphrase.  I'm pretty sure if you use the second PIN (the one for opening Ledger to a seed+passphrase wallet) the seed check app will fail because the wallet doesn't match the seed words (it matches the seed words + the passphrase).  That seed phrase check app is a good idea, but the way Ledger designed it wasn't well thought through.  It should be able to tell that you're using a passphrase and give you a warning to log out and restart using your seed wallet PIN (PIN 1, in other words).

I'm not saying this is the issue you're experiencing, but it could be.  And if it is...  yay!  Problem solved.

Hopefully it's this or something equally minor.  Good luck!

I'm not asking how to retrieve the named child seeds, or even how to name child seeds.  I'm asking how to generate a child seed in the first place.

It should be as simple as Choose Index Number.  Choose Seed Length.  Here are your words.  Display QR?  Done.

I own a Blockstream Jade, and the process of generating a child seed takes a bajillion clicks.  It works, but a process that should take less than 10 seconds instead takes a few minutes.


You can't be serious.  I can think of tons of examples.  Here's an easy one.  Let's say a parent sets up wallets for their kids, as college funds.  The dad uses his seed as a parent seed and uses the year each child was born as the child seed index number.

Here's another example.  Let's say you have a small company and some employees get an expense account.  Give each employee a child seed wallet using their employee number as the index number.

This is very standard stuff.  Advanced, sure, but standardized.  Just follow the BIP85 spec.  Limiting the millions of BIP85 index numbers to just 0 through 19 seems...  bizarre, arbitrary, and pointless.

Ah well.  I already have a hardware wallet that does BIP85.  I was just hoping to find one that does it well.  My search continues.