This is wrong; it means you're doing mnemonics wrong: https://twitter.com/JuricaBulovic/status/1047690723649343488
It's in response to this thread:
Been trying to explain to people for years: with a small initial commitment, it's possible to remember mnemonic phrases over periods of *years* where you only have to call it back to mind from time to time (like, gaps of months, eventually...). And you have a physical backup of course, but the very fact that you don't have to access that, ever, is powerful.
Make the contents of the story emotionally resonant for you personally, and/or use something that's deeply cultural, like fairy tales.
It also amuses me that both Vitalik Buterin and Greg Maxwell have disagreed with me on this over the years. That's a rare combination :)
And they're both wrong, so there!
@waxwing I think Andreas Antonopolous mastered the emotionally resonant storyline :)
Ah, doesn't surprise me, although I don't remember where he talked about that :)
Indeed, what I suggest isn't particularly controversial, except it's interesting there's security experts and even academic literature suggesting "human brain is not capable of memorising sufficient entropy", which I think is based on a completely false premise.
Of course, I'm not talking about making up passphrases myself! And nor a few words; 12 words from the electrum/bip39 dicitionaries, so 128 bits, or 24 for 256 bits, is what I'm talking about.
Sorry if I wasn't explicit.
@waxwing I should have learned this earlier. I lost BTC by memorising words not a story.
While I agree it's possible to remember a seed, I strongly recommend against it as the only way to access your funds (unless maybe for a very short period of time).
Agreed about 'only' ; said as much in my little rant :) The nuance is not having to *access* the physical backup is a really nice feature of this way of doing things.
@waxwing personally I prefer not to be able to access my seed whenever I want. Part of my security model is that I need to both know a secret and be physically where a copy of the keys are stored, so I don't have to worry about me doing something stupid while drunk, high or under threat of violence
Yes, very good point, for proper cold storage. Although it's a tricky balance.
Note of course the passphrase approach where you can generate ~ infinite different wallets from a single seedphrase, very helpful for deniability constructs.
The most important thing to me about the mnemonic is to be able to create a wallet (let's say a "warm" wallet, i.e. non zero funds, but for actual spending) that doesn't require anything else to access - e.g. for crossing borders.
@fed Additional points to bear in mind (you know all this but others might not):
Safety from theft vs safety from accidental loss: two very different threat models, we can try to address both but there's an obvious inherent conflict.
A related idea: 'brittleness' - good example of this is N of N multisig, can be ultra-secure but results in total loss of funds with one single procedural failure.
I like deniability and steganographic tricks for the coercion risk.
And, forgot to say, I'm suspicious of hardware based solutions including hardware wallets. I'm dubious about them for long term storage, but think they're probably great for spending (as long as you figure out the blockchain access with privacy part).
@waxwing I totally agree, expecially for devices purchased after the 2017 bubble that have attracted more potential attackers. Hardware wallets may still be the best trade-off between security and usability, but for cold storage where the focus is definitely security I prefer to use general purpose hardware which is less a target in production phase and in supply chains
@waxwing I agree with you in principal, however, a good physical backup system is paramount. Any memory-based backup should be absolutely supplemental to this, advocating for any less than that is irresponsible. (not to say your advice is irresponsible, I understand it isn't, I just mean in general).
I'm curious, on what grounds did V Buterin and G Maxwell disagree with you? Creating more physical copies could be a security risk, but memory is different in this regard.
I could never get it really clear from GMax, Vitalik referred to an academic study, but the contents were about a setup using some reasonable number of 3-5 words (much larger dict) and seeing if people could remember; but there was no mention of elementary mnemonic techniques iirc.
I think gmax's view is coloured by the fact that the 'brainwallet' concept is broken, and memory is just unreliable.
The brainflayer guy (ryan c?) is in the same camp. Other bitcoin devs too.
And yeah, it is irresponsible to suggest not using a physical backup, but it's also irresponsible to encourage people to move through dangerous environments with obvious physical evidence of having BTC (like a Trezor). It just annoys me that that side gets thrown under the bus "because brainwallet" and now everyone thinks that "only a fool wouldn't use a hardware wallet". Or something.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!