Hello and welcome to the Bitcoin.review podcast. This is an ad-free pod. Thank you so much for streaming those ads. If you're a new listener, I'm NVK and I run CoinKite, where we've been helping people secure their Bitcoins for over a decade. We make products like the coldcard, blockclock, and we have a bunch of other projects. You can find more information on CoinKite.com. This is an interesting one. We had a wonderful Twitter spaces with industry experts for January 3rd proof of keys. We talked from very, very simple, new early understandings of Bitcoin, how to take self custody. All the way to very complex issues around Bitcoin key generation. And it was really fun. My microphone was unfortunately really bad in the beginning, but it does get better. I think it's still worth listening. And that's the reason why we're releasing the spaces as an episode. So take a listen.

 So this was kind of like an impromptu sort of this last night. Figure, hey, you know, why don't we have a January 3rd proof of key spaces with a few industry people without being sort of like from the marketing department? And sort of like have people who actually work with stuff and work with people. So I invited a few folks. And we also had a quality amount of FUD on self custody after the Luke Jr. You know, events, very unfortunate events, but sort of like highlights the importance of self custody in the best industry practices. I figured we should talk a little bit about that. We should talk a little bit about the options that are out there. We should talk about how extremely smart computer people screw themselves out of their coins. We should talk about, you know, why exchanges are a bad idea. I can't believe I'm still talking about that in 2023. So I figured, you know, like we spend an hour or two and sort of like talk a little bit. So why don't we start maybe introducing some of the folks that are up here on the stage? And then we keep on adding more folks and then we take questions from time to time and sort of go from there. Justine.

 Hey, good morning. Thanks for doing this. Yeah, I felt like the FUD was almost a planned marketing for a proof of keys days. Unfortunate FUD, I'm sorry. I feel for Luke. We'll get into that a little bit more later. But yeah, my name's Justine. I work for Unchained Capital. We do collaborative multi-sig services and financial services. But I'm a Bitcoiner, come from a world of libertarian views and gold holder and then realized that gold kind of sucks compared to Bitcoin. But my journey here was very much of a noob. I knew self custody was important, but it confused me and scared me in the beginning. So part of my journey has been helping people hold their keys, which I know some others here on the stage have as well. And so it's something I'm really, really passionate about. I feel like Bitcoin is freedom money and it's a tool. And the only way to get all of the benefits from it is to hold your own keys. And I do think that everyone is capable to hold their own keys and get somewhat triggered, somewhat, extremely triggered. When I see accounts, I know people aren't capable. So, yeah, that's a little bit about me and glad to be here. Thank you, Jameson. Hello, sir. Happy New Year.

 Happy New Year. Happy Proof of Keys Day. Happy Genesis Block birthday. Yeah, I'm Jameson Lopp. I have been working on non-custodial multi-sig wallets for eight years now. The past five years, I've been co-founder and CTO at Casa. And I have seen a lot of terrible calamities over those years. But each of those has been a learning lesson. And it's gotten us to where we are today with a great set of best practices and products and services that are making it easier and easier for people to safely self-custody.

 Thanks, James. D?

 Hey, yeah, good morning, guys. I'm definitely a noob on the stage compared to some. But I work at CoinKite with NVK here. I'm a support specialist and I just help people educate them and self-custody and our products. And hopefully we can help some more people out along the way and look forward to talking to you guys.

 Thanks, D. And Craig, nice to see you, sir. Happy New Year.

 Happy New Year to you, too. And happy Proof of Keys Day. I'm Craig Raw. I am the creator of Sparrow Wallet, which was and is my contribution to the space of trying to make self-custody of Bitcoin a little bit easier, a little bit more easy to understand what's going on and to kind of get a feeling for how your coins are being stored and what is the actual technology behind it. So that's been my focus for the last few years.

 Very cool. For people that don't know, Craig makes a great desktop wallet. Rindell, nice to see you again, sir. Hey, good morning. You were on the pod just a few days ago.

 Yeah, that was great. Happy New Year. Happy Proof of Keys Day, everybody. You know, I came from a background mostly of large scale infrastructure and distributed systems management and a lot of key management at scale. And now I'm working on Bitcoin self-custody tools pretty much full time. So happy to be here. Really excited to talk about taking your own keys.

 Hey, thank you, man. Keeper.

 Hey, this is Anant here from the Keeper team. We are also working on self-custody products, as many of you know, and Keeper is one of the latest apps we have released for which involves signing devices and multisig as a part of the self-custody solution. So happy to be here, guys. That's a great space to be.

 Great. So, you know, if there is other folks on the stage that are actually like, you know, wallet makers, security experts that don't dress up like the Wookiee, you're welcome to come up on the stage. And, you know, we're going to sort of like go through it. I guess I should introduce myself. I'm NVK for people that don't know, been working on making Bitcoin hardware for a good part of the at least over 10 years now. We make a coldcard and tapsigner and other stuff. I work with some of the companies and the folks that are on the stage as well. I've heard pretty much every sob story that there is in the Bitcoin space by now in terms of people losing their funds. Why don't we kick off with maybe talking about what are the most common ways people lose Bitcoin?

 I'll start with one example and maybe we go around the panel sort of like going through it. But one of the most common examples I see is people bamboozling themselves. People will screw themselves and other coins before they ever get hacked. So people go out there, they'll hear an example from somebody that's either extremely smart or extremely dumb and sounds extremely smart. And they would have like a super complicated setup. And, you know, like you require many, many computers and they would do a super complex multi-sig and then the person can't get the money out. A very good example of this in the way back in the day was Bitcoin Armory. There's probably a lot of people on this call that have lost money on Bitcoin Armory. It was fantastically safe. So safe that many people never managed to get their money out. So what other stories do you guys see as very common ways people lose Bitcoin?

 Yeah, I mean, I'll go second here. I mean, when I first started, I was forex trading like an idiot. And, you know, someone was like, hey, you know, I have the trading platform, you know, buy some, you know, give me some money and I'll double your money. You know, the classic. And, you know, they were only taking Bitcoin. So I was like, you know, what the heck is that? Never heard of it. Well, I've heard of it, but never bought it. How does it work? And they said, oh, you know, go on this exchange, buy some and then send it over and I'll send you some back. And, you know, they were pretty smart. I started off with a small amount and, you know, a few hundred bucks and I gave them it. And surprisingly, they actually did double my money. And then that convinced me to give them a lot more money. And, you know, that's where I felt, you know, a culprit of what they did. But, you know, I realized at that time that Bitcoin was immutable and there's no way that I could get back my money. And it kind of hit me hard. And, you know, I was really frustrated, obviously, but it was a user error. Right. It was it was me being an idiot, being greedy and wanting more money at the time. So, you know, I think people need to take a little bit of responsibility sometimes when they're handling their money. You know, obviously, I'm still a young guy and had lots to learn. And that sent me down the Bitcoin rabbit hole. And, you know, here I am learning how to store my keys a lot more safe than I did on an exchange. Right. So that's kind of my sob story. But it comes with some real pain to learn.

 Yeah, absolutely. Right. And, you know, I think a lot of people, you know, when they lose money, they get mad and they they try and put someone else, you know, blame someone else. But, you know, if you really learn about these things and store things properly and understand, you know, SHA256 encryption, then, you know, hopefully you don't have anything to worry about. Yeah. Thanks for that, Adi. Justine.

 Hey, I think you guys are on point. I generally think the majority of Bitcoin is lost by user error. At Unchained and in personal experience, we deal with a lot of either newcomers to self custody or people have been dealing with single SIG. And this is kind of their first interaction with multi SIG. And what I found is there's there's just so much to learn about Bitcoin. Right. And this is kind of the first time in history that we can truly own our assets and we can truly own our money. And that takes personal responsibility, just like anything else. You know, if you want to grow your own food, if you want to protect your home, there's there's skills that you have to learn. And I think Bitcoin is the same way, but it's new. It's a new thing that people have to do. They're used to being able to just call the bank, right? The bank's going to handle it for you. So I think there's a learning curve. The problem is, in my opinion, that we sort of as a as a community, I use the word community loosely here as Bitcoin Twitter. We sort of have this like all or nothing mentality. And I don't think we speak enough about like there's all of these things that you can do. And each individual has to sort of look at their own attack factors and their their skill set and what they're capable of. And it's OK to take steps. Right. So in my experience, it's overcomplicating things. It's doing something because they saw on Twitter that was that was the only way they could do it. Right. And maybe it was way beyond their skill set. The worst thing I've ever seen is multiple times passphrases. I have a love hate relationship with passphrases because I've seen people mess them up. You know, miss one letter. Forget that you capitalize something. Think that you could memorize it and you don't. And then all of a sudden you've lost access. So user error, overcomplicating things or making it so complicated that you then don't, you know, distribute your keys. So you've got this really overcomplicated system, but everything's sitting in one drawer. So I just think that overcomplicating things, user error is is sort of the the biggest threat, even though obviously outside vectors are something that we need to consider as well. But I think that, yeah, user error, overcomplication and passphrases in ways that are maybe too complicated for the user at hand. That seems like there is a trend there.

 So Lopp has this fantastic list of people who have been physically attacked over their Bitcoins. James, do you want to give people a little bit of a primer on that list and where they can find it?

 Yeah, sure. Well, it's linked directly from my main page at lopp.net. It's the physical Bitcoin attacks GitHub repository. And, you know, like a lot of other things that we talk about with security in this space, I think it can be easy for people to blow it out of proportion. Now, I think last I checked, I've got nearly 150 different attacks that I've managed to come across and archive over the years. And this is actually a very, very small number, you know, in the grand scheme of things is probably one of the rarest forms of loss in the Bitcoin space. But there are definitely some patterns and things that we can learn from that, one of which is that, you know, the most common event that causes this is people who are doing high value face to face, you know, cash and Bitcoin trades. So that like face to face OTC stuff, it's definitely risky because your counterparty may be a criminal and they may assault you and take all of your money. So, you know, there are things that we can learn from that. Also, a number of people who have experienced home invasions in this space, and it generally happens because they're well known. And usually they're well known because they're being flashy and, you know, flaunting their wealth on social media. So you can definitely learn a lot about how important, you know, operational security and privacy is when it comes to protecting yourself physically. But, you know, kind of getting back to the original question, I think one of the most common forms of loss is when you're not holding your own Bitcoin, you're keeping them with a third party. And that opens you up to just a multitude of forms of different loss, whether it's the third party having an insider attack, the third party being hacked, or in many cases, just the security system to access that third party account being compromised. Usually through SIM swapping or password leaks or whatever. It's just the best way I can describe it is that when you have your Bitcoin with a trusted third party, you're still vulnerable to all of the same risks as you are with self custody, plus a whole lot more because of all of the things that can go wrong with the various third party actors who are controlling access to those keys.

 Yeah, you know, not your keys, not your coins, right? I mean, like, it's that simple when it comes to third parties. It's still amazing to me that after, you know, like, GOX, I think a lot of the people who are new, haven't experienced and maybe was forgotten. It was quite a long time ago now. And before that, we had MyWallet, which was, I think, like, I can't remember, it was a lot of coin on that one as well. You know, and then we had Big Ver with Kruxy. We had FTX, you know, Alameda, which were like, you know, the recent high profile ones, Celsius, all this stuff, right? It's very unfortunate what happened to Look, because now you have guys like Udi or CZ sort of fighting self custody, saying, you know, like, as if with third parties, you're safer. You know, if they offered some form of insurance, I would take their suggestions more face value, instead of just being bullshit. But they don't, they're not liable for those losses in the way that people think they are. You just become an insecure trader and good luck to yourself. So Rindell, you know, you've been working with Bitcoin quite a bit. And, you know, you probably know some interesting stories too.

 Yeah, I mean, I was gonna echo everything that's already been said about a lot of people build systems that are too clever by half. Back in the day, I think there were a lot of people that would have either a seed or a wallet file that they encrypted with like a key file, right? So you take a file and use that file as a key to encrypt your secrets. And then later on, they don't have the original file, right? I remember there was somebody, it might have been on Reddit, who had used like a family photo, and then didn't realize that their photo storage system would apply some compression and it changed the file and they couldn't get their keys back out. Or back in the day, brain wallets were a really big meme. And people would do things like pick a song lyric or a Bible verse or their commonly used email password as a brain wallet password. And it would get brute forced. So I think, you know, in general, you don't really want to be the first person using some novel method that you invented to store secrets. You want to go with something that's repeatable and known to work and make sure that you get it back. Yeah, I mean, the amount of people who have put their seeds as a picture on their cloud storage for photos. It's insane. Yeah. It really is. I mean, you know, remember, guys, the cloud just means somebody else's computer. You know, it's not, you know, it's somewhere safe, and it's actually yours. Great, you probably get a lot of a lot of support feedback from users who have screwed up. I'm curious on to some of those questions.

 I just want to actually echo what Justine was saying earlier, I think others, you know, that I think the number one cause of people losing funds, at least temporarily, rarely is really the passphrase. In my view, people don't seem to understand that there's a difference between a passphrase and a password. The password, the major difference is that if you get a password wrong, the application very clearly tells you that you've entered it in correctly. But a passphrase, you know, people don't understand that every passphrase is valid, and every passphrase creates a different wallet. And, you know, a Bitcoin wallet application will not remember the passphrase, the intent of a passphrase is that it is this random additional string that you can attach, which creates a different wallet. And there's no way of knowing, once you have created a wallet with a passphrase, there's no way for that application to know which is the so called correct one to use. So that that seems to be a very misunderstood thing. Because many, many people are quite aggrieved when they find that they have, you know, entered the wrong passphrase, received Bitcoin to that wallet. And then, you know, when they reload the wallet, they can't see the funds that they have received. So that I think is the major misconception that I encountered the most is trying to educate people that every passphrase is a valid, you know, creates a valid wallet. Yeah, no, I've heard about this like a bunch of times, Tristan wrote a great, like, Oh, you need to know about passphrases blog post, put the link on the on the nest. People don't seem to understand that, you know, passwords, you can change, think of them as just like a key to the wrapper. Right? While a passphrase is the actual secret. It's part of your seed. And you can't change that. If that gets if that's wrong, then that means you don't have the secret. One great way of handling passphrases, I find that people stop screwing up is only use BIP39 words for your passphrase. So pick 10 words and make that your passphrase because then you know what words to expect for that passphrase. That really helps. And a lot of the wallets and the harder wallets do have auto completion for BIP39 words. If you are making complex passwords for passphrases, like you know, like the exclamation marks and at symbols, upper and lower caps. When you go look at that backup, especially if it was written by hand somewhere, it's going to be hard to know what is a cap, what is not cap. Maybe your family is trying to recover that later after they don't recognize some character on your handwriting. You know, money gone. Another thing you should definitely do with passphrases is once the passphrase is applied to a seed, write down the XFP. The XFP is essentially the identity of that wallet. So that means that when you're trying to recover, you have something to refer back knowing that you recovered correctly. So check out this link we just added to the NASTA about passphrase if you're there. Randal, I'm going to bring you up to add to it, but maybe after this one, I was thinking we should do is we should maybe talk about all the best or known sort of ways of storing Bitcoin starting from the most simple, which is custody, really all the way down the rabbit hole. So, Randal, do you want to add a bit to this or do you want to move on? Yeah, I was just going to say on the passphrase thing, the other nice thing about picking PIP39 words and making a passphrase out of it is that it's unlikely that that's going to be related to existing passwords. A thing that I've seen a lot of people do is they'll say, oh, well, I have a really good password for my email. I can already remember that. So I'll just add some random characters to the end of it, or I'll add the word Bitcoin to the end of it, and that'll be my my wallet passphrase. And then later on, they forget that they added stuff to their password or they forget what they added. And to Craig's point, they still get a valid passphrase. Their wallet doesn't yell at them, but they can't get their Bitcoin or something happens to them. They end up dead or in a coma or something, and nobody knows their email passphrase or that they added this extra bit of hash to the end of it. So, you know, make sure you treat your passphrases like the piece of entropy that they are and have it backed up and also make sure it's not something too clever that you're relying on your memory to recover. I was going to add, too, that it's one of those things where I've seen and this is I'll share a quick story and then I know we're moving on. But I had somebody who thought that a passphrase was like just this additional layer and everything rolled back to the seed phrase. And the story that they told us, they had solved inheritance by setting up a passphrase for each child. And then upon their death, the seed phrases would be released. And I was like, "Oh, OK, so are you splitting up your Bitcoin into all of those wallets for the kids?" And he was like, "No, no, no, it rolls back to my main wallet that I created with the seed phrases." And I was like, "That's not how it works." And so I think there's something to be said about passphrases are awesome. They're an awesome tool that you can use. But when it comes to security, maybe dig into it a little bit. Don't use something so advanced that you don't understand how it works and overcomplicate things. So just like, "Hey, passphrases are cool. Read the article before you put your life savings behind it." Maybe contentious, but I'm generally anti-passphrase because I think, as has been noted here, there are so many foot guns. One way to look at it, it's kind of like adding a 2FA to your wallet. Now, the reason or one of the reasons why passphrases are generally propagated as a good thing is because it's how you can protect your seed phrase backup. If you have a clear text backup, having a passphrase that is a separate piece of secret data that is stored separately means if an attacker gets that seed phrase, they can't get all your money. But what you've done now is you've essentially created this two of two scheme. And a two of two scheme can be pretty brittle. So you do have to be more diligent about making sure you have robust backups for both of those pieces of data. That's great. So I disagree with Jameson and a little bit of Justine too on this one. I am a passphrase lover, and you guys know that. So I think the biggest problem with passphrases is that when people are moving from single SIG, say like phone wallet or from custody, the biggest problem is that people don't try and test their setups. So when they set up passphrases, they just send their money without testing and then, you know, they have a high likelihood of screwing it up. And another thing too is what I love about passphrases is that they protect you against the solutions that you're using to manage the seeds as well. So for example, say a hardware wallet has a bug or a backdoor or something. If you're using a passphrase, there is a higher likelihood that the hardware cannot sort of like take advantage of you because you won't know it was not part of the generating that passphrase. We can get into sort of like details on how that could happen in a million different ways. But I love that. But to that point, you are adding more complexity to your sort of secret. So if you are adding complexity, you know, it is important for you to sort of like, you know, do a little bit of learning, do a little bit of testing. You know, it is amazing to me that people just YOLO their first transaction to a new wallet without trying to recover your backup. I think, you know, out of all the simpler, extremely secure setups, passphrase is great. I think that once you start adding more complexity, like multi-sig and stuff, I think people doing that on their own often have a harder time. And that's where collaborative multi-sig and all that stuff start to sort of like kick in and people sort of like, for some people, that is a great solution. Why don't we maybe start talking about like different solutions? Because like, I think we are mature enough as a market now that this idea of suggesting everyone that there is only one setup, that is the greatest setup of all, that you only believe in that setup to be the greatest setup of all, it's a terrible, terrible thing. Shoehorning different people with different lives, that live in different places with different amounts of money, with different security thresholds, different risk profiles into the wrong setup is actually a problem, a huge problem. It doesn't matter how secure that setup is, right? So, if a person just bought a few hundred dollars worth of Bitcoin, telling them to do a 12 out of 12 with 50 DVDs and 10 laptops, it's absurd, right? That person will likely lose the money and they're not ready, and nobody should be doing that anyway. You don't want somebody with like 100 bucks worth of Bitcoin to go and make an account on a service that helps them do things like multisig, because it's not worth the $100. And then you're going to have people who have higher security privacy thresholds, who are in countries that maybe don't allow them to do business in the US, maybe they shouldn't use the service. But then you have family offices, right? Or you have people who are already KYC, you have people with much larger amounts of Bitcoin that have no interest in becoming super knowledgeable about it, but they still want to be self-sovereign. So, maybe a collaborative multisig is great for them. Anyways, my point is, there's a lot of different people out there with a lot of different needs. So, I think just taking the leap to start, you know what I mean? You bought your Bitcoin or the custodial Coinbase or something, getting the money out of there is the first step. So, who wants to talk about the literal first thing you can do with like 100 bucks of Coinbase? Well, I was going to say, should we take a second to talk about why storing on an exchange is not a good idea with the most recent FUD? I know it seems silly to even go there, but I feel like there are people now questioning, "Oh God, if I'm going to screw it up, maybe Coinbase is better than myself." No, no, please. We'll do it quick for anybody questioning. And also, I was going to kind of piggyback off of what Jameson had said earlier, because I think that a lot of people, when they think about the risk with an exchange, with a centralized exchange, they're like, "Oh, well, what are the chances that Coinbase is going to go under?" Right, what were the chances that FTX was going to go under? But it's more than that. You know, most people, password security is terrible. Let's be honest, they're reusing passwords. They have some very minimal password that's securing their wealth on Coinbase. And you can say, "Oh, well, I set up 2FA." Okay, well, SIM swaps are a pretty big thing. Your password and your 2FA is the only thing stopping somebody else from going in and accessing your funds. And that's not on Coinbase. Coinbase isn't helping you. Somebody logged in, they moved your funds, right? There's a million different reasons, other than an exchange going under, that you can lose your funds. But more than that, one of the huge value-adds of Bitcoin is that it cannot be censored. It's censorship-resistant. I say "cannot," it's censorship-resistant. And you can truly own your Bitcoin, right? If it's sitting on an exchange that's not yours, you are asking permission to use it every single time. The IRS can decide that you didn't pay your taxes properly, even if you did, maybe there's an error on their end, and they can freeze those funds. Maybe they don't like that you went to some protest about truckers, and they can freeze those funds. There's a million different ways that you can lose access to your Bitcoin that don't include an exchange going under. Even though we've seen that recently, that it's a totally plausible situation, even for the big guys, right? So, yes, if you have Bitcoin sitting on an exchange, you don't own it. Now, if you own $20 worth of Bitcoin, and you're like, "Ah, well, you know, I don't want to go through the process of buying a signing device and setting it up," download a mobile wallet. That, in my opinion, is the easiest first step, and it gets you comfortable with what a seed phrase is. Download a wallet, write down those seed phrases, wipe the wallet, reload the wallet with those seed phrases, get really comfortable with it. Send a little bit from your Coinbase account or whatever exchange you're on to that wallet, send it back. Really practice with it and use it and get comfortable. In my opinion, that's the first step, and then that's my pitch on why you should get your funds off of exchanges. And then I'll release the link. What's fascinating now is that this only happened, I'd say, like in the last year, really. The Lightning First, Bains Chain, SACA, have really, really matured. So, you know, you have your Moon Wallet, you have your Phoenix, Breeze. What else? Which other ones are kind of like non-custodial or almost non-custodial? You have Zuzu, Drone, Moon, but I'm not going to get into the more complex ones. But let's just talk about like Moon, Phoenix, and Breeze. They are quite fantastic because, you know, if you really only have $100 worth of Bitcoin in an exchange and you want to take it out, these wallets do like everything without... Like, they don't even ask you to back up the backup, which some are seeds, some are not seeds, until you are ready to deposit. So they are really trying to not scare noobs with very little money to lose out of that sort of initial self-custody. And they take Bains layer Bitcoin, like real Bitcoin, in, and they convert those into SACs for Lightning. So you can play around with Lightning, you can play around with Bains layer, all within sort of like a very easy, manageable sort of experience. And that's very new. I mean, you know, even a few years ago, like, you know, there were very few mobile wallets that were safe enough, secure enough, you know, that the source is verifiable and all that stuff. And, you know, there are still people arguing that the phone is safe enough for a lot of money. And I guess at least like we're progressive in the terms of like how to explain the security thresholds of like each solution. So I would highly recommend, like, if you're on this call and like, you're just brand new, you're not ready to do anything complicated, but you kind of want to take the coins off the exchange, and it's like 100 bucks worth, you know, do check out these wallets, they're great. Spend a little bit to see, play around. And then I guess we can go to like to the next level, which is like, you know, the wallets that do have your seed, they might be desktop or a phone, they're not a hardware wallet yet, but you know, maybe it is 100 bucks, maybe it is 200 bucks worth of money, worth of Bitcoin, but they will require you to do your seed. Now, what do you do with the seed? Remember, paper burns, computers are completely owned, phones are also terrible, and they also burn and they also break. So, you know, like do look into getting a metal backup plate if you're going to work with seeds. There's like an infinite amount of brands that offer these from all kinds of prices, they're fairly affordable. But, you know, punching that seed into metal will sort of like give you an incredible amount of recoverability for almost no money. So if your house burned down, the chances of that seed still existing are very high. And if it floods, same idea. Jameson also has a fantastic link where he tests all these metal backup seeds by applying house level fire temperatures on them and try to destroy them with acid and try, you know, I'd say like most of them survived pretty well. Is that true, Jameson? Yeah, I would say, you know, 40% tend to get, you know, straight A grades and survive all of my tests. But of course, it's the other 60% that you need to worry about. Hmm, sorry, am I echoed? Just a little muffled there. Oh, weird. I don't worry. You just sound like you're in a tunnel talking to us a little bit. But not bad. He's busy hiding his seed plate under his house for proof of key. He's like, yeah, he's testing it with a welder in the back. And I was going to say too, just for those maybe if there's newbies in like the seed phrase is really the physical readable form of your Bitcoin private key. You know, it's a form of that. It's sort of where those things come from. So if you have your seed phrase, when you get on to your wallets and those sorts of things, you can sort of, you can reload them, if you will. I'm trying to use like, tell me like I'm five language for people who perhaps are like, what the hell is a seed phrase? It's your physical form of your key. And that is the essence of being able to access that wallet that you created in the long run. So extremely important, extremely important to not give it access to the Internet. And by that, I mean, do not take a picture of it with your phone. Do not scan it and upload it somewhere. Don't put it in the cloud. Keep it physical. And then, yes, I think a metal backup is the best step forward. If you're just getting started, like I remember when I set up my mobile, I think it was Green Wallet. Still love Green Wallet by Blockstream. I like wrote it down multiple different places until I could go then and do a multi-sig or a metal backup. Remember, you don't want single points of failure. That's the thing to avoid. So yeah. So the audio should be better now. Way better. So I've been getting a lot of DMs and questions about like very complicated stuff. And we're going to get there. I want to get the noobs first because they will drop off from the spaces faster. They will lose their interest and patience, but I want to capture them and hopefully get them to self custody first. But we're going to progress this all the way to interesting stuff for even the advanced people. I do have a lazy ninja on the stage, security researcher. There is other people here that could be a very interesting commentary. We're going to talk about probably seed generation and some of the risks of that and all that stuff. Just one last thing on those metal backup plates. One nice thing is most of those are set up for BIP39 words, right? So if you do use passphrase and you do use BIP39 words, you can have a separate plate and backup your passphrase on a metal plate as well. You know, geographically distributed, go put somewhere else because that's kind of the whole point. And if you do have a burn or if you do die, people can recover from that metal plate without having a question if you try to make a I or an L on that word. So this greatly, greatly de-risks recoverability. Yeah. Two really quick things on that. So something that's special and maybe not obvious about the BIP39 word list is every word on there is unique in the first four characters. So, you know, you might see some seed plates or other products that don't have you write down the entire word. The idea is that with the first four characters, you can unambiguously identify what word it is. And that also gives you a little bit of error correction where if, you know, the last letter in your backup, you know, could be, I don't know, an I or a J. Right. As long as those first four letters are clear, you're good. And then to what MBK just said about keeping your pass phrase and your seed separate in general, when you're thinking about resiliency against loss or against theft, what you want to think about is how many uncorrelated failures you want to be able to survive. So if you have your feedback up and you have your passphrase sitting right next to each other and somebody gets to them, then they get both things. Right. But if you have your seed phrase in one location and your passphrase somewhere else, then they have to compromise two locations to get to it. And I think as you start dialing up, whether it's multi-sig or seed XOR or different passphrase schemes, what you're really adding is you're adding the number of things that have to go wrong for you to lose funds. And I think that that's kind of a good yardstick to keep in mind as you're thinking about the spectrum of these different solutions. Yes. Go ahead, Dee. I was just going to say, I know obviously we have a lot of different perspectives here and some people love passphrases and some people love multi-sig and other setups. I think it's important that a lot of people will kind of try and put us in a box and think there's a one size fits all for everyone. And obviously, that's not the case for self-custody. If you have a large amount of funds and you're worried about someone coming to your door, maybe multi-sig might be for you or a passphrase, of course, in a different location or something like that. I just think a lot of people that are kind of flood the whole self-custody thing right now are really trying to put us in a simple box that we just don't fit in. So education obviously is key here. That's why we're here right now. And you're obviously going to be listing off a bunch of different ways to self-custody. So choose one that might be the best for you. And just like Justine said, practice recovery. I think a lot of people, they set it up, they clap their hands, they're done. They generate an address and send all their money right away, whereas they don't know how to even recover their funds. Doing a simple backup on a cold card and putting those seeds back in and getting back to your wallet that you've generated and making sure that you're accessing the correct wallet and stuff like that. So just something to keep in mind while everyone here is talking. It's such an empowering feeling to you. And as somebody who sort of taught myself random self-sovereignty skills before I got into Bitcoin, like how to make my own medicine and random crap, taking the first step gives you the confidence to move forward. So just wiping that wallet that you've created and reloading it and be able to access that thing with that crazy word list that you wrote down is extremely empowering and it makes you feel confident. And then it's a little less scary. And I remember my first cold card and I tell this joke all the time. It was like that crazy calculator that sat on my shelf that terrified me. Right. And then it was, you know, just take the first step. I set it up, I wiped it, I reloaded it and was like, oh, that's really not that difficult. Right. So it's just about taking the first steps. You can't mess anything up. You haven't moved any money over. Right. Like download a mobile wallet, write down those seed phrases. It doesn't have to be all or nothing. Bitcoin is a journey. Take the first step. So, you know, like a huge feature of Bitcoin and having a common sort of protocol is that you are client independent. So, you know, just like email, right. When you don't want to use your email client anymore, right, you can reset up that email somewhere else. And magically all the email showed up. Right. Sure, email is centralized. It's on a server, blah, blah, blah. But like from just a user perspective, like kind of way, you know, when you have your Bitcoin on a seed, it's not really in the real, it's not really in the seed. But let's just say it's in the seed. When you take that seed from one vendor and you go to another vendor. Right. So from one harder wallet to another harder wallet, it should be able to just the money appears again. Right. Like because it's still out there. It's still the same secret. So if you're doing it right, you can just wipe your wallet. Right. And reload the wallet with the seeds and the money will magically appear again. That's kind of like a huge advantage of this. If you are using solutions that are not using good standards, the money is not going to reappear somewhere else. You're going to have a very hard time looking for a derivation path on wallets recovery.org. There was a lot of sub stories and why that website was created. OK, we talked about passphrase on single SIG, right? That's a solution that scale from very little money to a fuck ton of money. People do have a lot of people do like that solution for even a lot of money. If you are doing that for a lot of money, please make sure you have a dedicated computer likely running only Bitcoin software on it for when you do Bitcoin related operations. Because you are more exposed to single points of failure. Right. If somebody gets hold of the total secret, which is the passphrase plus the seed, they could take all your money. So you do want to sort of segregate a little bit further in that kind of setup. Now we get on to multi SIG. Or should we talk about the backup plates and sort of Shamir secret and seed XOR first? What makes more sense? I think the seed splitting kind of makes more sense. Sure. So yeah, no, no, no. That totally makes sure. Because like, you know, a single SIG, sorry, multi SIG doesn't make too much sense to split the seeds. So now you have, you know, your your seeds in metal backups, right? That's clear text. And if somebody gets hold of that, of the two plates of your passphrase and your seed, or if you're doing just seed, they do have access to your money. So for that reason, CoinGate and Trezor have sort of come up with two different setups in which you can essentially de-risk that seed by not having it in clear text. There is Shamir secret, which is not my favorite, but it is fairly secure. And it does give you M of N, which means if you lose just one part, you don't lose it all. With Slip39, you can actually so you're going to essentially have, say, three pieces of paper or metal with those words. And then there is my favorite, which is SeedXOR. I made a little website called SeedXOR.com. Essentially, that's a very fundamental computer algorithm, right, that you can split the seed and not need a computer to recover it. You can do it by hand and paper with a little worksheet. And that to me was very important because I don't want people putting seeds on computers to recover them if they do have to reunite the two secret parts. And this is a great way of splitting the clear text backups for single SIG or single SIG plus passphrase. I'm not sure if we need to get too much into more detail of that. There's a lot of videos out there. BTC Sessions, I don't know if he's in the hall. He was going to come, but he has some great, great videos talking about Slip39 and also SeedXOR. If you are doing single SIG or single SIG plus passphrase, I highly, highly recommend you look into that. So why don't we move to MultiSIG? Do you think you have something to add? Yeah, no, I was just going to say I posted a link in the next for anyone that's looking to look into SeedXOR. It's a Bitcoin magazine thread. Oh, great. Actually, so really quick on the SeedXOR thing, two cool features of SeedXOR. One of them that MBK already mentioned is you can actually do it by hand. You can do it by hand. And I think any CompSci 1 student could write a little Java program to do SeedXOR. So it's fairly bombproof. Like you're not going to be reliant on finding a specific piece of software in the future to reconstitute your seed. The other thing that's kind of cool about SeedXOR is that the seeds that you split your seed into can themselves be valid BIP39 seeds, which is also a cool feature. Yeah, they are plausible, deniable. Just it's funny you brought that up about the CompSci thing. One requirement we had when we were sort of creating that was that it had to be World War II level complexity. So, you know, we had to work with like modern computers for you to be able to do the operation in case we have a nuclear holocaust. That was part of the spec. So multisig. Multisig is a very broad subject. There is 50 different ways of doing it. And Rindell, do you want to give a primer on what multisig is before we get into solutions? Yeah, so multisig, which in kind of classical cryptography, you usually you'll hear about it being called threshold schemes. Multisig is a way of saying these coins can only be spent if T signers out of N keys produce signatures. So normally when you have a Bitcoin wallet and somebody sends Bitcoin to you, those coins that you have can only be spent if you sign a transaction with your private key. What multisig lets you do is it lets you say instead of requiring a signature from one key, my coins require signature from some threshold number of keys. And you can dial the threshold up or down. So you can say, you know, I want to have three keys in total and two of my keys have to sign or I have five keys in total and three of them have to sign. And that lets you distribute risk and have some degree of failure tolerance. Because if you say I have a two out of three multisig setup, then you can imagine you could completely lose one key. And as long as you still have two, you can still sign and spend transactions. So that's that's the general premise. And then there's a couple of different ways to implement multisig. And then those parameters for what you want your threshold number to be and what you want the total number to be are also configurable. And you might choose different numbers based on your circumstance. Great. So essentially, the explain like I'm five is you're going to need two parts to each produce a signature. Say it's a two out of two. You're going to need two parts to each produce a signature in order to transact that Bitcoin. Or if you do a two out of three, it's going to mean you're going to need two signatures out of three available keys to do that signature to move your Bitcoin. I hope that sort of like makes sense. If it doesn't yet, I hope that through us talking about it on each setup and options might sort of like clarify it to you. Well, and before we get into the different options, just to compare this to what we talked about a second ago, which was doing something like Shamir secret splitting to take a single seed and break it into multiple pieces, as opposed to doing multisig. With Shamir's, you need to reassemble your shares and you get one key at the end of it and you're producing a single signature with your one key. With multisig, you're signing multiple times and you produce multiple signatures. And one nice attribute of that is that you don't have to get all of your keys together on a single computer to do multisig. Right. Like if you if you do Shamir secret sharing, you have to reassemble the pieces. And then once they're reassembled, there's now a single key that can spend your Bitcoin. With multisig, you can have keys in different locations or held by different people and they produce different independent signatures. And you don't have to have a quorum of keys together at the same time. Yeah. So I guess I'm going to get into Jameson's and Justine's solutions very soon. And I guess you guys are going to have like different sort of like different opinions about this and sort of like different attack approaches to similar problems. So I'm going to start with Craig first, because Craig, like us, essentially supports all forms of multisig and he's building multisig software. So, Craig, what are sort of like reasonable multisig quorum choices in terms of M of N that you personally think are good and not too complex? Look, I think, you know, one thing to consider with multisig is the privacy aspect to it, that you do reveal the details of your quorum when you spend. So it is worth being aware of that. And if you have a very unusual, you know, quorum set up, say, you know, five of 11 or some something very odd, that's really going to stand out. And it will allow your spends to be more easily tracked on chain. So I think that that's one of the biggest factors for me that I consider. And then taking that in mind, I believe I'd be surprised if it isn't the most common quorum set up as a two of three. So if you're doing that with your multisig, you are likely to be in a fairly large crowd and it will be hard to tell you apart. The next probable one, and Jameson probably knows this better than me, but I would suspect it to the three or five. So that's probably next. And that kind of makes a lot of sense. Both of those, you have, you know, a you can have a complete loss of one of those keys so long as you still have all of the public keys and you'll be able to sign and move your funds just just fine. Obviously, with the three or five, you then can have a complete loss of two of those those keys. So that's, I think the two that kind of stand out for me as as solving at least 80% of people's needs when it comes to multi multi-sig. If you need more than that, you obviously have quite a unique need. So, you know, you'll then have to consider a set of that. But I would I would look at those two quorum sizes first. Yeah, I think those are like there's a reason why those two were chosen. They do address most of the issues multi-sig is trying to address without getting too complex. And there is also some wallets out there to do two out of two, which I really dislike because now you're essentially getting the worst out of everything. You essentially like getting the complexity of multi-sig and you're also getting the worst possible recoverability out of each secret. So if you're doing two out of two, personally, I would recommend just doing single sig plus passphrase. But that would be like a different sort of discussion. You can actually go to txdats.coinmetrics.io and they have this chart. It's called P2SH repartition by type. And you can actually see and count how many UTXOs and how many Bitcoin are known to be stored in different ones. And so two of three is the most common. Interestingly, three of four is the second most. And then it's two of two. I'm not sure what uses three or four. Two of two, I think we can mostly agree, probably Blockstream Green's wallet and then three or five after that. But, you know, Blockstream Green, I believe, does have an out for their two of two that's using, you know, essentially a lock time so that there is a way to recover even if you lose one of those keys and then you wait long enough. So the reason why they're doing that is because they're trying to de-risk the phone by having a server sign the other key, if I remember correctly. Right. So the idea is that you have multi-party automatic multi-sig. So essentially getting a 2FA. I personally don't like that solution. And I think not a lot of people use it. And I think them themselves are sort of like when you open the new wallet now, I think they suggest the default. Also, that solution was not standard. So in order to recover from that script they had, you needed a very, very specific recovery script from them. Just an FYI on that, I guess. So, OK, so we have it's too bad that Hugo couldn't join us from Nunchuck as well. Bedtime zone. And I also don't think I gave him enough notice. So I think it's really cool that there is three companies offering assisted, I'm going to call it assisted multi-sig. And they all take very, very different approaches. I find that to be great because then he addresses three different markets. You guys may think you're competitors, but I see it as more like different choices in the market trying to do things very differently. So I think Kasa does two out of three and three out of five, if I'm not wrong. And Chain does two out of three. And I can't remember if you guys do other quorums. But Justine, if you guys do do only one set, I'll have you start first. If you guys do two types of multi-sig, then I'll have James start. Yeah, we do two of three collaborative multi-sig. And then we have multi-institutional that's available as well. But yeah, we were two or three only. Cool. So do you want to sort of like give a short primer on like, why do you do two out of three? And like, what's your security intent? And who's who's this for? Yeah, absolutely. So first, I know, we kind of did an overview of what multi-sig is, right? It's creating a wallet that requires multiple signatures. Collaborative multi-sig or assisted multi-sig is just allowing a third party trusted, you know, resource to come in and hold one of those keys to assist you. Now, that could be an individual, maybe you have your your grandma hold a key and you've created a multi-sig on on Sparrow Wallet. And you've done this all yourself, right? And you can share pieces of information with individuals because in multi-sig, you've eliminated single points of failure. With Unchained or CASA, we do collaborative custody, which means we as an institution is holding one of those keys. Helping you create addresses in our wallet software. You can then access this, of course, in other wallet softwares. But we can assist with signatures, which means that you can lose things and not lose your Bitcoin, right? So with Unchained, we do two of three collaborative custody. You as an individual would hold two keys. We would hold one. We do physical backups, two of three, which means that you as an individual hold four pieces of information, meaning two signing devices and two physical backups of seed phrases. You can lose three or four of those and we can still assist you with your Bitcoin. So lots of room for failure there. We believe two of three is the most secure for the most individuals just because that is four pieces of information that you need to secure and they need to not all be in one drawer. Right. So when you start adding more and more keys, that adds more complexity. And what we found is a lot of people will just then not distribute that and have it sitting somewhere. So we just feel that it adds the security that's needed without the complexity. And so we offer two of three. We do have Caravan, which is a wallet software that allows you to create your own multi-sig and you can do different quorums on that as well. And in the future, we may add additional quorums because there are there are people, you know, different strokes for different folks, big corporations that want the ability to add more. So it is something that maybe in the future we will do. But as of right now, our two of three is standard. Justine, where are the keys held for your setup and how are the keys sort of like managed? So we don't actually release any information about how the keys are managed, but we do. Everything's offline. No, I meant on the user side. On the user side. OK, yes. So you have your four pieces of information, your two signing devices, your two physical seed phrases, and you're going to store those geographically in different places. So we recommend, you know, a metal plate and put those in four different places. What that looks like to you could be different. What we generally recommend for someone starting out is take one seed phrase and go put it away from all the others. That doesn't mean that you're self-sovereign in your Bitcoin custody. It means that you still need unchained, but it means that you can't lose all pieces of information if you have a fire or flood in your house. So bare minimum, remove one seed phrase and go put it in a second secure location. Those locations could be another physical home that you have, an office safety deposit box. I don't recommend putting all information in there because you shouldn't trust the banks. But with multi-sig, you don't have a single point of failure in that seed phrase. Nobody can access your Bitcoin with one. So you as an individual are storing that physically somewhere. And what that looks like could be, you know, buried behind the third oak tree hole on the left and, you know, behind your drywall seed phrase. It could be whatever you want. It just needs to be four different locations is the optimal security set up behind. Thank you. Jameson, so you guys do things a little differently. You guys do key rotation. I don't know if that's still true. And you guys have also an app that's part of that sort of like in how everything is handled. Do you want to sort of like give a primer of like some design decisions and sort of like some risk profiles and same idea that I asked Justine? Sure. Yeah, so we initially launched with three of five only and then worked our way backwards to doing two of three, which is easier to manage. Now, what a lot of our thought process that has gone into with deciding exactly how to architect the key management with all of this is the fact that multi-sig is more complicated than single sig. And there's a lot more decisions that can happen, which means there's a lot more potential for foot guns. The design space is so much larger that we want to constrain it in such a way that people are basically guided down one of a fairly limited number of paths. But even that said, you know, within our own system, there are a number of different decisions that you can make, especially between the two of three wallet. You know, we we offer both a more convenient two of three where you have one key that's on the phone, one key with Casa and one key on a hardware device. Or you can do a more self-sovereign setup, which is using two different hardware devices. And then Casa is the third key. But of course, that creates a bit more onus on you, a bit more responsibility to manage those backups. So one of the I would say key differentiators between us and I think a lot of the other multi-sig wallets is that we do tend for the three of five and as a sort of default for the two or three have that mobile key on the phone. And one of the reasons for that is, you know, even if the phone device gets compromised, you're not going to lose your funds. We're also a fan of what we can then do with doing a secure backup of that key. So essentially encrypting that key, putting the encrypted blob of that key in your cloud storage for the phone that can only be decrypted with the decryption key held on the Casa side, you know, essentially creating the sort of two of two backup for that key. Even if somehow both of those sides got compromised, once again, it's only one out of the N keys involved in the system. So, you know, we're trying to make things easier for people to navigate this additional complexity, even with all of the decisions that can be made, whether doing two or three or three or five, I think a very important aspect of these systems, both with Casa and Unchained is that we're offering support because, and I think this is kind of the culmination of this whole discussion that we're having, there is no single cookie cutter solution that works for everyone. You know, everyone has their own unique life and family and work and obligations and a million different variables that go into deciding, you know, how you are willing to make these trade off decisions, essentially between security and convenience and recoverability, especially inheritance situations. So that's why I think, especially if you're going for a more complex multi-sig setup and you're not really familiar with adversarial thinking and key management, it is helpful to have someone that you can just talk to and bounce ideas off of and understand better what the different trade offs are of the decisions that you have to make. Yeah, absolutely. And I guess I'll bring up some, since Nunchuk's not here, I kind of find it interesting to also bring that up. And I think it would be somewhat similar to Craig's solution, but on the phone. So with Nunchuk, it's interesting because essentially you have a phone wallet that allows you to create like Sparrow, like Electrum, whatever multi-sig you want, right? So you can do your two out of two, two to three, you know, three out of five or whatever. And what's interesting about that one is that it is not sort of like as guided as Unchain or Kasa. It's sort of like more like a do-it-yourself. What it is interesting, though, is they are using our new product, the Top Signer, right, for you to do NFC with the phone. I find that very cool because like now you have like a different type of device with a different risk profile for the multi-sig. And they do have the signing service, right? So you set them with one key and they do offer a signing on a certain threshold as your, so you can go travel somewhere in the world, bring your Top Signer and they won't let you spend more than X amount per day. But if you don't like them the same way, if you don't like Unchain, if you don't like Kasa, you can just go and use your backup quorum to sign your money outside of this multi-sig services. This is like something that never existed before with financial services, with money services. Not saying that you guys are a financial services company that gets into a whole law complication of this whole thing. That's not the point of the conversation. But in terms of just like being able to offer a non-custodial but assisted financial, in the terms of money solution, where there is a third party participating in your spending to help you either don't screw up or have limited thresholds per day. But if you don't like them anymore, you can go dig your seed plate out of the third oak. Is that where it was, Justine? I was buried under the third oak tree, yeah. The third oak tree. And you can get your quorum back because you have more keys than the service does. But that also prevents them from ever taking your money because they only have one or less of the quorum than you do. And they don't have enough quorum to ever take your money, too. This is a very sort of like new thing that never existed with money before. You made a really important point there that I think a lot of people confused with multi-sig and especially collaborative or assisted multi-sig is it doesn't mean you're locked in to let's just say that wallet provider, right? And that's an important part of Bitcoin self-custody in my opinion is the self-sovereignty aspect. So one thing that's important to remember is everything in Bitcoin has trade-offs. And with multi-sig, you are adding additional complexity, which means you need to have additional things to be able to self-sovereignly recover that Bitcoin outside of that entity. And so I think it's important to note that if you do set up a multi-sig, in order to access it outside of that wallet provider, you need to have what's called a wallet configuration file. Think of it as a map, a blueprint of how to rebuild that wallet outside of that entity. So that's something important to remember. Now with that map, you can't spend Bitcoin. So when it comes to securing that, you maybe don't have to do it as intensely as you would your private keys. But it does include personal information. It says things about your setup. So you want to keep it secure. So if you have created a multi-sig somewhere, you need to think about that configuration file. It has your derivation pathways, XPUBs, external public keys, those sorts of things on there. So that's important. And then also, anything with collaborative, when you include a third party, you're trading privacy information, right? You're trading information. So those are things that you need to factor in and sort of decide if that fits best for you. But it is important, in my opinion, to really talk about external recovery, which means unchanged shouldn't be a single point of failure for you, right? So we, as a company, really focus on education. We have our concierge service, which will help you set up those signing devices, learn what a seed phrase is, and how to recover. But we have webinars. We have articles that really can walk you through each step. So just wanted to kind of throw that out there as well as we talk about multi-sig. I think it solves a lot of problems, but you do also need to ensure that you can sovereignly recover. So I kind of think that next, we can go sort of like going different rabbit holes. But just before I go there, I just kind of want to recap. So I think we all agree that different people, different needs, different solutions. Even the same people might need different solutions, right? You want your spending wallet, you want your lightning wallet, you want maybe a warm wallet. I think we all agree that keys should never be on a computer or touch a computer. I think we all agree that hardware wallets work great. I think we all agree that multi-sig solves a lot of problems. We don't all agree that a single sig plus passphrase is great, but we do have some agreement on where the faults lie. We can recap that if you guys want to pick at anything I said. So don't feel like I am putting foot down here. So I guess the main thing is that I want people to take out of this sort of simpler, more new part of the conversation is don't get overwhelmed with solutions out there. You have time, you can test things, you can experiment with different services, you can experiment with different wallets. Most of the solutions are free. And then if you want to get into hardware wallets, you can even build your own. There are solutions out there. I think it's important that people don't roll their own solutions, especially not their own cryptography. I don't think that's a concern anymore, but it used to be back in the day. And then we can start getting into the weeds of some of the FUD that confuses people around different solutions and go from there. Do you guys have any short comments about the previous noob conversation that you want to say before we move on? Yeah, I mean, like we said it earlier, but just to really drive it home, if you've got 50 bucks or 100 bucks on Coinbase or Gemini, just go install Moon Wallet or Blue Wallet on your phone and get it off and start playing with it. You don't have to go straight to seed plate buried behind the third oak tree. If you've got 50 bucks on Coinbase, you can really start small. So you just said it, but it's worth saying over and over and over again. I mean, that question does come up. Every single time I do spaces somewhere or like back in the clubhouse thing, it's amazing to me how much people don't understand that they don't need to do like 12 out of 12 with DVDs for 100 bucks worth of Bitcoin. And that is how you should be experimenting with Bitcoin. Don't go buy an asset with all your life savings until you understand how the hack that asset works. Well, in a lot of people I've heard, well, yeah, the same thing, like clubhouse or friends will say, well, you know, like I only have 100 bucks worth of Bitcoin. I don't really want to go buy this hardware wallet that's, you know, certain amount of money. It seems kind of crazy for the amount. It's like, well, you don't have to. You know, there's free mobile wallets that can be your first step. So I think the biggest takeaway from this spaces is like, it's not all or nothing. Like take the steps. And we're kind of walking through the steps specifically. But you don't have to spend money on a signing device or hardware wallet. You can just download a mobile wallet. Like that's the first step. Yeah. And then even when you start getting more, you know, sophisticated, you also don't have to have one wallet, right? I have BlueWallet on my phone. I also have, you know, several multi-sig setup, right? And you can think about partitioning your money where you have a really small bucket of money that's super easy to get to and very easy to spend. And then you have a bigger bucket of money that's harder to get to and harder to spend. And those things can change as your life does. Just like we're not walking around with our life saving in our pocket, right? Like we take what we need to spend when we go get coffee or whatnot. And the other is secured somewhere. So yeah, the multiple wallets, depending on your needs, is totally, totally good. You know, it's a segregation, right? It's like hygiene in that sense. Like you're going to have like, you know, your savings account. You're going to have your checking account. You're going to have your credit card. You do segregate fiat in all these buckets in your life, right? So why not do the same with Bitcoin? You don't want to be buying coffee with all your wealth. I think there is something interesting to be said about diversity and how to apply diversity from a security mindset. For example, one really common trope that we see is people coming to us who they have for their safety diversified their funds across five or ten different wallets. And some of these may be self-custody, some may be custodians. But their whole idea is, you know, don't put all of your eggs in one basket. And my pushback against that is that, yes, that type of diversity does, of course, reduce the chance that a single catastrophe will completely wipe you out and cause you to lose everything. But it can also be increasing the chance that you will have a partial loss and one or more of those setups will fail. So, you know, one interesting aspect of multi-sig is that the diversity that you can add to the setup by having keys on different hardware, manufacturer devices in different physical locations, and basically different security properties around each of the keys in that setup is that that security is actually additive. It creates a stronger and stronger setup because it's essentially eliminating these single points of failure where, you know, if an attacker, for example, compromised a supply chain of a popular hardware manufacturer, if your multi-sig setup is not using all the same hardware manufacturer, you're protected from that. That's just one example. So, point being, diversity can be good, but applied the wrong way, it can actually be harmful. It's kind of fascinating. And it really goes to show why there is no sort of like fix-all solution. Each setup is going to have different sets of trade-offs. And, you know, you could have... And the complexity also does increase some issues there too. So, you could argue on one side, it's like, you know, like you want to have some diversity in your hardware wallets because, you know, if one vendor is evil, or really, like, realistically speaking, it's going to be a targeted attack against you that like it's going to maybe replace hardware or something like that. You could be fall to that. But at the same time, you could have multiple hardware wallets and say the software update on some of them break the multi-sig setup. It's unlikely to have full loss of funds, but it could be quite the issue to sort of like go back to you being functional. And then, you know, like each vendor is going to offer sort of like different thresholds. And some vendors out there offer simply no security, or illusion of security, or like really crappy hardware. There's like hundreds of hardware wallets. I'd say like probably like out of 195 of them are absolute garbage and should never be used. And the guys from Ledger actually do a great job breaking hardware wallets. You should check out their Don John blog where they have broken hardware wallets and how long it takes to break them. And how much money does it cost to break them? There's hardware wallets that cost like $10 to break. There's hardware wallets that cost half a million dollars to break. Not all things are equal, just because they're the same category. So I guess like this is a good segue to move to more sort of like rabbit holes of security and things of sorts. So why don't I bring up maybe Lazy Ninja, who is a security researcher for hardware. He has helped us find problems. We have a good guy as well, who's a fantastic security researcher here too. We have, who else do we have here that is of that category? Just for the beginner stuff while we're on the topic. I know Sparrow has a great thing called Master Fingerprint ID. We as well have something called Master Fingerprint ID that you can check on the cold car itself. So if you're dealing with a single-fig wallet, and you don't know if you're in your Passphrase wallet or you're in your BIP85 wallet or whatever you want, you can go to Advanced Tools and go to View Identity. And then it will give you a string of eight letters and numbers. And that's basically the first four bytes of your public key. So it's just a great way to know. It's kind of like a username or something like that, right? It's just a way to identify what wallet you're in without having to try and sign a transaction and get that error. So it's just a good thing for beginners to know about. And I find it very useful. Thanks, Dee. I think we're going to be attacking a lot of those little issues. Justine and Jameson, thank you so much for joining. Like, I'd love if you guys stay. But if anybody needs to go, totally, I don't want to take up your time. But you guys have a lot of knowledge to push out. So please do stay if you can. And with the first part of the space is gone, let's improvise on the second part, which I think would be really cool to sort of like talk about some of the FUD around solutions and some of the ways the products in the market do address them. Hopefully, we can clear a few of those because that's, in my view, like one of the things that keep people from using good solutions. It's just this fear of the nearly impossible attacks or actually like attacks that are completely like a lie. So why don't we start with, you know, can SHA256 be broken? You know, like we hear every time the price of Bitcoin goes up, we do have people that come into the Bitcoin space and start saying that somebody could break Bitcoin's cryptography. Rindo, I think it would be a great guy to sort of explain just how big the entropy space for ECDSA and Schnorr in the way that Bitcoin uses, how big that space is and how hard it is to break it. Yeah, I mean, so it's really large orders of magnitude. Like humans are really bad at comprehending orders of magnitude. I think, you know, it's something like on the order of the number of atoms in the observable universe is like in the same... It's I think that that number is about two orders of magnitude larger than the number of valid ECDSA keys that you can have in Bitcoin. So when, you know, what Justine was saying earlier about your seed is, you know, a representation of your private key. What happens is when you go to create a new wallet, your wallet generates some really big random numbers and then feeds it into an algorithm that creates a master private key. And then that master private key is used to derive all of your addresses and the corresponding private keys for them. And so, you know, there's kind of two ways that somebody could get to your private key. One of them is that they just guess really lucky and they have what's called a collision where they randomly pick a key that's the same as one of your keys. And as I mentioned, there's a really, really, really large number of keys out there. So it's very unlikely that somebody is going to pick the same one. Or the other thing is the security of Bitcoin's digital signatures rests on a thing called the discrete log problem. And so the idea is that we don't know any way of undoing a particular mathematical operation over elliptic curves. And if we did, then it would mean a lot of things about cryptography and the whole internet would be broken. So, you know, the cryptography that's protecting Bitcoin is like the same cryptography that protects the rest of the internet. If that broke, pretty much everything would break. Yeah, the way I like to describe that is if the Bitcoin cryptography is broken, airplanes will start falling off the sky, electricity will stop being delivered, and the water will stop being delivered. Even your sewer will likely stop working in a big city. So essentially everything in your life that maintains you alive, except from being, you know, out in the bush, depends on cryptography nowadays. Well, and you know, Bitcoin needs the internet to work, right? At some point. So if that cryptography is broken, it's all gone. Ah, maybe I could do it with radios. Well, yeah, so you can broadcast a transaction, but like the miners are going to need the internet, right? That's right. So anyway, so I guess like everything in Bitcoin starts from entropy. So that's like, I guess, like why I wanted to start from there. So that's the original FUD in terms of Bitcoin custody and like Bitcoin keys and stuff. Now, sanity and quality of entropy is kind of a big deal, right? And if you have a bad or evil device or piece of software, it could create bad entropy to you either by bug or by malicious intent. Right. Some people, you know, just to oversimplify it, you know, let's say you have a rainbow table or a known bug in derivation. And, you know, an evil piece of software or hard wallet could theoretically start giving you either extremely weak entropy accidentally, or it could give you entropy that they themselves know some part of the entropy, which is kind of scary, right? Because they could give you entropy that they can then later derive it themselves, those keys, and then take your money remotely without you ever knowing what happened. So I think it's important here to understand why people in this space are so adamant about you using software that is verifiable, right? So you can go look at the source code, right? You can build it yourself. Not that everybody's going to do it, but that, you know, people of some notability or people who understand it in this space are going to go look at the software because they understand it. And, you know, they're either going to vouch for that piece of software, or they're going to say that they don't find any issues with it in that sense. So that means that, you know, when you're using your code card, you know, somebody else looked at that source code and knows that CoinCade is not sort of hiding some purposeful bad derivation there for you to happen. Now, another sort of thing that goes in that sense is, why is it important to bring your own entropy? Because why trust the software itself at all, right? Why don't you just throw some dice and sort of like input that entropy yourself into the code card? In my view, that's even a better solution. Or at least do it to prove it that the device does what it claims it does. And then you sort of like do a new one or sort of like some mix of it. But that's why you use the chipsets that you use in your wallets, right? Because they're certified, they've been tested for entropy creation, right? So I think there's like the hardware is a big part of that too, right? Yes. So the thing though is like, I don't want to trust the TRNG even though it is certified on a hardware device. I mean, chances of that having a backdoor or being evil are low. Or that if there is a backdoor, it probably is going to be state actor level, trying to do something. So like in my view, we don't like to trust it at all. So what we do is we mix the entropy of different chips that would all have to have a conspiracy together to do something stupid. And then on top of that, they would have to like cheat our open source code. And then on top of that, if you add a dice, they can't really do anything about it. But there are devices out there that don't have verifiable source code, do depend on certification, and do depend on that single point of failure. Let's call it that way. And we have seen this happen in the world through time in terms of attacks on security systems by state level, like attackers. It doesn't have to be just state, right? With the hardware, for example, the enclaves, the chipsets that the treasurer use, you can easily exfiltrate that using like glitching exploits on some of the older models. And so the barrier of physically taking private keys from some of the older treasurers is like a 15 minute YouTube video, a breadboard and a few jumper cables. Whereas the ability to do that with something like the cold card, which is using multiple secure enclaves, incredibly, incredibly difficult. You would need delaminating or microwave equipment, you would need laser equipment, university level to start before you can accomplish these types of exfiltration. So I think that that's a big step too, is just like simple, secure hardware. Yeah, well, that's one cool thing that you get with multi-sig, right? Is that like, or a passphrase, is that you de-risk each key, right? So when we get into the rabbit hole of key risk, or single key risk, per key risk, really, the multi-sig does address a lot of those issues, really. Because the source of those keys will likely be of some diversity, right? So both Jameson's, Kasa, and Justine's and Chain do source that entropy from different hardware wallets, which I assume you guys allow the customers to pick, but you probably advise them to pick different hardware wallets. And on Jameson's case, you also have the app being one source of entropy as well. Also, there may be people listening right now that thinks this is tinfoil hat stuff that you don't need to pay attention to. I joined a little late, so I don't know if you talked about this earlier, but there's a theory right now in the theft of Luke's coins, that somebody identified that his system has a common vulnerability that's been reported publicly, that the random number generator on that system is terribly broken. So there's... Yeah, I believe it. You know, this is where the rabbit hole of like, please don't roll your own solutions as a civilian is so important. Even as a programmer, don't roll your own solutions because your widow may not be able to recover from that. Or you are fallible and your own solution has not had the scrutiny of the market, right? To find those bugs may be an even bigger problem. Well, you're only one person and it's just impossible to do the level of scrutiny needed on complicated systems to validate everything. And even sometimes looking at the failure, it's not obvious to you because these things are much more subtle, these errors, than they appear when people sort of disclose them. It seems obvious, but when you don't know the errors there, it's really hard to see some of these. You know, it's not just that with Luke. I think there's a certain amount of past experiences that have interfered with his judgment. Previous hacks that cause certain amounts of PTSD. And I've seen certain people in this space who have been here for a long time avoid more modernized practical solutions in favor of more complicated traditional solutions. And I've seen that often work against them. So, you know, that brings me back to the AirGap computer just for a second. It's like there is the proverbial AirGap computer running, you know, either like, you know, some very esoteric OS like cubes or running tails or whatever, where, you know, those are great solutions to be your computer where you do Bitcoin operations, where you construct transactions, where you check your wallet and stuff. But those are terrible, terrible solutions for handling private keys. General purpose computers were not designed to hold secrets, right? The extremely complex machines, even if you think that your open source OS is open, great. But there is another 50 layers that are closed below that, even in the most open thing. Even Raspberry Pis are closed source. Everything is closed. I think Lazy Ninja has like some great commentary on the attack surface of general purpose computers. Oh, it's crazy. People don't realize. And I don't want to pick on Luke here because we don't know what happened. But let's not let's not look up. Just I just I just like making this real because some people think these advanced attacks are purely theoretical. And in his case, it seems something very advanced may have happened. But so just alluding to that type of thing, though, one of the things people sometimes do is they maybe have an AirGap computer with a hard drive that, you know, it has literally never touched the Internet live. Obviously, code had to get onto that hard drive at some point. They do their stuff and then they wipe that hard drive or something like that. However, it's, you know, sophisticated attackers, if they have malware that's in one of these source code that people are downloading and putting on the AirGap computer to set it up. It's possible for that source code to cache private keys and things like that to memory of other chips on the system that can't easily be removed. Like you could, you know, you could cache a private key to, you know, BIOS memory, you know, things like that. And so when the system is restarted with a fresh hard drive, your key has actually been stored into physical hardware on the computer that you cannot remove without destroying the computer. And if your system ever gets reinfected by that virus again, it can go look in those cached places, secret places and recover things like that. So there's very advanced, tricky ways that people can do this. You know, you could say that that is a trivial attack on something like a Raspberry Pi, right? Because the Raspberry Pi has a bunch of like essentially preparatory closed blobs, binary blobs running on the main micro, running on their auxiliary systems. And you simply cannot know. And then people trying to experiment with DIY solutions go and do a curl to a bash script to build all the source code from the internet. And you don't know what packages are really coming in to build that source code. And you are not reviewing it yourself. And you're not part of a package system where people are actively seeking to remove packages and sort of like have no dependencies where there's last attack surface. This is a huge amount of work that Bitcoin Core goes through where Bitcoin Core doesn't have dependencies, right? That means that when you're building that software, everything that's required for that software comes in the same bundle, right? You're not downloading packages and parts of the source or firmware from the internet. It's already being reviewed. And most importantly, it is deterministically built. So that means that when people claim that that source does what it does, you can check byte by byte that your build is the same one that the people who may be able to know more than you build it to. So there is no room for anybody to change anything and do any shenanigans there where you could be exposed. And we see this a lot. And then there is even like the parts where people are just making mistakes, where they are trying to do entropy without paying attention with dice or dominoes or with paper out of a hat. And they accidentally type in the same result 100 times. And every single bit of weak entropy space in Bitcoin is being watched and has already been derived. So if you have a low entropy Bitcoin key, somebody is going to take those funds from you. When you're talking about quality open source software, commercial software in Bitcoin, commercial hardware in Bitcoin, there's a lot of work that goes into making sure that all this stuff is not exposing you to hacks or to sort of like derivation, or you actually producing bad entropy. Craig, you make a wallet that's like has a like now a big install base. How do you guys manage packages and like how people build and what kind of advice do you give to people when they're using an open source software wallet on a computer? Yeah, look, I mean, the reality is that there are lots of dependencies and all of the noted sort of, I would say, difficult, but nevertheless possible attacks are certainly valid. You know, the reality is that if somebody has the same access that you do when you run your Bitcoin wallet, they have all of the permissions to access the memory in which it is in the hard drive, they're going to be able to do anything that the wallet can do. And so that's really why we use hardware wallets. It's in order to get past that point to have that sort of air gap or that key sitting on a different device, which is not running in the same memory space, or at least an attacker doesn't have access to that. In terms of the dependencies, the way that I deal with it is to try and reduce them as much as I can. And then the ones that are there, review them. And that's obviously the same approach that Bitcoin Core would take. And, you know, they're much further down the sort of path of trying to reduce everything and making it as limited as you can. But, you know, the reality is that is one attack vector. I think the more common one is that you simply have some malware sitting on your computer, which has access to whatever your Bitcoin wallet has. And that may very well be, you know, the way in which Luke's coins were, or at least his wallet was compromised. The two number one ways that this is happening here in Canada, the internet service providers, the DNS lists are being hacked. And so a lot of times, like a local internet service provider will be redirecting people to bad Electrum packages or images or copies of websites. So it's not even necessarily the GitHubs or the repositories or bad tutorials that are sending people to these bad payloads. Sometimes it's like AT&T being exploited. You know, that brings me to binarywatch.org. It's a little project we put together recently. It essentially watches the binaries, essentially the downloadable version of the software that is reproducibly built, ideally, or at least the binaries are assigned. Most Bitcoin software, the binaries are assigned with the maintainer's keys. And people should always check the signature before they run software in general, but especially if it's Bitcoin software, to make sure that is the actual software intended to you, not an evil version of that software intended. And always make sure to check multiple maintainer keys because again, in the case of our friend, his BGP key was also compromised, which could have released bad signed versions. Anyway, so this bot on Twitter now, it's a binarywatch bot on Twitter. It watches a lot of Bitcoin projects binaries, and if they do produce a bad signature, it will warn you as a bot, but you can always check it there. It's nice to have multiple people, multiple parties, double checking the same thing because they would have a good copy, a good known copy of that private key that was, sorry, of that public key that was used to sign that specific software. Portland, do you have, I see your hand up. - Yeah, I wanted to make a comment on random sources of entropy, specifically hardware random number generators. And that's that there are three things that must go right to implement them correctly. And that is, first of all, you must actually have a true random source of entropy on the silicon. So that's that the manufacturer's doing their job. STM, which you guys use in the cold card, I've used them before and they have a hardware random number generator. I personally trust it, but nonetheless, you also have to implement it correctly in software. So that means you have to, with code, call the instructions necessary to activate it and then get random entropy from it. And then lastly, this leads into a common vulnerability exploit 2019-15847, which is that the compiler can't optimize those instructions out. And this led into the Talos 2 situation that was mentioned, which was there is a PowerPC processor, which has a great random number generator. And you mentioned that the random number generator, I don't think, sorry, you didn't mention specifically, but the random number generator in there, I don't think was at fault for the issue at hand of reducing the total range of entropy. It was that the library GCC used to compile to that architecture actually optimized out the total range of entropy possible. So the actual compiler, even if the programmer wrote it correctly, it would optimize away the entropy range from that chip specifically. It could even get funnier, right? Like blockchain info back in the day was not randomizing key values, right? Which is one of the nonsense they're going to build this. So essentially there was a guy just collecting Bitcoin from people who had a blockchain.info wallet because they had a 404 on randomnumber.org. It was literally a 404 because somebody was pulling random numbers from some random website that claimed to have random numbers to begin with. So like programmers do all kinds of stupid things. Everybody's valuable. And a lot of the times is not malicious. But again, like what do you gain from having commercial things that have a large install basis? There is more eyes on it. There is more people trying to break it. Is economically interesting for people to try to break it. And those problems, concerns, bugs, they do come up because people want bounties, people want fame, like Lazy has found bugs on CodeCart and help us fix it. And there is a lot of security researchers out there that know a great deal more than your standard Twitter pundit on security who do have true valid contributions. I highly, highly recommend if you're interested in this topic, I had a episode of Bitcoin Review with Lazy Ninja, Craig and a few others on like a dive into wallets. I think we linked it on the nest. So moving on to sort of like, not moving on, but we can keep on going back and forth until we're tired of talking. Well, I think a big part of this is privacy, right? And understanding. I had a client recently send $4 million to a scammer and she was very sophisticated. She was very smart. She's been in the space for six years. She was mining for a very long time of that. But eventually these nefarious individuals had stayed in contact with her online and it just so happened in the week that her brother and her brother-in-law died, she was emotionally vulnerable and she did something she was susceptible to. So a lot of us that feel that our practices and our security is unhackable, none of us here on stage are unhackable. We're all vulnerable to emotional states, emotional thinking and external threats. The more you have to think when you're doing Bitcoin transactions because your setup is complicated, bigger risk you're in. And this is where smart people are more vulnerable than your less knowledgeable people about a topic because the less knowledgeable people will pick some best known approach to security and they will just follow it through every time. And they may sweat a little bit, but they will use Kasa, they will use Unchain, they will use CodeCard, they will use any sort of known wallet in the space. Sparrow with single SIG with a harder wallet, they're going to have some standard setup, right? But then you have your super shadowy, super colder, you know, with their Haxor approach where they're going to have their super sanitized thinkpad from the specific vintage of say 1999, you know, because they didn't have a specific ROM yet and they rip out all the radios from the laptop. They've done all this stuff, right? And then what's going to happen is they're going to have one day they're sweating it out because like they just fought their girlfriend or something and they're not going to pay attention and they're going to accidentally stick a USB device on their laptop and that USB device was specially prepared for them with a package malware that, you know, essentially steal the secrets from that running laptop from memory, right? And it does happen, right? Because the laptop was not designed to prevent secrets from leaving, right? It was just designed for you to check email, check porno tube or whatever you do with the laptop. So that's why people are so keen on saying, like use devices that are meant to do Bitcoin operations and they are greatly the risk. They are much simpler, you know, the total source code of a code guard is like minimal, right? Compared to how much lines of code goes in a normal laptop that has literally tens of millions of lines of code. So the chances of a bug not being found in one is very different than the other. Again, nothing is infallible. So that's part of the reason why, you know, most sane people in the space will recommend you have things that are gapped, right? When even the multi-sig setups of collaborative multi-sig, a lot of the stuff is there are gapped. You're going to have harder wallets that don't necessarily touch the computer. They're going to be using QRs. They're going to be using ISD cards. You're going to have seeds that are not meant to be used at all. They're going to be on metal only and they're going to be only used for recoverability. You're going to have, you know, like a combination of devices or pieces of software that don't touch the internet essentially, right? Because if there is a bug on the harder wallet and it's not ever connected to a computer with a USB cable, the only way somebody can get to it is if they come to your house and they beat you in the head, right? Yeah, sure, you can go Stuxnet and go all crazy. But realistically speaking, just by not having a wire between a thing that has secrets and a computer that is checking email for you on the internet is an incredible amount of game security for nearly zero cost. What other sort of like fudge that's like reasonable but also like unlikely to happen do you guys want to bring up? Quantum computer risk, right? A lot of people talk about the quantum computers but most people don't realize that those quantum computer companies were kind of compelled to go public in very literal senses and companies like D-Wave and others that are working on that stuff. It's not going to be a single entity that benefits from that technology. It'll be the whole industry. It'll be a lot of corporation and industry that benefits and a lot of people work towards solutions for quantum hardening. It's just it's too weighted. It's not necessary right now. It's kind of one of those boogeymen. So if it does happen, worst case scenario, black swan event, the whole chain gets messed up by a quantum computer which I think is incredibly unlikely. The node operators would likely just roll back to a particular block before it's said event and implement quantum hardening. You know, coming back to Earth in terms of attacks, one fascinating one which was, I can't remember, I think Hugo was part of the people who found it. You know, multi-sig grifting attacks are definitely a possibility. So if you have a virus on a computer that essentially replaces one of the payout addresses on the multi-sig and the devices are not prepared to check all those outputs are controlled by you and in multi-sig it gets very tricky very fast. The attacker could essentially send the change to himself and he can't necessarily spend it but you don't know also where that change went. So essentially they can go and they can tell you, "Hey, if you don't pay me, I won't ever tell you where the change went." And in Bitcoin, if you have a large UTXO, meaning a large coin in your coins inside your wallet, say for example you have a coin that has 100 Bitcoin in it, right, one address of 100 Bitcoin in it, and you only need to spend $10 out of that. And because you had very bad UTXO management, you were not splitting your coin into multiple addresses, you need to send that out and your wallets were not prepared to deal with this attack which the majority of the wallets that are not as great in the market are not. You could have that change sent to by an attacker, sent to an address that is unknown, and then he could try to grief you for money. It's kind of like a handsome attack. A handsome... But you fixed this, didn't you, NB? Like you... Yeah, yeah, no, we have a solution for that. Your cold card will display the XPUB, it will display the cosigner ones if you want. Does it show the ZPUB, YPUB stuff from Electrum now? Because it also will... It also register XPUBs inside of it if you want. Yes, it does. Did you do the Electrum update? No, so the way we do it is like we don't give you a choice, we're just sort of like kind of like enforcing the stuff. So we will give you a warning if there is something fishy because we cannot know everything. So there is ways of handling that. One BIP that does address a little bit of that as well is BSMS, Bitcoin Security... I can't remember now. And that standard does help address some of that quorum knowledge by all the signers. But all the signers are not the same. So when you go into the idea of having diversity in hardware signing devices, do make sure that all the signing devices do have some of the best defenses in place. They are not just some random thing that you heard is great on Twitter and you sort of like take it and use it. A lot of the hardware wallets like in the space that are not sort of like the most commonly recommended are mostly just sort of like Android phones from China in a different package that sort of pretend to be something very secure and they're not. And there's the Trezor open source stuff underneath it. Like 9 out of 10 times we've been given like generic hardware wallets by companies to open. Once we've opened them up, 9 out of 10 times they've just had the Trezor software inside of it. Yeah, I mean, it's the keep key approach, right? They clone Trezor and then they sort of like close the source code. And there was a debacle there. Portland. You were kind of asking for some FUD. I would say that an attack on the entropy generation at the silicon level, potentially by manufacturers, reducing range or biasing it in a certain way. So as people get these devices from STM, right? STM theoretically could bias or reduce the entropy range or put a backdoor on that. Intel has random number generators in their hardware as well. And they've been notorious for people speculating that it's biased a certain way. There are specific test suites by the NIST. So you can actually kind of validate that your chip is producing random entropy. But even those tests could be biased in a certain way to essentially evade or omit a specific section of the test that would prove that it was actually biased. Like if I put my tinfoil hat on, I do not trust certifiers. I think certifiers greatly improve the low-hanging fruit. But I would never trust a certification. The only trust I have is detrusting it. So I guess I'm just going to ask a random question to BK since you're up here. Do you trust hardware random number generators to a decent degree? Not like completely, but to a pretty high degree? Yes, to a high degree, not my retirement funds. And I'll just throw out a quick note to beginners. If you're going to roll your own entropy with DICE, which the cold card does support, make sure to use casino dice because they have a proxy that fills in the divots. So no one side of the dice weighs any more than the others. You know, Paul, and it's funny you brought that up. Somebody did a study on it. And apparently the bias on biased dice is entropically irrelevant. It's not a big deal that I used to think the same thing, but somebody brought it up to us. I don't know the link, but somebody listening might be able to provide us with that. That was very interesting too, because you can normally tell the bias of a dice by throwing them in water and seeing which sides floats the most. Now on that topic, though, there is a thing that does happen is if you're choosing to use DICE only, do make sure you pay attention and you do enter the entropy correctly, because you don't want to be entering the same number a hundred times accidentally, because you will have weak entropy that will be exploited. Even if you do just a variation of two, it's still enough, a low enough entropic space that the entropy could be re-derived. So that is a problem. So one thing I do love is the mix of the two. I do like the idea of mixing multiple hardware sources of entropy, because they don't know each other. They can't realistically coordinate an attack in that sense. And then adding some of your own entropy. We do support that mix mode on CodeCard. It is one of my favorite solutions because essentially you can prove to yourself, well, it's tricky, the proving part, but practically speaking, you can have enough belief that the three sources of entropy were used, plus the DICE was used. So you're in a very decent space as a civilian. Now, if you want to check the source code and all that stuff, it's all there and it's very clear and it's very simple. It's very hard to screw that up because the hardware wallet is so simple as well. Now, if you are using a hardware wallet that doesn't have a secure element, do not use number random generator in that wallet. There is quite a few wallets in this market that does not have one because they're using a random number generator, not a true one, which is often not certified. So you're not even benefiting from the certification, which take it as you will. And it gets complicated fast. You could have some evil software that you accidentally used or somebody accessed your device and they could weaken in that sense. They could just be cheap, like some of your competitors, that instead of literally figuring out how to get their hands on the documentation of the newest SMT chipsets with the further physical protections in them, they said that, "No, no, we couldn't. That was difficult. And so we use the older generations with more physical vulnerabilities." But I think it's because they're cheap, right? I can't comment to the decisions that other manufacturers make, especially if they're economically related. No, he literally said he couldn't get the documentation to me. I held him on this point very hard. I would say that if you're using a hardware device, a hardware wallet that does not have access to documentation from a manufacturer, I'd say they're probably not ready yet for the market. You should have a relationship with your hardware provider for security chips. I think that's important. This is why using commercial solutions is so important, or at least solutions that have very large install bases. You're going to gain a lot of economies of scale in the security too. There's people trying to break those chips for everybody. There is a lot of independent and also hired security researchers. There's a lot of audits that happen. And there's a reason why also most software wallets on computers, commercial, non-commercial, open source or not open source, don't use closed source software wallets. They would advise you not to do keys on the desktop, right? I mean, I think that's pretty common understanding because they cannot defend their code in the desktop. There's only so much they can do in a virus-infested device. I mean, assume all general purpose computing devices like phones or computers are fully owned. So you do have to take some precautions there. The motto that people should keep in mind is various and numerous, right? Strength and numbers. And that can be applied a number of different ways in this space. Obviously, there's the cryptographic aspect of using high entropy to protect your keys from being discovered by people. But then if you're using solutions, whether it's hardware, software, or just architectures for your key management, the more people that are using it, the larger the set, then the more scrutiny is received. And ultimately, I think you want to be in a position such that if something goes wrong, as was alluded to earlier with the potential quantum computing risk, you want it to be so impactful that there will be a potential consensus agreement that something needs to change so that everybody who has been screwed gets unscrewed. Yeah. For example, bitcoin.org does not list any Bitcoin software that has not been in the market for at least quite a while with a decent size of install base, right? Because you do want things to be a pinata in the market, right? I mean, you want enough people to use it so that there is enough incentives for the software to be attacked, right? If you have software that only like a thousand people use, like, you know, researchers may not invest the time or hackers may not invest the time to try to find a problem with that software because there's not enough money held by that software to be worth their time, right? Maliciously or as bounty. When you do have like a lot of install base, I mean, like, you know, if you find like a decent, like zero day problem with cold card, ledger, treasurer, I mean, there is a lot of money in those devices, you know, for people to want to steal it, right? It's similar, say, with Kazan and Chain where like, there is enough incentives for people to try to break the browser solutions or the app solutions you guys have because there's a lot of money being held in your systems, right? There is enough incentives for somebody to try to put a bug inside a sparrow wallet, right? But, you know, there's enough people watching that source code now. The binaries are watched and Craig is pretty much so source provider of that code, which does help. You don't want too much noise in your code base as well. For contributors, it doesn't mean that it's more secure. Oftentimes, it's the inverse of that. You want the least amount of noise in your code base and you want the least amount of people who are able to merge to be doing those merges too. Eyes is different than contributions in terms of like pushing code in. Yeah, I wanted to go back to real quick. One of my philosophies personally for cold storage is always, first of all, the source of entropy is the most important factor because if you have low entropy, you don't have a good key. With that said, I heard you mention that the cold card is using three sources of entropy. Does that mean you're using the STM32 L4 and both secure elements to generate entropy together? Correct. Yeah. We mix it all up. Oh, that's cool. Okay. Thank you. You'd think that most devices do that. That is unfortunately not true. It's time. But there is very reasonable approaches in the market as well. I do love a lot of the stuff that Ledger does in terms of security, but it is closed source. So I would not trust it for a single SIG because it is the nature of their sets of trade-offs. But on the other hand, I mean, these are professionals. I mean, these guys break chips for a living and they do invest a lot of money in their solution and their brand depends on it. So I think it's a fantastic device for shitcoins and for multi-SIG. So I think it's important to acknowledge that there are different paths to this and understand the limitations of each device and design your security, your personal security decisions around those choices that understand the trade-offs of each part of your solution. And one last question before I hop off, and Avid's had his hand up for a while as well. If you have an actual true random source of entropy, and for example, you need 256 bits, but your true random source of entropy in a digital form only spits out 32 bits per instruction, is it safe to just concatenate those together? Or is that a bad practice? I know pseudo random you can't because you lose security that way. But if you have actual random entropy, can I just literally just concatenate 8, 16, 24, 32, all the way into 256 if I'm getting 8 bits per? I don't know. I don't know. Okay, fair enough. That's fine. If you knew... - It's a good question. It is a great question. I think that's a Doc Hex question. That's when I start to feel dumb. If I have to guess, you probably don't want to concatenate because if you know the order and you know some of that, you start finding issues there. Maybe lazy might have an opinion on that. - I don't know if I'm a cryptography expert per se enough to say, but I mean, I would assume you can concatenate, but then you have to do additional conditioning on that output. So I believe that's how most hardware random number generators work is they continue to... They can continue to concatenate the entropy internally. And then the output is run through an AES engine or SHA-256 before it's given to the user. Or if it's going to do that natively, you should... - So we mix in the three entropies from them and we do run them through AES. But again, the nature of this question is interesting because you do run into cryptographer, actual cryptographer level of understanding in terms of the security of that, not implementation per se. - So two things real quick. For example, the STM32L4, it can only per instruction spit out 32 bits and you have to wait for a flag saying it's ready to give you more random bits. So at some point you have to maybe condition them or just literally concatenate them. The reason why I ask this question is because Intel actually puts out some documentation that says that, "Hey, if you're going to use pseudo random number generators, your entropy actually gets reduced with each time you concatenate. But if you have an actual true random number generator, which they claim to have in their processors, you are safe to literally just concatenate side by side by side because each iteration is another random set." And I kind of imagined this in my head, like I'm flipping coins to get individual bits for my 256-bit key. It's, I believe, safe for me to concatenate the coin flips into 256 zeros. - Yeah, but now you run into the problem of like, what if the true random number generator is not actually a true random number generator? - Oh yeah, okay, then right back to square one. - Well, that's sort of a thing too, because in the 608, the random number generator is a hardware. So it's a hardware in-source random number generator, but then it does the conditioning, running that data through AES or SHA-256 before it's given to the user. - But the condition is really spit out so much data, right? Like a conditioning algorithm. - You can use bit conversion to do some interesting stuff to make it work as well. - Here's the thing, like for the audience, like now you have three people who deeply understand the topic and they can't come to a full agreement on this. Just so you understand the level of the complexity of, like when you actually like stop LARPing about the wallets, right? So it's not like just your like open source, cute, software, like when you actually getting down to the true sort of like basis of how Bitcoin works, because of that like massive number you need to generate, so that you do get the universe size of entropy in Rindell's words there. This is why it's so important to not trust any single part and to sort of like understand that the solutions understand these problems. And then what they do is to not run risks, even if there is a claim by a chip manufacturer on something, is to avoid that trust by mixing in different parts, even a diversity inside the device itself, right? So you start using different chips that do things differently, so that you're never fault to a single either mistake, malicious or something that a manufacturer could do. Okay, aside from diving deep into the silicon of each solution for secure elements, because I know you guys are going to love to do that. How else can we help people understand? How about like power differential analysis attacks or Tempest attacks? Because we have seen those before. I did a talk on this funnily enough when Woody had those talks on VR. We can find the link for that talk. But I don't think people understand how many attacks are possible if the devices have some bug vulnerability, bad hardware, bad design, just because you're using USB. Maybe Lazy or Good could give us some examples of things that could happen through the USB cable, either remotely or if a local exploit. Okay, so isn't the likelihood that, well, a USB obviously, but the cameras, the SD cards themselves, the SD card readers, one of my most favorite ways to break into devices is through SD card slot exploits, right? So those represent threats too, don't they? Yes, but so there's two things that happen there that greatly do risk it, right? One thing is you don't have synchrony anymore using a micro SD card, right? The attacker cannot probe or try different things through a micro SD card, because he will put his bad, say, evil code on it, and he's going to hope that it works on that specific victim. Right? And that's already very hard, because like, how is he going to put that bad software in there to begin with, right? He's going to have to have access to the machine that the person is using to build those transactions. And it's not a simple kind of access, because it's not going to be a simple file. He's going to have to try to rewrite the firmware of the micro SD card. For that, you need pseudo access. Even then, you're going to have to know the vulnerability of the specific brand of micro SD card that they have. So like the micro SD card itself, remotely speaking, is already like orders and orders and orders of magnitude safer than a cable, right? Because you can't do it remote. So you have to essentially own the micro SD card, which is in itself very hard. Then let's say you do manage to do that. Now you need to own that specific version of the hardware wallet that the person is using. It could be a different version. It's going to everything is going to like vary because that code might have changed, the hardware might have changed. You might have a single choice before it breaks the device. So a single chance before it breaks the device. In all the years that we have had in this space, we have never had anything demonstrated to us to be possible through that, through the means of tracking through the micro SD card, not even close or proposed. We have not even ever seen an actual proposal for SD card attacks, you know, with actual code or something, right? Not like just saying, sending an email saying, "Hey, I think I could do that." So we have not seen that. I'm not saying it's impossible. What I'm saying is extremely unlikely. Now, the source code for the code card and the schematics for the code card are also open. So people can look at it and try to find problems with it. They haven't. The stack that does the micro SD card on code card is also very reduced. So it's a very tiny amount of instructions that handle that. So it'll be very hard to find a problem there. And then there is how code card also reads the micro SD cards, right? Like, it's also hard there too. So, you know, like nothing is impossible, but it's unlikely. And then let's say you did manage to be fully successful. You still have to retrieve that data coming from the micro SD card remotely, right? So that's another sort of like issue. Now, when you're looking at USB cables connected to your device, to the computer that's connected to the internet, you just open yourself to remote attacks. You could have the computer form operations, taking advantage of bugs. And this is in any device, right? Like, but you do have that probability and synchrony capacity. So you could try to remotely do some of that stuff. Or you can have much more complex software on a computer that's not even connected to the internet, trying to probe the hardware device. The USB stack is massive. It's absolute trash. So you have a lot more room for bugs and issues in that. And a lot of the USB stuff is also handled by the micros themselves, who could have bugs that the hardware maker might not be able to even find out because of just how the silicon is working there. So I highly, highly, highly discourage people plugging a hardware wallet on a computer ever. Or Bluetooth. Bluetooth stack is trash too. Yes. Funny enough, the NFC stuff is actually very reasonable. It could be segregated, but still is a radio and there's privacy issues there. So if you're going to use a cold card NFC, just understand that it's not as good as simply nothing. You know, like there's something to be said to a device that has the radios off, does not have wires on them. It does increase your security by a lot. Oh, funnily enough, there was an attack on Trezors many, many years ago. It's been patched. But this is what's called a power differential analysis, where some chips, especially non-secure chips, are not designed to keep secret, secret. So when they're doing calculations on private keys, for example, either for signatures or generation, they may be leaking their math through how the electricity is going through it. Right? So when they're doing their little bits and bytes, right, in their square wave there, that might be leaking to the power line of the circuit. So an advanced attacker, actually, it doesn't even have to be that advanced, could be recording that and then replaying that later to try to steal. And that's a very common attack on computers, on general purpose computers. People have been able to do that even with phone microphones versus a computer. Now, cryptographic libraries go through big extent to try to prevent some of those attacks, side channel attacks. But if your hardware is not designed to prevent those secrets from leaking, like not having a secure element, you are substantially more exposed to those attacks. So that's a fun one that has been seen in the wild kind of attack. Also, if you're a core developer, you're probably heavily targeted. Yeah, I mean, if you're a known person in this space, chances are your gear is being watched, is already probably being owned, don't trust your devices. Like MBK, isn't there a huge risk of you being targeted by remote actors to try and compromise firmwares, leaving the factories and things of that nature? You guys must have all sorts of processes. Of course, and that's why the source, the firmware, so the bootloader firmware and the firmware firmware is open and signed and reproducibly built. So you can check all the things because you simply cannot fully trust anything. That's part of how very, very advanced security works. You just don't trust it. There's a big feature missing from embedded MCUs right now that I really would like to see added. It is present in some FPGA devices I'm aware of, but it would be nice if the hardware manufacturers included the ability to check the image on the device. So basically you'd give it a firmware range to hash and it would return a hash of the data on there, which would basically it provides you a second, you could pretend the hardware manufacturers could lie too, but then the hardware manufacturer and the device manufacturer would have to be in cahoots together. But it would be sort of cool, that protects supply chain attacks a lot. Yeah, a lot of secure elements do that, especially the more complex ones. You can definitely do that. The open MCUs, I think the reason they don't do that is because you'll be trivial to essentially glitch them into like pretending. Well, it's not about, it's an attestation. So it's not about an attack there. It's like, so basically you as a hardware wallet owner could prove through a hardware mechanism that the code that the manufacturer claimed to have programmed on the chip is actually on the chip. Yeah, it's not available in most of the MCUs that are like economically viable, but we do do that. We just, the difference is we stored that hash on the secure element, right? So we have a hash of, so when you boot your code card, we check that the firmware is kosher. And the way we do that is by having a hash of that firmware, the actual image of that firmware stored, protected by the multiple secure elements. And there is a whole dance there to make sure that that's also being protected. But it is not a single chip solution, right? Like you're describing. It would be nice if it was, because then we'll be like yet another source of truth between quotes. Well, in this case, so this would be a supply chain attack that I was thinking of. So basically when I receive a new cold card, I don't really know your firmware's on there. It could be doing, it could not even be using the secure elements. It could just be completely lying to me, pretending to be a cold card. And just doing very bad things. - Yeah, the reduced sets are a bad thing, right? The likelihood that there's firmware and the other components that could be vulnerable, right? - Yeah, exactly. I mean, the thing about it is, and this is part of the reason why we like the multi-chip approach, is that like the level of either coordination or bugs or attack that would have to happen in order for you to own every single like smart component, it's like astronomical, right? It becomes very, very hard. Now, when you depend on a single chip, it becomes actually trivial to do that. Even if it's a secure element, you don't benefit from that secondary part not being owned or buggy or something. - Hey, thanks for holding the space, NVK. This has been some great discussion. I actually wanted to go back to something that you and Portland had jumped on real quick because one of my biggest kind of curiosities and where I've been spending a little bit of my time going down the rabbit hole is on the entropy generation, specifically using dice. So, you mentioned that the standard dice that don't have the filled pips may be okay. And kind of my question is along that lines, like as I've gone down the rabbit hole and like looked into like casino dice that are uniformly weighted, the pips are filled with equal density colorant. But those have sharp edges. Then I found like back end and dice seem to be a good compromise. The reason I'm asking this is because if in theory a dice is more likely to come up with sixes than it is to come up with ones, wouldn't that negatively affect our entropy generation? - Yeah, I think we addressed it a little earlier. So, somebody wrote a paper on this and they found, I mean, again, this is not self-verified. There's no peer review that as far as I know. But there's been some studies done on the bias dice not being as concerning for this application just because of the size of the entropy on that. So, the amount of times you throw that dice compounds, right? So, like it's still large enough that is not a concern. - Right, okay. - It doesn't hurt to have better dice. - It's sufficient. - Yeah, if you take Yahtzee dice for example, Yahtzee dice are favored to six and you can show that by rolling them 100 times yourself. - Yeah, but then it depends on the distribution, right? Of that issue. So, it's gonna depend on like how much of that bias is really in play. - Yeah, so you're saying as long as it's sufficiently random, like it's not coming up six all the time. - Exactly. - So, it's not a huge bias and so it probably is not a big deal but it doesn't hurt to use backgammon or... I think casino dice aren't a good solution because they're not designed to bounce and roll on hard surfaces but it seems to me that like having a good set of dice just gives you that little extra couple percent of comfort. - And the bias also changes depending on how much force you put it. It gets like tricky very fast the physics of the dice being thrown. I am a fan of like the mini dice that we sell. Like we literally sell a pack of 100. So, like when you toss them, like you're not retossing the same dice. Mind you, like these are made in a Chinese factory and they're all biased for sure but like personally, I don't think they're gonna be biased exactly the same and you're tossing them in a way where they're all not being applied the exact same force and they're bouncing on each other as well. So, there's a bunch of things at play. I think the randomness is probably fine. Now, personally, I like mixing in the entropy from the secure elements because it does de-risk my possible mistake as well. It is harder to prove that that was done, right? Because now you need to, you know, check the firmware and all that stuff but if there is a certain amount of like reasonable trust and you are mixing in a reasonable amount of entropy, like I think that's like a very solid middle ground where you're not like, you know, five years later trying to remember did I use the right brand of dice? You know what I mean? Like should I move my funds? It's just like I personally like solutions that like help me sort of like remove myself from mistakes. A part of the reason why we made the device is so that I don't have to go use my skills to sanitize a computer and keep the computer sanitized. It's the same idea, right? Like it really is maintaining a sort of like a level of sanity so mistakes don't happen. Guys, this has been an amazing space. I think we're almost at two hours now. We're over, kind of lost track of time. If you are a noob listening and you know, you're just sort of like enjoying all this sort of like tinfoil insanity at the end here, we did record the spaces. So go back to the beginning. We start this from the very, very beginning. I think it was worth it. I don't mind us maybe taking some questions and sort of like discussing a little bit more, but you know, sort of like going to start like waning this off. I won't put people on the spot, but maybe I release this as an episode on Bitcoin Review podcast. If people are cool with it, but I'll ask later. If people are not cool with it, then maybe I won't, but it is recorded and it will be on Twitter. So guys, aside from Q&A later, do you guys have any sort of like final thoughts that you want to give maybe James? So you've been soldering this from the very early beginning of this call. Yeah, obviously we've been rambling for like two hours and you know, a lot of us on the stage here have spent many years dealing with this problem. It's a never ending problem, right? This is a sort of cat and mouse game. You know, all security is like this. There's never going to be a perfect solution. Even when we create a better solution, attackers will probably come in and come up with new types of attacks. So you can spend as much or as little time focusing on this stuff as you want. But I'm reasonably confident, you know, after a decade of us seeing a lot of people screw up a lot of different ways that we have created much better user experience, a great deal of best practices that are getting baked into the hardware and the software that's out there. So, you know, you can reasonably get away with a great self custody setup after only spending probably, you know, a weekend looking into it and using one of the more common setups that are used by a lot of people out there. I think those are wise words. Time in the market does teaches you a lot of things, especially as a company that's public, that has something to lose. It's kind of a biggie. I think, you know, like you really touched on some very basics there that should help. Craig, do you have any sort of like final thoughts that we should really emphasize to people here? Yeah, I mean, for me, I think the most important thing with all of this self custody stuff is that you need to practice. You need to put the time in to understand what it is that you're doing, to get familiar with it, to get comfortable with it. If you don't do that, you really are, no matter what your solution is, you're really opening yourself up to making mistakes. And, you know, this is your wealth. This is your hard-earned money. You know, you've put a lot of sweat into these hours. Why not put the effort in to try and understand what's going on, to get familiar with it, to get comfortable, just to do it, you know, sort of often. And the method which I find really helps and the way in which I personally introduce people to using Sparrow is to use Testnet, which is basically a version of the Bitcoin network that is available to you if the coins have no value, and you can get them for free. You can basically start up Sparrow, and then there's a menu option under the tools menu that allows you to restart it in Testnet mode. You can then do a Google search for a Bitcoin Testnet forces. You can get them to send you some test coins, which have no value, and you can practice sending transactions, you can receive, you can just experiment. And I think that that's, you know, the biggest thing is people are always afraid from step one that they're going to lose their funds, and that prevents people from actually taking any steps at all, almost. And just being able to send a few transactions, I've seen the effect of how it makes people feel much more comfortable with things when it comes to then moving back to mainnet and setting up your wallet for real. So that's my main advice is just spend time, practice it. It's really worth it. You know, again, this is your hard-earned funds. Do you want to know a funny story? I think, James, you covered this on your list. There was this guy in the UK whose the bad guys came into his house, and he sent them Testnet. I mean, balls of steel to go and like, you know, the guys are there, you know, with the guns and all this stuff, and he gave them a lot of Testnet. I just love the absolute bravery on that guy. Probably stupid, but like, amazing story. Good guy. Do you have any final thoughts there? Yeah, actually, it's in relation to what you just said. Security is like an onion. For most people, single layers are probably enough. Using something like a hardware wallet with 24 words is adequate. Family planning is a big part of that too. Don't overcomplicate things. Rather, practice and educate yourself and move towards better understanding. Use small amounts of money. Test out your multi-sig. And I appreciate that the more complicated you make it, the more difficult it makes for family planning. And having helped a lot of individuals after unexpected deaths in this space, it can be very hard on families that don't have proper family planning or overcomplicated systems. So yeah, I'm glad that services exist to help you do that stuff. I'm glad that education exists to help you do that stuff. Just move slow and keep it simple at the beginning. Awesome. Lazy. I guess maybe my last comment would be that use very standard methods. Go look at what everybody is doing and try to do the same thing. Even if what you're going to do isn't spinning your own, if it's using something that's not really common, it's going to be harder for people in the future and you to potentially recover. So I just try to recommend some of the most common ways to do stuff. Thank you. Yeah, there's definitely safety in the numbers there too. G, you take a lot of the questions from folks setting things up for the first time and running into issues. Do you have any final words for the people who likely end up sending you an email? Yeah, of course. Yeah, I definitely deal with a lot of email tickets asking how to look up their coins on our device itself. And I think that just comes from a little bit of a lack of knowledge. I think education here is obviously key. Realizing that your hardware device or your signing device is fully offline and doesn't know how much funds are stored on each address is a good place to start for sure. Obviously, realizing the difference between a software wallet and your hardware wallet, things like that, just to start off is a great start, obviously. We had a super long space today. It was a great chat and happy to be here. We're trying to do something hopefully once a week for some beginners that just have super simple questions or any question really. There's no dumb questions. So we can definitely open up a space another time for people that have more questions or just want to know how to get started. Obviously, we have our website, coinkite.com. We have plenty of documents and obviously BTC Sessions and our CoinKite YouTube have plenty of tutorials as well. So yeah, just education here and making sure you know what you're doing, even with recovery. Wiping that and trying to just reset it on your cold card, getting that master fingerprint back to what you had before. Yeah, just playing with it, toying with it. You don't have to load funds on your cold card or any hardware device before throwing a bunch of, throwing your lump sum savings on it. You can throw a few bucks on it or you can even use testnet and just learn the insides and outs of these things because it's hard to... It's not hard. It just takes a little bit of time. And it's like people didn't have bank accounts back in the day and it's like showing them a new technology like a phone and saying, "Here, use it." Right? It's like, well, some people don't know how to use these things. It's a very new and exciting space. So yeah, I just encourage education here and look into the things that we were talking about today. And yeah, my DMs are always open. If you need to send us a message or ask a question, shoot an email to support@coincut.com and we'd be happy to help. There's no double questions, of course. Awesome. Guys, I was kind of like planning on doing a Q&A, but I think that we've extended quite a bit here and I think we might have covered most questions. I'd like to apologize to some people because I tried to add some people to the space. It's been super buggy. The guys from Key Keeper, I had them on in the beginning. The stupid spaces dropped them. I couldn't bring them up again. So I just want to give them a shout out. And go out there, learn, play. There's plenty of people that are going to help. There's also going to be plenty of people who are going to say you're doing everything wrong on Twitter. Twitter is not the best source of information, but it's also one of the best sources of information. Part of the self-custody journey is learning how to filter information too. Aside from that, there's a lot of great, great resources out there. Matt Odell has a bunch of episodes of his shows, explaining to people how to do stuff. We have the docs for Coldcard that address other Bitcoin things. I think the guys from Casa also have a lot of stuff on their blogs, sort of teaching people basic things. Bitcoin.org, I think, has a lot of good resources. Oftentimes, the wallets that are listed there have been reviewed. So that's one source of quality reviews. Don't forget lobbed.net. James has put together a lot of great security guides and recovery guides and a lot of good resources there. I think that watching, looking at the pictures of the metal plates being destroyed on the website is already very entertaining too. Learn from other people's mistakes. Don't do the same. If you're a very smart computer person, be careful because you're more likely to screw yourself. Try to have setups that you don't have to think because you're also vulnerable, even though it may not seem like you are when you are fully concentrated. And I guess with that, I'm going to close it out. Thank you, everybody, for coming. And we'll probably do this again. It's a lot of fun. Yeah. Super fun. Cheers. Thank you. Thanks for having me. Thanks, guys, for coming. Thanks for listening. If you're new to the pod, make sure to listen to some very cool other episodes. Episode 15 about Lightning. Episode 11 about podcasting 2.0 and Value for Value. And we also had a hardware wallet security panel on episode 5. Don't forget to follow @bitcoinreviewhq or get in touch on Telegram, Bitcoin Review Pod or BitcoinReview@coinkite.com. We don't have a crystal ball, so let us know about your projects. Leave your Boostagram on this episode and we'll try to read it on the next episode. We've added more people to the splits. Now, if you send us streaming sets, some of that go to opensets.org and also to Citadel Dispatch with my guest Odell. If you don't know much about Value for Value or Bitcoin Podcast 2.0, go to bitcoin.review/v4v. [Music]