Hardware wallets are bringing a strong layer of security to the
Bitcoin industry. Private keys are stored safely inside a dedicated
device, and all critical operations such as transaction signing are
being executed in its secure environment. However, this does not
truly amount to a trustless solution: you need to have some faith
in its firmware and/or its hardware.
The risk of having an ARM microprocessor running rogue code or
microcode is of course extremely low, but the need to trust any
kind of third party can be a no-go for some users, especially when
considering the storage of large amounts of funds.
Also, the possibility of physical assault is real and must be taken
into account. One could use plausible deniability PIN codes when
under duress, but would you really play this card if your children
were being held at gun point?
This is where multisignature comes handy to solve this problem:
what if the signature of two different hardware wallets was required
to approve a payment? Not only would it protect you against all
possible attack vectors, but you would get a 100% trustless solution.
... more.
