> Here’s my threat model: attacker gets physical access to the key for five minutes.
That threat is so far off the typical path that it can't even see civilization anymore.
However, simply encasing the key in acrylic would solve your use case.
These keys are meant to solve the typical remote attacks like phishing--and they do that extremely well.
They also are quite good at stopping the: "Someone stole my laptop and now has access to everything." If the key is on your keychain, that scenario is stopped cold.
These keys are not really meant to solve one-to-one attacks by determined adversaries. And, to be fair, such an adversary is going to compromise your OpSec LONG before he tries to compromise your key.
That threat is so far off the typical path that it can't even see civilization anymore.
However, simply encasing the key in acrylic would solve your use case.
These keys are meant to solve the typical remote attacks like phishing--and they do that extremely well.
They also are quite good at stopping the: "Someone stole my laptop and now has access to everything." If the key is on your keychain, that scenario is stopped cold.
These keys are not really meant to solve one-to-one attacks by determined adversaries. And, to be fair, such an adversary is going to compromise your OpSec LONG before he tries to compromise your key.