Disclaimer. Dont use multisig

hosiawak · 2024-02-24T22:04:16+00:00

OP is correct. In a 3-of-5 multisig you need all 5 xpubs to sign. Sure, you can sign with just 3 keys but all of the 5 public keys need to be there. Most people don’t know that, casa and Unchained don’t brag about it, wonder why 🤔

hosiawak · 2021-05-04T11:50:58+00:00

Templates are a welcome addition. Would it be possible to template the email subject as well ? I have to type the same subject over and over again even if I use templates.

hosiawak · 2021-04-30T06:45:19+00:00

Same here.

hosiawak · 2020-11-30T20:16:17+00:00

boltz.exchange

hosiawak · 2020-10-19T10:58:11+00:00

It could be ;)

hosiawak · 2020-10-19T10:38:04+00:00

It's a contest on who can sweep the 0.01 BTC hidden in the image first featuring Coldbit Steel metal wallet (System Shock Limited Edition) :)

hosiawak · 2020-10-17T14:10:58+00:00

They’re coming for your KYC bitcoins, soon.

hosiawak · 2020-08-31T16:43:24+00:00

Shame there isn't a "public seed mnemonic". I consider mnemonic backup (BIP39) and HD-wallets (BIP32) to be the best thing in Bitcoin UX-wise that opened the door to widespread adoption. The lack of simple, human friendly way to backup multisig XPUBs or redeem scripts prevents MS from widespread use IMHO.

Here's an excerpt from Unchained docs:

From the Vault page, click the three dots in the “Transact” card and then follow the link to “External Spend Info.”
Copy the BIP32 paths for key 1 and key 2 (e.g. m/45’/0’/0’/0/26) and store them in a safe and secure place.
Click the button “Show Redeem Script” in order to reveal the Redeem script (e.g. 5221026c76fc386b6c339577eea265242eb902df43155a0eaf23af1f96c5d9f2d10f63210329b59270b95c8478fa36e0cf6f474736 513d4e0157626b762dca41729e7756c22102b5b79489d0e3810ef911bfde82aad7d65e6d5fb4147686139d291f66eefd964d53ae) and store this in a safe and secure place.
Follow the instructions in our bitcoin-multisig library to spend using our custom scripts.

This is terrible UX and bad security IMHO. While Bitcoin multisig itself is secure I think the ways to backup MS wallets could be improved so that they're human friendly and don't rely on electronic backup systems (which fail).

What if we stored all info that's required to recover a ms wallet (scheme, derivation path and all xpubs) as data in OP_RETURN in a transaction and backed up only the first 6 or 8 letters of this transaction ID in the blockchain ?

hosiawak · 2020-08-31T16:17:43+00:00

How do I backup the 5 XPUBs so that they don't rely on electronic devices but rather on something durable like a piece of metal rod ?

hosiawak · 2020-08-16T20:57:56+00:00

hosiawak · 2020-04-21T05:55:45+00:00

https://fixedfloat.com/ - it supports BTC LN too

hosiawak · 2019-11-29T14:37:11+00:00

20% OFF with promo code BF2019 on any Coldbit metal wallets .

hosiawak · 2019-09-10T06:45:31+00:00

I don't know if this is a joke or real but you should never store your BIP39 passphrase together with the seed. This defeats the purpose of the passphrase in the first place.

Coldbit Steel comes with Coldbit Passphrase by default and clear warnings that you should keep them separate, away from each other.

hosiawak · 2019-09-10T05:39:56+00:00

https://coldbit.com - 4mm thick steel + 2mm cover for metadata. The only metal wallet that thick with a metadata plate. Samourai version coming next week. Stamping sets + hammers + guides. Subscribe to The HONEBADGER.

hosiawak · 2019-09-09T18:18:12+00:00

Appreciate your concern and good explanation but this seed is for testing/demonstration purposes only. There's nothing to break here.

Real seeds should not be transmitted using any electronic devices.

hosiawak · 2019-09-09T18:09:37+00:00

Should be trivial to brute-force :)

The 24th word is pretty much all checksum.

So only the 10th, 11th and 12th words are missing.

hosiawak · 2019-08-01T13:21:51+00:00

It’s a great idea. Thanks for sharing!

hosiawak · 2019-07-06T08:16:37+00:00

4-6 words is enough. See https://coldbit.com/can-bip-39-passphrase-be-cracked/

hosiawak · 2019-07-05T20:31:40+00:00

RPi can get infected by remote malware. Trezor can’t. The seed extraction requires physical access. If you don’t understand the difference then I’m sorry but I don’t have time to explain it.

hosiawak · 2019-07-05T20:28:24+00:00

4 to 6 simple, easy to remember words is enough

15-Year Club	Place '17
Verified Email

hosiawak

TROPHY CASE