Accountant and lawyer are problematic recommendations for storing the seeds #65
Comments
|
Lawyers are not good at infosec, but they are decent at storing paperwork. In fact they have been trusted to perform this function for centuries and they are not bad at it. If you have a better suggestion let us know, but until we have better options to suggest we will stick with these. |
There's already better suggestions in the list: like a safe deposit box. That and a home safe are the primary two locations that should be listed because they're both physically secured. Storing with good friends or family members is also a solid option as long as they have a safe to physically secure a seed. Also, seedless storage is a reasonable option if you have a lot of seeds - that is storing the seed only on a hardware wallet. I know Jameson Lopp has been pushing the idea of seedless storage for multisig.
They're decent at storing paperwork that doesn't need to be kept secure from theives. If you can have a couple of your seeds stolen without incident, perhaps storing one or two seeds with an accountant or lawyer is ok, but it would be at the very bottom of my list of good places to store a seed. If they had the option of storing a hardware wallet instead, this would be far better than a paper seed. I just wouldn't recommend storing a seed in an office at all tho.
This is kind of unrelated to my original point, but you shouldn't be storing any of the keys in the same location. There's no point in having more keys than storage locations, because in the event of theft or destructure of a storage location, you're probably going to lose all the ones that were stored there. Why complicate your setup if its not buying you anything? |
On https://github.com/JWWeatherman/yeticold/blob/master/FAQ.md it recommends storing your seeds with an accountant or lawyer. This is a bad idea. As Pamela Morgan said "[Lawyers] are terrible at infosec". If these are listed, it should be with major caveats and especially the recommendation that no more than one seed be stored with another person (eg lawyer/accountant/family-member/friend).
I would also question whether your office is a good place to store your seed. You're technically storing it in a place that isn't owned by you and who's owner (your employer) hasn't agreed to secure anything of yours for you. Not to mention, where are you likely storing it in your office? In a locked drawer? Those generally are very easy to break into. Because of the likelihood its insecure, it also relies on security by obscurity. So while it might be ok to use to use it in an N=7 multisig setup, the caveats of that location should be clearly warned about.
The text was updated successfully, but these errors were encountered: