I’m trying to understand why some appear to trust a Jade or Seed Signer air-gapped using a seed QR more than an air-gapped ColdCard, which stores the private keys in a secure element.
It seems to me that an adversary trying to get the private key would potentially have an easier time getting a view of the seed QR than extracting it from a secure element.
I realize this is probably an apples to oranges comparison but what could I be missing in favor of seed QRs in terms of security? #asknostr
In both cases ideally, you would still have a human-readable backup of your keys.
With a ColdCard you are trusting "source viewable" but not Open Source software.
With a seedsigner you are trusting open source software, and you can buy the general purpose components to create without putting your contact info on a list showing you bought Bitcoin related stuff. Better OPSEC.
I hear what you’re saying, and agree. I prefer open source, in principle but I can’t seem to get comfortable with having an unencrypted scannable representation of my seed phrase / secret key. I just feel like the utmost care should be taken to protect the seed phrase at all costs, and having a seed QR nearby, even if locked in a safe or carefully hidden, is a big risk - at least for me.
