Overthinking security
https://ift.tt/32SIebW
Let’s say you get a hardware wallet and set it up per the instructions… but you don’t write down the seed phrase anywhere, but instead you use a [memory palace](https://ift.tt/VIGz0b) to lodge it into your mind. you walk through this memory palace weekly in order to strengthen and maintain the phrase. you practice regularly wiping your hardware wallet and restoring it from memory. you use the 25th password to create other “hidden wallets” off of this main seed phrase. things are pretty easy now… you can move around between all kinds of configurations without much hassle, you can install and setup any wallet from any vendor in minutes and get going… because it’s all right there in your mind and you don’t have to jump through any hoops.
but then… your mind becomes the single point of failure… and under duress ([$5 wrench](https://xkcd.com/538/) or [devils breath](https://www.youtube.com/watch?v=ToQ8PWYnu04)) you could be convinced to give up the key + passwords.
Is it really not a good idea to know your own seed phrase (to know your private key)? Would it be better to NOT know it and set up multiple distributed hardware devices protected by PINs? Would it be better to set up a Shamir Shared Secret and distribute that instead? Multi-sig is great but it still requires multiple keys… so then knowing 2 out of 3 of the seed phrases would still make your mind the single point of failure. Or maybe it’s enough to just create some “duress wallets/pins” that you can hand to an attacker (unless it’s the aforementioned Scolpamine, which would coerce you to give up all the truth: “oh you don’t want *those* wallets… they are my decoys!”)
Or am I just taking myself pointlessly down a rabbit hole trying to engineer a perfect solution that doesn’t exist, and I should just do what’s “good enough” and move on with my life 😂
Cryptocurrency