Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Service Discussion
Merits 2 from 2 users
Re: Casa Keymaster?
by
statoshi
on 20/04/2020, 21:14:45 UTC
⭐ Merited by OmegaStarScream (1) ,PrimeNumber7 (1)
Hi there, I'm the co-founder and CTO of Casa! Just stumbled across this thread and figured I'd chime in to address concerns.

To start off, we've outlined our threat model and design decisions here in our Wealth Security Protocol: https://docs.keys.casa/wealth-security-protocol/.

Quote
Hardware wallets such as Trezors and Ledgers should be received directly from the manufacturer.

This is a valid concern, and our Gold tier is "bring your own hardware" while our premium tiers include devices. We are authorized resellers for both Trezor and Ledger. Users are welcome to buy directly from them if they wish to further reduce supply chain risk!

Quote
I prefer to not have any backups stored on my iCloud account, even if encrypted.

You can certainly skip backups if you want, though we believe this is the best trade-off between convenience, security, and redundancy for the average user. Advanced users may be capable of securing seed phrase backups, but we believe this is asking too much of casual / mainstream users.

Quote
You should write down your recovery seed when generating a seed on a hardware wallet, and store it in a safe/secure location, preferably in a safety deposit box, or a fire safe in your house.

There are so many risks that go unstated when people say "store your seed phrase in a safe place" that it's laughable. I've performed extensive tests that show many seed backup devices are actually can't withstand common house fires, for example. And if you put a seed phrase in a safety deposit box it's still vulnerable to the bank itself and to state actors that can coerce the bank. We do recommend storing a coldcard in a safety deposit box, however, as the hardware then provides another layer of security against insider / state level attacks.

TL;DR you may not agree with our thesis that the average user isn't capable of securing seed phrases against all of the attacks that our security model protects against, and that's OK.

Quote
They can restrict access to your money

This is a misunderstanding - the Emergency Lockdown feature is not available to 2-of-3 multisig accounts, only to 3-of-5 accounts. When activated on a 3-of-5 account they still have a sufficient threshold of keys to route around our service without the Mobile Key if necessary. We take great care to ensure that Casa can not unilaterally create or block transactions; we strive to eliminate any single points of failure, including our own service. For further clarification you can view our step-by-step recovery guides at https://walletsrecovery.org/recovery-docs/casakeymaster-recovery.html

Also worth noting that for 2-of-3 we support using 2 hardware devices and no mobile key, which I believe alleviates several of the concerns you voiced.

I'm not on this forum often; feel free to direct further questions to me via any of my verified accounts listed on https://keybase.io/lopp or ask our support team at help@team.casa!