Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Printer #135

Open
Rspigler opened this issue Feb 16, 2021 · 5 comments
Open

Printer #135

Rspigler opened this issue Feb 16, 2021 · 5 comments
Assignees

Comments

@Rspigler
Copy link
Contributor

Instruct users to get a printer that is compatible with Linux?

However, the drivers are

typically downloadable from the vendor's website... are often unsigned, and additionally the downloads are available via HTTP connections only

This violates Yeti's security model (possible infection of the online coordinating node). So, perhaps we need to instruct the user to transfer the backup packet to a regular windows/mac laptop to print - this also means it would be easy to print).

Let's discuss.

@Rspigler
Copy link
Contributor Author

@BenWestgate solution from Slack:

Generate a master extended key, derive 7 child extended key pairs, write down the Master extended public key and the derivation path range

Write down the child extended private key’s private key data. (You can omit storing the chaincode because you can get it from the xpub.)
Build your multisig descriptor from the 7 child xpubs
Instead of writing 800 characters for a descriptor you can write about 120 and still rebuild it when you need to spend.

Let’s you avoid the printer entirely

@Rspigler
Copy link
Contributor Author

NACK. Maybe look into secure printer drivers?

@JWWeatherman
Copy link
Owner

One option is to give up on paper copies of the descriptor if we become confident that 14 CD-ROMs are adequate backup. But I'm leaning more towards instructions for L4 that involve buying a new printer and destroying it after use.

@Rspigler
Copy link
Contributor Author

Rspigler commented Mar 22, 2021

I slightly favor buying a new printer and destroying it after use (and printing it via the a separate computer so as to not have to download drivers on the node). But there's lots of redundancy in the descriptor (inherent in the fact that you only need one). So I wouldn't NACK that

@Rspigler
Copy link
Contributor Author

Rspigler commented Oct 8, 2021

Reminder that this isn't for any private key data, just descriptors (will show balances/history if recovered/stolen).

I'm satisfied with the security of buying a new printer with cash, and then destroying after.

Let me know your opinions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants