TRANSKRYPCJA VIDEO
Dla tego filmu nie wygenerowano opisu.
Okay, so we only have what 45, 50 minutes to try to compress seven years of Bitcoin security experience. I'm sure this will go very well. But my name is Jameson Lopp. I have been full time in Bitcoin since 2015 and have basically been working on various iterations of self custody software. I've spent three years focusing on enterprise, multi signature wallets, trying to prevent a lot of the hacks from happening against exchanges and other large providers. And then for the past four years, I've been pivoting and focusing more on trying to bring best practices and security to individuals. And so that's mostly what I'll focus on today.
There will be some organizational level stuff, but that's what we're really going to talk about is best practices. I will be making some assumptions that you know some basic stuff about Bitcoin so that we don't have to waste time on that. But if you've been in Bitcoin for more than a few minutes, then you understand that one of its greatest attributes is that at least if you hold your own keys, if you self custody, then no one can confiscate your money. No one can censor you. You have this level of self sovereignty that has never existed before. But the flip side of that is this double edged sword and with power comes responsibility.
If you screw up, doesn't really matter how, no one can help you. So it's very important that you front load all of your paranoia, all of your security considerations, because unlike with a credit card or a bank, if something goes wrong, you call up support and they reverse the charge. That's not going to happen in Bitcoin. You need to prevent that from happening in the first place. So what are we really going to be talking about? I mean, the fundamentals, it comes down to private keys.
What is a private key? It's essentially a unique randomly generated number that is then used to create a public key and then that public key goes through a few various transformations to eventually become a Bitcoin address. And that's how you receive your money. So the public key and everything to the right is public information. It's fine. It's what you give to other people so that you can receive money on the blockchain. The private key should never be shared with anyone. And you need to be very, very careful about how it's stored, how it's used, and make sure that it is robust and that you're not going to lose it either to an attacker or to some sort of disaster.
So with great power comes great responsibility. We're talking about these private keys. Don't bother loading this one up. There's no funds in it. But this is the binary representation of a seed phrase. You're probably more used to the 24 word version, which is down at the bottom. But this is what we are talking about. This is literally the keys to the kingdom. If you have a significant amount of money in Bitcoin, then the money is just this random number. So there's a couple different ways that you can describe or categorize a Bitcoin wallet. One of those is based on the authentication that is required to move the money out of the wallet.
The vast majority of people and the default for the vast majority of Bitcoin wallets is to use a single signature, which means one of the keys like this. However, like I said, what I've been working on for about seven years now is different types of multi-signature wallets, which means you have to have two out of three or three out of five, some sort of M out of N set of keys in order to be able to spend the funds. This is programmatically a part of the blockchain, where we're using these locking scripts to lock them up in an address on the blockchain.
And then if we do not provide the correct corresponding number of signatures and type of signatures, then the transaction that we try to create gets rejected by all of the nodes. It does not get mined. It doesn't go into the blockchain. This is a much more robust, though slightly more complex way of going about doing a wallet. But we'll go through why that is in the coming minutes. Another way that you can slice and dice wallets is where and how the private keys themselves are stored. We're going to throw out custodial wallets right off because it's kind of ridiculous to use them in the first place.
If you use a custodial wallet, if you leave your money on the exchange where you bought it, you don't even have Bitcoin. You have an IOU for Bitcoin, and there's a million different things that can go wrong. Essentially, all of the same things that can go wrong in a self-custody wallet can go wrong. Additionally, you have counterparty risk, where any number of employees or other people or hackers that get into that company's database and get their keys can then steal your funds. So from a self-custody perspective, I would say probably the default for most people is a software wallet. You may install something like Electrum on your desktop.
You may install a mobile app like Breeze on your phone. And then you're just using keys that are generated on that device. This is incredibly convenient. However, it is a hot wallet. You have the keys on an internet-connected device. There are still a number of things that can go wrong. I would say if you want to level up your game, what you want is you want dedicated hardware. You want these keys to be on a device that is specifically designed to do nothing but manage private keys. Examples of this, Trezor, Ledger, Coldcard. There's a dozen or more different companies out there, and they're all good.
Obviously, if you start going really deep into it, you'll be able to find technical minutiae of why one may be better than the other. But any of them are better than having your keys on your phone or on your computer. So if we look at the history of Bitcoin, these numbers are somewhat arbitrary estimates from chain analysis, and they're also a few years old. But we believe that about 4 million Bitcoin are permanently lost, most of those, of course, the very early years when it wasn't worth anything and people weren't putting a lot of effort into securing their coins. And we also estimate that over 2 million Bitcoin have been stolen.
So the main thing that I would take away from this, both from a quantitative perspective and from my own arbitrary anecdotal perspective of working on wallets over the years, is that despite the fact that you probably hear about all the high profile hacks in the media, you know, those are the great stories that sell and get clicks, you're actually far more likely to shoot yourself in the foot and just lose access to your keys. So while you should be paranoid about hackers, you should be more paranoid about environmental disasters or just simple mistakes that could result in catastrophic failure. So these are most of the high level ways that you could lose your Bitcoin.
You know, this is a cat and mouse game. It's a never ending battle of cybersecurity and people are always becoming more creative and innovative and finding new ways to get private keys. It's hard to really quantify which ones are the biggest to worry about. Wrench attacks are something that I'm particularly interested in, but if you're not going around being really flashy and showing off that you have a lot of money, you generally don't have to worry about being physically attacked. Supply chain attacks, fairly theoretical. We haven't really heard of any of the hardware manufacturers being attacked that we're aware of yet, but it's still possible. Brain wallets are definitely a huge problem.
You should never, ever, ever, ever use a brain wallet because there are numerous servers sitting out there just listening for Bitcoin transactions that deposit into a brain wallet because they've already cracked billions of brain wallets and they have the private keys. They're just waiting for you to send the money in. Malware is a fairly big issue. I would say clipboard malware in particular is one that I've seen a lot. This is nefarious, especially if you're using a desktop wallet, especially if you're using a Windows PC wallet where this malware will sit on your computer for years undetected and it's just waiting for you to copy and paste a Bitcoin address.
If it detects a Bitcoin address going into your clipboard, it'll swap it out with another address that looks very, very similar, at least the first few characters, except the private keys will be owned by the attacker that wrote the malware and you will basically be sending your money to them instead of to wherever you think you're sending it. Sim swaps, I think this is not as big of an issue in Europe. It's definitely a big issue in America just due to the differences in some of the authentication procedures of our mobile phone carriers. It's very easy to socially engineer or bribe a lot of our mobile phone carriers in America.
The short version there is that you should not use your phone number to secure anything. You generally should not use a phone number for a second factor of authentication. The bigger problem being that often when you do that, a lot of services will allow you to completely reset access to an account through the phone number. We've seen tens of millions of dollars get stolen from people's exchange accounts usually because they got sim swapped, the person took over their email address, their phone number, authenticated into the exchange account as them and then just withdrew all of their money.
Mobile engineering is probably one of the last great vestiges in this cyber security field because there is no technical solution to it. As we continue to improve the best practices that we're going to be talking about, as people become more educated, more paranoid, the last thing that attackers are really looking at is your brain because your brain is just another computer and if you manipulate it in the right way, a lot of people's brains can be hacked. We call this social engineering but it's really just using a different type of programming language whether it's English or German or whatever to trigger someone's organic computer to do the actions that they want.
Phishing is definitely also quite prevalent and password reuse is just a basic cyber security thing that you should avoid. Most of the stuff on the right, all the malicious stuff, it's not really as much of an issue unless you're out there doing shady stuff, overtore, but certainly things to be aware of. If I try to distill all of those different things into high level categories, what are we talking about? If you're thinking about physical theft, physical attack of any kind, this is a very well known problem. Humans have been physically securing valuable things for all of history.
How do we do that? We create physically secure locations such as safes or hidden storage areas that are not obvious or we hire guards to look after stuff. This is why bank vaults have existed for such a long time. I think that you can leverage that, especially in a multi-signature solution. It's nice to have one key in a highly physically secure bank vault that has its own authentication procedures around it. On the digital theft side, I would say this is mostly a solved problem. All you need to do is not put your private keys on an internet connected device. How do you do that? You buy one of these hardware key managers.
Physical disaster is also a well known problem, but people tend not to really think about it. That's because this is just a boring IT data management problem. If you think about it, the average person probably doesn't make good backups of their computer. If their hard drive crashed, they're probably screwed. They're going to have to start over from scratch. This is just a matter of having offsite backups, preferably secure offsite backups, whether encrypted, physically secure, whatnot. As I mentioned, the social engineering aspect is really more of an education thing. You need to have your own internal firewalls up so that you're not just believing whatever somebody is telling you.
You're not just sending your money off without being completely sure where it's going. Collusion, this is more of, I would say, an organizational issue. It's definitely an issue if you're using a third party custodian. They might collude together against you and essentially exit scam you. In an organization where you're setting up perhaps a multi-signature storage for your corporate holdings, then you have to worry about exactly who has the keys, what the power structure and dynamic there, and exactly what the threshold of collusion that would be required in order to have enough private keys to steal the money would be.
Obviously there has to be a threshold somewhere, otherwise nobody is going to be able to spend the money at all. What's the TLDR of the hour-long talk? It is eliminating single points of failure. As we stated at the very beginning, there's a great deal of power that is available to a Bitcoin holder as a sovereign individual who has these private keys. The flip side is that it's very easy to create single points of failure. If there is a single point of failure, what that means is that you have potentially one thing that can go wrong. Maybe you make one mistake, maybe one attacker finds one tiny little chink in the armor of your setup, and it's catastrophic loss.
This is one of the reasons why I think a lot of normal people argue against Bitcoin quite well because the average person is going to be deathly afraid that they're going to do something wrong, that they're going to suffer a catastrophic loss, and that no one will be able to help them. We need to continue improving the user experience of the security products that are available in this space, continue making the possible number of single points of failure smaller and smaller. Thankfully, we do have a fairly well-defined solution. About five years ago, a group of security people in the space came together. I was working at a company called BitGo at the time.
They were one of the founding members of this, and they created something called the cryptocurrency security standard. You can check out the standard at CryptoConsortium. org. It's also really great while it is designed to be used mostly by enterprises or by organizations that are holding money on behalf of other people because the risk is generally much higher there. You have large sums of money being pooled together. It is at a very high level just a series of best practices that anyone can read through and implement as many as you're comfortable with.
What are the high levels of things that we cover on here? The first is how do you actually create the keys? Obviously you want to create the keys yourself, but there's a number of ways you can screw up creating keys that make that weaker. Then there's the actual design and creation of the wallet itself. There's far more to a Bitcoin wallet than just the keys. Then there's the long-term storage of the keys.
How are they able to be accessed when the keys are actually being used? What devices are they on? What is the security of the keys at the time of use? This is more for organizations and multi-signature setups, but how do you handle a key being compromised? How do you handle a key holder losing a key or going rogue or some sort of loss happening? How do you recover from that? If you're using a single-signature wallet, the key compromise plan is throw up your hands and start over again because you just lost everything. In multi-sig, you do have this additional flexibility to recover from partial loss of keys.
Then also, at an organizational level, there are a number of user policies, just best practices around minimizing the trust in the group of people who are having keys distributed amongst them. When we look at the initialization of keys, there's a million ways to do it. Because what are we talking about? We're just talking about a really long random number. Unfortunately, human beings are very, very bad random number generators. This is one of the reasons why brain wallets are terribly insecure. Humans tend to use common phrases or their favorite song lyrics or their favorite poem or phrase from a book.
I promise you, if you use any phrase that will show up from Googling it because it's something popular and you create a brain wallet and you send money to it, your money will be gone within 10 seconds. How do we ensure entropy? There's a number of ways of doing this. One of the more manual ways, which is pretty good, is actually pictured here. You get some casino dice and you just start rolling. It does need to be casino-grade dice because cheap dice tend not to be perfectly well-balanced. There are a few different hardware wallets out there. I think Cold Card has support for this on the actual hardware.
I know that Bitbox has instructions for how to use diceware. Essentially, you can just roll these dice a few dozen times to create a sufficiently long random number. Then you can plug in and get what that 24-word seed phrase that corresponds to it is. It's also important, of course, to generate these things offline. You never want these keys to touch the Internet because if they're touching an Internet-connected device, that device needs to be perfectly clean. It's very, very difficult to have 100% certainty that any given computing device doesn't have any malware on it. It's also really, really difficult to actually create your own perfectly air-gapped computer.
You can go buy a laptop from the store, but unless you're really good at physically disabling hardware, it's still possible for other software, other malware to taint your air-gapped computer. It may not actually be air-gapped. I generally do not recommend that other than for extreme experts who have a lot of free time. Then finally, what do you do with these keys once you've generated them? If you are generating them on a nice, secure device, if it's not being used on that device in the future, you should not be leaving it there. You don't want to just leave keys laying around if it's not actually necessary.
What happens when you want to create a Bitcoin wallet? You've probably seen this before. Here's your 24 words. Write it down. Keep it safe. Now, when I see this, I think there's a whole iceberg of security knowledge hidden under that phrase, keep it safe. Essentially what we're doing is we're giving toxic material, highly sensitive material to probably a non-technical person. We don't know what their level of sophistication is. The most likely thing is they're going to write that down on a piece of paper and put it in a drawer somewhere.
There have been plenty of instances of people losing their money because their maid was going through and cleaning things up and found a scrap piece of paper and said, oh, this looks like junk, and they just threw it out. So some people think about the evil maid attack, but they don't think about the stupid maid attack. There's so many attacks out there. You can be like me, spend seven years thinking about attacks and still find new ones all the time. So what are we doing with actually creating the wallet? Well, obviously we create the keys, but there's more to it than that.
We're creating these locking scripts that they describe using the Bitcoin protocol, what are the conditions required in order to spend this money? So I'm obviously biased and a big shill for multi-signature wallets, at least for non-trivial amounts of money. If you have an amount of Bitcoin that you would be sad about if you lost, then consider multi-signature wallet because you can get much better security posture. One of the reasons for this is that putting it into a multi-signature wallet means that you automatically have redundancy. This is of course assuming you aren't just taking all of those keys and putting them into the same drawer in your office. You need to have these keys distributed geographically.
That protects you from a number of attack vectors and loss vectors. Have to assume that your house might burn down. It's actually a lot more common than people tend to think. So once again, offsite data storage, very good so that you can recover if something does go wrong. And keeping them geographically distributed, it saves you from so many different attacks and losses that it's so easy just to say, put them in different places. The further apart, the better, but the further apart, the more inconvenient it is. And that is one of the other common themes that we see throughout cybersecurity in general is that there's always going to be a trade-off between convenience and security.
So this is why you need to decide how much money am I trying to secure here. I would advocate that when you're thinking through that, you 10x whatever you think the value is. Because as we all know, Bitcoin is very volatile from an exchange rate perspective. And you may set up a reasonably secure solution today, and a year or two from now, it might be worth 10 times or 20 times as much. And you need to re-architect it because it would hurt a lot more if that got compromised or destroyed. So how do we actually store the keys? Well, we want them to be encrypted at rest.
That means we want a physical attacker or just a stupid maid or whatever who sees the keys to not be able to do anything with them. There are, of course, innumerable ways that you can encrypt data. For the average person, the best thing once again to do is just use one of these dedicated hardware devices. They have secure chips inside of them that are designed to protect the data from physical attackers. Once again, if you get really, really deep into the weeds, some of them do have flaws that a nation state attacker with multimillion dollar equipment could potentially be able to get into. But in practice, that's more of a theoretical thing.
of someone in practice who had a hardware key manager taken from them and then had that broken into using technical methods as opposed to simply just coercing and threatening the user to give up their pin to decrypt the hardware device. Now we want multiple backups as well. It's good to have one backup, but why not two? Why not three? Once again, it's this level of complexity versus convenience that you'll have to decide exactly how much redundancy you want. The primary thing to worry about with backups is that if the backups themselves aren't also encrypted or if it's not part of a multi-signature setup, then it can be a single point of failure.
That's why the default, unfortunately, for a lot of these wallets, they give you that seed phrase. Some of them even say, write it down on a piece of paper. If you make two, three, four copies of that piece of paper and put it around in more and more places, you're actually increasing your risk because there's more possible places that might have some sort of physical exploit. They might have a way for someone to either intentionally or unintentionally come across that seed phrase and be able to just import it into another wallet and steal all of your money. Once again, it's very important that your backups themselves are physically secure.
If you're not technically sophisticated enough to encrypt them, I will talk about a fairly non-technical user-friendly option that I'm a big fan of, but otherwise they need to be in a highly physically secure location that you won't have a random person be able to just get into. Definitely avoid paper wallets. I think this is far less prevalent these days, but I will say that paper wallets, especially the paper wallet websites, a lot of them are malicious. They will generate private keys that are either already owned by an attacker or are cryptographically weak and not random and can be guessed by the attacker.
Paper wallets, of course, are generally unencrypted unless you do a BIP38 password encryption, which I'm not a big fan of either. If they're on paper, of course, it's not going to survive almost any type of environmental stressor. Another thing that people don't really know is that if you're using one of these paper wallets that just creates a single private key instead of a seed phrase, then there's sort of unknown, not well-known usability issue in that you can load that private key into a wallet, and if you only spend part of the funds in that wallet, then the rest of the funds will go to a change address, which is on a different private key and is not backed up.
A number of people have learned that the hard way by accidentally deleting that wallet after the one time they spent the funds from it. Then the next time they tried to load it up, it was all gone. Metal backups, I am a much bigger fan of. You still have to be careful. This is one of my side projects that I've been doing for four years, and I've tested over 70 different metal backup devices, all of which tend to be touted as indestructible. Most of them are. About half of them are. But unfortunately, about half of them are not.
You have to be careful, but thankfully, I have ratings for all of this, so you can figure out which ones are the best. There is still the issue, though, if you're creating a single signature wallet, if you're creating just one seed phrase and then you're putting that one seed phrase into a metal backup, that's unencrypted. If anybody else gets their hands on that one backup, they can load up your money and send it to a different wallet. This is a screenshot, but seed storage reviews. bitcoin. com. au. Or just go to bitcoin. page and you'll find a link to it there. This is the results of many, many hours and days of testing these things.
I test them for heat up to 2,000 degrees Fahrenheit, which is, I think, about 1,100 or 1,200 Celsius. I test them for corrosion and hydrochloric acid, and then I test them with a 20-ton hydraulic shop press for deformation of, assume a building collapse or something like that. Any of the devices that have straight As across the board are great. The short version is, keep it simple, just get one of the devices that is just a single plate and you can center punch divots into. How about when we're actually using the keys on a regular basis? Once again, hopefully you're using a dedicated hardware key manager that's keeping those keys offline.
Preferably, you're using a wallet that requires multiple types of authentication. That would mean, for example, if you have wallet software on your phone, you should have to enter a password or a PIN or your thumbprint or something. I'm not a big fan of biometrics as security, but it's still better than nothing. Additionally, to actually spend the funds, you should have to enter some sort of other secret data. Usually on these hardware devices, it's going to be a PIN, four to eight digit length PIN. The keys should only be in a trusted environment. That basically means an offline machine, a dedicated hardware device. If you know what you're doing, an air-gapped computer definitely fulfills this.
Very important, this protects you against manipulation and malware, is that you need to verify the transaction details on a dedicated device. Preferably a device that's different than the wallet software where you generated the transaction. Because you're probably generating the transaction on a desktop or a laptop or a mobile phone. These are general computing platforms that have huge attack surfaces and are almost impossible to be sure that they don't have malware on. Once again, worrying about clipboard malware and other types of malware that will try to manipulate your transaction data to redirect your money to an attacker. The reason why all of these hardware devices have dedicated screens is because of this attack vector.
The very earliest hardware devices did not have these screens. You would just push a button on the device and it was very quickly determined that you were just blindly signing whatever data was given to you. It was not actually protecting you against a man in the middle malware type attack. Then finally, you don't want to put multiple different keys from multiple different wallets or coins or whatever onto the same device. Keep things segregated. That once again limits the level of catastrophic failure that could happen if one of them got lost, stolen, damaged, whatever. Key compromise, like I said, this really only applies to multi-sig wallets or multi-user organizational wallets.
You want to have a well formulated and well described written out plan that is essentially an inventory of your keys, your devices, who's responsible for what. The nice thing about multi-sig is that if you know who has what key, if some sort of compromise happens, you can see which keys signed the transaction. This really helps with forensic investigation. It essentially creates an audit log on the blockchain, which is great. Of course, you want to have backups. The integrity of the keys is something that you also need to check on regularly. This will protect you against things like bit rot. If you're keeping keys on these electronic hardware devices, the devices themselves are not 100% robust.
They are susceptible to things like electric overloads. We've seen sometimes firmware updates happen that corrupt them and wipe the device. Even stuff like solar flares or potentially a neutrino hitting the memory on the device in the wrong way and flipping a bit the wrong way can corrupt whatever data is on that device and make it unusable. These are extreme edge cases, but we're talking about extreme security because we're operating under the assumption that you may have a large portion of your net worth and you can't tolerate catastrophic failure. Also, of course, keeping track of who is granted the keys, how are you authenticating, whether someone should be trustworthy in the first place. Perhaps you're doing background checks.
Perhaps you're asking around to look into a certain individual that is joining your organization and try to make sure that they aren't an attacker or an unscrupulous individual. There have been a number of attacks in this space, usually against exchanges and other providers that have large hot wallets, that the attacks have been perpetrated by employees at the company. Usually people like infrastructure engineers working on the back end who have administrative access to all of the servers and keys on the back end. We've seen a few of those where they'll steal all the money and then essentially run off to some non-extradition country and just live their lavish life like a king.
The final thing, of course, is an audit trail. This is basic cybersecurity. Any internet company, really any company today that does stuff with computers should have good audit trails, once again, just for forensic accounting purposes. If you're an organization, let's see, we went over the grant revoke policies, security audits. Most of this is still just basic cyber hygiene, making sure that you're not leaving sensitive key material laying around. If you are holding funds for other people, this is one thing, this is one best practice that unfortunately has not been adopted by many companies out there. But proof of reserves is completely possible to do in a privacy preserving way on Bitcoin.
I know Kraken does it maybe once or twice a year. I think Bitnob was doing proof of reserves maybe one or two. But the vast majority of exchanges out there, even the ones that have billions or tens of billions of dollars, generally not doing proof of reserves. It does take effort, but this would provide people with a lot more peace of mind and, of course, audit logs as usual. So like I said, complexity is the enemy of security. You probably feel like we've gone through quite a bit of complexity over the past 30 minutes here, and this is a trade-off that you have to worry about.
When you're actually engineering your financial applications and you're trying to understand what is the security model of this thing that I have created, the more complex it is, it becomes more of a beast that is difficult to even reason about. The number of edge cases can grow exponentially. So the simpler your setup is, the easier it is to reason about what could go wrong. Also, you're probably not only doing this for yourself. If you have a family, you have to think about inheritance planning.
I think one interesting aspect of this space is that the hardcore hodlers, they're looking at Bitcoin not as just like a new digital gold, but some of them are actually looking out as a multi-generational asset. This is potentially generational wealth planning for people. So while, yes, you're worried about the problems of today and you using and accessing and not losing access to your wallet is very important, unfortunately, you are a single point of failure. There is no solution to that yet. I have my own optimistic beliefs about what we may be able to do with our own bodies and consciousness and whatever in a potential cyberpunk future, but you could walk outside and get hit by a truck.
What happens to your Bitcoin? That's the way that we need to be thinking about these wallets and we need to be designing them in a way that the people that we love, our heirs, will be able to access those funds if something goes wrong. Inheritance planning is actually a whole other talk. I could talk for hours about that. We have a whole inheritance planning guide and solution that we offer to clients. If you want to get more into thinking about all of the complexities around it, because it's not just technical complexities, there's a lot of legal complexities as well, I do highly recommend Pamela Morgan's book. It's the Cryptoasset Inheritance Planning Guide.
I learned a lot from it and I thought that I already knew a lot about security, but I did not know much about the legal aspects and the potential conflicts that can arise within heirs. If you're just an average new Bitcoiner, you're just getting into the space, you may not be dealing with life-changing levels of wealth yet, but you have enough Bitcoin that it would sting if it was lost or stolen. What do you do? Well, I highly recommend spending 50, 100 euros on a key manager. They're all pretty good, like I said.
The backup solution that I didn't mention earlier, while I highly recommend just getting something like a seed plate or block plate, one of these simple, single metal plates with a grid that you punch the divots into, you need multiple of them. The reason for that is so that you can eliminate this backup as a single point of failure. What is Seedzor? This is actually some software that is created by CoinKite. I think they have functionality built into the cold card for it, but Seedzor basically can take a single signature wallet and it can take that one seed phrase and turn it into two seed phrases.
It's great because each of these two seed phrases on its own is a completely valid seed phrase. There's no way to look at that and say, oh, this is actually part of a bigger multiple seed phrase backup. This adds plausible deniability because even if an attacker finds one of them, they may load it up and then they'll either get an empty wallet or you can actually put a little bit of money onto that one wallet that corresponds to that one partial seed phrase. If that money moves, you know that it's been compromised and you can go around and basically recreate your setup. The nice thing about this is that it's essentially a two of two backup.
Unless someone actually knows that there are two different pieces to it, then they're not going to get your real funds. The downside is if it's a two of two backup, that's actually a single point of failure in a different way in the sense that if one of those two backups gets lost or destroyed, you can't reconstitute your actual wallet. If you really want to have redundancy and this level of plausible deniability, then you need at least two sets of two backups so that you can have two two of two. There's end up being four different plates with seed phrases in them. It starts adding more complexity. I'm not a big fan of that level of complexity.
You can make an argument that maybe a three of five multi-sig gives you better geographic distribution and is not quite as difficult to reason about, but these are things that you'll have to take into consideration of what you're most comfortable with. Of course, you can experiment, play around with it. The great thing about Bitcoin is that there's test networks. If you need test net Bitcoin, hit me up. I have plenty. You can test out pretty much any type of wallet software or backups on the test network without risking any real money because test net Bitcoin has no value. I'll give you a million dollars worth of test Bitcoin if you ask nicely.
Now we've spent the past 40 minutes talking about keys and unfortunately that's not the entire story. You also need the template that describes your wallet. You will need to know derivation paths, script types. If it's a multi-sig setup, you need to know what M of N it is and you need to know all of the public keys that are involved. Wallet output descriptors may be a simple solution. I'm hoping to see more adoption of that. Right now not many wallets support wallet output descriptors, but if you don't know all of these attributes and you lose your current day-to-day wallet and you need to recover from your seed phrase, then you're going to have to do a treasure hunt.
There's actually a whole website called walletsrecovery. org that is essentially a list of every Bitcoin wallet ever and all the different derivation paths and types they support. You can end up having to brute force that. I've had to help people recover Bitcoin on numerous occasions where they had the keys, but they just didn't know all the other aspects of the wallet. So I had to help them brute force it to actually find where their money was. I recommend keeping a copy of this with every seed phrase backup because this is not sensitive private information. Even if an attacker gets that template, they can't do anything unless they have a sufficient level of the private keys themselves to spend.
So stepping back out of just Bitcoin, practice good security in general for everything that you're doing online. Assume that all of your usernames and passwords are going to get leaked. Don't reuse them. The only password that you should know is the password to your password manager. And your password manager should be protected by a dedicated hardware device. I highly recommend getting something like a YubiKey or something where you have to physically tap a button. That once again prevents attackers over the internet from being able to get into your password manager, even if they know your master password. Use that 2FA on every account that supports it, preferably hardware 2FA.
And remember that your email account is probably a single point of failure. If you're American, your mobile phone is probably a single point of failure as well to a number of different online accounts. So as we said, security and convenience. There's a lot of tradeoffs here. You can have multiple wallets with different setups, and that's great. And then just practice operational security. It's fine to have laser eyes and talk generally about how great Bitcoin is on Twitter, but don't talk about your Bitcoin and how you store it. There's a lot of text to read, but basically this guy posted on Facebook, oh, I got SIM swapped and my Coinbase account got wiped out.
And then this guy at the bottom, Cody Brown, screenshotted it and tweeted about it. He was like, oh, I'm really worried about this because I keep all my money on Coinbase. 24 hours later, he was SIM swapped and lost all of his money. So hopefully we have a few minutes for questions. Yes. Nice to meet you. We are on the phone with you on the phone. My question is what happens with two FA keys when they're broken or something happens with them? Because it happened to me. Yes, what happens with two FA keys if they get lost or destroyed? Yeah, this is another. No, no, no.
They didn't work properly with the phones and I don't know, it was quite a pain in the ass. Ah, OK, yes. I was lucky because I was doing trading back then and then I will transfer all the funds after two weeks from Binance. I will transfer all the funds back in my cold wallet and that was that. And I say goodbye to everything. But my question to you is what happens then? If you're losing your two FA keys? Yeah, if your two FA isn't working, so then this is another rabbit hole to go down because each service will have a different quote unquote two FA reset.
And different ones use different types of procedures, you know, or if they don't have a two FA reset. I think that if you're taking, sorry, if you're taking, let's say, a SIM card with a phone, blank, you're just use it for that kind of stuff. I think it's more much more secure than two FA keys. I'm doing that. Let's say like this. Yeah, there's there's there's pros and cons to different types of two FA based on, I guess, what can go wrong. If you don't have an American SIM card, I would be less worried about getting SIM swapped, like I said. You can get the Swiss one. Yeah, yeah.
For your protection, you can get the Swiss card, which are they have some laws here with telecommunication and everything else. So I don't think that it's so because if you have like one or two or 10 bitcoins or 100, not going up, you will need to be a little bit secure about it, not just stored in the bank. And that's it. Because you need to we are traveling. We are a community and we need to buy and exchange goods and money. Yeah, I mean, this is also, you know, if you're using a two FA device, you're probably using it for an online service. So it's probably accessing some sort of custodial account.
Those custodial accounts, they will have some sort of level of support that may help you if your two FA stops working for any reason. And not to mention that the last hack of the binance was through the two FA. Yeah, yeah. So especially if the security was there, it's easy. If you're using two FA with a custodial service, you have to realize that the two FA is it's not happening like on a block chain or on a decentralized network. It's happening at a centralized service. And there is there's going to be other potential exploits where hackers may be able to actually completely bypass the two FA. So in some cases, it's just like a feel good thing.
If you're if you're using a two FA, like when I log into my password manager, I have to tap a Yuba key that's happening locally on my computer. And it's decrypting that local file. So everything has the trade. Why did you say that the SIM card, American SIM card wouldn't go or what happened? American SIM cards. They are under attack that hard and they are taking it. American mobile providers are incredibly weak against social engineering because they give account like admin access to transfer accounts to tens of thousands of customer support associates in tens of thousands of stores.
And these associates are often easily tricked or bribed into transferring accounts, whereas in Europe, I think they have stricter like identification. No, bribes goes to in Europe too. We got one. I just want to apologize. Sorry. So maybe my question is, I'm an IT engineer and I know certain ways to protect to protect a password or access to a service. But my question is to my mother or anyone that is coming in contact with Bitcoin nowadays, they're definitely they don't know anything. They don't even know what to factor authentication is. If we want Bitcoin to be more broadly used, but also kind of a little bit safe, because obviously you have to compromise.
What would be your suggestion as a good compromise for people to kind of trust Bitcoin, use it and not worry too much about, well, the safety of it? So this is actually a good use case, I think, for like a shared custody solution. Another cool thing about multisig, you can split it between multiple people. So it's essentially, you know how you can create a checking account that requires cosigners. This is the same thing, but just at a cryptographic script level.
So you could create a two out of three multisig wallet for your mother or your father, and they can initiate a transaction, but it's not valid until you yourself go inspect that transaction, ask them, hey, what are you doing? And then cosign it. So that additional level of technical expertise and ability to validate is, you know, it's an even stronger form of what some of the traditional bank accounts do. Hi, thanks a lot. What's up, you know, Shamir? Well, I have a whole blog post that talks about Shamir's secret sharing shortcomings. My biggest problem with Shamir is that there's a number of different implementations and a number of people have rolled their own and had weaknesses in it.
I am a fan of the, I think it's slip 39 Shamir secret sharing that Trezor did, because that's a very precise, specific implementation and it has been standardized and it works on the hardware devices. So in general, I'm more favorable of that. I would still recommend that blog post though, because one of, there are still some weaknesses. One of them is that if your wallet is compromised, with Shamir secret sharing, you can't tell which of the shards were used to reconstitute it. So you have less of an audit trail. It's harder to do the forensic analysis on a compromised one, but you know, it's still definitely better than just having a single clear text backup.
Thanks, James, for this excellent presentation. You have any recommendations on what kind of desktop software to use? Does it make any difference if you use like Core or Electrum or something else or a mobile wallet? I mean, I'm asking that because sometimes, you know, you have very good wallet software, but there's only like one developer or two developers and then you install it on a computer, like you say, which has many attack factors. Or in the end, doesn't it matter because your private key is on this dedicated hardware, so it doesn't matter. Take whatever wallet you want. Or what's your view on that? Yeah.
So if you're using a desktop software and you're keeping the keys on separate dedicated hardware, then you don't have to worry as much about the funds being stolen because you're verifying the details separately. The bigger consideration comes down to the sort of the full node validation of like, how do I know that I'm not being defrauded with the deposit? So, you know, an easy user friendly wallet that I still use a lot is Electrum. However, with Electrum, the default is going to point to some server somewhere else that may be lying to you. You can run your own Electrum server. There's even some Raspberry Pi plug-in nodes you can get that will run Electrum servers.
If you want to go more heavy duty and you're willing to actually have that full 300, 400 gigabyte full node on your desktop, I would recommend installing something like Spectre. And Spectre uses the Bitcoin Core HWI library to then have all of the hardware device integrations. And so I would say in general, Spectre is my favorite, like full node, heavyweight desktop type of wallet. All right. Well, we'll talk after because we're out of time. Oh, thank you. Thank you for squeezing me in. Real quick. So great presentation. Real quick.
There's a lot of talk about quantum computing being able to bust like a lot of the shod due to Shor's algorithm because we're able to compress billions of years of calculations into like a second. What innovation is being done to harden cryptocurrencies to protect against like quantum computing or high performance computing? I mean, there's a few altcoins out there that claim to be quantum proof, whatever. I'm not really seeing a lot of chatter about it in the technical community because it's not considered a problem that's going to happen in the near or even medium term. I mean, if some magical quantum computing breakthrough happens today, tomorrow, next year, we're going to have so much bigger problems than Bitcoin.
Like all of the financial infrastructure is going to be completely broken. So that's the sort of hand wavy thing is that it's a it's a future problem that only a few extreme cryptographers I think are worrying about. One of the issues that I'm aware of is that as far as I can tell, like a lot of the quantum safe stuff is much larger from a data footprint size. So there would be some major arguments about whether or not we really, really need that on the Bitcoin blockchain at this time.
So hopefully, you know, this is the story of cryptography security in general, but even cryptography is another constant war is, you know, people are always trying to break cryptography and cryptography weakens. It degrades cryptographic algorithms are never just broken overnight. The slow incremental progress is made on on weakening and then eventually breaking them. So you tend to have years, if not a decade of heads up that, you know, we expect this cryptographic algorithm to be broken in some period of time. And as it stands right now, I'm not aware of any like respected authorities that are saying, oh, you know, SHA-256 is going to be broken by quantum in a few years or even really any period of time.
Nobody knows. But it will probably be at least, you know, five, ten, if not more years. We still have time, three minutes. Sure. You talked about solar flaring issues potentially. Are you worried about that at network level? I. E. layer one? Solar flare could conceivably take out a lot of computing equipment, at least on like one half of the world. You know, I don't think it would be able to take out every computer all around the world. You know, there's probably 100,000 hard drives with the blockchain on it. So I imagine at least some of them would be safe and we would be able to plug stuff back in.
But once again, you know, that level of like Carrington event is going to have so much widespread impact. We're going to be dealing with bigger problems. All right. No more. Thanks. .