we don't believe in theater, if you care to that level repro build the src code.
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8
nostr:npub1wu4aye7ll0lnrrg638e90sehzsgpzx5t39t3mwl05aa0d0ap08esdz3vw0
Hey there I'm in freefall down a BIP85/Passphrase/coldcard rabbit hole and took a path that got me in to squeching a zero knowledge backup skeem
tbh way out of my comfort zone and paygrade
In the end someone will look at it and very quickly tell me why it doesn't work, but hey, I'm having fun and I'm learning stuff by looking in to it!
Now to the actual thing I'm tagging you for:
I was wondering why the #Coldcard doesn't have a "genuinity" test mechanism
Of course, other devices like Ledger and nostr:npub1tg779rlap8t4qm8lpgn89k7mr7pkxpaulupp0nq5faywr8h28llsj3cxmt do use the companion app to perform the check
In orther to scam you both, the app and the device, would have to be corrupt
What would it take to implement something like it in the Coldcard?!
For example a simple key exchange function anyone can double check on the website? Obviously through airgaped microSD
Thanks, continue the great PoW & hodl on!
Discussion
Are you saying that you don't see a check of this kind as a strong enough proof that the devise is genuine? Is it easily spoofed?
Maybe with the help of AI or simply a lot of time I could build from source, but if for example I'm lending the device to a friend so that he can set up a secure wallet, without having to immediately make the investment in to a HWW it's a harder sell
On the other hand with a HWW that does implement a "genuine check" function it's easier to feel comfortable with it
But it seams you're saying it's a false feeling of safety that in the end might make you even more vulnerable