Why am I experiencing a mnemonic seed recovery failure? What are derivation paths? Is there a security risk for watch-only wallets with the master public key? Is there a security benefit from splitting funds between multiple hardware devices and seeds?
These questions are from the March monthly subscriber session, which took place on March 30th 2019. If you want early-access to talks and a chance to participate in the monthly live Q&As with Andreas, become a patron: https://www.patreon.com/aantonop
RELATED:
Are hardware wallets secure enough? – https://youtu.be/3zNVDIz6Snw
How do I choose a wallet? – https://youtu.be/tN6b62sEpsY
Secure, tiered storage system – https://youtu.be/uYIVuZgN95M
Hardware wallets and attack surface – https://youtu.be/8mpDcBfNA7g
Setting up secure storage devices – https://youtu.be/wZ9LxLLvfXc
What is a private key? – https://youtu.be/xxfUpIV9wRI
How do mnemonic seeds work? – https://youtu.be/wWCIQFNf_8g
Using paper wallets – https://youtu.be/cKehFazo8Pw
Key storage best practices – https://youtu.be/A5I55aOgX2o
Wallet design and mass adoption – https://youtu.be/WbZX6BDZJHc
Cryptographic primitives – https://youtu.be/RIckQ6RBt5E
Public keys vs. addresses – https://youtu.be/8es3qQWkEiU
Re-using addresses – https://youtu.be/4A3urPFkx8g
Passphrases and seed storage – https://youtu.be/jP7pEgBpaO0
Coin selection and privacy – https://youtu.be/3Ck683CQGAQ
Multi-signature and distributed storage – https://youtu.be/cAP2u6w_1-k
Nonces, mining, and quantum computing – https://youtu.be/d4xXJh677J0
Is quantum computing a threat? – https://youtu.be/wlzJyp3Qm7s
How to get people to care about security – https://youtu.be/Ji1lS9NMz1E
Wallets, nodes, and monetary sovereignty – https://youtu.be/8Hb3tUn8s4E
Andreas M. Antonopoulos is a technologist and serial entrepreneur who has become one of the most well-known and respected figures in Bitcoin. He is the author of “Mastering Bitcoin,” “The Internet of Money” series, and “Mastering Ethereum.”
Follow on Twitter: @aantonop https://twitter.com/aantonop
Website: https://antonopoulos.com/
Subscribe to the channel to learn more about Bitcoin & open blockchains; click on the red bell to enable notifications about new videos!
MASTERING BITCOIN, 2nd Edition: https://amzn.to/2xcdsY9
Translations of MASTERING BITCOIN: https://bitcoinbook.info/translations-of-mastering-bitcoin/
THE INTERNET OF MONEY, v1: https://amzn.to/2ykmXFs
THE INTERNET OF MONEY, v2: https://amzn.to/2IIG5BJ
Translations of THE INTERNET OF MONEY:
Spanish, ‘Internet del Dinero’ (v1) – https://amzn.to/2yoaTTq
German, ‘Das Internet des Geldes’ (v1) – https://amzn.to/2LEiyqO
German, ‘Das Internet des Geldes’ (v2) – https://amzn.to/2VCzse5
French, ‘L’internet de l’argent’ (v1) – https://www.amazon.fr/Linternet-largent-Andreas-M-Antonopoulos/dp/2856083390
Russian, ‘Интернет денег’ (v1) – https://www.olbuss.ru/catalog/ekonomika-i-biznes/korporativnye-finansy-bankovskoe-delo/internet-deneg
Vietnamese, ‘Internet Của Tiền Tệ’ (v1) – https://alphabooks.vn/khi-tien-len-mang
MASTERING ETHEREUM: https://amzn.to/2xdxmlK
Music: “Unbounded” by Orfan (https://www.facebook.com/Orfan/)
Outro Graphics: Phneep (http://www.phneep.com/)
Outro Art: Rock Barcellos (http://www.rockincomics.com.br/)
source
Andreas I think the bip39 protocol is excellent. But I would like to see the addition of a Deep Freeze protocol added to the bip39 protocol, for use with the user-defined extra passphrase or password option.
In essence I would like to have the option of 3 Factor Authentication. Which would result in three levels of Bitcoin storage ( hot, cold and Deep Freeze).
Currently bip39 is set to 2048 rounds of iteration. Which is a value that Gregory Maxwell has criticized as being insufficient and meaningless.
I propose that the rounds of iteration be user-selectable based on the character lengths of the user-defined passphrase or password.
The range of iterations could go from the current default of 2048, all the way up to the range of brute force impossibility. Moore's Law could be used as a guide for the range of iteration choice.
For example, a passphrase or password of less than 25 characters could default to the current 2048 iterations. Over 25 characters would progressively increase the rounds of iteration all the way to brute force impossibility.
In fact at a greater than 25 character passphrase or password length Argon2 could kick in with its extra ASIC resistance.
See, I don't care if it takes 30 minutes for my laptop or HW to create or unlock my private keys stored in Deep Freeze. It won't be accessed that often. The option of the added security is worth the small user inconvenience to me.
That's my story, and I'm sticking to it..?
cc.. Gregory Maxwell
You also need to know what character the address begins with. Whether it begins with "1", with "3" or with "bc1". The wallet generates a completely different set of addresses for the same seed, depending on what kind of wallet you choose, and the choice is not obvious, for instance in Electrum the "bc1" addresses are called "SegWit native". Make sure that the addresses you wallet generates look the same as the original address, otherwise change wallet type.
I think it should be mentioned here that revealing the master public key and just ONE PRIVATE KEY from an HD wallet account compromises ALL PRIVATE keys from that account!!! Meaning that if you have 0BTC at address #1 and 100BTC at address #2 and you reveal the master public key and the private key of the address #1, the private key of all derived addresses including the address containing 100BTC are compromised.
Hi Andreas,
It could be a stupid theory of conspiracy but… I wonder if the 2 or 3 biggest miners could work together and orchestrate an attack of 51% just hacking the number of miners left necessary to win. My point is: Miners are a pool of computers connected to the internet and I guess most of them are physically in the same place, therefore the hacking could be simply cutting out the internet connection with the world. In this case, the 3 biggest miners would be the majority. Is it possible? Thanks!
When I tested my ledger seed on samourai it showed zero balance. Then I asked it to show the XPUB, YPUB, and ZPUB. That's when it found all the deposits. It's default is legacy addresses, not segwit.
This and your previous video are Gold! I love bip39, because I'm just not comfortable having a physical backup of my private keys without the additional protection of a high entropy secret passphrase or password.
On the other hand I'm not comfortable without having physical backups of my private keys. Damned if I do, damned if I don't. This is why I love keepass and keepass2android.
I can make 3 physical backups of my seed on paper Etc, and store them in different locations. Then use keepass to store and synchronize the passwords in the cloud. Protected by a master password and a key file that is only stored on my devices.
As part of a testament for a loved one you could append a simple password to the high entropy passphrase. Then whisper the word in their ear. Or write it on a piece of paper, and burn it afterwards. It doesn't even have to be an English word. It could be Swahili.
For me this scenario is one conceivable sweet spot. It's simple, and the probability of anyone but the intended getting all three pieces is highly improbable.
Feel free to rip this scenario to pieces. When it comes to security, or life and death, there is no pride or shame..?
Thank you for addressing my comment from your last video 🙂
Keep in mind that most wallets are scanning only 20 addresses ahead. If there is more than 20 unused addresses, the wallet will stop scanning and you will not be able to see the amounts of the remaining addresses.
The easiest solution is to fill the gap by sending a small amount of satoshis to ~10th unused address.
I hope you're prepared 2 talk about Craig rights current patent application on Bitcoin I think your voice is really needed on this issue is Bitcoin public domain by now or can we simply proceed with BTC
Andreas, would you invest in ETH or only BTC?
The master.