Bitcoin Forum
September 18, 2019, 08:47:30 PM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Electrum Multi-Sig with Hardware Wallets - Problem  (Read 122 times)
mattywitt
Newbie
*
Offline Offline

Activity: 4
Merit: 1


View Profile
September 02, 2019, 07:02:06 PM
Merited by DireWolfM14 (1)
 #1

Hi there,

I’ve spent a great many hours looking into best practices for setting up a multi-sig configuration with hardware wallets and Electrum. I just can't seem to find a safe, agreeable setup.
 
I’ve been listening to Stephan Livera’s recent podcasts on hardware wallets and most of the technical experts (Michael Flaxman and the like) seem to suggest that it is irresponsible to NOT use multi-sig. The curveball, according to other experts, appears to be is that it can actually increase overall risk in some respects if not executed properly.

My specific goal is to have a 2-of-2 setup with 2 different hardware wallet manufacturers, to mitigate the risk of bad actors/supply chain issues in any one company. Herein lies my primary issue.
 
Trezor appears to work flawlessly with electrum in a multi-sig setup, which is great. The problem however is that I can’t find a second mainstream hardware wallet that actually works securely at the moment.
 
I’ve bought a Coldcard, which is highly recommended for secure storage, but I discovered that it is not supported fully for multi-sig with electrum just yet.
 
Ledger is not an option because of the massive attack vector regarding not verifying change outputs or displaying fees for multi-sig transactions. I’ve seen some suggest that incorporating a Ledger into a multi-sig setup being counter-productive. 

Using two Trezors is obviously pointless, given the specific attack vector that I am trying to guard against.
 
Can someone please offer advice or point me in the right direction? How are others actually doing this at present?

At this point I am seriously considering forking out $1800 per year for Casa Keymaster Platinum 3-of-5 multisig. I’d prefer to not have to spend that sort of capital (forgo that many Sats), but I can’t find a reasonably simple multi-sig setup with different hardware vendors that is fully compatible without having serious security flaws at present.

Thank you kindly in advance.
1568839650
Hero Member
*
Offline Offline

Posts: 1568839650

View Profile Personal Message (Offline)

Ignore
1568839650
Reply with quote  #2

1568839650
Report to moderator
1568839650
Hero Member
*
Offline Offline

Posts: 1568839650

View Profile Personal Message (Offline)

Ignore
1568839650
Reply with quote  #2

1568839650
Report to moderator
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1568839650
Hero Member
*
Offline Offline

Posts: 1568839650

View Profile Personal Message (Offline)

Ignore
1568839650
Reply with quote  #2

1568839650
Report to moderator
1568839650
Hero Member
*
Offline Offline

Posts: 1568839650

View Profile Personal Message (Offline)

Ignore
1568839650
Reply with quote  #2

1568839650
Report to moderator
1568839650
Hero Member
*
Offline Offline

Posts: 1568839650

View Profile Personal Message (Offline)

Ignore
1568839650
Reply with quote  #2

1568839650
Report to moderator
DireWolfM14
Hero Member
*****
Online Online

Activity: 518
Merit: 761



View Profile WWW
September 03, 2019, 01:07:47 AM
 #2

At this point I am seriously considering forking out $1800 per year for Casa Keymaster Platinum 3-of-5 multisig.

I don't see for what they're selling subscriptions.  Do they store your recover seeds?  WTF?  Maybe I'm missing something but that sounds like a bad idea.

My specific goal is to have a 2-of-2 setup with 2 different hardware wallet manufacturers, to mitigate the risk of bad actors/supply chain issues in any one company. Herein lies my primary issue.
 
Trezor appears to work flawlessly with electrum in a multi-sig setup, which is great. The problem however is that I can’t find a second mainstream hardware wallet that actually works securely at the moment.

Seems like you're over complicating things.  You can use a standard Electrum wallet as a the second signature, go with an airgapped system for extra security.  You'll still need one hardware sig and another sig from another wallet that has no ties to Trezor. 

Abdussamad
Legendary
*
Offline Offline

Activity: 2226
Merit: 1183



View Profile WWW
September 03, 2019, 08:55:39 AM
 #3

Electrum can generate a seed by itself. It's a software wallet. So why not use a combination of electrum generated seed and a hardware wallet?

Hardware wallets are nowhere as important as people make them out to be. IDK why people spend so much money on them. You are essentially trusting the postal system and some remote company not to steal from you.

mattywitt
Newbie
*
Offline Offline

Activity: 4
Merit: 1


View Profile
September 03, 2019, 09:02:04 AM
 #4

Thanks for the reply DireWolfM14.

That is a viable solution which I didn't consider....and perhaps I am over complicating things. My technical knowledge is somewhat basic, so I guess my logic has been to err on the side of caution so that I don't screw anything up (i.e. use hardware wallets with which I'm pretty familiar). I'd also have to purchase a second PC for the air-gapped solution.

I'm genuinely interested what others are doing though with respect to this problem. Perhaps they're not too concerned with these specific attack vectors and therefore just using a bunch of Trezors or a Ledger and Trezor.

With respect to Casa's fee, I tend to agree. I'm happy to pay the $1800 once-off, for which you get a node, 3 hardware wallets and a few other items. Obviously you get access to their software, priority support and assistance etc too.

They only store 1 of the 5 keys, which acts as the emergency backup key. You retain 4 keys (3 generated by your hardware wallets & and the 4th generated by their app, to which they supposedly don't have access).

I've read that you can cancel your membership with them and still retain access to their software/servers, but support and recovery would presumably cease from year 2. I've also seen them suggest that the membership fee includes free hardware upgrades as and when they are released, shipped to you anywhere in the world for free. They also retain 3 backup hardware wallets for you at all times and will ship them to you for free, if you lose any of yours.

Considering the above, the cost appears to be somewhat justified. In my case though, I don't really see it as being particularly worthwhile.
mattywitt
Newbie
*
Offline Offline

Activity: 4
Merit: 1


View Profile
September 03, 2019, 09:18:19 AM
 #5

Electrum can generate a seed by itself. It's a software wallet. So why not use a combination of electrum generated seed and a hardware wallet?

Hardware wallets are nowhere as important as people make them out to be. IDK why people spend so much money on them. You are essentially trusting the postal system and some remote company not to steal from you.


Appreciate the reply. It's useful to get this perspective... I think I'm too irrationally stuck in a single line of thinking.

And your comment re. the postal system/remote company is interesting, and very true. I'll definitely rethink my strategy with this in mind! Thanks
o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 686
Merit: 2730



View Profile
September 03, 2019, 10:09:11 AM
 #6

I'm genuinely interested what others are doing though with respect to this problem. Perhaps they're not too concerned with these specific attack vectors and therefore just using a bunch of Trezors or a Ledger and Trezor.
Both Ledger and Trezor have instructions to follow to verify that the device you received is completely genuine, from opening the device and inspecting the hardware, to verifying it against their servers. Also, by way of updating to the latest firmware, you would overwrite any malicious code on the device. The chance of a supply chain attack is negligible provided you follow the recommended set up steps.

In terms of a bad actor, all software you are using should be open source. Unfortunately, not all hardware wallet firmware is open source, however you can independently verify that the wallet is returning the correct responses and there is no side channel attack present.

If you still don't fancy using a hardware wallet, then I would suggest an airgapped wallet. An old laptop seems to be what most people use, but if you don't have one, you can buy something for far less than the $1,800 you are considering. You can buy a Raspberry Pi for less than 50 bucks. You could even multisig between a couple of Raspberry Pis, or between a Raspberry Pi and a Trezor.

DireWolfM14
Hero Member
*****
Online Online

Activity: 518
Merit: 761



View Profile WWW
September 03, 2019, 01:51:12 PM
 #7

With respect to Casa's fee, I tend to agree. I'm happy to pay the $1800 once-off, for which you get a node, 3 hardware wallets and a few other items. Obviously you get access to their software, priority support and assistance etc too.

I can't believe anyone would entrust a third party with any of their seeds, sorry.  Even if it's only one seed of a multi-sig wallet. 

You can do a similar thing yourself for much less money, and it'll be infinitely more secure.  If you're concerned about the safety of your storage facility there are solutions to that as well:  A small fire-resistant document safe is only a couple of hundred bucks; buy two and put one at home and another in a self-storage unit (about $50 a month) with back-ups of your seeds in both safes.  You'll be the only one with access to your seeds, they're safe from various physical threats, and you'll be spending a lot less on security.

HCP
Legendary
*
Offline Offline

Activity: 1092
Merit: 1787

<insert witty quote here>


View Profile
September 06, 2019, 11:23:29 AM
 #8

Ledger is not an option because of the massive attack vector regarding not verifying change outputs or displaying fees for multi-sig transactions. I’ve seen some suggest that incorporating a Ledger into a multi-sig setup being counter-productive. 
Not sure how this really matters if you're using a multisig? Huh

Surely, once you've confirmed the change and/or fees using the Trezor and then partially signed the transaction then you don't have to worry about it, as, at that point, it's then impossible to alter the transaction and still have the Trezor part of the signature be valid... Or you could sign it with the Ledger first, then double check everything with the Trezor before adding the 2nd (and final) signature before sending.

mattywitt
Newbie
*
Offline Offline

Activity: 4
Merit: 1


View Profile
September 06, 2019, 12:39:08 PM
 #9

Thanks HCP. That makes a lot of sense.

I received some feedback from an experienced/technical individual yesterday that exactly aligns with your comments. It makes me feel a lot better hearing the same thing from two experienced sources.

For background on my concerns, see the following two links:

https://twitter.com/mflaxman/status/1163585172568268802
https://saleemrashid.com/2018/01/27/hardware-wallet-electrum-multisig/

It's still frustrating that Ledger does this so badly and that one has to rely so heavily on Trezor as a result, but hopefully Ledger addresses the issue in time. It's not my intention to spend from this setup for some time, so perhaps the issue will be resolved by then.

Nevertheless, I'll probably go ahead. This is the guide I am following, if anyone is interested or has comments:

https://github.com/DriftwoodPalace/guides/tree/master/hodl-guide
HCP
Legendary
*
Offline Offline

Activity: 1092
Merit: 1787

<insert witty quote here>


View Profile
September 06, 2019, 08:16:34 PM
 #10

It's still frustrating that Ledger does this so badly and that one has to rely so heavily on Trezor as a result, but hopefully Ledger addresses the issue in time. It's not my intention to spend from this setup for some time, so perhaps the issue will be resolved by then.
Indeed, some of Ledger's decisions in the past have left me a little confused... It would appear they'd rather add a bunch of shitcoin support than fix something like this. I guess "the squeaky wheel gets the grease" and more people wanted to be able to store (worthless) shitcoins on their Nano S' than people who wanted to be able to use their Nano S in an Electrum Multisig ¯\_(ツ)_/¯

Hopefully they'll find some spare dev capacity now that Ledger Live is relatively stable and the X has been out for a while... not holding my breath tho. Undecided

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!