I have done my own analysis and Coldcard is by far on the worse end of HWW security, usability and value.
Discussion
I like the seed XOR feature. What do you think makes it the "worse end of HWW security" and what do you think is better?
That feature is basically the same as 2-of-2 or passphrases, and the problems with 2-of-2 have been pretty well documented by now.
I did my own research and architecturally it is significantly flawed. There are many weak points where you could be getting a backdoored device. The used secure elements are weak and outdated.
“Don’t trust, verify” goes much deeper than reading some marketing claims about “ultra secure” from the vendor and I see too many people falling for it. New Trezor for example is “quantum ready” but any device within the last 15 years is as well.
Personally I’d recommend something like a SeedSigner with a proper multisig and a BitBox maybe.
If you are wondering almost all the large influencers have financial interest in Coinkite or another HWW company so they would shill you something even when it is lies or misleading.
I use a geographically distributed 3-of-5 multisig + seed XOR and Smanir Secret Sharing as a secondary backup in case the banks get shut down again.
During lockdown, I couldn't access my Trezor for 3 months and that made me re-evaluate everything.
I agree that seed XOR together is a bad idea.
I'm currently playing with time locks using Miniscript, but only with small amounts so far because I'm not 100% confortable with it yet.
Does the BitBox have an air-gapped mode?
They prefer to write articles about why airgaps aren't as useful as we think.
Stinks of "filters don't do anything."
Airgaps aren't a be all and end all. But they are one element of a solid security strategy, and writing it off is exactly why I'm not a Bitbox customer.
I believe they have written off air gapping as “security theater”.
It literally isn't though. Data flow control is not some "nice to have" feature. You, as a human, literally don't know what information is being sent over NFC, Bluetooth, and USB. Unless you use a highly sophisticated hub that is essentially a clone for data passthrough.
I am still waiting on Semisol to give the non "trust me bro" explanation on why these devices are insecure WITHIN their use parameters. Secure elements without a broadcast mechanism, without code that (absent authorization from the owner) diseminates the secret, or a cryptographic flaw making it trivial to brute force, WHAT exactly is nostr:nprofile1qqs99d9qw67th0wr5xh05de4s9k0wjvnkxudkgptq8yg83vtulad30gpz9mhxue69uhkummnw3ezumrpdejz7qgkwaehxw309askwemj9ehx7um5wghxcctwvshsz9thwden5te0wfjkccte9ejxzmt4wvhxjme0e68ksk referring to?
nostr:nprofile1qqs99d9qw67th0wr5xh05de4s9k0wjvnkxudkgptq8yg83vtulad30gpz9mhxue69uhkummnw3ezumrpdejz7qgkwaehxw309askwemj9ehx7um5wghxcctwvshsz9thwden5te0wfjkccte9ejxzmt4wvhxjme0e68ksk do you have thoughts on javacards? e.g. satochip
It shouldn't take all the things that Coldcard has in order to secure your bitcoin. It seems like they create features, then tubers all say it's the best. That device is the super advanced version for people that want to be cool. There's gotta be a better way for beginners.