News

Review Cryptotag Seed Phrase Odin

Trustless Private Messaging Bitcoin Security


This is an opinion editorial by Shawn Amick — all thoughts and recommendations are entirely the authors and not an official Bitcoin Magazine endorsement.

Cryptotag recently allowed me to test one of their latest products, Odin, which is a unique product that means to secure self-custodied keys with a set of titanium, laser-etched hexagons that each store a partial key (a “share”) that is split using Shamir Secret Sharing.

Shamir Secret Sharing

Shamir Secret Sharing allows you to split your seed into m “shares” where any n of them can be used to rebuild your original seed. But anyone holding less than n shares does not even have a partial copy of your seed. This also means that you can lose m – n recovery shares and still be able to rebuild your seed. A more detailed explanation is available here.

Image Source: Trezor

In order to use Odin, you’d need to select the correct amount of words per recovery share— in this case, that would be 20 words per share, as Odin only supports a 20-word capacity.

Shamir Secret Sharing generates a random word for each of the 20 words included in a share. The words generated are pulled from a predetermined list of words that have been hand-picked to optimize for security (the word list can be found here).

Each word has a corresponding number. For example, “academic” is correlated to the number one. This number is represented as 0001 in the SLIP-0039 (Shamir Secret Sharing) Word List that was sent with Odin.

Shamir utilizes a setup similar to multisig, except instead of creating a wallet from multiple seeds you just have a single seed that can be assembled from multiple recovery shares. The Shamir setup consists of the following parameters: Total Shares and Thresholds.

Total Shares: The number of recovery shares to be created for a specific seed. For instance, if a customer wanted there to be a total of five recovery shares, they would create five Total Shares. We will return to the actual process of creating these elements further below.

Threshold: The necessary number of recovery shares required to be able to rebuild your seed. Continuing with the example above, if we have five Total Shares, we might want to set a Threshold of three. This means that of the Total Shares (five) that exist for this wallet, we only need three of the recovery shares to reassemble our seed.

Odin

The product is packaged in a sizeable black box with the words “This is for the HODLers” inscribed on it. In the box you will find the titanium hexagons, their accompanied silicon sleeves, an anvil (used to hold the hexagons in place to engrave later), a HODL BODL (very cool water bottle), matches, ear plugs, a high-quality center punch (for engraving), setup guide, some snacks and, in my case, a Trezor hardware wallet.

crypto tag image of hexagon box

The titanium hexagon stands at 0.87 inches tall, 4.7 inches long and 0.98 inch wide.

crypto tag bitcoin storage device

While it fits easily into a pocket, I wouldn’t recommend carrying your keys with you everywhere you go for people to see, even if the silicon sleeve with “Cryptotag” embedded on it looks great.

Odin is sleek and compact in design. The titanium hexagons used for creating the recovery shares are black with four sections per side.

One side reads: Total Shares, Threshold, Share Number and Wallet Number (if you have multiple wallets, you can designate which wallet that particular hexagon applies to).

Each of the remaining five sides has four numbers. For example, the first side is numbers 1-4, then 5-9 and so on. Each number has four digit grids beside it with the numbers 0-9 in each. The digit grids are used for the Shamir backup as a way to encode each word in the recovery share.

titanium hexagon

Each word has a corresponding number from the word list. For example, “academic” is word number one. For Odin, this number is represented as 0001. Remember, there are four digit grids for each number. Therefore, if the first recovery share word is “academic,” this is how we would proceed:

On the first section of the hexagon represented by a large “1”—this indicates it is recording the first word of the recovery share—you would punch “0” in the first three digit grids and then “1” in the fourth and final digit grid for the first recovery share word.

Now what do I mean by punching a number? How does it actually get associated with the correct number on the digit grid?

User Experience And Guide

Assuming the consumer has zero experience with hardware wallets or self-custody, it needs to be said that this process was exceptionally easy and only mildly time-consuming.

Once you receive the setup guide, the first pages walk you through the simple steps to setup a Shamir Secret Sharing backup supported through Trezor’s hardware wallet, (Shamir has limited support from other hardware wallets).

The steps were simple. First, connect the Trezor wallet to your computer via its USB cable. You will be prompted by the device to go to Trezor’s website where you will be asked to download Trezor’s application onto your computer. The download is quick and easy.

Once the application is up and running, the computer will prompt you to install a firmware upgrade on the device. Once completed, the application will give you two simple choices with pictures. Do you want a normal backup or Shamir?

After clicking Shamir, Trezor walks you through some simple steps setting up a pin number, the generation of each share and specifying the threshold and wallet numbers discussed earlier. It’s extremely easy and user-friendly.

Once the amount of shares is picked, you’ll generate the words associated with each 20-word recovery share for the number of shares chosen. Trezor will prompt you to write these words down—manually!—and will remind you to make sure it is not digitally stored anywhere.

This next part is where things go a little slow. In the goodie bag Cryptotag sent you will find a “conversion sheet” for each hexagon purchased. Here you will find a slot for all 20 words associated with the recovery share of each hexagon. Below where you can write the words, you’ll notice four boxes underneath each word. Simply write the words down, ignoring the boxes below the space for the words.

In the box you’ll also find “SLIP-39 Word List”. Each word, as I mentioned before, is represented by a four-digit number. Locate each of your 20 words per share in the word list and write the corresponding number down below the word.

Now we locate the center punch tool. Remember, these hexagons are titanium, which means in order to leave a mark it takes some pressure. This is also why Cryptotag sends earplugs. I didn’t feel the need to use them, but the neighbors might have appreciated it if I gave the earplugs to them.

For each word of the Shamir backup, you will punch the four-digit number into each section.

This process needs to be repeated for all 20 words for each hexagon being used (one per recovery share). It takes some time, but once it is complete, you’ll have a fire- and water-resistant, laser-etched titanium backup capable of being dispersed in a way that is guaranteed not to hurt you if one is lost or stolen.

Conclusion

Odin is a practical and durable solution to alleviating much of the concern around protecting your keys (seed phrases). I’m thrilled Cryptotag allowed me this opportunity to become a fan of their product. That being said, I did have some concerns.

While anyone holding onto a recovery share for you could look up the public list of words and then decode each word from the punched numbers on Odin, it would still only lead to one share being compromised which means that the threshold would not be broken, maintaining the safety of your keys. This requires clean management of your shares and trusted parties (if applicable), but that’s hardly different from your standard self-custody solution.

The center punch used to engrave each digit on Odin wasn’t perfect, but I wasn’t miserable. I managed to get all the way through one hexagon before I had issues with it. After that, the mechanism that holds the end in place began to shift. The fix was a simple movement to return in place, but I did have a fear that it might stop mid-process.

The setup guide isn’t worded for advanced users, but it also isn’t worded for beginners. As mentioned above, I reached out to clarify definitions and processes just to be sure. I would have liked for the guide to be a bit more detailed.

The digit grids used to punch in the numbers associated with each word are really small. I’m sure this is by design to keep the product compact. However, I did find myself not being entirely happy with the mark I left which caused me to just add another mark.

The sleek design matched with immense durability offers peace of mind for those looking to take the extra step in security with a bold aesthetic that is hard not to like. Upon testing my Trezor recovery process, I found it worked fine, with the obvious note that any mistake in the creation of the shares would lead to an error upon recovery. All that being said, this is a product for HODLers who appreciate aesthetics and have extra money to spend. I’d happily do it again, but it’s hardly a necessity.

This is a guest post by Shawn Amick. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.



Source: https://bitcoinmagazine.com/reviews/review-cryptotag-seed-phrase-odin

Leave a Reply

Your email address will not be published. Required fields are marked *