Hacker News new | past | comments | ask | show | jobs | submit login

This is what stresses me out the most about crypto. The supposed gold standard is a hardware wallet and access is done via 12-word recovery phrase but even that is sketchy. If I'm not wrong all an attack has to do is get recovery phrase and load it into another hardware wallet if they don't have mine, this is functionality is there if the hardware wallet fails. If I've been doxxed and have several mil in crypto, thieves can break into my house steal and crack my safe or hold me at knifepoint and ask me to open it.

I'd want to keep it on in encrypted file but even that is sketchy if I have to have in on multiple clouds.




> thieves can break into my house steal and crack my safe or hold me at knifepoint and ask me to open it.

you: "sorry, i have a multi-sign wallet and the other signatory lives at the other end of the world"

thieves: understandable, have a nice day


thieves: it's fine, you can ring them and explain the situation as we remove your fingernails

(This technique has been used in real bank robberies; both of the people required to open Northern Bank had their families taken hostage https://www.theguardian.com/uk/2008/oct/09/northernbankrobbe... , and that was for a mere £28m in easily traceable physical money!)


Actual thieves: "Cool. We're going to kidnap you and beat you until your other signatory coughs up access."


Many people are very rich and don't own crypto. You can kidnap them also and do the same thing. This is common in many parts of the world. The US used to have this problem also and got it under control by the state focusing on capturing kidnappers and putting them in jail. Crypto does make the transfer of anonymous money a bit easier, but so does motor vehicles.


+1

Something something xkcd $5 wrench


Also, in ten years you won’t know what to do with the 12 words because the application was abandoned and when you try to install it you get some error messages from npm about certain dependencies being deprecated.


It’s fairly easy to derive the keys yourself, don’t expect any single piece of software going dead would cause a problem.

https://github.com/nilcons/crypto-key-derivation

Crypto currencies will be worth jack shit in 10 years in all likelihood though..


You have a different definition of easy than I do! You have to figure out which of those your client was using at the time, and then how to convert it into a currently functional client’s private key format. Most people need to hire a specialist to figure that out.


There are standards for seed phrase generation and the big providers mostly use the same one called BIP-39 I think. That's why they advise writing the standard and wallet and some other info down with the seed phrase, a layperson likely won't


The gold standard is multi-sig with at least 3 hardware signing devices.

Devices can be permanently geographically distributed, protecting from disaster in any single location. This is superior to shamir’s because it never requires the single all-powerful private key to exist, removing that as a single point of failure/compromise.

So far this is only 100% achievable with Bitcoin as far as I know.


Don't keep your backup fully available at your house for this reason. Figure out we way to split it up and distribute it, but with redundancy.


So like split the seed phrase into part A and B, make 3 copies of each. Rent 6 safety deposit boxes around the world for each copy of A and B?

Impractical for most but I supposed if you are protecting several million, it's worth the security.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: