Again, it's additive, you can do all of that. But also you can change your passphrase, nothing is stopping you from sending to the new address set. And somehow I am reduced to just hardcopy backups as if I was saying that.
I am talking about using a HWW as well. PIN protected (split or not) plus a passphrase you enter. This is not insecure by any stretch.
Security is not always additive. Each step has a cost (in terms of usability, in terms of you permanently locking yourself out, and a lot more) and they can interact with each other as well.
Adding one step may allow you to break another step much easier.
PINs and Passphrases are additive in the context in which we are speaking. Obviously not infinitum or I would have said that.
Not really. Think of this:
1. Someone is following you (maybe via a surveillance network like Flock, etc.)
2. When you go out to do a spend, they see where you store your passphrase, and your HWW.
3. They hold you at gunpoint and ask for your HWW and your PIN. You think this is safe, but this is enough as they can now export your seed.
4. They already know where your passphrase is and can break your wallet.
If you kept your seed and passphrase on the HWW in an unexportable way, and had a 2-part PIN, this would happen:
1. They see where you store your HWW.
2. They have a much harder time tracking where you store your PIN, as you could change this every few uses.
3. They would have to get the PIN out of you, the HWW, and the location of the other part of the PIN.
K. And most people DO give up that information at gunpoint. Because duress setups are largely useless and make the gunman more dangerous. We are not talking about these scenarios because they are unavoidably insecure because we are people with extinguishable lives.
Either way assuming you are a stalwart a passphrase stored via entropy grid negates your threat model because the passphrase is not knowable outside of recording you inputting it even if you were seen with the grid itself.
Same thing could be said about PIN codes. You could construct one the same way, but now you can change grids/patterns as well.
A PIN and passphrase fulfill the same goal: adding an additional layer that is required to use the keys.
They can both be created and manipulated the same ways, whether it be creating via entropy grids, joining 2 separate passwords together, etc.
If your HWW started treating the passphrase like a 2nd PIN today you wouldn’t even notice.
Except a passphrase is significantly harder to change than a PIN.
If someone sees your passphrase when using your HWW, that weakens the security of your paper backup. But not if they see your PIN.
You can't have a 100 ASCII character PIN. I'm kind of bored with this discussion. There is a reason you don't have seeds and passphrases backed up in the same place, the same logic applies to a HWW. Regardless of PIN splits or changes, or frequency of use.
You can. Every phone already supports this and HWWs can too.
You are just not allowed to by the manufacturers who have incentives to offer making your life easier for $$$.
The reason paper backups need passphrases where HWWs don’t is that paper backups are completely defenseless, while an HWW has a SE which it can use to enforce certain requirements.
In the end, the root problem is that HWW companies have misaligned incentives with the user, and create problems so they can sell solutions.
What does the "N" in PIN stand for? ASCII character with hundreds of options?
Not everything is the greedy capitalists man. Sometimes things just are things. Personal Identification Numbers are numbers and don't have a robust character set.
The goal posts keep moving and terms are getting redefined. If I tell my client "Enter a PIN it can be any ASCII character up to 100 characters" they would think I am crazy.
In the end it’s a key that you use to unlock the SE.
All the SEs used right now by HWWs could be changed next day to accept letters and symbols and hundreds of characters.
What I am noticing is you trying to shift away from the root question of the post: What benefit does a passphrase entry on the HWW have compared to a longer PIN in terms of threat model?
If you want an example, look no further than Satochip: https://satochip.io
Their cards support any text as a PIN. And the chips in smart cards are almost the exact same as HWW SEs. So all you need is a display.
You can set a passphrase when setting up a seed, and it will be automatically used when you use your full PIN.
Yeah, blind signers have no security holes....
How is that relevant to the conversation? Put the same chip in a signer with a display.
Are we talking DIY devices or manufactured? Please stay consistent.
We are talking about a manufactured device. A manufacturer can put the same chip in a HWW with a display and I think we both know that was what we were talking about.
I explained that. The passphrase can be longer, more complex, and actually changes the key.
A PIN is generally more truncated, only numeric, and doesn't change the key.
Humans generally have a better memory for language over numbers.
Both are entered as frequently, both can be obscured and backed up safely, and both can be coerced with a threat of violence. Having a duress wallet in either case is ineffective but much simpler to maintain in the passphrase instance as you can just NOT enter the passphrase to make duress transactions where as you would have to manually remove the passphrase in your scenario.
Again, I disagree with your assessment of Passphrase entry and HWW manufacturer incentives.
How does changing the key matter, if you cannot get the key out of the SE in the first place? If I have 2 doors and I don’t have the key for the outer door, the key for the inner door is useless.
And as I said, it does not have to be short, it does not have to be numeric, and it could work.
If you disagree with my assessment of how SEs work and what the incentives are for the HWW market, as someone that is working on HWWs and secure elements, you can and I can’t stop you really.
Many flat earthers also disagree with people that have gone deeper into this than they have.
Aight, thanks for the Ad Hominem. Also, you don't know who I am or what I work on.
