pros8q
commented
8 months ago I'm no expert, but this doesn't seem safe to me.
What if the hardware wallet is compromised?
It will now have 2 of the 3 keys. If it ever manages to cross the air-gap, it could send your coins somewhere else.
Keep it simple. One wallet, one key.
First, thank you so much for this guide - it is amazing.
Regarding the section on paper wallets & the generation of the 24th word, I propose a simple alternative: use one or more of the hardware wallets.
Since the paper wallet is the first setup and the user presumably has at least 2 hardware wallets ready to go for the 10X guide, we can use one or more of the hardware wallets to generate the 24th word. For example, in the case of a ColdCard, we can enter 23 words into the device. For the 24th word, the checksum calculations are performed on the air-gapped/offline device and a list of the final words are shown. Select a word or roll a die to select (an 8-sided die works for 24 word seed options) and record in your seed backup.
Next, export the wallet file(s) with public key / fingerprint / derivation details for your backup details per the hardware device instructions. To eliminate vendor risk, the user could do this on 2 or more hardware wallets to confirm the seed & wallet information.
Finally, with the seed and backups in hand, the seed(s) can be destroyed securely on the hardware wallet(s). The hardware wallet(s) can then be used as planned in the 10X guide.
While other solutions work, the above technique reduces the additional risk vectors and complications that come with using a computer/browser/library even if air-gapped & with disposable OS etc, and hopefully makes this part of the guide even more accessible to 10Xers.
Hope this helps & thanks again!