Home Foren Trezor Wallet Ich bin neu in der Krypto-Branche. Irgendwelche Expertenmeinungen zu diesem Shamir-Backup-Setup?

Ansicht von 4 Antwort-Themen
  • Autor
    Beiträge
    • 4. November 2021 um 16:30 Uhr #117450
      root_s2yse8vt
      Administrator
      Up
      0
      Down
      ::

      Ich habe darüber nachgedacht, wie man Seed-Phrasen sicher digital speichern kann.

      Was ist Ihre Meinung über die Erstellung eines Shamir-Backups (sagen wir 5), dann die Speicherung jedes Schlüssels in einer eigenen verschlüsselten Datei und dann das Hochladen eines jeden zu einem bekannten Cloud-Service sagen iCloud, Dropbox, OneDrive etc…

      Alle Dienste werden ihre eigenen Anmeldeinformationen, 2FA und so haben.

      Ich behaupte, dass die Wahrscheinlichkeit, dass alle Dienste gleichzeitig gehackt werden, fast gleich Null ist, und Sie sollten davor geschützt sein, dass Ihre Dateien zerstört oder beschädigt werden.

      Sie müssen nur dafür sorgen, dass die Kontosicherheit für jeden Dienst gut eingerichtet ist.

      Haben Sie noch etwas hinzuzufügen oder ist das generell eine schreckliche Idee?

    • 4. November 2021 um 16:30 Uhr #117453
      User
      Gast
      Up
      0
      Down
      ::

      This means that all your shares will exist on the same PC at the same time, before you encrypt and upload (and hopefuly securely erase) to each service.

      The seeds will also exist at the same time on the same PC when one day you need to recover.

      Realistically speaking, it’s extremely unlikely that a Shamir stealing malware exists today — not enough people use Shamir, much less by putting it on a PC, so it’s not worth implementing. It’s difficult to say if the situation will be the same 10 years in the future though.

      You _could_ be careful and, e.g., access each service from a different dedicated PC on a different network, and only put the seeds together in the Trezor itself. It’s starting to sound like a lot of work, which might be better spent ensuring your seeds are well stored in the physical world.

    • 4. November 2021 um 16:30 Uhr #117454
      User
      Gast
      Up
      0
      Down
      ::

      Security issues aside…

      This sounds like you would also adding a bunch of fragility to your backups, as you could easily end up in a situation where you used a single 2fa for all of them, forget encryption keys, etc.

      A big part of the power of slip39 is that it allows you to distribute physical backups for redundancy without sacrificing security (And gives you lots of flexibility) or introducing a high amount of complexity.

    • 4. November 2021 um 16:30 Uhr #117455
      User
      Gast
      Up
      0
      Down
      ::

      I would also look into Gnosis Safe. It’s free and useful for moving your funds to a multi-sig. For example 2 out of 3 people/addresses can execute transactions such as withdraws. That way if one key gets lost, a person dies, or the private key gets in the wrong hands, your funds are still ok. And it has built in support for a lot of farming/pool stuff:

      [https://gnosis-safe.io/](https://gnosis-safe.io/)

    • 4. November 2021 um 16:30 Uhr #117456
      User
      Gast
      Up
      0
      Down
      ::

      In this case the whole security of your backup setup depends on proper security, storage and distribution of credentials and 2fa apps/keys. Those credentials should not be in one place: head, password manager, paper. And should be properly duplicated to prevent loss, and properly hidden to prevent theft. Best way to satisfy both needs is to use shamir secret sharing. imo this setup adds additional complexity, and introduces unnecessary risks.

  • Autor
    Beiträge
Ansicht von 4 Antwort-Themen
  • Du musst angemeldet sein, um auf dieses Thema antworten zu können.