100 sats \ 4 replies \ @0330830bf9 OP 22 Nov 2023 \ parent \ on: Looking for a post discussing 2:2 vs 2:3 multisig cold storage bitcoin
Multisig in a purely technical context is about non-reliance on either a single source of entropy or exfiltration.
Say you do something dumb like store a large amount of Bitcoin in a mobile wallet, well some employee at Google or Apple, or maybe even just an exploit of the device's software, could exfiltrate your key to their servers and sweep your coin without any evidence.
Had you a 2:2 multisig, the phone key alone would be inadequate to sweep.
It could be even less dumb than that, say a clean linux install on a name brand PC with an Intel, AMD, or ARM chip that has NSA-level skewing of the random number generator. Even if it was airgapped, your key could be re-created by an attacker and scanned for outputs.
It could also be a honeypot like a HWW that stealth shipped a similar backdoor.
By using 2+ signatures, no single attack is adequate... it's about requiring multiple coordinated attacks or collusion which vastly increases your security threshold.
Memory is not a storage strategy no matter how much people want to think it is, as there are factors like future cognitive impairment and inheritance scenarios that rule it out for anyone needing a serious setup.
For passphrasing stuff with encryption, that can be done at a higher layer like keeping encrypted instructions on a cloud drive. The problem with that is password patterns from the 80s are still the zeitgeist.
This old XKCD summarizes my view on passwords:
https://m.stacker.news/5606
So I just talked to someone about the password scheme, in the XKCD cartoon above. He said it's NOT 44 bits of entropy, because it's 4 dictionary words, instead of the same number of random characters.
Thoughts?
reply
the spaces make it one big not-dictionary word
reply
deleted by author
reply
No that's still single sig and probably a bad idea all around.
reply