search

fresheneesz / TordlWalletProtocols

This repository documents various methods for securely backing up and storing bitcoins.
MIT License
54 stars 8 forks source link

Removing Yeticold #4

Closed xavierfiechter closed 3 years ago

xavierfiechter commented 3 years ago

"The project is still in beta, has limited information on how it works and the code isn't clean and comes without a test framework"

fresheneesz commented 3 years ago

Hi Xavier, thanks for contributing! I'm curious about your reasoning. Yeticold seems to be the only other active project like this out there. Glacier, for example, has been abandoned, which in my mind puts Yeti at a step ahead. Also, Bitcoin is still in Beta, so I'm not sure why that's a deterent here. In any case, the only purpose of that section is to list alternative projects of any kind, not to endorse any project.

I'm curious about what you mean regarding the test framework. What kind of test framework would you expect a project like Yeticold to have?

xavierfiechter commented 3 years ago

"In the land of the blind, the one-eyed man is king."

It should not be recommended just becasue it's the last "bad solution".

I'm not affilated to any hardware wallet manufacturer nor an expert, but after being in the space for a while, having listen to 1000 hours of podcasts and reading a lot, I came to the conclusion that Yeticold is not the way to go. That's why I wouldn't suggest it and would remove it from this guide.

This is an intesting starting point.

Reject it or take this discousion/PR to Bitcoin Twitter and let the community add experiences and stories for a better overview.

fresheneesz commented 3 years ago

It should not be recommended just becasue it's the last "bad solution".

Again, listing it here is not intended to be a recommendation. However, I can see why you would see it that way regardless of intent. In any case, I have written a couple critiques of various things about Yeticold:

Even so, my primary complains about it are that its significantly more difficult than the guides in Tordl (primarily because their guide requires using airgapped machines), that its level 3 has a single point of failure on creation, and that it has some gaps in its guide (eg how inheritance works or how to properly store seeds). As far as I can tell, their guide is reasonably secure. They also make good points that interfacing using a potentially virus infected machine is not safe, and they use that as a guiding principle for their setup process that creates a machine that's much more likely to be virus free.

I came to the conclusion that Yeticold is not the way to go

Very curious to know your reasoning and what you think are good ways to go.

This is an intesting starting point.

Sorry, I spent a few minutes scrolling through comments, but I didn't find anything of substance. Were there specific comments you thought were particularly insightful?

Reject it or take this discousion/PR to Bitcoin Twitter and let the community add experiences and stories

A. Rather than remove Yeticold from the information here, if there are good reasons to think that Yeticold isn't secure or something like that, I would rather annotate it as such so that information is out there.

B. I'm not a fan of Twitter as a platform for discussion since its short form doesn't really encourage thoughtful discussion. TBH I would rather have the discussion here on github where its clearly associated with this repo. If you don't want the discussion on this pull request, I can open an issue, or if there's another accessible public forum you could suggest that isn't as messy as Twitter, I'd be happy to have a discussion there too. WDYT?

xavierfiechter commented 3 years ago

Will close this PR. For me, it's not worth the effort. Thank you for the discussion and your time.