Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
burn the bridge Profile picture
@econoalchemist
Nov 3, 2021 18 tweets 10 min read Read on X
Scrolly
1/18 Storing clear text secrets without risking it all.

A thread on @COLDCARDwallet's Seed XOR function, what it is, and how to use it. Image
2/18 This thread is the short version of a more detailed article which can be found on the @BitcoinMagazine website here:

bitcoinmagazine.com/guides/how-to-…
3/18 The full article covers @COLDCARDwallet unboxing, initial setup, PIN creation, Firmware update & verification, creating a new wallet, and adding a passphrase. Check the full article if you are setting up your ColdCard for the first time. ImageImageImageImage
4/18 Securing your #Bitcoin seed words in steel mitigates environmental hazards like fire & flood. Without an added passphrase, the steel backup alone could be used to steal your #bitcoin if it fell into the wrong hands. Seed XOR provides plausible deniability & added security. Image
5/18 The plausible deniability is introduced because Seed XOR splits an existing seed phrase into multiple, fully functional seed phrases. These could be loaded with duress funds and stored in separate geographic locations.
6/18 The added security comes from the requirement for all pieces to be used in reconstructing the original seed phrase. This differs from multisig. Consider the tradeoffs carefully not only for you but also your loved ones who may be restoring your wallet without you some day.
7/18 With Seed XOR, any physical copies of your original seed can be destroyed and then the pieces from the split, stamped in your steel backups can be used to reconstruct it while also acting as fully functional wallets themselves.
8/18 Navigate to Advanced>Danger Zone>Seed Functions>Seed XOR>Split existing. Then you will see a short description of what you are about to do with the option to split your seed into two, three or four parts. ImageImageImage
9/18 You'll have the choice between a deterministic split which will result in the exact same sub seed phrases every time or a random split which will always produce different resulting seed phrases. Deterministic could indicate to a savvy attacker that there are missing pieces. Image
10/18 The resulting seed phrases can be double checked, tested, and then marked and stamped into your steel backups. Then the paper copies can be safely destroyed 🔥 ImageImageImageImage
11/18 Then think about your threat model and where you want to securely store your steel backups. Geographic distance, accessibility, and threat modeling are some things to consider.
12/18 Later, when combining two seeds together to reconstruct your original seed, every word from your 24-word seed phrases gets converted into a three-digit hex sequence from this table:
seedxor.com/files/wordlist… Image
13/18 The hex values get added together using a table that makes it so that it doesn't matter which order they are combined in, e.g. A then B or B then A. Take for example, 7 + 9 = E, and 9 + 7 also results in E.
seedxor.com/files/workshee… Image
14/18 Here are both of my Seed XOR resulting seed phrases converted to hex values and then combined. Taking the values from the A⊕B row and using the seed-word-to-hex conversion table, you can see that the original seed is being reconstructed: ImageImageImage
15/18 Adding seed phrases together can be done on paper with the worksheets. To restore from Seed XOR on a new or blank @COLDCARDwallet, navigate to Import Existing>Seed XOR. It is a good idea to keep record of your original seed's 24th word, you will choose it from a list. Image
16/18 The resulting seed reconstruction can be used as the stored secret on a new or cleared @COLDCARDwallet. But if it already has an existing seed stored on it, then this process will need to be repeated the next time. Don't forget to add your passphrase if you used one.
17/18 Check out @BitcoinQ_A's detailed explanation of Seed XOR along with links to additional resources as well for more information.

github.com/Coldcard/firmw…
18/18 Now you can have your seed phrase secured by storing the required pieces to reconstruct it with their own duress funds and in different geographic locations. Consider the tradeoffs carefully with your security model and hopefully this tool gives you some new ideas.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with burn the bridge

burn the bridge Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @econoalchemist

burn the bridge Profile picture
Dec 28, 2022
1/12 Secure your #Bitcoin backups in stainless steel to protect against environmental hazards like fire & flood.

The Kiboruto from @Crazyk_031 & @stackbitme is a letter stamp style backup tailor made for @SamouraiWallet. Full guide on @BitcoinMagazine

bitcoinmagazine.com/guides/guide-f…
2/12 There are 3 key pieces of info you need for your backup. #1 is seed words. They always need to be in order and in the case of @SamouraiWallet, you get 12 of them. Kiboruto features etched numbered boxes to keep these words in order. Never share them with anyone!
3/12 Key piece of info #2 is your passphrase. The wallet requires one but doesn't generate it for you nor does it know if your passphrase is correct upon recovery. Every passphrase generates a valid wallet. Kiboruto has a dedicated passphrase plate so you can store it separately.
Read 12 tweets
burn the bridge Profile picture
Nov 2, 2022
1/16 Secure a #Bitcoin seed phrase with corrosion & fire resistant titanium; a thread on the @hodlrswiss One Titanium seed backup.

Full guide published with @BitcoinMagazine

bitcoinmagazine.com/guides/using-a…
2/16 Self-custody means you have the radical responsibility of securing your #Bitcoin backup. Geographically distributed water & fire proof backups are a good starting point. The @hodlrswiss One Titanium backup makes that pretty easy.

hodlr.swiss/products/one-t…
3/16 The One Titanium supports both BIP39 (github.com/bitcoin/bips/b…) & SLIP39 (slip39.com). This product involves converting standardized seed words into a corresponding numbered index. Exercise caution when making such conversions.
Read 16 tweets
burn the bridge Profile picture
Aug 10, 2022
15/19 Side note, while waiting for that transaction, if you're interested in building your own #Bitcoin full node on a @Raspberry_Pi, here is how I built mine:

econoalchemist.com/post/build-you…
16/19 Once received in the Bitcoin Core wallet, send some #BTC to @COLDCARDwallet. You can export a list of receiving addresses to a .txt file & transfer via microSD to the Raspi node then copy/paste. Bech32 addresses seem to work best for PSBT, FYI. Verify address on the CC. ImageImageImageImage
17/19 In conclusion, showed how to set up @COLDCARDwallet, generate WIF for mobile @bluewalletio & Bitcoin Core, & moved some #BTC to all 3 wallets. I hope you found some useful information here.
Read 5 tweets
burn the bridge Profile picture
Jul 25, 2022
1/24 Preserve the anonymity gained in Whirlpool by making every spend a CoinJoin.

My latest article with @BitcoinMagazine covers how to use the spending tools found in @SamouraiWallet & @SparrowWallet step-by-step.

bitcoinmagazine.com/guides/how-to-…
2/24 Whirlpool is a zero-link CoinJoin implementation that can be found in both @SamouraiWallet for mobile Android users as well as @SparrowWallet for desktop users. For the best privacy practices don't trust someone else's node, run your own @RoninDojoNode
3/24 Whirlpool breaks deterministic links that exist on the Bitcoin blockchain. These links are often exploited by law enforcement working with exchanges & chain analysis companies to invade your privacy & track your transactions. Even people you transact with might snoop around.
Read 25 tweets
burn the bridge Profile picture
May 16, 2022
1/18 Bear market mining, what can home miners do to survive? In this first part of a series on survival tips, I suggest setting expectations based on BTC price & hashrate so miners can be better prepared to make good decisions in stressful situations.

2/18 Miners face a lot of variables, the volatility of BTC price and hashrate specifically though can quickly change a miner's outlook. Setting some operating bands can help you remain calm and avoid making costly mistakes.
3/18 Setting these operating bands involves 3 steps:

1) Where do you stand today?
2) How high can hashrate go if the price stays flat?
3) How low can the price go if hashrate stays flat?

To help find these thresholds, this is a great tool:

insights.braiins.com/en/cost-to-min…
Read 18 tweets
burn the bridge Profile picture
Apr 29, 2022
1/32 Whirlpool your #bitcoin from desktop with @SparrowWallet and mix straight to cold storage with @COLDCARDwallet or @FOUNDATIONdvcs

A great solution for iPhone users who don't have @SamouraiWallet or a @RoninDojoNode

Full article @BitcoinMagazine:
bitcoinmagazine.com/technical/how-…
2/32 All #Bitcoin transactions are public & anyone can see them with a block explorer. Whirlpool breaks deterministic links and diminishes on-chain heuristics to weak subjective interpretations. Gain forward looking anonymity & transact without the privacy invasion.
3/32 Navigate to bitcoincore.org/en/download/ and follow the instructions to download the latest version of Bitcoin Core to your PC. It takes a few days to sync the whole blockchain and it takes up a lot of space, have at least 500GB of disk space available.
Read 32 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(