Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    hellosa-sa
    @hellosa-sa
    *which includes multisig
    Casa seems interesting, but possibly too much reliance on a trusted third party
    bitcoinhodler
    @bitcoinhodler
    I'm not aware of anything nearly as thorough or hard-core as Glacier. The nice thing about Glacier, though, is that it uses a pretty straightforward wallet system. There are many ways to withdraw funds even if Glacier itself is no longer supported or working. (It will take some technical expertise, though.)
    Casa provides instructions for withdrawal even without Casa's help. But Casa still knows all your pubkeys and your UTXOs, and you rely on Casa for consensus.
    bitcoinhodler
    @bitcoinhodler
    Other up-and-coming promising alternatives: Specter Desktop (https://github.com/cryptoadvance/specter-desktop)
    hellosa-sa
    @hellosa-sa
    I was able to create both quarantined App disks and went through a successful test run of creating a 2 of 4 wallet on Q1 computer, using the notes you provided
    How can I feel confident that the steps you advised in your notes, which are outside of the verified protocol, is not a security breach which could compromise my funds? (no offense, but I'm sure you understand why I would ask that)
    and if the answer is that I can't, I understand that may be the truth
    bitcoinhodler
    @bitcoinhodler
    It's a good question to ask. You should do your own research about how to download & verify signature on Bitcoin Core releases.
    Because if I gave you a URL to some malware then yes, I could compromise your funds.
    hellosa-sa
    @hellosa-sa
    Thanks. I will check that.
    hellosa-sa
    @hellosa-sa
    I hit another frustrating snag today while doing my first test withdrawal. I was able to make a successful test deposit yesterday. My touchpad froze up in the middle of the withdrawal process while I was scanning in the QR codes, but after I had taken the time to type in all of the private keys on both computers. I haven't been able to figure out how to restart the touchpad without rebooting. Is it secure enough to plug in a quarantined wired usb mouse?
    bitcoinhodler
    @bitcoinhodler
    If I were you I'd try to finish using only the keyboard
    hellosa-sa
    @hellosa-sa
    alright thanks. it's a lot of hunting and pecking, heh. I'll see if I can figure out what the command is to reset the touchpad
    bitcoinhodler
    @bitcoinhodler
    A new wired USB mouse is 99.999% safe, but why take a chance? It could (in theory) compromise that laptop forever
    hellosa-sa
    @hellosa-sa
    You are right. Thanks. I just successfully completed a test deposit and withdrawal on Q1. (Yes, I processed the transaction without confirming on Q2, but it was a small test amount, and I know not to do this with larger sums). Now I just need to make sure the raw signed transaction matches for Q2 after I finish the process on that computer. I doubt I would have gotten this far without your help. Thanks for helping me out.
    hellosa-sa
    @hellosa-sa
    I created two separate 2 of 4 wallets today and noticed that the redemption scripts had some similarities. Is it expected for the two redemption scripts to both begin with the same six characters and also end with the same four characters?
    hellosa-sa
    @hellosa-sa
    Clarification:
    the first six characters were the same for both script. The last four characters were the same for both script.
    bitcoinhodler
    @bitcoinhodler
    Yes, that's normal. They follow a template. There's certain opcodes and numbers (like the 2, for a 2-of-4 wallet) that will be the same.
    You can run bitcoin-cli decodescript (or something like that?) to convert the hex redeem script back to opcodes
    The four pubkeys in the script will be different between your two wallets. The rest will be the same.
    hellosa-sa
    @hellosa-sa
    It's not really addressed in the protocol, but after a successful test deposit and withdrawal have been made, and as long as the rest of the protocol has been executed properly, is it safe to assume that the wallet is ready for use? Or are there any other variations of deposit and withdrawal testing that should be (or could be) done?
    bitcoinhodler
    @bitcoinhodler
    Make sure you understand issue #20: GlacierProtocol/GlacierProtocol#20
    You might want to do two test withdrawals: one using the first two keys, and a second using the other two keys.
    You do not need to actually broadcast either of these test withdrawals; just make sure you see "Sufficient keys: True" or something like that at the end of GlacierScript's output.
    "Sufficient private keys to execute transaction?" must be followed by True. Make sure you see this for both pairs of keys.
    After that, if I were you, I'd make sure your private keys were sealed up and geographically distributed, and only then deposit any significant sum into your new wallet.
    bitcoinhodler
    @bitcoinhodler
    Just to clarify about the test withdrawals: you can use the same UTXOs you previously printed out (and already spent). You've already demonstrated that you can successfully broadcast a withdrawal transaction. All that's left to prove is that each of your 4 keys will work on this wallet.
    hellosa-sa
    @hellosa-sa
    Here’s a question about glacier but also about hodling in general.
    How can a non-technical person be confident in any cold storage solution (glacier, Casa, hardware wallets) if they cannot audit the code for themselves? What steps can someone like me take to have maximum faith in Glacier and/or Casa? I know that I could take the time to learn to audit the code, but that would take more time than I have to make a decision about how to hodl most securely
    bitcoinhodler
    @bitcoinhodler
    That's a problem, for sure. You have to trust the maintainers and reviewers who have their reputations at stake. Glacier had a lot of review for its first release. (Not so much, on the changes made since then.)
    The same problem applies to any Bitcoin wallet software, not just cold storage.
    Or really, any software you ever install on your computer. People abusing that trust is what led to malware.
    bitcoinhodler
    @bitcoinhodler
    This is one of the problems with the ongoing maintenance of Glacier. It needs public maintainers -- people with reputations to uphold. Anonymous maintainers like me are no good because I could put in a backdoor, steal funds, then disappear with no real harm to myself.
    At the same time, any public maintainer is basically announcing to the world that he/she has a large sum of bitcoins. This is not wise.
    As a result we have had several anonymous contributors but a dearth of public reviewers and maintainers.
    hellosa-sa
    @hellosa-sa
    I’m trying to decide between glacier and casa. I have the glacier wallet set up and successfully tested, including testing keys separately as per our discussion earlier this week.
    concern about glacier is complexity when it comes to inheritance. I wrote a five page detailed letter to my loved ones already but still have concerns that they would be able to figure it out without contacting an outsider with technical ability.
    bitcoinhodler
    @bitcoinhodler
    With Casa, they would also have to contact an outsider (Casa), no?
    hellosa-sa
    @hellosa-sa
    Casa can mitigate those risks, but has a separate set of risks. I don’t like that it’s closed source (can they know my private keys?) I don’t like that they send me hardware wallets. I don’t like that It’s not anonymous
    I’m thinking I should use glacier and hope not to die before a better solution comes out
    And provide an exceptional set of instructions to the best of my ability to my non-technical family
    bitcoinhodler
    @bitcoinhodler
    I also have concerns about inheritance. I've written a similar letter. One thing I've considered is developing and documenting a low-security withdrawal process for use if all else fails. Glacier is fairly straightforward single-address multisig. The complexity lies in doing it all securely, using the offline quarantined laptops.
    hellosa-sa
    @hellosa-sa
    That’s a good idea. I think these should be uploaded to glacier in template form
    I meant to say included in the protocol as an appendix or something
    bitcoinhodler
    @bitcoinhodler
    One thing I wrote in my letter was to contact Casa or Unchained Capital for professional help. I'm sure that, for a fee, they can help people recover bitcoins stored with Glacier, and they are much more trustworthy than some rando on bitcointalk.
    hellosa-sa
    @hellosa-sa
    That’s a good idea
    hellosa-sa
    @hellosa-sa
    As a Glacier user, short of ability to audit code for myself, what could give me more confidence that the software packages glacier relies on, including glacierscript, are not compromised such that someone may already know my private keys?