Re: 12 Word Recovery Phrase - a security weakness? My (free and simple!) solution(s)

Quote from: o_e_l_e_o on October 07, 2022, 09:03:26 PM

Quote from: LoyceV on October 07, 2022, 01:53:21 PM

Instead of making it random and publishing it, why not use the username and date as a random seed, and use a pseudo-random list that you can reproduce? It's just as unlikely to be guessed, but you won't lose it.

Because now, in addition to your number pairs, you have to remember/back up the specific username and date, as well as the method/code you used to turn them in to your deterministic list.

I was responding to the idea to choose an account name and day, which means you'll need to remember them anyway. By making the order of the list deterministic, at least you don't have to rely on Github.

Quote

Complexity is the enemy of security, and this is all getting very complex.

Agreed. This is going to lead to a whole new level of recovery requests.

Quote from: Welsh on October 07, 2022, 10:28:07 PM

Quote from: LoyceV on October 07, 2022, 01:53:21 PM

This has always been my main concern about Bitcoin: the balance between making sure I don't lose access, and making sure nobody else gains access.

Good, it should be all of ours biggest concern.

That's one way of putting it Cheesy

I agree it should be our main concern, but I don't like that I still haven't found a solution that makes me 100% comfortable. I know ignorance is bliss, but that doesn't make it more secure for the unaware n00b.