← @ChristopherA Twitter archive
Christopher Allen
@ChristopherA
#SmartCustody Adversary - Key Fragility
KEY FRAGILITY. For many, this is the big adversary in digital-asset management: the one most likely to cost you your assets. That makes it a big concern in #SmartCustody too. (1/13)
7/7/2020, 3:04:00 PM
Favs: 9
Retweets: 3
linkChristopher Allen
@ChristopherA
To offer the motivation: "I am entropy writ small. All I need to do is mislay a digit or two from a ridiculously large number, and my job is done." (2/13)
7/7/2020, 3:04:00 PM
Favs: 1
Retweets: 0
linkChristopher Allen
@ChristopherA
But it's an adversary that you can actively help: "Perhaps you could make my job easier by encoding or obscuring your key or by maintaining just a single copy; complexity and singularity both beget fragility in different ways.." (3/13)
7/7/2020, 3:04:00 PM
Favs: 1
Retweets: 0
linkChristopher Allen
@ChristopherA
In other words, KEY FRAGILITY is the problem of not just losing your key, but copying it wrong or having it corrupted in storage or even losing it due to the difficulty of a scheme for splitting it up. A private key is complex and that makes it a point of failure. (4/13)
7/7/2020, 3:04:00 PM
Favs: 1
Retweets: 0
linkChristopher Allen
@ChristopherA
The tales of losing keys to cryptocurrency are legion. A bug in the code wrote the the wrong key to disk. Keys on a hard drive accidentally erased, a hard drive sent to the dump by a maid. Paper keys lost in a fire, others turned to mush by a fire fighter's hose. (5/13)
7/7/2020, 3:04:01 PM
Favs: 1
Retweets: 0
linkChristopher Allen
@ChristopherA
You can even lose a key by losing the PIN to your hardware wallet, a number that you probably thought was very simple to recall. (6/12) https://www.wired.com/story/i-forgot-my-pin-an-epic-tale-of-losing-dollar30000-in-bitcoin/
7/7/2020, 3:04:01 PM
Favs: 1
Retweets: 0
linkChristopher Allen
@ChristopherA
So don't place trust in mnemonics. Don’t assume that you can remember that extra BIP38 secret word. Definitely don't assume you can put your key in a memorized brainwallet! (7/13)
7/7/2020, 3:04:01 PM
Favs: 1
Retweets: 0
linkChristopher Allen
@ChristopherA
Instead, have faith in manufactured titanium. You can etch your key into it, and as long as you make sure it's clear and precise, and that it's stored safely, it'll be there, forever (or close enough for your purposes). (8/13)
7/7/2020, 3:04:01 PM
Favs: 1
Retweets: 0
linkChristopher Allen
@ChristopherA
This adversary also suggests that you don't want to out-clever yourself. Every single thing you do to make a key harder to access, from hiding it to encrypting it makes it that much more likely that you'll lose it. (9/13)
7/7/2020, 3:04:01 PM
Favs: 1
Retweets: 0
linkChristopher Allen
@ChristopherA
Among my colleagues that contributed to bitcoin-core, an informal survey showed the greatest losses were due to KEY FRAGILITY, in particular loss or misuse of an added BIP38 secret word. (10/13)
7/7/2020, 3:04:02 PM
Favs: 1
Retweets: 0
linkChristopher Allen
@ChristopherA
We focus on single key cold storage scenarios in v1 of #SmartCustody, future multisig scenarios can address some risks, multisig also means that more information needs to be backed up, and successfully restored. So KEY FRAGILITY will continue to need to be addressed. (11/13)
7/7/2020, 3:04:02 PM
Favs: 1
Retweets: 0
linkChristopher Allen
@ChristopherA
Remember that #SmartCustody is ultimately about considering risks and unemotionally assessing them. So consider: is your offline cold-storage seed more likely to be stolen by a thief or more likely to be lost or forgotten by you? (12/13)
7/7/2020, 3:04:02 PM
Favs: 1
Retweets: 0
linkChristopher Allen
@ChristopherA
Have your own stories of Key Fragility impacting digital assets? Your own solutions? Let us know! And please consider supporting #SmartCustody. We're working on V2, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (13/13)
7/7/2020, 3:04:02 PM
Favs: 1
Retweets: 0
link