Hardware devices and keyset diversity

Casa's key management solutions allow you to create a robust security setup easily by eliminating single points of failure through multisig. 

To avoid the hardware devices themselves becoming a single point of failure, we highly recommend using a variety of different hardware devices made by different manufacturers in your keyset, so that no single device type accounts for a quorum of your keys. 

What does this mean?

In Casa's multisig vault solution, clients are able to choose from any of our supported hardware devices and add those keys as part of their multisig keyset. 

  • In the 5-key vault, an account has five total keys in their keyset, and three of those keys are on hardware devices.
  • In the 3-key vault, an account has three total keys that comprise their vault, and the member may choose for either one or two of those keys to be on hardware devices

If you choose a setup with  more than one hardware device, you should be using at least two types of device in your keyset.

For example, we would NOT recommend a 5-key vault setup with all three hardware keys being on Coldcard devices. A better setup would be, for example, two Coldcards and one Trezor or one Coldcard, one Trezor, and one Ledger.

Likewise, a 3-key vault setup with two Trezor hardware keys would NOT be recommended. A better setup would be, for example, one Trezor and one Coldcard.

Hardware devices are great tools in key management, but can be vulnerable to exploits, firmware update bugs and failures, and manufacturing flaws. By creating your vault so that it does not rely too heavily on a single device manufacturer, you are taking one step further toward bulletproofing your security.

Articles in this section

Was this article helpful?
0 out of 0 found this helpful