Thanks for pointing this out. I must say, I'm no crypto expert and while looking at Shamir Secret Sharing (SSS) it didn't really occur to me that implementations could be bad. I would only use open-source SSS tools and my naive approach was: it's open-source, grin, someone would spot bad code. I mostly can read code, but I'm no developer and far from being able to do something like a code audit. I would surely miss code quirks.
So much for boundless naivety.
So far I was only playing with tools like
https://iancoleman.io/shamir/ or
https://iancoleman.io/shamir39/ and especially the latter implementation clearly states, it's not quite for anything than experiments.
This is a prototype.
This tool should only be used for experiments.
There are no alternative implementations, meaning you are totally dependent on this tool if you use it. That is a dangerous situation to be in.
As I don't have a Trezor hardware wallet, I'm not confidently sure if a user can opt-out of SLIP-39 mnemonic recovery words with modern Trezor devices.
I will keep the outlined potential issues with SSS from the Bitcoin Wiki in mind for re-evaluation of its usefulness.
If someone wants to use Shamir backup then the most important thing is to test the recovery manually (on a clean device) and write down the instructions clearly, otherwise this extra complexity will eventually become the biggest weakness.
This is what BattleDog already wrote and isn't limited to SSS backup alone but to
every backup method. If you don't check that you can recover from your backup method, you put your funds at risk. Always verify a successful recovery, no matter what!
Post edit: I hate typos and corrected what stinged my eyes now and what I missed before.
