I mentioned the Trezor earlier particularly Model T where passphrase and recovery seed can be entered on it directly. It has a different model than a typical HSM since it doesn't store anything other than the seed which is combined with entered passphrases to derive wallets/keys.
Why? You can use a completely non-connected computer, even wipe or physically destroy it afterwards if needed. Risk only arises if there's an exfil channel available after the restore op.
-
-
It's an issue for the initial key generation rather than just recovery since you're forced to do it on a computer and trust that it's generating the keys properly due to needing to back them up onto cold storage. It's very difficult to wipe all state on a general purpose PC too.
-
Ah, for initial generation.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.