Multi sig question \ stacker news ~bitcoin

476 sats \ 9 comments \ @POTUS 1 Dec 2022 bitcoin

Hello.

What are the absolute essentials to back up for a multisig wallet. I obviously know you have to secure the keys as well as the hardware wallets you use as well. I have seen people talk about having to have a file on an sd card just not sure exactly what’s needed. Any answers/links are appreciated.

view all related items

844 sats \ 0 replies \ @nerd2ninja 1 Dec 2022

Important aspects of multi-sig

Each signature comes from a different piece of hardware (hardware wallet or laptop or mobile phone)
Best practice for no number of devices needed to spend, be on the same network (if on an network at all) so 2 computers are on different internets or not on the internet at all in a 2/3 multi-sig
Do not physically connect devices together (Its good to keep signing computers from being on the same internet, its worse if they are connected via a USB)
Verify the destination address on every device you use to sign (if a compromised device tries to lie to you, you'll know when you verify on a device that isn't compromised)

For even more hardcore security, check out glacier protocol: https://glacierprotocol.org/

130 sats \ 2 replies \ @scampy 1 Dec 2022

One thing I didn't see mentioned in the replies is the need to back-up your xpubs for every key in the quorum. So if you went with a 2-of-3 for example, you'll still need all 3 xpubs to recover the wallet.

This is an important distinction from other popular schemes like seed + passphrase, where the public key isn't necessary to recover funds.

The xpubs themselves cannot be used to spend funds, so keeping these secure isn't as big of a deal as your private keys / seed phrases. You can make many copies for redundancy. Leaking them can compromise your privacy, of course.

Personally I think that multisig is best left to experts or collaborative custody models (where an entity like an exchange holds one of the keys). You should assess your own desired security model, but it could be that a simple seed + passphrase is sufficient for your needs.

110 sats \ 0 replies \ @twentyonereturn 1 Dec 2022

This deserves stressing: if you ever have to recover your multisig wallet you'll need:

the required quorum of private keys (e.g. 2 of 3); and
the xpub of ALL co-signers, i.e. 3 xpubs in case of a 2 of 3 setup.

People have lost money because they did not properly back-up all co-signer xpubs.

3 sats \ 0 replies \ @nerd2ninja 1 Dec 2022

I like the tip, however, I will never personally shy people away from doing things that are more secure. Having full comprehension of what's going on is important, but that knowledge should not scare people away.

xpubs are the one backup need that I would actually confidently say "Go ahead an back that up on google drive" (you should encrypt it anyway just for privacy, but unencrypted won't affect your security) whereas with private keys, I would never dare say something like that, not even an encrypted google drive backup, mostly because people's passwords are bad! Password reuse and limited imagination and poor ability to do random really have killed the password.

That all being said, it is true that a cold card and a seed backup in steel is probably all the average person needs, but a multi-sig with your mommy and your in-laws with everyone's xpubs on google drive would also be pretty good. It would protect your money from a house fire the same way a steel plate would.

So basically I'm saying, everything is a matter of trade offs and preferences, but don't go scaring people away from things. Explaining how to be safe with it is much better.

45 sats \ 0 replies \ @00 1 Dec 2022

If it is 2 of 2 multi-sig, the bare minimum you need is both (all) seed phrases. You can restore the multi-sig in Electrum with just that, no matter how many signatures you require.

15 sats \ 0 replies \ @justsmile 1 Dec 2022

When you have a 2-of-2 multi-sig wallet with someone, all you need to know is your mnemonic and their xpub.

Example: open your Electrum Bitcoin Wallet in --signet network mode. Make a new 2-of-2 multisig and as the counterparty use my (read-only) key Vpub5fzukEDJ7Q57QrhKMeMyRUkwHAHWTKAHwcdXdjvL9DFfkJqWrJPxqXN2afiCJ2dMabKxCUaXiFByyWgz9DvvnSRDdGRkSwJbCnx4UZ3gdnY. If you send any coins there, let me know your "Master Public Key". Otherwise there is no chance for anyone to find out something was sent to our wallet (or even that it exists).

0 sats \ 0 replies \ @eluc 1 Dec 2022

I covered that and compare pro and cons with other wallet back strategies. See this article: https://eluc.ch/wallet-backup-strategies/ There is a section for Multi-Sign with minimum requirement to withdraw (assuming 2 of 3 you need: wallet backup file + 2 seed, or 3 x/zPub + 2 seeds,... see details in the article) and about the security against lost or thief.

0 sats \ 0 replies \ @01xCc 1 Dec 2022

Все что в тексте можно рапечатать... но не удобно набирать. создай ключь на основе кода во времени. пользуйся. Первый ключь подписывает и дает 24 часа или 1 час для подписания 2-го ключа.

0 sats \ 0 replies \ @cokyjgz 1 Dec 2022

Thanks for sharing