Oddbean new post about | logout
MAHDOOD | 1 months ago (raw) | root | parent | reply | flag +1 
 There is always risk but it’s small. It is not truly airgapped if you have to connect it to your laptop. Coldcard lets you do the update without plugging it into your computer. But you still have to use a microsd card to get the update file or transaction signatures from your computer to the device. I believe you could also use the passport to scan QR codes and never plug it into your computer. But for updates on the passport I think you may have to use Bluetooth.

These are all very complicated and sophisticated attacks that are theoretically possible to do but difficult and expensive to pull off.
Dr. Fernando Morales | 1 months ago (raw) | root | parent | reply | flag 
 Looks like a coldcard is a must.
MAHDOOD | 1 months ago (raw) | root | parent | reply | flag +1 
 Coldcard and passport are really good. Coldcard is cheaper though and has a long track record. Passport is basically a copy of the coldcard code with some added features like the camera and Bluetooth. If you’re ultra paranoid, you could do a multisig setup with your jade, coldcard, and passport. Your jade could be plugged in, coldcard airgapped with an sd card, and passport uses camera for QR codes.