Why Multi Sig? Why not a Passphrase? \ stacker news ~bitcoin

172 sats \ 14 comments \ @Oxjogir 7 Feb 2023 bitcoin

Good morning,

I have seen numerous threads and articles about Multi Sig being the top notch level of security for securing your Assets. I am not here to debate over the abundance of literature showing the benefits of a Multi Sig wallet but I would like to debate whereas a Passphrase is an overall solution.

Multi Sig has an advantage of not having a single point of failure. This means that you can have a signature requirement 2 of 3, 4 of 5 or any combination you want. This is in theory a good feature. However, practically speaking, the odds of loosing your seedphrase multiply with the amount of seedphrase required.

Secondly, it would be possible, in theory for someone to find all your seedphrase required to complete de signature. However, the odds of finding them is divided by the amount of seedphrase required.

In my logic, the off of loosing them cancels out the odds of them being found by someone else.

On the other hand, a passphrase is simpler. You can multiply the amount of copies of your seedphrase and put them in different places. The odds of them being found is also multiplied.

However, the chances that someone "assumes" or "knows" that there is a 25th words are as good as someone knowing that somethings that is not written exist. Multiply that by not only knowing someone that is not written exist, but also knowing something you have invented or something that only you could know.

According to the logic above, what do you think is the best solution?

view all related items

20 sats \ 2 replies \ @pillar 7 Feb 2023

Ignoring the low-level technical details, a single-sig + passphrase is like a 2-of-2 multisig. And a 2-of-2 is tipically discouraged, and for good reasons. You earn more security against attackers if you keep the seed and the passphrase (or your second seed) stored independently. But, and this is a huge but (huge enough for me to advice against doing this at all) you have dramatically increased the chances of locking yourself out. For most people, this is far more dangerous than external attackers.

Think about it. By going from simple seed to seed + passphrase, you have multiplied by two the amount of single points of failure. So, in simple terms, you have also multiplied by two the chances that you lose a critical part of your recovery scheme and lose your bitcoin.

On the other hand, if you go for a 2-of-3 multisig, you don't have any single point of failure. It is definetely more complex than a single seed setup, but if you know what you are doing, it's orders of magnitude more robust both against attackers as well as against your own errors.

My personal opinion is: either settle for a simple, single seed setup, or get your hands dirty and go for a 2-of-3 multisig.

0 sats \ 1 reply \ @Oxjogir OP 8 Feb 2023

I agree if someone generates a passphrase and needs to remember it or store it, however I am talking about a strong passphrase that few people would know the answer, and nobody would know you have a passphrase (ie. the name of the persone which whom you lost your virginity, the street name on which you were living when you were born/grew up, your high school crush, any events or name in the past that would be irrelevant to others but somewhat special to you).

0 sats \ 0 replies \ @pillar 8 Feb 2023

Sorry, I think you are missing the point.

Don't even think about not writing down the passphrase if you are going that path. A million things could go wrong. You could lose memory. You could mess up a single character and screw things up (been there, done that). And if you are going to rely on your memory... why not simply remember your seed instead? Simply, don't rely on your memory that way.

If you have a single sig, no passphrase setup, any of your backups falling into the hands of an attacker means you lose your bitcoin.

If you have a single sig + passphrase setup, and you store them together, it's the same thing as the single sig, no passphrase setup.

If you have a single + passphrase setup, and you store the seed and the passphrase in different locations (so that no single location falling into an attacker's hands means losing your bitcoin) you are effectively facing the same problem as a 2-of-2 multisig: you know have two pieces of information (the seed and the passphrase) which are both necessary for recovery, so you have two single points of failure. It's enough to lose one of the two things to lose your bitcoin.

If you have a 2-of-3 multisig, with 3 or more backup locations, there is no single point of failure. You can lose one of the keys and still recover.

So, again: if you compare a simple single sig against a single sig + passphrase or its lookalike, the 2-of-2 multisig, you are increasing security against attackers a bit while increasing security against accidentally losing your bitcoin a lot.

0 sats \ 0 replies \ @hugohanoi 9 Jul 2023

Passphrases have footguns that have tripped up many users over the years. They are oversold and the associated risks are often downplayed IMO.

I've written about their weaknesses here. https://hugonguyen.medium.com/passphrases-are-not-the-solution-for-bitcoin-custody-4f967a339b1b

0 sats \ 1 reply \ @pi 7 Feb 2023

the odds of loosing your seedphrase multiply with the amount of seedphrase required.

The probability that A looses their seed phrase, p(A) > p(A) * p(B)

Or not?

0 sats \ 0 replies \ @Oxjogir OP 8 Feb 2023

No, that would be true if you only need 1 of the 2 Multi-Sig.

0 sats \ 2 replies \ @orthwyrm 7 Feb 2023

Multi-sig really shines when there are multiple parties involved. Collaborative custody models, businesses, and inheritance planning come to mind.

For individuals, I think it depends on your threat model. If you are a public figure who is known to possess large sums of bitcoin (Saylor for example), you should probably consider multi-sig. Even under duress, you cannot be forced to spend the funds without visiting every backup location. Quite impractical for an attacker if split across countries.

0 sats \ 1 reply \ @Oxjogir OP 8 Feb 2023

Thats a good point, regarding how much exposure you have it might be a good idea to have a multi location Multi Sig. However, with plebs with Multi Sig wallets, the odds that they have a multi location safe split across countries are quite minimal.

0 sats \ 0 replies \ @orthwyrm 8 Feb 2023

Agreed. If you only have 1-2 safe locations, either seed + passphrase or a 2-of-3 collaborative custody model might make more sense.

For the record, I actually use a seed + passphrase. I have metal backups of each in two different locations. The passphrase I also have memorized, and the seed also in a hardware wallet (so two backups each). I figured this was robust enough for my circumstances, and I like the ease of recovery and plausible deniability that passphrases offer.

If my ownership of bitcoin were to become widely known (say an exchange hack), I'd upgrade to multi-sig.

0 sats \ 3 replies \ @Eximpius 7 Feb 2023

Depends on your passphrase. If you use your dogs name as the passphrase then its not secure at all.

0 sats \ 2 replies \ @Oxjogir OP 8 Feb 2023

I am talking about a strong passphrase that few people would know the answer, and nobody would know you have a passphrase (ie. the name of the persone which whom you lost your virginity, the street name on which you were living when you were born/grew up, your high school crush, any events or name in the past that would be irrelevant to others but somewhat special to you).

0 sats \ 0 replies \ @josephjoeyjoe 5 Mar 2023

Idk man, probs best to combine multiple words from list. Four words from list strung together is easier to enter than words you need to spell out and characters. If you mess up entering passphrase you'll be creating a new wallet.

0 sats \ 0 replies \ @Eximpius 8 Feb 2023

Would be better to combine a few of those suggestions with a few symbols in between one and maybe 1 number somewhere. Like Tina?Mainstreet?Becky?4

0 sats \ 0 replies \ @DarthCoin 7 Feb 2023

Consider this: A company that accept BTC. The accounting and security of those BTC, must be in a multisig, when is about to be spend / moved etc.

To accept BTC as a company is easy, today we have many tools as "invoice-only", "watch-only", "receive-only".

But when is about to spend those BTC is hard to trust people with only one key to those wallets. And we are talking here about maaaaany BTC, not just few sats.

MultiSig is very good for these companies, where access to BTC stash is necessary to be done by multiple individuals / users.

For a simple user, holding his meaningless 100k sats in a wallet it DOESN'T MAKE SENSE a multisig scenario.