Printer

[Rspigler]

Instruct users to get a printer that is compatible with Linux?

However, the drivers are

typically downloadable from the vendor's website... are often unsigned, and additionally the downloads are available via HTTP connections only

This violates Yeti's security model (possible infection of the online coordinating node). So, perhaps we need to instruct the user to transfer the backup packet to a regular windows/mac laptop to print - this also means it would be easy to print).

Let's discuss.

[Rspigler]

@BenWestgate solution from Slack:

Generate a master extended key, derive 7 child extended key pairs, write down the Master extended public key and the derivation path range

Write down the child extended private key’s private key data. (You can omit storing the chaincode because you can get it from the xpub.) Build your multisig descriptor from the 7 child xpubs Instead of writing 800 characters for a descriptor you can write about 120 and still rebuild it when you need to spend.

Let’s you avoid the printer entirely

[Rspigler]

NACK. Maybe look into secure printer drivers?

[JWWeatherman]

One option is to give up on paper copies of the descriptor if we become confident that 14 CD-ROMs are adequate backup. But I'm leaning more towards instructions for L4 that involve buying a new printer and destroying it after use.

[Rspigler]

I slightly favor buying a new printer and destroying it after use (and printing it via the a separate computer so as to not have to download drivers on the node). But there's lots of redundancy in the descriptor (inherent in the fact that you only need one). So I wouldn't NACK that

[Rspigler]

Reminder that this isn't for any private key data, just descriptors (will show balances/history if recovered/stolen).

I'm satisfied with the security of buying a new printer with cash, and then destroying after.

Let me know your opinions.