[Enhancement] need a pin to log into krux, setting limits for a one-time transaction,

[Garrysoon]

1. need a pin to log into Krux.
2. possibility of customization MAX limits amounts for a one-time transaction.
3. the ability to separate work with a seedphrase and work with signing transactions using this seedphrase. (for the ability to delegate sending bitcoins to someone without revealing the seed phrase itself)

[jdlcdl]

regarding the items above: I'll make some assumption and ask for you to confirm if they are correct or need clarification:

1. The mnemonic (either encrypted or not) and the passphrase (entered at keyboard or via qrcode) already act to perform this functionality. Without decrypting a mnemonic in flash or sdcard with a "key" that can be as strong or as weak as the user wants... krux is already logged out. Loading a mnemonic and/passphrase is the same as logging in. I sort of see the "key" to an onboard mnemonic as the pin in this example, which is much more secure than a 4-digit pin would be (as long as the user chooses a stronger key).

2. I understand the reason for MAX limits on spending a transaction, as it's been discussed in the tg group.

3. I need clarification on this part. Are you intending to hand the krux device to a trusted other, like an employee or spouse, so that they can sign transactions? So owner would log them in by loading a key and passphrase, then they could sign anything that's already spendable in the wallet, but perhaps not greater than a max limit? In the next release, there is already the possibility to "hide" mnemonics, and once entered into krux, the passphrase is not available for viewing on the screen, so they could sign without learning owner secrets. Since getting back to settings would require a reboot, they couldn't disable the "hide mnemonic" setting either.

[Garrysoon]

regarding the items above: I'll make some assumption and ask for you to confirm if they are correct or need clarification:

1. The mnemonic (either encrypted or not) and the passphrase (entered at keyboard or via qrcode) already act to perform this functionality. Without decrypting a mnemonic in flash or sdcard with a "key" that can be as strong or as weak as the user wants... krux is already logged out. Loading a mnemonic and/passphrase is the same as logging in. I sort of see the "key" to an onboard mnemonic as the pin in this example, which is much more secure than a 4-digit pin would be (as long as the user chooses a stronger key).

The fact is that the passphrase protects a separate passphrase... the PIN code protects the entire crookes firmware from being examined.... you can make this pin code easier and prohibit logging in after 3 errors... like in trezor

2. I understand the reason for MAX limits on spending a transaction, as it's been discussed in the tg group.

yes.

3. I need clarification on this part. Are you intending to hand the krux device to a trusted other, like an employee or spouse, so that they can sign transactions? So owner would log them in by loading a key and passphrase, then they could sign anything that's already spendable in the wallet, but perhaps not greater than a max limit? In the next release, there is already the possibility to "hide" mnemonics, and once entered into krux, the passphrase is not available for viewing on the screen, so they could sign without learning owner secrets. Since getting back to settings would require a reboot, they couldn't disable the "hide mnemonic" setting either.

Yes, you got it right