Bitcoin Forum
December 15, 2024, 10:27:54 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: iancloman+bitaddress.org and passphrase as a privatekey for coldstorage ?  (Read 161 times)
abhilodha (OP)
Newbie
*
Offline Offline

Activity: 25
Merit: 5


View Profile
October 11, 2021, 06:18:44 PM
Merited by o_e_l_e_o (4)
 #1

is this considered secured

step 1: find a clean online pc and download iancoleman html file from github and verify signature and hash
step2 : on clean pc go to bitaddress.org and download the file using github link there and verify the signature
step 3: burn linuxmint on dvd and
step4:  take dvd and both html files on usb to an always offline pc.
step 5:  run the dvd live session create a private key in  bitaddress
step 6: create 24 word seed in iancoleman and use the private key created in step5 as passphrase.
step7: note down the seed and passpharese.



is there any flaw in the method for making a coldstorage

note : i would have used talis and electrum but i want to make a bip39.
BlackHatCoiner
Legendary
*
Offline Offline

Activity: 1736
Merit: 8460


Fiatheist


View Profile WWW
October 11, 2021, 06:29:55 PM
 #2

step 6: create 24 word seed in iancoleman and use the private key created in step5 as passphrase.
This isn't just unnecessary, but it'll makes the point of seed phrases meaningless. Why would you add a passphrase you cannot remember in another thing you cannot remember, and that's why you've written it down instead, when it provides you no more essential security?

There's not even a reason to use bitaddress.org above iancoleman. Just generate twelve words and write them down. It is also not recommended to generate random numbers from javascript. Read Concern about RNG.

note : i would have used talis and electrum but i want to make a bip39.
Is there a specific reason you don't mind sharing with us?

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 2856
Merit: 3071


https://bit.ly/387FXHi lightning theory


View Profile
October 11, 2021, 08:12:39 PM
 #3

Aside from what bhc says which uou should consider (also maybe find a wallet you can download and trust that does accept bip39 if you do really need it for some reason).

I don't know if it's even possible to use a private key as a passphrase but it's not very useful either way - especially since you can just use part of an electrum seed.
hatshepsut93
Legendary
*
Offline Offline

Activity: 3038
Merit: 2162


View Profile
October 11, 2021, 11:42:56 PM
 #4

It is also not recommended to generate random numbers from javascript. Read

This used to be the case 20 year ago, but today browsers come with secure RNG seeded with device's entropy. Wallets like MEW use it and it's not a problem.

OP, why not use Shamir's secret sharing? I think Ian Coleman has mnemonic tool for that, and it would allow for a better setup than this. Currently you have a seed which is useless alone and passphrase that is impossible to memorize and is useless alone. But with SSS you can create N of M setup where each shard is equal and you don't need them all to get the key.
OcTradism
Hero Member
*****
Offline Offline

Activity: 1960
Merit: 865



View Profile WWW
October 12, 2021, 01:58:54 AM
 #5

It is not necessary. You complicate the process and are you sure that you will have good backups of all the steps you are doing?

Because it is a complex process, if you lose backup of one of these steps, you will lose your Bitcoin.

Do it simple. Choose a non custodial wallet, download it, verify the wallet and install it to use.

Create your wallet offline and backup your private key or mnemonic seed. It is the best if you use an air-gapped computer to create and store your wallet.

[Guide] Secure air-gapped crypto wallet storage method
Good topics on security and privacy. Check it out for more topics.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
.
.Duelbits.
..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE
DUELBITS
FANTASY
SPORTS
████▄▄█████▄▄
░▄████
███████████▄
▐███
███████████████▄
███
████████████████
███
████████████████▌
███
██████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
.
▬▬
VS
▬▬
████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
/// PLAY FOR  FREE  ///
WIN FOR REAL
..PLAY NOW..
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18771


View Profile
October 12, 2021, 01:38:34 PM
Merited by hatshepsut93 (1)
 #6

step7: note down the seed and passpharese.
Note them down at least twice each on at least 4 separate pieces of paper. Noting them down together renders the passphrase pointless, as if someone compromises one of the two pieces of information then they have compromised them both. Noting each of them down only once gives you no redundancy and leaves you open to risk of total loss. Store all 4 pieces of paper separately.

note : i would have used talis and electrum but i want to make a bip39.
You can still use Tails, and instead use /dev/urandom to generate your entropy and import that in to Ian Coleman to get around the issues discussed above of generating entropy in a browser.

OP, why not use Shamir's secret sharing? I think Ian Coleman has mnemonic tool for that, and it would allow for a better setup than this.
Because https://en.bitcoin.it/wiki/Shamir_Secret_Snakeoil. If you want some sort of m-of-n system, then a better option is to use multi-sig.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!