Advice on seedphrase generation and setup.

[zbv37]

Hi all, this is my first post and first time really reaching out to any community for any sort of help.

https://i.postimg.cc/hv3H2TfG/Untitled-2026-04-28-2351.png
This is my current setup. I have all the necessary hardware ready. Raspiblitz is up and running for 2 weeks, I have two flash drive, one of which has TailsOS + Sparrow installed acting as the hotwallet. The wallet's seed phrase is created using Border Wallet with the Entropy Grid pdf and the 12 words mnemonic (txt) saved in the Persistent storage.

To access my hot wallet, I would use the 12 words mnemonic to generate the Entropy Grid, I would then select the pattern (11 words) and provide a 12th word plus a passphrase to get my seed phrase to have access to my wallet, that's my hot wallet setup.

My question (green arrow in the image) is does it make sense for me to use that same 12 words mnemonic to generate the same Entropy Grid, select a different (11 words) pattern and provide a different 12th word plus to be my seed phrase for my Coldcard. In this way the 12 words mnemonic can be stored anywhere without any risk while all I need to remember is the 2x patterns, 2x 12th word and 2x passphrases to have access to both the wallets.

I understand that in this manner I wouldn't be using the Coldcard to generate my seedphrase and wonder if generating the seedphrase via Border Wallet has any downsides. Feel free to poke or criticize my setup, I am exploring all that I can. Thank you.

[LoyceV]

Quoting to show image:

In this way the 12 words mnemonic can be stored anywhere without any risk while all I need to remember is the 2x patterns, 2x 12th word and 2x passphrases to have access to both the wallets.

What happens if you lose your "Entropy Grid"? I spent about 10 minutes looking at "Border Wallet", and my gut feeling tells me this is unnecessarily complicated. You wouldn't be the first one to lose access to their coins because they created their own storage system and "tried to be smart".

[flapduck]

I'm with Loyce on this one. You are basically trying to turn seed backup into a puzzle box, and puzzle boxes have a nasty habit of defeating the owner before they defeat the thief.

The biggest danger here is not someone cracking your clever setup. The bigger danger is future-you, six months from now, tired, annoyed, maybe with a dead USB stick, trying to remember exactly which pattern, which 12th word, which passphrase, which wallet, which version of the tool, and whether that persistent Tails storage was the "final final" one or the "testing final" one. That is how coins go into the great unspendable swamp.

For a hot wallet, fine, experiment a little if the balance is small and you understand the failure modes. But for a Coldcard I would not derive it from the same Border Wallet base material you used for the hot wallet. Let the Coldcard generate its own seed, or add dice rolls if you want to sleep well. Then back it up in a standard, recoverable way. Paper first, steel if meaningful funds, passphrase only if you are disciplined enough to back that up too. Boring is underrated in Bitcoin. Boring is what survives house moves, laptop deaths, panic, heirs, and "I'll totally remember this" syndrome.

Also, "the 12 words can be stored anywhere without risk" is the kind of sentence that disturbs the opsec part of me. It may not be the final seed by itself, but it is still part of the secret construction. If someone gets enough of the recipe, your clever separation turns into a treasure map with some steps missing. Maybe still hard, sure, but why create weird correlated material between hot and cold funds at all?

For cold storage, I'd keep it simple: Coldcard makes seed, you verify backup, you test restore on an offline device or spare signer before funding serious amounts, then use Sparrow/watch-only for monitoring and PSBT flow. The fancy part should be the signing hygiene, not the seed archaeology. Bitcoin already gives us enough ways to step on rakes. No need to also forge your own custom rakes in the garage, lol. 

[zbv37]

I was thinking Border Wallet seems reasonably strong too and easy to remember. The pattern is easier to remember than all 12 words, in the end it's only the 12 the word + passphrase to be remembered. But I also get the argument that it is just a convoluted puzzle in order for me to access my wallet, what if my memory doesn't serve me as well as I hoped. Don't get me wrong, I definitely will get a steel back up for the actual seedphrase kept somewhere untouched for the long term storage. But I thought that should be the final backup that should only be accessed if something goes horribly wrong, so in the meantime I'm looking to have it stored somewhere else easier to retrieve like my mind thus Border Wallet. I will rethink my plan a bit on this.

Another question I have is related to coinjoin. All of sats are KYCed, and from where I am from it isn't easy to get non-KYCed sats, so I am looking to have the hotwallet acting like a temporary buffer to do all the coinjoin before sending it cold storage, in terms of opsec and privacy is it sound?

[LoyceV]

Don't get me wrong, I definitely will get a steel back up for the actual seedphrase kept somewhere untouched for the long term storage.

I'm a strong proponent of having different backup solutions for the same keys, so kuddos for you

Another question I have is related to coinjoin. All of sats are KYCed, and from where I am from it isn't easy to get non-KYCed sats, so I am looking to have the hotwallet acting like a temporary buffer to do all the coinjoin before sending it cold storage, in terms of opsec and privacy is it sound?

It depends: who are you trying to hide from? And have you considered the questions you'll get in the far future when you want to sell your coinjoined coins through an exchange?

[ABCbits]

Aside from what other member said, i expect you need to either reinstall/reconfigure Sparrow on every Tails boot, unless you know how to use Hooks feature.

Another question I have is related to coinjoin. All of sats are KYCed, and from where I am from it isn't easy to get non-KYCed sats, so I am looking to have the hotwallet acting like a temporary buffer to do all the coinjoin before sending it cold storage, in terms of opsec and privacy is it sound?

Do you care that other people know that you use UTXO from CJ process? AFAIK current most popular CoinJoin option is Wasabi wallet (that use WabiSabi protocol), where it's trivial to identify the TX as CoinJoin due to total input/output and the output range.

[zbv37]

I'm a strong proponent of having different backup solutions for the same keys, so kuddos for you

I'm not running away from anyone. I am just being privacy conscious thus the full node setup, initially I wasn't thinking about having a full node, but after learning ways txn are broadcast I think it'd be wise to participate and protect myself.

To be honest my plan to self custody is mainly risk mitigation, not your keys not your coin. In terms of keeping UTXO private doing CJ and all, I am still hesitant, my worries are mostly surrounding how can those self custody sats be spent moving forward. Long term I am convicted with holding sats, but I do not want my UTXO through CJ or whatever method cause trouble in my future spending - be it sold off to fiat, move to LN or whatever it may be. Where I am from Bitcoin policy isn't well discussed topic in public, hodlers are rare, self custody is even more rare, however there are crypto exchanges that are approved by local securities commission. My concerns are surrounding what are the implications of doing CJ for all / partials of my UTXOs in the future.

What is the tradeoff of not doing CJ as a self custodian who just holds for long term? What are the implication of doing CJ on all the UTXO?

Aside from what other member said, i expect you need to either reinstall/reconfigure Sparrow on every Tails boot, unless you know how to use Hooks feature.

My Tails + Sparrow is pretty simple. It is just Sparrow and the wallet data sitting in the Persistence storage so no reinstall required after each boot. So you can say that the only thing that's stopping any adversary finding my sats is 1) find the flash drive 2) tails password to unlock persistent storage 3) wallet password. However, I don't think my threat level is that high to deem paranoid level of security.

[Cricktor]

Human memory is rarely a suitable persistant and reliable form of storage. So scrap any "construction" around wanting to memorize some complex secrets and/or "puzzle boxes". You will learn the hard way that this is destined to fail. I have some less dramatic first-hand experience with that.

I'm a lot with flapduck here: don't construct an auto-aim mechanism to shoot yourself straight into your foot.

Try to conduct a ruthless risk analysis of in your personal situation most relevant loss scenarios. Don't try to mitigate anything, it's going to be messy complicated and a sure recipe to screw up.

Try to find a simple but still solid setup without over-complicating things. This will in most cases be more safe than convoluted "puzzle boxes".

Personally, I would use coinjoins rarely because I expect that more and more CEXes will make a fuss about them and nag their customers. The question is, what are your primary trading partners? How well do you unterstand Bitcoin's transaction model?

[satscraper]

My question (green arrow in the image) is does it make sense for me to use that same 12 words mnemonic to generate the same Entropy Grid, select a different (11 words) pattern and provide a different 12th word plus to be my seed phrase for my Coldcard. In this way the 12 words mnemonic can be stored anywhere without any risk while all I need to remember is the 2x patterns, 2x 12th word and 2x passphrases to have access to both the wallets.

Coldcard uses TRNG to generate randomness, which ^{I believe} is much stronger than the entropy produced by Entropy Grid. In addition, it supports BIP‑85, meaning you can treat  SEED generated by this wallet as your master SEED and derive child SEEds for your other wallets. This way you can have your cake and eat it too,  meaning your seeds remain  strong, and at the same time you only need to remember one of them ^{i.e. your master SEED} while all others stay deterministically derived from it.

[MarryWithBTC]

Why so much complexity? Your system relies on 12 word mnemonic, pattern selection, custom 12th word and passphrase. That is alot, coupled with entropy grid construction. The whole setup is pointing to your assumption that you are safe if someone doesn't understand your setup. But that is not the real security. The real and good setup should be secured even if the method is known Kerckhoffs’s principle

My question (green arrow in the image) is does it make sense for me to use that same 12 words mnemonic to generate the same Entropy Grid, select a different (11 words) pattern and provide a different 12th word plus to be my seed phrase for my Coldcard. In this way the 12 words mnemonic can be stored anywhere without any risk while all I need to remember is the 2x patterns, 2x 12th word and 2x passphrases to have access to both the wallets.

Coldcard uses TRNG to generate randomness, which ^{I believe} is much stronger than the entropy produced by Entropy Grid. In addition, it supports BIP‑85, meaning you can treat  SEED generated by this wallet as your master SEED and derive child SEEds for your other wallets. This way you can have your cake and eat it too,  meaning your seeds remain  strong, and at the same time you only need to remember one of them ^{i.e. your master SEED} while all others stay deterministically derived from it.

Remember that both his hot and cold wallets are derived from the same base mnemonic. It is not the best, it defeats the purpose of separation. Even the BIP-85 doesn't fully solve this as it also centralizes everything around a single master seed.