Replying to Avatar casey

I think the important things for me are

- generating keys 100% offline

- zero way to connect to WiFi or Bluetooth

- easy way to import/export to xpubs

- simple work flow for signing transactions. Most likely QR codes

- I like the stateless system of seedsigner so you can use it with many seeds.

My threat model is an easy one to work with. I live in the middle of nowhere and people don’t know what bitcoin is here or what a hardware wallet is. So the SS is perfect for me. Pi zero and QRs are life for me.
Avatar
semisol 2mo ago 💬 2

QR is expensive to implement on a device (needs a better MCU and camera hardware and tuning. possible, but the amount of overlap between “secure against attacks” and “high performance” and “cost effective” is tight), so would not be great on an entry level model.

As a tradeoff, SD cards could work.

Technically, an airgap is not going to stop anything if the device is malicious, as some methods like screen brightness could still modulate data. And people have turned a GPIO pin on a $1 chip into a LoRA transmitter.

I had this discussion a few times, but most of the USB concerns originate from bloat on the host OS, which supports a million different things, compared to a small device which you basically have 0 chance of finding a bug in.

Reply to this note

Please Login to reply.

Discussion

Avatar
casey 2mo ago

I think passing PSBT on SD is 100% viable option.

Avatar
semisol 2mo ago 💬 1

I think BT are not inherently bad (again, OS bloat is the bigger concern, but BT has some encryption issues which could be solved by a custom encryption layer) but they are unnecessary, so why have them? And now you need a battery, and… exploding money storage devices sound fun.

An SD card is also more auditable.

Avatar
casey 2mo ago 💬 2

I think you have all the right direction. You get the importance of the true secure elements. The air gap capability.

You and I are on a similar, or same page with SS. I think we just need reasonable alternatives to them. SS is a great product, we just need more. but nothing else that is commercially available is worth it’s weight in silicon

Avatar
semisol 2mo ago 💬 1

An SS does not work well when you want to carry around a small stash securely :) but it works great for multisig

maybe you could use a smartcard I am making with SS to get best of all worlds for a distributed multisig (especially key shards held in less secure locations)

Avatar
casey 2mo ago

I love this idea. Travel is the big downside with SS. I end up taking a QR seed with me and I keep a passphrase for that wallet in my head. So the BTC isn’t accessible but it’s still not a perfect or great option. Obviously everything has tradeoffs.

Avatar
casey 2mo ago

I’d be happy to keep talking about this stuff. I’m not a dev, but I work in software (operations, training, support, sales, testing) UI/UX is super interesting to me too.