Recently I found myself to test out an Trezor. For people not aware this is a hardware wallet for cryptocurrencies (such as Bitcoin). It was very happy with my new toy, however during the installation I noticed an rather opaque security flaw in the design.
When you get the Trezor one of the first steps is initializing the device. There are two initialization steps: changing the pincode, create an recovery seed. Now it is the seed I'll be talking about. Along with the Trezor device they give you two booklets intended to write down your recovery seed.
The task is rather straightforward and it's quickly done. You simply go 1 by 1 through 24 words, and write them down in the booklets. After you have done that the Trezor will do an test with 5 words are random locations to make sure you didn't write anything wrong.
But now it gets rather interesting where do you actually store these two booklets? Andreas mentioned he uses a bank deposit box in one of his youtube videos. This makes sense, you can store one at home, and one in your bank deposit box - but is that really the solution you should be using? Well I don't think so, you see the moment there is a burglary, thieves could actually steal your recovery booklet. In case of a bank deposit box, government authorities could seize it.
Now I am not going to claim there is a perfect solution to this problem, but there is a better solution. We call it 'Shamir's Secret Sharing'. The technique invented by Adu Shamir, allows you to encode your data as an algebraic equation that is broken up in various components. Effectively each components reveals a tiny part of the information, with enough pieces the whole puzzle can be reassembled.
This would be a great way to protect your private key or rather your recovery seed. This technique allows you to create 2 out 3 keys. This means any 2 pieces of data will have enough information to decode the entire data. With just 1 piece the information cannot be used. So this allows you to store one of the pieces at home, one of the pieces at the bank, one of the pieces carried around. When you apply this you get security model that I vouch for.
- If you get robbed physically, you only cary one piece, which is not enough.
- If you bank deposit box gets seized, they only have one piece which is not enough.
- If your house gets a break-in and entery, they only have one piece which is not enough.
- In any case you keep two pieces in your posession and you can recover your sensitive data.
So over the weekend while I was in and out of hotels, I wrote a small tool to do this for you: https://phr34k.github.io/SSSForCrypto/ an easy to use website that creates QR Code versions, that can be reassembled by the website.
Keep those bitcoins safe everyone!
When you get the Trezor one of the first steps is initializing the device. There are two initialization steps: changing the pincode, create an recovery seed. Now it is the seed I'll be talking about. Along with the Trezor device they give you two booklets intended to write down your recovery seed.
The task is rather straightforward and it's quickly done. You simply go 1 by 1 through 24 words, and write them down in the booklets. After you have done that the Trezor will do an test with 5 words are random locations to make sure you didn't write anything wrong.
But now it gets rather interesting where do you actually store these two booklets? Andreas mentioned he uses a bank deposit box in one of his youtube videos. This makes sense, you can store one at home, and one in your bank deposit box - but is that really the solution you should be using? Well I don't think so, you see the moment there is a burglary, thieves could actually steal your recovery booklet. In case of a bank deposit box, government authorities could seize it.
Now I am not going to claim there is a perfect solution to this problem, but there is a better solution. We call it 'Shamir's Secret Sharing'. The technique invented by Adu Shamir, allows you to encode your data as an algebraic equation that is broken up in various components. Effectively each components reveals a tiny part of the information, with enough pieces the whole puzzle can be reassembled.
This would be a great way to protect your private key or rather your recovery seed. This technique allows you to create 2 out 3 keys. This means any 2 pieces of data will have enough information to decode the entire data. With just 1 piece the information cannot be used. So this allows you to store one of the pieces at home, one of the pieces at the bank, one of the pieces carried around. When you apply this you get security model that I vouch for.
- If you get robbed physically, you only cary one piece, which is not enough.
- If you bank deposit box gets seized, they only have one piece which is not enough.
- If your house gets a break-in and entery, they only have one piece which is not enough.
- In any case you keep two pieces in your posession and you can recover your sensitive data.
So over the weekend while I was in and out of hotels, I wrote a small tool to do this for you: https://phr34k.github.io/SSSForCrypto/ an easy to use website that creates QR Code versions, that can be reassembled by the website.
Keep those bitcoins safe everyone!
Comments
Post a Comment