Yea the fees and privacy aspect of multisig are still an issue until signature aggregation is ready for prime time. (Never mind the privacy challenge that storing wallet descriptors everywhere creates)
I have already done one for the Safe 3, will do the Safe 5 when it arrives. (But it just looks like a Trezor T with a secure element, same as the Safe 3)
What happens in the case of slip39 + passphrase, then at a later date adding multi-share? I’m also worried about compatibility in this scenario. I’m more interested in plausible deniability. Passphrase I think is essential.
Passphrase use isn't related to whether or not the seed is multi share, you can use both together. (And re-work the underlying recovery shares at any time)
I have also a question about your new multi share option. Well, in case I loose my Trezor or it's somehow damaged and I need to recreate my wallet using a different wallet, but I bought a Ledger or Tangem, which doesn't have multi share, would I loose my wallet and funds?
You can't lose your wallet if you still have the seed, you would just need to use it in either another Trezor, a Keystone or in a software wallet that supports SLIP39. (Of which there are a bunch now)
If you use it with Sparrow you will see it. Trezor Safe 5 support was merged into HWI 4 days ago (HWI is what sparrow uses for connecting via USB) so expect to see it work properly in the next official release of Sparrow.
This is just for illustration. I have a Trezor Model T. I created a wallet backup with a bip39 high entropy passphrase and Super Shamir. One set is a 3x4. Another set is a 4x4. Another set is a 4x8. I can verify and recover the wallet with 1 from 3x4 and 2 from 4x4 or 2 from 4x8. Can the new slip39 do this like my Mode T? You do good work. Thanks..🧡😊
I didn't cover Super Shamir in this video, but the functionality from the Trezor T is unchanged in this regard and is all still there for all core devices (Trezor T, Safe 3 and Safe 5), though it still needs to be triggered via the command line. :)
@@CryptoGuide Thanks man. But I think I triggered Super Shamir from the touch screen. But it's been a while. So I could be mistaken. But I very much like the command line..👍
Yea you kick the workflow off from the command line (and Maybe Electrum) but once it is started, you select all the stuff on the touchscreen of the device itself.
I heard there’s some sort of auto firmware update feature in one of the recent trezor updates that could be a potential security risk? Is that accurate or am I just hearing nonsense? I didn’t see it in their release notes.
Trezor Suite, the companion software provided by Trezor does have an option for an in-app auto update of itself, but this isn't really related to the hardware, as you will need to confirm firmware updates on-device and the device itself will also only accept official signed updates from Trezor. (Unless you have specifically selected to load unofficial firmware, which will throw all kinds of warnings)
is BIP39 seed still safe to use? i heard that it doesnt contain a version number which may cause issues in the future does that mean we can lose our funds ?
not interesed in shamir share , ledger nano firmware update already locked me out of some of its important features, i i will not update to accept the shamir , is there a hardware wallet that does not us the three shamir share , as im not interested in it .. ? thanks ?
I have the trezor 5 in the setup I picked the slip 39 it generated a single seed do I have to go back in settings and chose the multi share …with slip 39 will I be able to transfer crypto to a new cold wallet vendor if trezor went out of businesses…if I have not moved any crypto on to the cw but completed setup can I reset the trezor and select bip39 thanks
There are a few options to recover SLIP39 wallets without a Trezor, but support for other hardware wallets is quite limited at the moment. That said, you can still just use the Trezor 5 with a BIP39 seed just fine.
You can also add a passphrase for all slip39 wallets, the number of shares isn't relevant to this. SLIP39 multi-share is much less error prone, as the share words are chosen for you have a checksum for each set.
so when I use slip39 multishare, I have two ways to restore the wallet (original single share and multishare) and passphrase will be compatible with both options?
So if you can still recover from the original seed, even after you have set up multi-share, what’s the point? Should you destroy the original seed record and just use the multi-share from then on?
It depends on your setup but you might do something like have a full copy in a safe in your home and have a multi-share set distributed amongst different locations or people. (Or something like that) That said, most people probably want to destroy the single backup after creating (and testing) the multi-share backup.
Dang, I bought the bitcoin only safe 5 and a 20 word Trezor backup. Would you move your entire funds onto this? I did this because all my funds are on a ledger and I was afraid of the ledger recover being a point of entry to extract my seed. Maybe I should just keep my ledger on bip39. Any thoughts?
Yea it's *significantly* stronger, (So like 1 in a billion chance of having a false positive checksum for all SLIP39 seed types, as opposed to 1/16 for 12 words and 1/256 for 24 words) having 30 bits for the checksum regardless of the length of the SLIP39 mnemonic. (See here: github.com/satoshilabs/slips/blob/master/slip-0039.md#format-of-the-share-mnemonic)
Excellent video. This is a valuable channel proving clear practical security focussed advice.
Glad it was helpful :)
Great deep dive. Thanks for covering it!
Thanks, no worries :)
I prefer traditional bip39 + mutlisig. Might revisit later when more hw manufactures support these new standards. Good video btw.
Yea it depends on what you are trying to achieve as well as how much complexity you can manage. :)
@@jordanrox007 multisig is unfortunately on chain, more expensive on fee. Here you build the private key off chain
Yea the fees and privacy aspect of multisig are still an issue until signature aggregation is ready for prime time. (Never mind the privacy challenge that storing wallet descriptors everywhere creates)
@@jordanrox007 seems my comments are disappearing?
They get flagged as spam, so need manual approval. (No idea why, though looks like I can manually flag users as safe, so should be fine from now on)
Thanks a lot! Are you going to have a more in-depth review of the new Safe 3 and Safe 5 models, especially on the new security improvements?
I have already done one for the Safe 3, will do the Safe 5 when it arrives. (But it just looks like a Trezor T with a secure element, same as the Safe 3)
I would have lost all my crypto long ago if I hadn’t started watching you in 2020
Glad it helped :)
Awesome video, thank you.
Thanks, glad it helped :)
What happens in the case of slip39 + passphrase, then at a later date adding multi-share? I’m also worried about compatibility in this scenario.
I’m more interested in plausible deniability. Passphrase I think is essential.
Passphrase use isn't related to whether or not the seed is multi share, you can use both together. (And re-work the underlying recovery shares at any time)
I have also a question about your new multi share option. Well, in case I loose my Trezor or it's somehow damaged and I need to recreate my wallet using a different wallet, but I bought a Ledger or Tangem, which doesn't have multi share, would I loose my wallet and funds?
You can't lose your wallet if you still have the seed, you would just need to use it in either another Trezor, a Keystone or in a software wallet that supports SLIP39. (Of which there are a bunch now)
Is there any way to see the master fingerprint of the trezor safe 5?
Have you been able to connect the trezor safe 5 to sparrow or Nunchuk?
If you use it with Sparrow you will see it. Trezor Safe 5 support was merged into HWI 4 days ago (HWI is what sparrow uses for connecting via USB) so expect to see it work properly in the next official release of Sparrow.
This is just for illustration. I have a Trezor Model T. I created a wallet backup with a bip39 high entropy passphrase and Super Shamir. One set is a 3x4. Another set is a 4x4. Another set is a 4x8.
I can verify and recover the wallet with 1 from 3x4 and 2 from 4x4 or 2 from 4x8. Can the new slip39 do this like my Mode T?
You do good work. Thanks..🧡😊
I didn't cover Super Shamir in this video, but the functionality from the Trezor T is unchanged in this regard and is all still there for all core devices (Trezor T, Safe 3 and Safe 5), though it still needs to be triggered via the command line. :)
@@CryptoGuide Thanks man. But I think I triggered Super Shamir from the touch screen. But it's been a while. So I could be mistaken. But I very much like the command line..👍
Yea you kick the workflow off from the command line (and Maybe Electrum) but once it is started, you select all the stuff on the touchscreen of the device itself.
Thanks for the video, slip39 20 words single backup is more secure than bip39 12 and 24 words?
A 20 word SLIP39 backup is a 128 bit key, the same as a 12 word BIP39 seed. (And 128 bit is fine)
When I download your databases from the site, I can’t open them in Windows, how can I solve this problem??
Don't spam multiple videos, one comment thread is enough
I heard there’s some sort of auto firmware update feature in one of the recent trezor updates that could be a potential security risk? Is that accurate or am I just hearing nonsense? I didn’t see it in their release notes.
Trezor Suite, the companion software provided by Trezor does have an option for an in-app auto update of itself, but this isn't really related to the hardware, as you will need to confirm firmware updates on-device and the device itself will also only accept official signed updates from Trezor. (Unless you have specifically selected to load unofficial firmware, which will throw all kinds of warnings)
@@CryptoGuide Ah, ok, good. I figured trezor wouldn’t do something stupid like auto update firmware. Good to hear.
Yea even Ledger haven't gone that far ;)
is BIP39 seed still safe to use? i heard that it doesnt contain a version number which may cause issues in the future does that mean we can lose our funds ?
Yes it's fine
not interesed in shamir share , ledger nano firmware update already locked me out of some of its important features, i i will not update to accept the shamir , is there a hardware wallet that does not us the three shamir share , as im not interested in it .. ? thanks ?
Ledger doesn't support it and it's only optional for Trezor, BIP39 is still filly supported.
1. Generate 2 words, mnemonic words, will there be any repetition
Yea that's normal for single share SLIP39 wallets
I have the trezor 5 in the setup I picked the slip 39 it generated a single seed do I have to go back in settings and chose the multi share …with slip 39 will I be able to transfer crypto to a new cold wallet vendor if trezor went out of businesses…if I have not moved any crypto on to the cw but completed setup can I reset the trezor and select bip39 thanks
There are a few options to recover SLIP39 wallets without a Trezor, but support for other hardware wallets is quite limited at the moment. That said, you can still just use the Trezor 5 with a BIP39 seed just fine.
Hi, when I use passphrase for single share and after that upgrade for multi share, passpharse will work for multishare backup too?
And what advantage does slip39 have against bip39 backup+passphrase?
You can also add a passphrase for all slip39 wallets, the number of shares isn't relevant to this.
SLIP39 multi-share is much less error prone, as the share words are chosen for you have a checksum for each set.
so when I use slip39 multishare, I have two ways to restore the wallet (original single share and multishare) and passphrase will be compatible with both options?
That's right.
So if you can still recover from the original seed, even after you have set up multi-share, what’s the point? Should you destroy the original seed record and just use the multi-share from then on?
It depends on your setup but you might do something like have a full copy in a safe in your home and have a multi-share set distributed amongst different locations or people. (Or something like that)
That said, most people probably want to destroy the single backup after creating (and testing) the multi-share backup.
Trezor T had snorr backup, they replaced it with slip39?
Trezor T had SLIP39 too, but didn't support the ability to re-create backup sets like is possible now with their update to the standard.
Dang, I bought the bitcoin only safe 5 and a 20 word Trezor backup. Would you move your entire funds onto this? I did this because all my funds are on a ledger and I was afraid of the ledger recover being a point of entry to extract my seed. Maybe I should just keep my ledger on bip39. Any thoughts?
You can still use BIP39 with the Safe 5, so unless you plan to go to multi-share backups later, you can just leave it as-is.
Crypto guide is very smart
Thanks ;)
@@CryptoGuide true
;)
@CryptoGuide thanks for the explanation of the difference in SLIP39 and bip39 didn't know the check sum was more them a 24 seed
Yea it's *significantly* stronger, (So like 1 in a billion chance of having a false positive checksum for all SLIP39 seed types, as opposed to 1/16 for 12 words and 1/256 for 24 words) having 30 bits for the checksum regardless of the length of the SLIP39 mnemonic. (See here: github.com/satoshilabs/slips/blob/master/slip-0039.md#format-of-the-share-mnemonic)
Great video! 👍
Is this different to Shamir? Or is this indeed Shamir?
SLIP39 is a specific implementation of Shamir :)