YubiKeys have quickly become a very popular hardware device for Casa users.
Since we released it 3 weeks ago, 25% of new users are using a YubiKey as one key in their vault. Already the third most popular hardware device.
And the top 3 are very close - number 1 is 33% of users. YubiKey could easily be number 1 in short order.
Cool keys are cool đ
I alwayas wondered why is it less secure to use a yubikey for sugning than a HWW with a secure element that is closed source.
can you briefly describe your suggestion?
I use them with GPG keys, master is always offline, and in offline and secured environment you can create signkng keys that are linked the yubikey.
This approach, if implemented with bitcoin back up and signkng process, could be quite popular and imo not less secure than currwnt signing devices.
Maybe there's an imminent failure factor that I'm not aware of and the #techsavvy may shed some light on these limitations.
This doesn't sound great unless there's a physical backup of that key.
Its multisig, you can lose 2 out of 5 keys.
Yes I understand that but having keys ONLY on a hardware device is never really a great idea in my opinion, unless I suppose if you're doing regular checks of all of your devices which in itself increases risk of leakage.
Like okay sure if you're spending often, maybe this is a good convenient way to do it. But not for what's intended to be long term savings imo.
If that's your actual setup. Most plebs are probably using 2/3 setups. It would be nice to see 3/5 become more affordable.
How safe is this compared to using the mobile key or a dedicated signing device like Coldcard or Jade? It's kind of confusing.
More secure than mobile key, less secure than Coldcard. Not sure about Jade as I havenât fully reviewed the security model.
Basically we called yubikeys âcool keysâ because they arenât quite totally cold keys, but they also arenât hot keys. The yubikey stores the bitcoin key, but then your browser signs with the key. So the key becomes hot when itâs being used, then is thrown away by the software and remains cold for storage on the yubikey device.
Why even keeping statistics? The less you know, the less you have to share to authorities when asked
