33 sats \ 2 replies \ @elvismercury 4 Apr \ parent \ on: NVK v SeedSigner - Valid Concerns or Arrogants Attacks bitcoin
The "front door" of the CC is gated by a pin, which can be arbitrarily long, I think; and since it can't really be brute-forced (the CC will brick after a smallish number of attempts) it's effective at normal Evil Maid prevention, though perhaps not vs "state-level Evil Maids" as another poster mentioned.
The passphrase is a different thing, which provides an additional level of security / multiplicity of your seed phrase. But for CC, you need to have got through the "outer moat" before passphrases become relevant. Also, passphrases are a general BIP standard, so they can be used anywhere -- I assume SS implements that, too.
You're right, though, these differences become quite small, especially when you get into the weeds and start layering different things on top of each other. I think you could be quite safe w/ either tool, but the manner of your safety would be slightly different.
I don't own a CC so I wasn't sure if it was a pin or just an implementation of BIP-39.
It sounds like to me that the ColdCard maybe makes it harder to do some dumb things. Personally I don't like the idea of the device itself storing the seed (between boots) because then its just the pin someone has to know. This stuff is hard and there are so many different considerations.
I think using the different devices might make one consider their strengths with different weights of importance. It is a very valid consideration to have to have the seed phrase and device together in order to spend funds. But, if someone has your seed phrase its game over. They don't need the SS at all. The device isn't the issue unless it is running.
Based on what I've read and what others have said CC manages the risk of someone stealing the device well though so that may be a better security model. I'm still thinking about it. I've used ledger devices (don't trust their software now) and they seem to use a similar model. The seed is stored in the device. I don't like having to trust the device's security. Its very nuanced.
reply
For sure. That's why any discussion about this topic is either a) super nuanced, b) idiotic, or c) in bad faith. I'm glad this one is in category a :)
reply