pull down to refresh
141 sats \ 7 replies \ @elvismercury 4 Apr \ parent \ on: NVK v SeedSigner - Valid Concerns or Arrogants Attacks bitcoin
I have no dog in the fight either, but I don't think this is a straw man. The basic way to use both devices creates a certain attack surface. With SS, you have a QR code on paper. Now you have the problem of safely storing that piece of paper where if someone gets their eyeballs on it even for a second, your funds are swept. It's not impossible to mitigate, but you have to mitigate it.
For CC, it's different. Possession of the device is not a big deal unless you're an attacker with stagger sophistication, which is a different use case than an Evil Maid.
Maybe you're not missing anything. The above is the main point of contention, as far as I'm concerned -- in either case you have to secure something, and the nature of how you have to secure it is pretty different. People may prefer one or the other tradeoff based on context.
You are not required to have a QR on paper. You do need to enter your seed. Could be in steel as seed words.
reply
Point is there is a secret that you need to load into the SS somehow each time you want to use it. Unless you have taken additional precaution like with a passphrase, that thing is a bearer instrument that must be secured separately from the SS hardware and is subject to physical possession by Evil Maids.
reply
This is why you should use the pass phrase. If I understand the CC you have to have a passcode to unlock it. And the CC stores your seed. So that is different but as long as you do not have your SS pass phrase and seed in the same location it seems like a marginal difference to me. It is different though. You need to trust the CC. All one needs is the passcode then, right?
reply
The "front door" of the CC is gated by a pin, which can be arbitrarily long, I think; and since it can't really be brute-forced (the CC will brick after a smallish number of attempts) it's effective at normal Evil Maid prevention, though perhaps not vs "state-level Evil Maids" as another poster mentioned.
The passphrase is a different thing, which provides an additional level of security / multiplicity of your seed phrase. But for CC, you need to have got through the "outer moat" before passphrases become relevant. Also, passphrases are a general BIP standard, so they can be used anywhere -- I assume SS implements that, too.
You're right, though, these differences become quite small, especially when you get into the weeds and start layering different things on top of each other. I think you could be quite safe w/ either tool, but the manner of your safety would be slightly different.
reply
I don't own a CC so I wasn't sure if it was a pin or just an implementation of BIP-39.
It sounds like to me that the ColdCard maybe makes it harder to do some dumb things. Personally I don't like the idea of the device itself storing the seed (between boots) because then its just the pin someone has to know. This stuff is hard and there are so many different considerations.
I think using the different devices might make one consider their strengths with different weights of importance. It is a very valid consideration to have to have the seed phrase and device together in order to spend funds. But, if someone has your seed phrase its game over. They don't need the SS at all. The device isn't the issue unless it is running.
Based on what I've read and what others have said CC manages the risk of someone stealing the device well though so that may be a better security model. I'm still thinking about it. I've used ledger devices (don't trust their software now) and they seem to use a similar model. The seed is stored in the device. I don't like having to trust the device's security. Its very nuanced.
reply
For sure. That's why any discussion about this topic is either a) super nuanced, b) idiotic, or c) in bad faith. I'm glad this one is in category a :)
reply
I kinda want to buy a CC to play with
reply