Nostr Web Client

The best multisig protection model is that physical time and distance requirements.

No duress PIN will protect you when they can extract your multisig descriptor from your laptop or a physical backup and check, or know your amount of holdings.

A wipe/brick feature will be as good as giving no PIN.

Physical backups will always be a weakness too.

Reply to this note

Please Login to reply.

Discussion

Mark Camper 1y ago

Wipe/brick is best used on a post-it note on the back of the coldcard.

semisol 1y ago

What changes?

Except that you know someone tried to access it and failed, and that’s what the failed PIN counter is for

Mark Camper 1y ago

Oh, I didn't know there's the failed pin counter. That would be the main benefit imo.

In some scenario setups, it helps you relegate this semi-hot (easy to access) signer to the physically inaccessible seed sources (at different locations).

semisol 1y ago

I’m working on a lot more than that… :)

John 1y ago

Punching seed phrases on steel is a massive liability I'd rather go pure wetware

semisol 1y ago

Data loss. And you can still be held at gunpoint.