All right, thank you all for joining this fireside chat. I'm Bart Moll, the host of Citrus Radio, and joined by Jameson Lopp, the co-founder of CASA, but also a really well-respected researcher, I think, in the Bitcoin world, knowledgeable about all kinds of topics, like quantum computing, or at least how that relates to Bitcoin. But I was thinking, because you're also the founder of CASA, let's talk about self-custody. Because I think, for a lot of people here in the room, self-custody is something that you keep struggling with. Doesn't matter if you started yesterday or started 10 years ago, there's always something new on the horizon, always another risk that you worry about, always something that you try to improve. So I wanted to try to use our 20 minutes to jump right into it, and to see if we can get a Bitcoin self-custody starter pack for beginners until advanced. And the first thing that we have to discuss is do beginners need a hardware wallet? Yes or no? Well, I look at it in terms of how much you have to lose. I see the Bitcoin journey as progressing through a number of different stages, because really very few people just go all in on Bitcoin immediately. It's usually a progression. And so I think stage zero is you have no Bitcoin. You call yourself a pre-coiner at that point. Stage one, you start to learn about Bitcoin. You probably open an exchange account. You buy some, but you leave it on the exchange. Stage two, you finally get into self-custody. You withdraw, perhaps to a software wallet on your phone or your computer. Next stage is getting to a hardware wallet, cold storage, really getting those funds offline, so they're no longer connected to the internet. And you're basically protecting yourself from the vast majority of attacks and hackers, just because they can no longer knock on your door and try to get through your security. And then the final stage is really what we focus on at CASA, where you have a significant portion of your net worth of all of your portfolio in Bitcoin. And this is when you start having to think about all of the weird edge cases, potential loss, theft. And that's where we focus on eliminating single points of failure. And that's where things can get a lot more complicated. It requires a lot more thought about everything that can go wrong. Yeah, yeah, so if we take into account that most of the hardware wallets, I mean, the prices are quite good compared to what you get. I mean, for $50 to $70 or euros, you can get quite a good hardware wallet at this point. Can we say that every Bitcoiner needs one? I mean, it's just, you get so much for 50 euros, so much quick gains in terms of security that we can put the hardware wallet on our Bitcoiner self custody starter pack. Yeah, so it may make more sense to think of Bitcoin security as insurance. So if you only have 100 euros of Bitcoin, probably doesn't make sense to spend 50 or 100 euros on a hardware wallet. If you have over a thousand, this is starting to make sense because it's some small portion of your portfolio in terms of cost. Yeah, yeah, so let's say we got one, you get a hardware wallet, you buy a Trezor or a Ledger or a cold card or whatever you buy, or a seed sign or even a completely different security model, which is also fun to talk about, by the way. Then you will get something from that hardware wallet. The first thing that it does is generate a seed for you, a seed phrase. What I wanted to ask you, you have quite a lot of different seed phrases, and I'm talking about the length of the seed phrase. So it's 12 words, 24 words. And I even saw that Trezor is now experimenting with 20 word seeds. It's again a new standard that they introduced after the one they introduced back in the days, when we all use. Is this something we have to worry about, or is this, I mean, of course there are differences, but is this something that the people here have to worry about or pick your boys in 12, 24, 20, it's all good? Really, anything 12 words or more, I think has sufficient entropy. Yeah. More words means more entropy, which means mathematically there is a lower risk that someone else generates that same long number. But we're talking about numbers that are so large already that it's hard to even wrap your mind around it. So it is technically more secure against that one specific type of attack, but from a practical perspective, 12 words is sufficient. All right, so we have a hardware wallet, 12 word seed. The next thing that I want to ask you is the past phrase. People call it the 13th word or the 25th word or whatever the extra word on top of your seed. Is this something that should belong in our starter pack? Does it add enough security for the extra complexity that you all also add? Yeah, there are a few reasons why you might want to use a past phrase. The most common one that I think you hear from a lot of hardware manufacturers is they suggest using a past phrase because there are certain attack vectors where a physical attacker who is really sophisticated might be able to extract your seed phrase from the device. And so they say, well, if you have a past phrase, that doesn't matter because you need to have both the seed phrase and the past phrase. I generally caution against using a past phrase. And the main reason for that is I've seen a lot of people lose their money and lock themselves out of their wallet because they lost the past phrase. And this basically comes down to a question of, are you good about backing up your data? So if you're backing up your data in multiple redundant places and you have that past phrase spread around so that it's basically impossible to lose, sure, it's possible for you to move forward with that. I don't really like it because I see it as similar to a two of two multi-seg from the security model. And there's a reason why you don't see many two of two multi-seg while it's out there. It's because it's very brittle. Usually you see two of three or three of five. And the reason for that is that it allows you more flexibility to recover if you lose one of your seed phrases. Yeah, I think that's a really good point. What Jameson is making here for the people that maybe are starting out or something, like a past phrase, it's not like a pin code on your ledger or treasure. It's not a password. It's an extension of your seed. You're basically creating a new seed. You're creating a new set of private and public key. So if you lose your seed for most people, they instantly know that, all right, I messed up. Like I'm in deep trouble now. I can't reach my Bitcoin. But for the past phrase, just like you said, understanding is not there for a lot of people. They think it's a pin code or whatever they can reset it or they can call treasure or ledger to fix it. And that's not possible. And even if you still have your backup seed, if you don't have your past phrase, yeah, you can access the wallet that comes with the seed, but not the one you created with the seed and the past phrase. It's a really, really good point. So you need both of them. So past phrase, maybe not. I wanted to ask you a quick question about different kind of hardware wallets that we see at this point. So a lot of hardware wallets were the same in the last few years in design, I mean. So they have a secure element and they are meant to store your keys on the device. And that means your seed becomes a backup. Right now, you see another model evolving, especially with the seed signer, which is only a signing device or a device to generate a seed, but you don't save your seed on it. So your seed storage is not a backup, it's your seed. There are, this has created quite a stirrup in the hardware wallet space. How do you look at it? How do you look at the model of a seed signer, especially in combination with Multisig? I tend to look at these things and I look for single point of failure. So really, if you're using a single signature wallet, I can assure you, you have multiple points of failure that could be catastrophic. And not in the least to say that your seed backup is probably a single point of failure. That is another reason why you might wanna use a past phrase because then you can have your seed phrase backup in one place and the past phrase in another place. But once again, you don't want to only have this one seed phrase backup and one past phrase backup. You wanna have multiple. Otherwise, if you lose one, it's game over. So same thing with the hardware devices. If you're pulling in that seed phrase and it's just stored in clear text, you are still protecting against the internet-based attacks, which I would argue is the most important thing. But if you get to the point where you have so much Bitcoin that you want to also protect against physical attacks, whether that's the evil made attack, or someone coming into your house and targeting you because you may be known to be a Bitcoiner in your area, that's when you want to start distributing your key material so that it's just, you don't want it to all be on you. You don't want it to be in your house. You want there to be multiple geographic places that you have to travel to in order to reconstitute enough material to spend your money. Yeah, all right, so for our starter pack, we probably stick with a hardware wallet with a secure element if we're going for a single seed setup. The passphrase, we leave that for now, 12 word seed, but you mentioned something that is also quite important. So when you buy a hardware wallet, most of the people already know that you get a flimsy paper with 12 spots and then you can write your seed and basically that's the key to the castle, that's it. I know that you are quite active in researching better ways to actually save your seed instead of putting it on a paper, maybe put it in metal or stamp it in something or put it in a cylinder or whatever. Is that something that belongs in our starter pack? And if so, what is actually the best way to have a more robust seed backup? Yeah, if you're going to have a backup, I think that it needs to be safe from environmental disaster, fire, flood, building, collapse, those are the three main things that I do stress tests on. And I will say, I visited the expo halls and all of the seed phrase manufacturers that I saw here today, I would give two thumbs up in their designs, they're all going to survive those major common disasters. The problem once again becomes a single point of failure where what happens if the disaster occurs and you just lose your backup? What if the flood washes it away? What if the fire burns everything down and then firemen come in with fire hoses and once again throws away and makes it impossible for you to actually find that. So once again, you don't want to only have one backup. You want multiple backups, but if you want to make those backups, if this is a single signature wallet which most people use, if you want those backups to be secure against falling into the wrong hands, then you need to split them up. And a lot of people do very naive splitting where they literally take like half of the words and they put them on one and then put them on the other. And that can be very dangerous and actually make it still vulnerable to a physical attacker because you may be making it brute forcible for them to figure out the rest of the seed phrase. So the short version is I recommend if you want truly robust backups for a single signature, you're gonna want to buy four of those metal backup devices. Any of them will do just fine, but if you really want to look into the best ones, you can check out my stress testing project which I have on my personal website. And then what you wanna do is use something called seed zore. And what seed zore does is it takes one seed phrase and it turns it into two seed phrases. Both of them are valid seed phrases and so an attacker could see them and say, okay, it's a seed phrase, they load it up into a wallet and it's empty because you actually have to have both of them and put them together in order to create your true seed phrase. And so if you have those two split backups and then of course you want multiple, you want two copies of the two because you don't want a two of two brittle system, that's pretty much the most robust way I can envision a single signature wallet backup. And the too long didn't read version of all the testing of all those backup plates. Correct me if I'm wrong, but the less moving parts the better, right? Yes, preferably any metal seed phrase backup should just be one solid piece of metal. Where you stamp something in. Yeah, either stamping or I really like the center punch where you put a little dip in it. So but you stamp like a small point on a specific spot in a table and then you can look back your seed phrase. Okay, so for our starter pack, we have a hardware wallet. We have a seed phrase, 12 words. We don't have a passphrase. We do have a seed backup in metal, preferably more than one, right? I think that's quite a good starter pack already. It's better than what most people have. So the logical next step once you have that and once you're comfortable with that because I think that's an undervalued part of self custody. Like the biggest problem most of the time is yourself and the human making mistakes. So if your setup is too complex for your own skills, you probably are going to make mistakes and you're better off with having a setup that is a little less complex and maybe a little bit less secure, but one that is less prone to mistakes. And I think we're getting there. But once you have all the stuff, Casa is offering multi-sick solutions. A multi-sick basically means that you have a lock that you can open with an X amount of keys. So there are three keys in totals and with two of them, you can open the lock, the Bitcoin wallet in this case. With Casa, it means that they have one key and I have two. That means that they can't open the lock, but they can help me when I lose one of my keys. So it's basically like a father watching over my shoulder, Jameson watching over my shoulder, and if I mess up, then he can help me. That's basically what happens. I want to ask, is this something like doing a multi-sick completely on your own? Is that something that is doable for most Bitcoiners or is that maybe even too complex? Like is this something that we should add to our starter pack or is this basically for the 1% of Bitcoiners that really understand what they're doing? So there's a lot of free wallet software out there that makes it quite easy to set up your own multi-signature wallet without help from anyone else, but there are a lot of pitfalls where people can run into problems. One of the most common problems that people run into with multi-sig is that they don't understand that even if you only have to have two signatures out of three or three out of five, if you lose your public keys, if you lose the, you call it the wallet descriptor that has extra information around how that wallet is defined, it's actually, that is a potential single point of failure. So if you don't know how all of the pieces of multi-sig work and you aren't appropriately doing the backups, it's still possible to have single points of failure. And so that's another of the aspects where CASA steps in and helps you ensure that you have multiple redundant backups of the things that could become single points of failure. And then the final thing, and I don't know if you were gonna get to this, but the final solution is the inheritance problem. And so that becomes pretty tricky because it's hard enough to architect a wallet where only you are able to spend the funds, but if you then want it to magically change so that your beneficiaries can suddenly spend the funds if you pass away, you have to get even more creative with your key management setup. And the nice thing about multi-sig is that it gives you a lot more flexibility in how you disperse your keys and potentially have third parties to be able to access them under certain conditions. Yeah, I completely agree. So to conclude, our starter pack, made in 20 minutes, I think it's quite an achievement, a hardware wallet, single-seat setup, 12 words, no passphrase, a backup in steel, and tell your wife or partner about it, where they can find the keys so that they can actually spend it if you pass away. Thank you, and enjoy the next speaker.