If the hacker needs the seed + passphrase to unlock the keys, then they will ask for them both, not just the seed.
Like I said, any way a hardware wallet user would use to recover his keys if ever his wallet got lost, stolen, destroyed, i.e. he does step 1, then step 2, then step 3, etc for recovery, so will the hacker ask for the necessary information to commit the same steps for the keys.
You're still not quite getting it. Maybe I'm not explaining it properly?
If you give the hacker JUST the seed (ie. they've found your encrypted seed file wherever you stored it and you've handed over the password to that file)... and they import JUST the seed into a wallet... then it will generate a complete and valid wallet. You use this wallet as your "decoy"... put some coins in it... run a few transactions to generate history etc.
There is absolutely no way for the hacker to know
or prove that you have a passphrase, that when combined with your seed, will generate a completely different wallet with your actual stash in it. In fact, you could even generate a second "decoy" using a different dummy passphrase if you wanted to be super paranoid about it all.
Seed words only = Valid Wallet
Seed words + Dummy Passphrase = Completely different, valid wallet#2
Seed words + Actual Passphrase = completely different, valid wallet#3
You can theoretically use an infinite number of passphrases and generate an infinite number of wallets, because of the way the system works,
ANY passphrase you give, when combined with seed words, will generate a valid wallet. Even if the hacker is aware that you can use passphrases with seed words, they cannot prove that you actually do or have used one... you have plausible deniability. There is no evidence of your hidden wallet existing. This is what renders the $5 wrench attack useless.
If you have a lot of things to remember/memorize, i.e. the seed, the passphrase, the PIN, etc, then the weakest link in the whole security is your brain.
Ultimately you will still need to record/store all these in one place just in case you forgotten any of them.
And that will still boils down to the need for encryption of all of them just so you only need to remember less things, i.e. remember 1 vs remember 3.
My method tries to simplify the steps so the requirement is to remember only 1 thing in order to prevent the brain from being a weak link.
You don't actually need to remember the PIN... the PIN only protects access to the hardware wallet itself... generally speaking, most of the hardware wallets that I'm aware of will factory reset after X number of incorrect PIN attempts. As long as your seed is safely backed up somewhere, you can simply restore using the seed (and passphrase) and your wallet is regenerated.
And lets be honest here... if you're going to struggle with a 4 digit pin, what hope do you have to remember a 20+ character alphanumeric+symbol password to an encrypted file?
Sure, I still have to remember 2 things (password to encrypted seed + wallet passphrase) as opposed to one (password to encrypted key)... but that's like saying that walking 2 steps is harder than walking 1 step.
Hardware companies don't explain to users that while they need to do a paper backup of their seeds/passphrases, they also need to back it up securely, i.e. using a 2nd computer to encrypt the backup.
Not necessarily... with a seed+passphrase, if the seed is compromised then the passphrase is your protection layer. I vaguely seem to recall that someone put up a bounty by publishing a seed that had some coins stored in a "hidden wallet", protected by a passphrase... and it got taken down after a year or so as no-one had hacked it and taken the coins. I've been trying to find the source, but I can't seem to find it. My point is that your seed only really needs to be "safely" backed up (ie. written down). It doesn't necessarily need to be "securely" backed up (ie. encrypted).
Additionally, if you just wrote your seed down and stored it someplace "safe", then your requirements for remembered passwords would drop down to 1... the passphrase for your "Actual" wallet... and you've shifted part of your security model from "digital" to "physical".
If a hacker is savvy enough to recover your keys from your hardware wallet, I assume he will be savvy enough to know what necessary information to ask for the recovery, thus vulnerability to the $5 wrench.
I do not see a hacker being Dorky enough like me who doesn't know about hardware wallet and just kidnap you, ask for the seeds, let you go, then found out I need more than just seeds, and figured out I need to re-kidnap you again for more information.
I see a hacker being very savvy, does his homework completely, kidnaps you and ask for the seeds, passphrases, and PIN, all in one go, and verify everything on the spot to make sure you tell the truth before letting you go with everything stolen.
That's the point... they CAN'T verify whether or not I have a passphrase... or if the passphrase that I have given are "real" or "dummy"... unlike a password for an encrypted container, that either decrypts the file or it doesn't.