Saturday, 22 August 2020

Storing your coins safely while not risking loss of keys

This was originally an answer to a question that was asked here, but OP deleted their post.

This might help some newbies (especially the multisig edit at the end), so I want to make sure it's still accessible here.

The original question was whether the Electrum wallet stores a Trezor's private key when using a passphrase.

OP noticed that their Trezor wouldn't connect to their Electrum wallet when entering a different passphrase than they used when creating the wallet. Thus, OP (likely) assumed that the wallet stored the private key, as it somehow knew that a different private key was now used.

Here is my original answer (with some modifications):

IMPORTANT: I'm assuming here that you connected your Trezor by choosing the "hardware wallet" option in Electrum, rather than giving Electrum your 12/24 seed words.

TL;DR: No, your coins are safe :)

I'm assuming by passphrase) you mean the 25th (or 13th) word. When you have this feature enabled, a private key gets generated every time you enter a passphrase. When you enter the same passphrase you used to create the wallet, the wallet with your funds shows up.

Whenever you enter something different, a different private key is generated on your Trezor. This allows you to have multiple different wallets, for example by choosing the passphrases "First Wallet", "Second Wallet", "Third Wallet", or a secret wallet with a secret passphrase.

So whenever you enter a new passphrase when connecting your Trezor to Electrum, the Trezor will send a new public key to Electrum. Electrum will then derive addresses from this public key and check those for balances. It won't find any, as you used a new passphrase.

EDIT: I just realized that you said your wallet doesn't connect to Electrum when you use a different passphrase. This is simply because Electrum doesn't receive the correct public key from the Trezor and therefore Electrum thinks it's a different wallet (which it is).

When you enter the passphrase you used during creation of your wallet, the Trezor will send your actual public key to Electrum, which will then find addresses with balances, which it will show to you. EDIT (to clarify): Connecting your Trezor after creating the wallet is only necessary to send funds or verify addresses, as the public key is already stored in the wallet.dat.

The only thing Electrum actually stores is the public key, which can only be used to look at your Bitcoin, not to move them. You might want to keep this public key a secret as well though, since it links all your funds to you. This is what Electrum stores in the wallet.dat file, which you can just encrypt by choosing a password for it.

Well done using a passphrase by the way! Should someone get their hands on your Trezor, a sophisticated attacker can get the secret key off the device in 15 minutes. Using a passphrase makes this attack almost useless, as the both secret key AND the passphrase are needed to move your funds, and the passphrase is not stored on the device. A passphrase also allows you to hide funds from potential robbers that force you to unlock your wallet.

You can do this by activating the passphrase feature and sending your funds to a wallet with a secret passphrase (do NOT lose this, as losing your passphrase renders your funds inaccessible). Afterwards, you can safely deactivate the passphrase feature, so the device doesn't even ask for one should you get robbed. Simply reactivate it when you need to access your funds.

EDIT: Should you be worried that you might forget your passphrase, you should look into multisig wallets. Depending on how you set this up, you can make it more secure against theft and less likely for you to lose access to your funds.

Say for example you get four wallets: two hardware wallets, a well-protected (airgapped) laptop with Electrum, and a secure mobile wallet that allows for multisig (like Fully Noded).

You can then create a 2-of-4 multisig wallet that requires you to sign transactions with any two of these four wallets.

The increase in security comes from the fact that an attacker now needs full access to two of your devices (or their stored private keys) at once.

At the same time, the fact that you yourself now also need access to only half of your devices means that in the event of a total loss of one (or even two) of them, you can still move your funds to a new wallet.

As long as you do regular checks (e.g. first day of each month), ensuring that you still have access to all your devices' stored private keys, you can always catch a loss of keys and fix this without losing funds (by creating a new multisig wallet and sending the funds there).

This allows you to use a passphrase on your wallets without storing it anywhere physically or digitally. This would usually be very risky, as forgetting the passphrase would lead to a loss of funds, but this risk is now close to eliminated.

(The following part was not in the original answer)

Some IMPORTANT general secruity tips:

  1. Consider including trusted friends and/or family members as co-signers for a multisig wallet. This ensures that it's not even possible for you alone to hand over funds to an attacker. Depending on your level of trust, you might want to make sure that your co-signers can't collaborate to steal your funds (if you include 3 people, create at least a 4-of-n multisig). You could also deliberately make it possible for all or even just some of your co-signers to move your funds (3 co-signers, 3(or less)-of-n multisig) to make sure your funds aren't lost should pass away unexpectedly.
  2. Consider running your own full node and Electrum server (also check the alternatives), which you connect your Electrum wallet to. This ensures that you don't send your public key to anyone else. If someone knows your public key, they know how much BTC you own, making you a potential target.
  3. Always encrypt your wallet.dat (or whatever you called your wallet file), even if it's a watch-only wallet. This protects your public key (see 1. for why you want that).
  4. Create watch-only wallets: Use an airgapped) device to create a wallet with Electrum (make sure to back up the seed phrase) and export the public key. Then create a new watch-only wallet on another device (like your everyday laptop) with that public key to be able to check your funds. To create the initial wallet, you can also use any other hard- or software wallet that allows you to export the master public key.
  5. Hide, or (when using a hardware wallet with a passphrase) even delete your watch-only wallets. Hiding your funds makes you less of a target. When using a hardware wallet, recreating the watch-only wallet is fast and simple, so you don't need to store it if you don't want to check your funds every day. Note that this approach doesn't help much when you don't use a passphrase, as an attacker will obviously check the passphrase-less wallet no matter what.
  6. Keep some funds on your hardware wallet(s). If an attackers sees funds on the wallet(s), they might not force you to enter a passphrase or ask if you have any multisig wallets (lying under pressure is hard).
  7. Hide all your wallets in different places. If someone sees that you have multiple wallets lying around, they might realize you have a multisig wallet.
  8. Don't risk a robber getting (for example) two keys to your 2-of-4 multisig wallet and then racing them to move your funds with the other two keys when they leave. They're gonna come back and be pissed. If it comes to this, you need protection until the robber is caught. STAY SAFE!
  9. The easiest way to solve a problem is to never have it. Don't make yourself a target. If nobody even suspects that you have a multisig (or any wallet at all), they're probably not gonna look for it.

Please correct any mistakes you find and I will edit my post. I will also gladly add more tips to the list. I will of course credit anyone who helps.

Tip for devs who want something cool and important to work on: Make the creation and usage of multisig wallets as noob-friendly as possible. If someone expresses worries about losing access to their funds by forgetting the seed phrase, wallet pin, etc. (someone in my family actually brought this up to me), multisig wallets are the perfect solution as they add redundancy.



Submitted August 22, 2020 at 10:45PM by Fittiboy https://bit.ly/2YoAn0V

No comments :

Post a Comment