I just got my Umbrel set up the way I want it, and my Bitcoin full node is now synced (took just under 24 hours!), along with Electrs. Now I want to set up the Lightning Node and it wants to provide me with a seed phrase in clear text on my computer’s browser.
Everything I’ve read and heard, and practiced, is to never enter the seed phrase into my computers or mobile devices. I’ve only entered my seed phrase into hardware wallet devices and never into an app or browser. I don’t even like to use default seed phrase generators and dice roll my own seed phrases. Thus, I’ve rolled my own seed phrase for Lightning Node and have that ready to import.
I now understand that the Lightning wallet being used with the Lightning Node for channels needs to be a software/hot wallet to function. I’ll have to type it into the Umbrel Lightning Node app somehow.
How secure is the Umbrel for this? When I open umbrel.local in my browser it is not a secure https connection. I guess I could use Tor or Tailscale, but is the seed phrase encrypted somewhere in the Umbrel?
Also, I’m still typing my seed phrase on my computer or mobile device, which could have some kind of malware or spyware. What is the most secure method of entering my seed phrase into Umbrel’s apps?
It’s a boring Saturday night… let’s see if the following helps you.
When you talk about “my seed phrase”, I assume that you generated it in some cold wallet where you have your funds. You are not obliged nor is it recommended that you use that seed phrase in umbrel. If you already have a cold wallet, keep it far away and well protected.
Use umbrel as another different wallet, like a hot wallet that will even create a seed phrase, and transfer to this new hot wallet (umbrel) the funds you need for what you are going to do and assume in advance that you can lose them.
How safe is umbrel? Well, it is open source and so far no “strange things”. But I still see it as a “hot wallet” with the implicit risks of any “hot wallet”.
Regarding the secure https connection, it does not exist at the moment. But I do not think it matters much because you connect locally. That is, you would have to have an “intruder” connected to your local network to be able to intercept the connections. And if you connect locally, why do you want to use Tor or Tailscale?
For my part, I don’t use umbrel as a Lightning Node. But if I did, in my humble opinion, I would do it as I explained above: I would use umbrel as another different wallet, like a hot wallet that will even create a seed phrase, and I would transfer to this new hot wallet (umbrel) the funds I need for whatever I am going to do and assuming in advance that you can lose them.
I don’t know if this clarifies the matter more for you. It’s Saturday night and I’m too lazy to get into more technical details.
Yes, I completely understand this is to be considered a hot wallet. My intention was to import the seed phrase that I just dice-rolled on my own for the sole purpose of using with the Umbrel’s Bitcoin Node and Lightning Node. It is not my previous cold wallet. I’m looking for the safest way to import it. It would be great if we could SeedQR or something, rather than typing the clear text words into the computer.
The reason to use Tor or Tailscale even on the local network is in case there is something that has infiltrated my network through one of the computers (virus, malware, spyware) or other devices. Then at least the connection between my computer or other device and the Umbrel in my home is encrypted.
dice rolling is GREAT. and easy… its way overlooked!! and the last comment “LEARN HOW” its worth EVERY second you spend learning it… and then you WILL encourage people to learn it… HARDWARE wallets SOFTWARE wallets BOTH will just spit you out 12/24 words… “so why buy a hardware wallet from a company”" and then ask it to give you your “combination” to your "life savings/savings… (that where I immediately threw a flag up and NEEDED to know more about how this… IT IS WAY TOO easy to dice roll a number … “that’s all your doing” you dont have to be smart or good at computers to enderstand what is going on … I willl post a few links everyone should watch if they dont know or haven’t created your OWN!! ""not hit a button and wrote down or even worse waste a piece of metal with a passphrase from crypto . com or some crazy shitcoin headquarters “” when doing the act of this exercise you WILL see how that is YOUR address… DO iT twice and compare what numbers you rolled… THATS ALL YOU NEED TO SEE… https://youtu.be/j5nejoEGWFw?si=VjbpZpfZufwD4wiF
dice roll
seed phrase info. https://youtu.be/hjRntYh0ot8?si=FnHpKyk2JUFFACnI