13 sats \ 5 replies \ @Zepasta 20 Oct 2023 \ parent \ on: Write an opinion you think is hated on SN. 2nd lowest rated comment wins. meta
deleted by author
Cheapness is not my concern -- my concern is storing a significant chunk of savings on something that is trivially compromised if someone has physical possession.
And yes, I have multiple hardware wallets, for the reason you said. I have zero worry that Mossad or the CIA is going to secretly crack them. I'd have a lot more worry that someone will start cutting off one of my family's toes. This isn't a technology problem.
Not trying to talk you out of Seed Signer, you do you. It's important to have a solid understanding of whatever threat model you think is most relevant to your situation.
reply
Just trying to understand - are these the alternatives that are being discussed here?
- Standard hardware wallet, with pin. Not stateless, the seed is actually on the hardware wallet. Presumably the hardware wallet is maybe in a safe somewhere, or otherwise hidden. But the pin - is it memorized, and never written down? And of course you'd need the seedphrase backed up somewhere too. And a potential pass phrase.
- SeedSigner with SeedQR. SeedQR is kept safe (in an actual safe, or a hiding spot, whatever). The SeedSigner device with it, or not. Potentially with a pass phrase that also needs to be kept safe and secure somewhere, probably separate.
Here's my thoughts. If the hardware wallet pin is NOT written down somewhere, you could easily forget it.
If it is written down somewhere, then ... how is it substantially different in terms of security from a seed qr, potentially with a separate pass prhase?
Not thinking about multisig at the moment, which of couses changes things.
reply
You're basically right. People can do it in a number of ways, so it's hard to talk about the differences definitively, but the two solutions can be made nearly equivalent -- hw wallet plus pass phrase with PIN, vs SeedQR with pass phrase.
With a QR code, physical possession of the paper decays to the strength of your passphrase. With a hardware wallet, there's still a PIN to get through before that's true. PIN can be much lower security -- it's pretty easy to memorize a 4-6 digit number, allowing for a range of barriers depending on threat model.
With HW wallet, you can write down your seed phrase, or not, as you like. You can use multisig to obviate the need to write anything down at all, which is how Casa does it. Either way, you have, at worst, equivalent security to QR, but you can choose to have more or less.
And practically, it's a quite different affair to give a little electronic doodad to someone you trust, along w/ a PIN, vs pieces of paper and instructions on how to reconstitute from a SeedSigner.
If you want to strawman things, you can make either one terrible.
reply
deleted by author
reply
If you use a strong passphrase, the two are equivalent from a security perspective, since hw wallets also allow passphrases.
A piece of paper is easier to hide than a hardware wallet, but physical possession -- or even momentary appearance on camera -- compromises it, minus any passphrase, whereas a hardware wallet is robust to those things -- you have to defeat the PIN before you can even start on the passphrase.
I suppose SeedSigner could be cheaper, but it's certainly not easier, unless you're using some weird definition of 'easier'.
reply