search

bitcoinbook / bitcoinbook

Mastering Bitcoin 3rd Edition - Programming the Open Blockchain
https://aantonop.com/books
Other
23.56k stars 5.98k forks source link

Introduction -> lines 143 and 149 -> mnemonic phrase storage query #979

Open eiger3970 opened 3 years ago

eiger3970 commented 3 years ago

Could there also be some notes/points about 25th word passphrase and metal storage please?

Line 143: "to write two copies of the mnemonic phrase on paper." It seems an option including metal storage could be mentioned. Specifically, one bolt, one nut, 12-24 10mm washers engraved or stamped. Circular rather than rectangle credit card sized metal plates adds an additional last security option of bodily concealment.

Line 149: "Do not cut your mnemonic in half, make screenshots, store on USB drives, email or cloud drives, encrypt it, or try any other non-standard method." It seems the security balance leaves a vulnerability of a plain text mnemonic phrase. With a 25th word passphrase, a stolen mnemonic phrase would still require a passphrase entered into a wallet recovery. Storage of the 25th word passphrase could be easily managed in a 2nd location, which potentially replaces the need of 2 mnemonic phrase physical copies. Therefore: 1: cold wallet, physically offline stored in location 1. 2: mnemonic phrase, physically offline stored in location 2. 3: 25th word passphrase, physically offline stored in location 3. 4: possibly a copy of the 25th word passphrase, physically or digitally stored.

aantonop commented 3 years ago

This is a great suggestion for the 3rd edition. Would you like to attempt a Pull Request with a draft of these sections?

On Sun, Nov 7, 2021, 00:56 eiger3970 @.***> wrote:

Could there also be some notes/points about 25th word passphrase and metal storage please?

Line 143: "to write two copies of the mnemonic phrase on paper." It seems an option including metal storage could be mentioned. Specifically, one bolt, one nut, 12-24 10mm washers engraved or stamped. Circular rather than rectangle credit card sized metal plates adds an additional last security option of bodily concealment.

Line 149: "Do not cut your mnemonic in half, make screenshots, store on USB drives, email or cloud drives, encrypt it, or try any other non-standard method." It seems the security balance leaves a vulnerability of a plain text mnemonic phrase. With a 25th word passphrase, a stolen mnemonic phrase would still require a passphrase entered into a wallet recovery. Storage of the 25th word passphrase could be easily managed in a 2nd location, which potentially replaces the need of 2 mnemonic phrase physical copies. Therefore: 1: cold wallet, physically offline stored in location 1. 2: mnemonic phrase, physically offline stored in location 2. 3: 25th word passphrase, physically offline stored in location 3. 4: possibly a copy of the 25th word passphrase, physically or digitally stored.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/bitcoinbook/bitcoinbook/issues/979, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJARW5CYRXMMHOB5CMN3F3UKYPJPANCNFSM5HQPGJ4Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.