1
0
mirror of https://github.com/bitcoinbook/bitcoinbook synced 2024-11-26 01:50:42 +00:00

CH01::Backups: s/mnemonic/recovery code/, add detail and warnings

- Use "recovery code" instead of "mnemonic phrase" or "seed phrase".  A
  new tipbox describes that mnemonic implies memorization but that's bad
  practice.  The phrase recovery code is generic enough to apply to a
  variety of schemes, including Electrum seed words, BIP38 seed words,
  aezeed, and non-phrase schemes like that used in Muun.

- Be clearer about the difference between "wallet" and "wallet
  software".

- Mention that restoring from a code doesn't restore labels or
  offchain transaction info.

- Warn about re-entering your code into malware / phishing attacks.
This commit is contained in:
David A. Harding 2023-02-03 10:40:35 -10:00
parent 89c40241e2
commit 84fd8b5953
2 changed files with 75 additions and 24 deletions

View File

@ -319,36 +319,87 @@ the option to create a new Bitcoin wallet. Because the wallet she has
chosen is a non-custodial wallet, Alice (and only Alice) will be in
control of her keys. Therefore, she bears responsibility for backing
them up, since losing the keys means she loses access to the bitcoin. To
facilitate this, her wallet produces a _mnemonic phrase_ (explained more
in <<mnemonic_phrase_intro>>), in the form of 12 English words that can
be used to restore her wallet on any of the hundreds of compatible
software or hardware wallets.
facilitate this, her wallet produces a _recovery code_ (explained more in
<<recovery_code_intro>>) that can be used
to restore her wallet.
Let's elaborate a bit on the mnemonic phrase, next.
Let's elaborate a bit on the recovery code, next.
[[mnemonic_phrase_intro]]
==== Mnemonic Phrase
[[recovery_code_intro]]
==== Recovery Code
Most modern non-custodial Bitcoin wallets will provide a _mnemonic
phrase_ (also sometimes called a "seed" or "seed phrase") for their user
to back up. The mnemonic phrase usually consists of 12 English words,
selected randomly by the software, and used as the basis for the keys
that are generated by the wallet. A sample mnemonic phrase is shown in
<<mnemonic_phrase_sample>>.
Most modern non-custodial Bitcoin wallets will provide a _recovery
code_ for their user
to back up. The recovery code usually consists of numbers, letters, or words
selected randomly by the software, and is used as the basis for the keys
that are generated by the wallet. Sample recovery codes from different wallets are shown in
<<recovery_code_sample>>.
[[mnemonic_phrase_sample]]
.Alice is shown a 12-word mnemonic phrase that she must backup (offline on paper)
image::images/mnemonic_phrase_sample.png[".Alice is shown a 12-word mnemonic phrase that she must backup (offline on paper)"]
[[recovery_code_sample]]
[cols="1,1"]
|===
| Wallet | Recovery code
This mnemonic phrase can be used by Alice to restore *all* the
transactions and funds in her wallet in the case of an event such as a
lost mobile device, a software bug, or memory corruption. The mnemonic
phrase is based on a common standard and therefore can be restored on
any compatible software or hardware wallet. This allows Alice to try
different wallets and also removes any dependency on the software or
hardware maker of the wallet.
| BlueWallet
| (1) media (2) suspect (3) effort (4) dish (5) album (6) shaft (7) price (8) junk (9) pizza (10) situate (11) oyster (12) rib
Of note, when receiving funds to a new mobile wallet for the first time, many wallets will often re-verify that you have securely backed-up your mnemonic phrase. This can range from a simple prompt to requiring the user to manually re-enter the phrase.
| Electrum
| nephew dog crane clever quantum crazy purse traffic repeat fruit old clutch
| Muun
| LAFV TZUN V27E NU4D WPF4 BRJ4 ELLP BNFL
|===
[TIP]
====
A recovery code phrase is sometimes called a "mnemonic" or "mnemonic phrase",
which implies you should memorize the phrase, but writing the phrase
down on paper takes less work and tends to be more reliable than most
people's memories. Another alternative name is "seed phrase" because
it provides the input ("seed") to the function which generates all of
a wallet's keys.
====
If something happens to Alice's wallet, she can download a new copy of
her wallet software and enter this recovery code to rebuild the wallet
database of all the onchain transactions she's ever sent or received.
However, recovering from the recovery code will not by itself restore any additional
data Alice entered into her wallet, such as the names she associated
with particular addresses or transactions. Although losing access to
that metadata isn't as important as losing access to money, it can
still be important in its own way. Imagine you need to review an old
bank or credit card statement and the name of every entity you paid (or
who paid you) has been blanked out. To prevent losing metadata, many
wallets provide an additional backup feature beyond recovery codes.
For some wallets, that additional backup feature is even more important
today than it used to be. Many Bitcoin payments are now made using
_offchain_ technology, where not every payment is stored in the public block
chain. This reduces users costs and improves privacy, among other
benefits, but it means that a mechanism like recovery codes that depends on
onchain data can't guarantee recovery of all of a user's bitcoins. For
applications with offchain support, it's important to make frequent
backups of the wallet database.
Of note, when receiving funds to a new mobile wallet for the first time,
many wallets will often re-verify that you have securely backed-up your
recovery code. This can range from a simple prompt to requiring the
user to manually re-enter the code.
[WARNING]
====
Although many legitimate wallets will prompt their user to re-enter
your recovery code, there are also many malware applications that mimic the
design of a wallet, insist you enter your recovery code, and then
relay any entered phrases to the malware developer so they can steal
your funds. This is the equivilent of phishing websites that try to
trick you into giving them your bank passphrase. For most wallet
applications, the only times they will ask for your recovery code are during
the initial set up (before you have received any bitcoins) and during
recovery (after you lost access to your original wallet). If the application
asks for your recovery code any other time, consult with an expert to
ensure you aren't being phished.
====
==== Running the wallet application

View File

Before

Width:  |  Height:  |  Size: 27 MiB

After

Width:  |  Height:  |  Size: 27 MiB