What is the advantage of a coldcard over a seedsigner? #bitcoin #asknostr
Discussion
Coldcard has Source viewable firmware with reproducible builds - Certainty around the firmware. Rasberry pi has closed source firmware, backdoors could theoretically exist without you knowing.
Coldcard Firmware updates are also somewhat dummy proofed as the Coldcard does a PGP key verification automatically.
Coldcard has Lots of little advanced security features that are nice to have but probably not a big deal unless you have a large stack.
Seedsigner you either have to trust an assembler to be honest or build and load yourself.
Respect to Seedsigner though, great option to have in the ecosystem if you’re tight on funds and willing to assemble yourself.
The threat model of seedsigner or coldcard are largely the same. The only real threat of any truly offline signing device is in the generation of a seedphrase and the device's internal random number generation or interepretation of dice rolls. You can e2e verify diceroll functionality of either device with third party software, or you can generate the seedphrase with plastic seedwords in a bowl, or separate software like sparrow. In any event, if you assume you can use the devices in an airgapped fashion and not rely on their integrity with taking common sense measures, what is the functional advantage of a coldcard over a seedsigner?
People have to judge for themselves, but I strongly dislike stateless signing devices. Somehow every time you use it you have to load the seed. Which means you must handle and have it nearby in a format that’s easy to steal. My experience is often noobs have a QR or seeds words lying on their desk and that’s not great. So if you use in an ideal way consistently it’s fine, but I’m extremely skeptical in the real world most people do.
I also want taproot and mini script support, which is at least on Coldcard’s edge firmware.
The parts costs are also way up these days which stinks, not the projects fault though. For the same money I would much prefer a Jade and use the blind signing oracle.
I don’t at all mean to dunk on Seedsigner. I love the project and have donated a few sats to it.
If I understand your argument correctly, you believe the main advantage of a coldcard is the ability to store the seed on the device itself,
Close but not necessarily exactly that. Yes that is how coldcard accomplishes it. But my real point is I think it’s a bad incentive to need the seed in an unencrypted format in order to use the device. My guess is that in practice this means most people keep their seed nearby in such a manner it’s easy to steal, and generally, I think the more you handle your seed the more likely it is to get leaked. Coldcard does this in a stateful way where it is stored on the device in a manner where it is quite hard to extract, but the jade accomplishes this in a wholly different way with a blind signing oracle also making the seed essentially impossible to extract but you don’t need to handle or load the seed onto the device itself.
Your pin is easy to guess my g, if you're leaving your seed phrase around you're retarded.
Did you just say that with two secure elements and NVKs 🍆 in your mouth? 😂🤌👍
Use this, it is much better.