I am over right here with my primary seed phrase and passphrase; backed up in 4 locations… two for passphrase and two for seeds. Utilizing a Mannequin T Trezor. Beneath is a illustration of my arrange:
[Found this online… shows what I’m doing pretty good; forgot who posted it so sorry for no credit… ](https://preview.redd.it/b8ez52ewl44a1.png?width=1858&format=png&auto=webp&s=c361e7590058067f22f40ac96fb1377ee378607c)
I really feel fairly safe with this arrange… however after studying articles from excessive degree customers it has me questioning some stuff. It looks like I re-evaluate this each 5 months… bear in mind the although course of for what I did… then transfer on; nonetheless, I am nonetheless curious to listen to a few of the communities solutions on these questions:
1. Is the entropy utilized by my Trezor Mannequin T “adequate” to guard my wealth? (aka is the cube rolling approach actually that rather more superior?)
2. How huge is the danger of a non-air gapped system? Are there precise examples of wire linked units being compromised in the actual phrase?
3. Bonus query: I see lots of people recommending a 2/3 multi sig… however the requirement to sore the xPubs for all three HWWallets with every backup website appears fairly cumbersome. Aside from a discount of required websites from my present setup (3 locations as a substitute of 4)… I am curious why multi sig is price it for the person.
1) Good enough? Probably. It depends on how much you trust their hardware/assembly process. One of the benefits of other wallets like coldcard is the capacity to visually inspect the hardware for tampering quite easily as well as tracking on parts and the assembly process. Even better, build your own with something like https://glacierprotocol.org where you can verify on multiple devices cryptographic function. But that doesn’t mean you will likely be attacked with your trezor entropy. It just means you’re capable of less diligence as easily.
2) An air gap reduces attack surfaces and isolates data for your manual review. It doesn’t stop attacks – it gives YOU the tools to stop attacks. It’s up to you to be verifying those PSBT files, to keep it physically secure. That said it dramatically reduces the opportunity to attack, and in the event that some of these non-air gapped wallets aren’t as secure in their interfaces as hoped or lead to social attacks through the mere plugging in alert a virus gets on an infected machine an air gap eliminates those opportunities. I recommend it for any user doing cold storage with their wallet.
3) It’s only worth it to use multisig, geodisburse, etc – if you are securing a large amount and wish to avoid wrench attacks. You are exactly right about the additional burden in keys and data, and having to keep those recovery backups separate.
edit for formatting edit again: reddits dumb and does not like my attempts at formatting
​
Howdy!
​
​
1) It’s up to you if you trust Trezor’s methods or not. I personally trusted coldcard’s methods for my keys, because I couldn’t be assed to buy/roll dice.
Take a look at their code and see if it is acceptable to you. If you do go the dice route, DO NOT USE board game/TTRPG dice, as they’re really terribly balanced. Buy some honest to goodness certified casino dice.
2) Air gapping is the best level of security because the data that you’re transferring (usually a PBST on an SD card or a flash drive) is super easy to audit. with USB it’s a LOT harder to audit what’s going on so you have no idea what data is being sent back and forth to/from the device.
3) Tbh multisig can be handy if you’re super security cautious if someone robs you you can feign ignorance and give them one key (in a 2/3 + setup) and they’d be non the wiser.
you’re right that it will take a lot of due diligence to store those keys though. It’s up to you whether the added security is worth it.
IMO either way you decide how you back up your stuff, I recommend practicing restoring backups at least once a year, so if it’s ever go time, you know what youre doing
> Is the entropy used by my Trezor Model T “good enough” to protect my wealth?
Yes. And by using a passphrase, you’re introducing your own entropy too. So even if Trezor wasn’t as good as thought, maybe 100 bits instead of 128 (with a 12 word seed as the model T produces), you would only need a relatively weak passphrase to get to 128’ish territory. In reality, even 100 is for all practical purposes uncrackable.
> How big is the risk of a non-air gapped system? Are there actual examples of wire connected devices being compromised in the real word?
I have never heard of private keys being lost over the USB-cable of Trezor, Ledger or comparable devices.
> why multi sig is worth it
I prefer multi-sig for redundancy, because you never have the whole stash in one place. If you want to send funds out, you would probably go to the location A of the passphrase, make a copy, travel to the trezor, wake it up, type in the passphrase, send the funds and then burn the paper copy of the passphrase. For that moment in time, everything needed is one place.
With multi-sig, you would create an unsigned transaction in location A, sign it, then go with the partially signed but otherwise worthless transaction to location B, finalise it (in case of 2-of-3) and then send it out.
If you already have 4 locations, I would opt for 2-of-4, though, instead of 2-of-3. The Glacier Protocol recommends 2-of-4 too. Tip: Look into Electrum on Tails as the fundament for the multi-sig setup.
I just like to see people upgrade the security of their setup over time as they learn more about Bitcoin in general but security specifically. Be better today than how you were the day before and if I’m limited only to talking about security with the same level of convenience then we can still talk about hardware with better security than trezor that are just as convenient.
> How big is the risk of a non-air gapped system? Are there actual examples of wire connected devices being compromised in the real word?
All sorts of things connected to networks get hacked. That’s what being connected to a network enables.
> seems pretty cumbersome
A lot of multi-sig people are going to mess it up and experience a total loss.
1. No. I don’t trust trezor at all anymore since they dabble in shitcoinery. Switch to coldcard, or even better use an airgapped linux with no hardware wallet.
2. depends on the os.if it’s windows you are already hacked.
3. A basic segwit p2wpkh is fine. Multisig is overkill.
I just gotta say, as someone who followed a similar path to this, just break down and buy a couple of Coldcards. You really won’t regret it. You’ll have a lot of fun setting it up. And you’ll feel much safer about the airgapped signing.
i you overcomplicate it, you will screw it up at some point.