Wow, talk about serendipity! This is something I was thinking about just yesterday!
So what’s the reasoning why not having a secure element is a good thing?
Multiple people have privately reached out about the latest RHR -- just so it's out there publicly, I don't agree that SEs are always additive, and I think there is a lot more nuance to this subject than most people appreciate.
Someone in our community designed this sticker and it generally sums up my feelings.
Given different life experiences, people are going to have different opinions, and that's OK. 🙂
https://nostrcheck.me/media/public/nostrcheck.me_6353054554249250621695042057.webp
Discussion
We’re talking long-term bitcoin savings here. For a bitcoin account that you spend more frequently from and store not as large of a balance, you can make a good argument for using an SE-equipped wallet. But for your long-term stash… If you secure your bitcoin using an SE-equipped device, you will still always need to keep an analog copy of the private key as a backup for the digital copy, right? So now you have two copies of the seed / private key to protect, and what do you do with both of them? It doesn’t make sense to store the seed with the HWW b/c what if fire/flood/etc? So you need another location. But you just don’t want to leave a bare, unprotected seed in a safe deposit box or other remote location (unless perhaps if its part of a multi-sig setup), so then you likely end up adding a BIP39 passphrase to the seed to protect it. But the goal of the BIP39 passphrase is to protect the seed, which is also the hardware wallet’s job, and then using the passphrase with the hardware wallet is overkill and a pain with most HWWs. So why not just let the analog copy of the key be the only copy of the seed you need to worry about, because again, this is your long term savings and you won’t be accessing the key very frequently. Now think carefully of the best way to secure that key — maybe you do add a passphrase? Or maybe use it as part of a multisig quorum where you have redundancy in case a key is somehow lost or stolen. Not all bitcoin storage use cases are the same, and I firmly believe our model makes much more sense for long term saving. More info at:
https://seedsigner.com/seedsigner-independent-custody-guide/
I’m not sure why a 2/3 multivendor, geographically distributed multisig where the steel backup is stored with the respective device doesn’t work.
So I have three locations, two of which must be compromised to steal funds.
It’s the same thing as a 2/3 seedsigner multisig, you have to find 2 of my locations to steal funds.
I prefer the multivendor setup in case of some unknown unknown I can’t predict, and seedsigner is great choice for one of the three.
Hard to find a raspberry v1.3 honestly. Seems even you sell recent ones with unsoldered wireless. Plus there is soldering the GPIO. Wish it was easier
The argument for the pass phrase is for the case you don’t trust that the entropy of the SE is good enough and not a sub region
Keep up the good work
I wonder if there are other easily available sets of hardware one could use. I mean, Raspberry is not the only single board computer out there!
Regarding the pass phrase, it’s what you mention, but also an additional layer of security in case your seed gets compromised, right?
I sell 1.3's that I have been able to purchase from the Pi Foundation, just want to be clear on that. đź‘Ť
Oh man, it took some time to realise that it doesn’t store the private key on the device at all! Maybe it makes sense to somehow make that part more prominent?
Like, in retrospect it seems very obvious, but I somehow kept assuming that it stores the private key too!
So, in principle I can think of SeedSigner as an equivalent to having a paper wallet and using an air gapped Linux laptop for signing? Except more robust and secure?