QR is a dangerous way to store seed info, IMO, for a few reasons. One is that people are lazy and forgetful, and they may actually print the QR code with a printer of some sort, which would leak the seed.

Another reason is that the cameras on modern smartphones (and who knows what other cameras) automatically scan QR codes constantly. It would be easy to accidentally scan the material and leak it.

With a passphrase no. And how often do you need to transfer from your hodl bags?

nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl

Going to pause my technical masturbation and point out a few things. First, OCR is a ubiquitous thing now, everyone’s phones & the cloud do it as easily as they will scan a QR code, so it makes little difference whether your private key is encoded as words or a QR code if there is a malicious camera spying on you.

Next, you glossed over the fact that with a hardware wallet, you have to store two copies of your key — one electronic copy on the device and then an analog copy for if/when the digital storage device fails. Is your seed protected by a passphrase? Most likely not b/c entering a passphrase w/ a HWW can be cumbersome, and besides, the wallet is keeping the seed safe, right? So where do you keep that second, backup copy? It doesn’t make any sense to store a seed right next to the hardware wallet that is “protecting” it. So now you need two locations to store private key material…

One advantage of a stateless device is that if someone finds / steals your signer, they get nothing. But another advantage is that the analogue copy of a given key can be the only copy of that key you have to worry about storing / maintaining. For a multisig setup, this means you can just worry about storing one copy of each key without figuring out where to put all of the backups as well.

SeedSigner (and the stateless, airgapped signing model) was conceived with long-term storage of generational wealth in mind. This means geographically distributed multisig, and it also means a little less convenience when signing. For medium-sized bitcoin wallets, a HWW can make a TON of sense b/c you have the convenience of a nearby key that is protected by reasonable access-control mechanisms. But for the bitcoin I’m going to be passing to my children, I want accessing the funds to involve a little more friction, because that inconvenience is going to make it exponentially harder for an adversary.

SeedSigner’s model not right for everyone and it may not be right for every bitcoin storage use case, but it does force you to think through these kinds of issues for your bitcoin stack that really matters, the long term one. Anyhow, going to get back to beating off now…