On shamir backups:

I like the idea. But I have a huge gripe with it.

With normal seed + passphrase, you get plausible deniability. Give up your seed to an attacker, he thinks he got what you have, but the big bucks are actually in the seed with offset. It'd great and undetectable.

With shamir backups, you can't do this. You can do passphrase offsets, but this changes your redundancy from x of n to x of n with one additional element being required. Using a passphrase offset means that you have to have that passphrase, not just a subset of keys. It makes shamir backups pretty much pointless.

What would be better would be a scheme where, say you have a 6 of 10 shamir set up, you can create also a 5 of 10 backup that uses the same 10 keys. That way, you can give an attacker one less than the number he needs and he wouldn't know the difference.

I don't think this is possible, from my understanding, attempting to find two different seed keys, each that can be converted into an x of n and an x-1 of n that share all the same mnemonics is akin to brute forcing a hash collision. I wonder if there were some way that this could be done, because if it could I think that such a backup would be superior to single seed mnemonics in every case.