I mentioned the Trezor earlier particularly Model T where passphrase and recovery seed can be entered on it directly. It has a different model than a typical HSM since it doesn't store anything other than the seed which is combined with entered passphrases to derive wallets/keys.
-
-
I'd really like to see other implementations of the same model they've designed. There are many other cryptocurrency wallets doing it but it's just as applicable to U2F, SSH and GPG which are also provided by a Trezor. I'd like to see alternatives with compatible implementations.
-
Another advantage is that the Trezor Model T has you confirm actions on the device for U2F, SSH, GPG, etc. It doesn't just have that for sending a Bitcoin transaction or verifying a receive address by showing it as text / qr code on the device. It has you confirm U2F/SSH/GPG use.
-
The disadvantage of the deterministic wallet approach is you can't use it to important and secure existing keys, so you need a mechanism for key rotation. Similarly, if you decide to change the passphrase, that involves key rotation since keys are derived from seed + passphrase.
-
It's how I'll be handling SSH, GPG and other keys in the future. The traditional HSM approach doesn't work for me because I need backups of the keys. For U2F, it's also silly you need recovery codes for each site. I have offline recovery for U2F as a whole with this approach.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.