Electrum multisig for long-term cold storage

[o_e_l_e_o]

But I guess so long as I have the backups for the wallets, it doesn't matter so much if the HDs have issues? Yes, I'm thinking about air gapped wallets/general setup.

As long as you have your back ups you will be able to recover your wallets, but if your hardware wallets have issues you may have to recover every back up to the same device, which removes the security of a multi-sig wallet.

Keeper (https://www.bitcoinkeeper.app/) seem to be developing something that probably suits what I'm looking for. It's still in testnet mode however.

Is it open source? They link to a GitHub, but it doesn't seem like any of the repositories are for that wallet.

This would seem to be better than a single sig wallet with multiple backups as there is no single point of failure.

Seems reasonable. When you say "one key kept nearby", is this on another device or just on paper? Because as above, if you need to import this key on to the same device which is already holding another key every time you want to spend, you are losing much of the benefit of a multi-sig, which is to spread your keys across different devices and remove a single point of failure.

[1714868942]

1714868942

[1714868942]

1714868942

[1714868942]

1714868942

[1714868942]

1714868942

[1714868942]

1714868942

[aesthete2022]

Seems reasonable. When you say "one key kept nearby", is this on another device or just on paper? Because as above, if you need to import this key on to the same device which is already holding another key every time you want to spend, you are losing much of the benefit of a multi-sig, which is to spread your keys across different devices and remove a single point of failure.

I mean one key would be kept on a HD nearby. Though having one key permanently on the signing machine obviously means you are particularly vulnerable in a 2-of-3 setup. Maybe best to not have one key on the signing device.

----

One question that I just thought of is, could an air gapped HD that can sign with a QR code (such as Passport or KeyStone) sign an Electrum multisig transaction remotely?

[aesthete2022]

if your hardware wallets have issues you may have to recover every back up to the same device

Why is this? I had assumed that if all three HD were corrupt I could just import the seeds into three new devices.

[o_e_l_e_o]

Why is this? I had assumed that if all three HD were corrupt I could just import the seeds into three new devices.

You can of course, provided you have three new devices in which to import your seed phrases.

If you were in the situation where your hardware wallets were lost/stolen, and you needed access to your coins urgently (before you had time to order three new hardware wallets and wait for their delivery or purchase three second hand laptops or similar), then your only option would be recover all the seed phrases in to the same wallet.

[aesthete2022]

Ah got it, thank you.

[aesthete2022]

I would also be careful making any multisig setup with hardware wallets like ledger or trezor, that are not fully supporting it or they shown some issues in past.

Just thinking about this again after watching Jameson Lopp's interview with Peter McCormack. He makes the point that Casa help protect against "breakable changes" that could happen if wallet vendors make a bad update to their software. However, I had always thought that, so long as I have all seed phrases to fulfil a quorum, it doesn't matter whether the vendors create changes that disrupt the devices' multisig capabilities?

[joniboini]

Just thinking about this again after watching Jameson Lopp's interview with Peter McCormack. He makes the point that Casa help protect against "breakable changes" that could happen if wallet vendors make a bad update to their software. However, I had always thought that, so long as I have all seed phrases to fulfil a quorum, it doesn't matter whether the vendors create changes that disrupt the devices' multisig capabilities.

Isn't Casa just a multi-sig platform where they hold one of your keys and allows you to add more keys/switch devices later on? I don't think you need Casa to protect you from malfunctioning hardware as long as you have the backup. You can replace Casa with another multisig device and you would still be fine. Not to mention you need to pay to use their multisig service.

You can check out their hot it works page[1] and replace the "hardware lost" with "broken hardware" and the graph will look the same. He is not wrong when he said Casa can protect their users from bad updates, but Casa is not the only option. A user can also wait for reviews before deciding to upgrade their software, or just use an open-source HW wallet where they can modify it whenever they want to. As long as they keep the backups they should be fine. CMIIW.

[1] https://keys.casa/how-it-works/

[o_e_l_e_o]

However, I had always thought that, so long as I have all seed phrases to fulfil a quorum, it doesn't matter whether the vendors create changes that disrupt the devices' multisig capabilities?

That's correct. The hardware wallets are simply storing the seed phrases and private keys, and interacting with the wallet software you are using. Should a hardware wallet manufacturer accidentally break the way they interact with your software, then you can simply take the seed phrase back up and import it somewhere else which is still working as intended.

The biggest potential issue here (outside of importing seed phrases in to pieces of software and therefore risking exposing them) would be knowing which derivation path your hardware wallets have used for your multi-sig wallet.

[aesthete2022]

Thank you both. That confirmed what I had been thinking. I have been playing around with paper multisig in Electrum for a while now - I always make sure to note the derivation paths.

I am going to establish a hardware multisig setup using open source wallets - 2 coldards and 1 passport. I'll probably stress test it and play around with it first before I migrate from Casa.

[aesthete2022]

I'm revisiting this topic as last night I had a major issue with Casa. Their servers went down, and the only way I was able to sign was with the setup I recreated in Sparrow. It brought home how vulnerable I was in relying on a third party, and how antithetical it is to the whole point of bitcoin.

So, I'm going to fully self custody from this point on. I am pretty confident in my ability to manage multisig via Sparrow, having kicked the tires on it over the past 6 months. I want to ensure I run the setup in the safest possible way, however.

1. Currently I connect my wallet to my node running a private Electrum server over Tor. Would running a VPN on my local machine also help against malicious attacks?

2. Sparrow recommend a password for your wallet files. However, if I'm not encrypting the wallet descriptor files, is there any point to this?

3. Am I right in thinking that if I have my descriptor file, and the necessary quorum of seedphrases/working HD wallets, I will always be able to access my funds?

Thanks!

[o_e_l_e_o]

1. Currently I connect my wallet to my node running a private Electrum server over Tor. Would running a VPN on my local machine also help against malicious attacks?

No, it wouldn't make any meaningful difference if you are already doing everything over Tor.

2. Sparrow recommend a password for your wallet files. However, if I'm not encrypting the wallet descriptor files, is there any point to this?

The descriptors that Sparrow creates only contain xpubs, and therefore are watch only and cannot be used to sign anything. You should definitely still password protect your wallet files which contain your seed phrases/private keys.

3. Am I right in thinking that if I have my descriptor file, and the necessary quorum of seedphrases/working HD wallets, I will always be able to access my funds?

That's right. The descriptor file will contain the xpubs for all your co-signers. Personally, I would still back up the xpubs alongside each seed phrase back up though, in the manner I describe here which maintains your privacy at the same time: https://bitcointalk.org/index.php?topic=5456975.msg62443533#msg62443533

[aesthete2022]

Thanks for the reply.

No, it wouldn't make any meaningful difference if you are already doing everything over Tor.

My node (separate machine) is connected to my wallet via Tor, but the computer that has Sparrow installed is still connected to to the internet. Does the above advice still stand?

The descriptors that Sparrow creates only contain xpubs, and therefore are watch only and cannot be used to sign anything. You should definitely still password protect your wallet files which contain your seed phrases/private keys.

None of my private keys are kept in the wallet files. They just contain the xpubs and master fingerprints. The private keys are stored in hardware wallets.

That's right. The descriptor file will contain the xpubs for all your co-signers. Personally, I would still back up the xpubs alongside each seed phrase back up though, in the manner I describe here which maintains your privacy at the same time: https://bitcointalk.org/index.php?topic=5456975.msg62443533#msg62443533

Thanks for this.

[o_e_l_e_o]

My node (separate machine) is connected to my wallet via Tor, but the computer that has Sparrow installed is still connected to to the internet. Does the above advice still stand?

Although some VPNs bundle some anti-malware capabilities, VPNs shouldn't be relied on to prevent your computer being hacked or targeted with malware. If you want to do other bitcoin related things on that computer which you don't want your ISP to know about, such as use this forum, use block explorers, check fees, etc., then a VPN might be worthwhile, although Tor would probably still be better.

None of my private keys are kept in the wallet files. They just contain the xpubs and master fingerprints. The private keys are stored in hardware wallets.

I see. In that case the concern is a privacy one, rather than a security one. If someone hacked your device or physically accessed your device, password protection on your Sparrow wallets might prevent them from viewing your wallets, addresses, transactions, etc. (This could of course directly lead to a security risk if the attacker then decides you own enough bitcoin to make you a target for further attacks.) Personally, I password protect/encrypt everything, even watch only wallets.

[Cricktor]

I use my wallets on a Linux system with full disk encryption. Stealing the device should prevent an attacker to gain access to the filesystem. I do wallet password protection even for watch wallets, just a habit I don't want to break with. I only make an exception if I do something with a test wallet which doesn't control any worth.

Even my Testnet Bitcoin wallets are password protected, but not with my stronger passwords. For convenience I relax passwords strength where appropriate.

[o_e_l_e_o]

I use my wallets on a Linux system with full disk encryption.

I also use this on all my drives, but of course remember that this only protects the disk at rest. If the drive is in use, such as it would be if you are running Core, then it is obviously decrypted and susceptible to physical or electronic intrusion. This is why, like you, I still password protect/encrypt all my individual wallet files as well.

[aesthete2022]

I use my wallets on a Linux system with full disk encryption. Stealing the device should prevent an attacker to gain access to the filesystem. I do wallet password protection even for watch wallets, just a habit I don't want to break with. I only make an exception if I do something with a test wallet which doesn't control any worth.

Even my Testnet Bitcoin wallets are password protected, but not with my stronger passwords. For convenience I relax passwords strength where appropriate.

Do you keep your private keys on hardware wallets, or are they stored on your hard drive? My wallet files are watch only, but with the master fingerprints so that I can use them to sign from an air gapped device.

[o_e_l_e_o]

Do you keep your private keys on hardware wallets, or are they stored on your hard drive? My wallet files are watch only, but with the master fingerprints so that I can use them to sign from an air gapped device.

I use a combination.

I have small amounts of coins in hot wallets on both mobile and desktop. I used to use a number of different hardware wallets, but given the number of hardware wallets over the last few years that have been shown to have critical vulnerabilities, data leaksm horrendous privacy features such as implementing KYC exchanges or supporting AOPP, horrendous security features such as online back up, and so on, I've pretty much abandoned them all. The vast majority of my coins are stored in permanently airgapped devices using full disk encryption.

[aesthete2022]

Interesting. The way I see it, if you're storing coins on a multisig setup with open source hardware wallets, this should offer the same security (maybe more secure?).

[Cricktor]

Same security compared to what exactly?

I had software hot wallets on a system that wasn't used for anything else. Strictly reduced to the minimum, not used for daily stuff. I was aware that this isn't safe but I'm able to keep my machines at home safe enough, past has proven, no issues with viruses, malware or other nasty things. (I think I'm not yet overconfident, I hope. It's just practice and knowledge of security related computer stuff. Don't be reckless and question crazy offers...)

But I knew, I shouldn't keep it that way. I experimented first with a PiTrezor I assembled myself. Just to get a feel to use a hardware wallet. Then I bought a "real" open-source hardware wallet. Still in the play & experiment phase but getting more and more familiar with it. Until I have my "secure" setup, I moved my wallets to an air-gapped encrypted laptop (yes, I know, that doesn't make them cold, but they're less exposed for sure).

I still need to figure out how I want to deal best with some of my important to me points of my risk assessment. Don't want to go too crazy, but don't want to go too easy either. Still reading books like what's available at https://smartcustody.com.

[aesthete2022]

Totally with you there. I just meant that a dedicated air gapped HD wallet is going to offer the same security (if not more) than an air gapped encrypted PC.