This one...um....30+ character passphrase? It's hard enough getting people to use more then a 5 or 6 digit pin. You want then to use a full 30+ character saying or group of words?
It's an unrealistic expectation, but it is technically correct.
You can read the report from Ledger where they reported on this attack here:
https://ledger-donjon.github.io/Unfixable-Key-Extraction-Attack-on-Trezor/Near the bottom there is a paragraph entitled "Mitigation" where they explain their reasoning. If the seed can be extracted, then the entire security of the wallet rests on the passphrase. They suggest a passphrase of 37
random characters (
not a phrase or series of words) is necessary to reach the same level of security as a 24 word mnemonic phrase would on its own.
I love my ColdCard more each day.
I guess I just don't get why at this point it's even worth getting a Trezor. I can use just about any wallet with a 37 character passphrase and it will be just as secure.
The entire part of hardware wallets was that even if you lost it it was still secure.
I guess I am missing something.
-Dave