My understanding is that this is far less secure than an actual multisig. With just 2 or even 1 of the seed phrases "shards" the level of entropy in the seed significantly reduced.
I guess if you need the audibility and security of actual multisig then you will likely know, if not a 25th word will likely be enough.
With 2 pieces, of course, the seed phrase is completely exposed. That's the point, it's like a 2 of 3 multi-sig.
The first piece has the 1st and 2nd chunk of words. The second piece has the first and third chunk of words. The third piece has the second and third chunk of words.
Like this:
Location A Location B Location C word 1 word 1 word 2 word 2 word 3 word 3
But if attackers find only 1 of the parts, you still have 80 bits of entropy. Here's a quote from one of the referenced articles:
My understanding is that 80 bits is not considered incredibly secure, but it is not trivial to break either. If I consider my storage locations reasonably secure and don't expect targetted theft ("we know he has a lot of bitcoins, we are going to break in to steal the words from one location, we have a cluster of machines on standby to brute-force the missing words") but am just trying to protect myself against opportunistic theft ("we broke in to steal the household electronics and any cash lying around, but we also found these bitcoin seed words!"), is it ridiculous to consider this acceptable?
reply