Not at all, actually the reason why a hardware wallet can rely on pin security is because as a physical device it assumes there will be physical security too (e.g. in a location protected by secret service inside a safe within a room that only authorised personnel can enter etc.). Also it may have a self destruct feature like the ColdCard, where it bricks itself after a few incorrect tries with no way to recover.
But talking just in general about wallets set up by hardware devices, you'll always be told to write something down, back it up, hide it, maybe stamp it into steel. Maybe you are given many things to back up, but for a typical user setting up their first wallet, it's usually 12 or 24 words that they need to keep a copy of.
It's the copy that is the most important thing. Hardware wallets are not built to live forever. Electronics can fail, they can be broken and they can be lost or stolen.
The backup is actually your master, the device is more like your secondary which is designed to kill itself before giving up your private key, but also built such that it could kill itself when you make a few mistakes and it can do that because it knows it is a secondary.
The physical backup needs even stronger security, maybe it is split into parts (using a cryptographically sound method like seedxor or Shamirs secret sharing scheme) and secured in different locations.
You use the primary if the hardware wallet is compromised, lost or whatever, so it can be put out of reach where it takes days to get to if you need.
With more corporate situations, you're probably going to use a multi signature wallet where there are multiple keys and signing is a multi step process where different people are responsible for each key and there is a well thought out signing ritual.
If I were president, I would also be sure to consider a way to hand over the bitcoin to the next political party that gets sworn in and make sure it is a well thought out and well documented process. It would probably involve generating new keys and a new address and having the funds sent to the new address because you can't trust people to lose their keys.
Big Barry Bitcoin
npub1pkt…pxa6
2024-03-16 22:32:32
in reply to nevent1q…e0ew
Author Public Key
npub1pktmatjk0l8vn3jhfuwxaasjd65kn4ye9sce3egup7k993f8fg2q5tpxa6Published at
2024-03-16 22:32:32Event JSON
{
"id": "b5879bd17e3c0927ef41420168b9e52e846ea2a088a65415f41918675a1ebed7",
"pubkey": "0d97beae567fcec9c6574f1c6ef6126ea969d4992c3198e51c0fac52c5274a14",
"created_at": 1710624752,
"kind": 1,
"tags": [
[
"e",
"970fa45c2e15bbc6bb4c9d266504b97814487f0673230e39d49d6334c3da3bd7",
"",
"root"
],
[
"e",
"38ea0c3e1fc0c711a21e89cfd89751fdc571f133a1171dd925ee95f4ef19da39"
],
[
"e",
"5ef2ee8d530cf129844c953792ccc2f184f377171181973b02f412e19f3343d8",
"",
"reply"
],
[
"p",
"75da94027ad408bc2faffeb1e67d71babe8d78d89c3620da212303b877a65b5c"
],
[
"p",
"598e1ab9fd57ade0a7fe0d6f47c2f3b9557191f670587b9b51262203c591453c"
],
[
"p",
"0d97beae567fcec9c6574f1c6ef6126ea969d4992c3198e51c0fac52c5274a14"
]
],
"content": "Not at all, actually the reason why a hardware wallet can rely on pin security is because as a physical device it assumes there will be physical security too (e.g. in a location protected by secret service inside a safe within a room that only authorised personnel can enter etc.). Also it may have a self destruct feature like the ColdCard, where it bricks itself after a few incorrect tries with no way to recover.\n\nBut talking just in general about wallets set up by hardware devices, you'll always be told to write something down, back it up, hide it, maybe stamp it into steel. Maybe you are given many things to back up, but for a typical user setting up their first wallet, it's usually 12 or 24 words that they need to keep a copy of.\n\nIt's the copy that is the most important thing. Hardware wallets are not built to live forever. Electronics can fail, they can be broken and they can be lost or stolen.\n\nThe backup is actually your master, the device is more like your secondary which is designed to kill itself before giving up your private key, but also built such that it could kill itself when you make a few mistakes and it can do that because it knows it is a secondary.\n\nThe physical backup needs even stronger security, maybe it is split into parts (using a cryptographically sound method like seedxor or Shamirs secret sharing scheme) and secured in different locations.\n\nYou use the primary if the hardware wallet is compromised, lost or whatever, so it can be put out of reach where it takes days to get to if you need.\n\nWith more corporate situations, you're probably going to use a multi signature wallet where there are multiple keys and signing is a multi step process where different people are responsible for each key and there is a well thought out signing ritual.\n\nIf I were president, I would also be sure to consider a way to hand over the bitcoin to the next political party that gets sworn in and make sure it is a well thought out and well documented process. It would probably involve generating new keys and a new address and having the funds sent to the new address because you can't trust people to lose their keys.\n\n",
"sig": "85e6c71660c8cd1cf3e30abb18252af6ef167d9db03d03bd83eb35727d2893d67f1aa98926374c4618af1de9c686c660f52d0949ff4e4c95220e1bcbc8a45147"
}