Re: Wall Observer BTC/USD - Bitcoin price movement tracking & discussion
Good discussion above on key management and the perils of inheritance. This is where my brain has been this weekend too.
[...]
Hold on... we are just getting started.
Aha! You might say. Use multisig!
I like it. This method can use "geolocation entropy" to our advantage! Now we can reduce much of our risk by storing our seeds in multiple places. And even if you stored the password WITH the seed (which I do not like, still) an attacker would not be able to get to anything that requires more than 1 key to access.
And yet, this too has some hidden risks. Did you know that you need all of your XPUBs (or zpubs or ypubs) if you are going to use the "x" number of keys in an x of y setup? In other words... There are scenarios where you can have 2 of 3 seeds in a 2 of 3 multisig setup and and be shit out of luck. So, you have to safeguard all of your xpubs as well. So you could store all three x pubs with each seed, but then you have also reduced your security somewhat. Because all an attacker needs in that scenario is two seeds, where if the XPUBs are elsewhere then the attacker cannot access anything with just 2. Now a view only electrum wallet or the like can take care of this. Gives you a way to send coins to storage and also a way to backup your 3 XPUBS. That view only wallet could be encrypted and stored electronically in an email, or USB key etc (This is it's own rabbit hole of risks that I will not go down lol).
Whew, I know. [...]
[...]
Hold on... we are just getting started.
Aha! You might say. Use multisig!I like it. This method can use "geolocation entropy" to our advantage! Now we can reduce much of our risk by storing our seeds in multiple places. And even if you stored the password WITH the seed (which I do not like, still) an attacker would not be able to get to anything that requires more than 1 key to access.
And yet, this too has some hidden risks. Did you know that you need all of your XPUBs (or zpubs or ypubs) if you are going to use the "x" number of keys in an x of y setup? In other words... There are scenarios where you can have 2 of 3 seeds in a 2 of 3 multisig setup and and be shit out of luck. So, you have to safeguard all of your xpubs as well. So you could store all three x pubs with each seed, but then you have also reduced your security somewhat. Because all an attacker needs in that scenario is two seeds, where if the XPUBs are elsewhere then the attacker cannot access anything with just 2. Now a view only electrum wallet or the like can take care of this. Gives you a way to send coins to storage and also a way to backup your 3 XPUBS. That view only wallet could be encrypted and stored electronically in an email, or USB key etc (This is it's own rabbit hole of risks that I will not go down lol).
Whew, I know. [...]
Indeed whew, it is not easy. Casa made it one of their premium business plans for $5k per year. Still I think if you want to do it yourself, multisig is the way to go. Not only because of sudden inheritance or extortion, but as well no more fear over losing your seed, no worries about malware on a single machine or a compromised hardware wallet vendor (use multiple brands in the setup), less likely copy/pasting an incorrect addresses, etc etc.
Regarding the bold part, I don't really see the issue (apart from nosy cosigners able to create a watch-only wallet and seeing the balance!). If you feel having retrieved two seeds should not be sufficient (2/3 multisig), just go for a 3/5 multisig setup.
What you could do in your 2/3 multisig setup is splitting the seeds using Shamir's Secret Sharing, made user friendly by Trezor. Each seed can be split into 2-of-3, and each sheet containing one of the XPUB's. It requires the sheets to be stored at separate locations though, which increases the chance losing access to all three XPUB's.