|
Title: Auditing Hardware Wallets? Post by: Sage on July 05, 2015, 09:51:34 AM How do we audit a hardware wallet? Meaning, how do we know the hardware wasn't compromised in transit, and the wallet gives up private keys when connected to the internet?
We can audit open source code. We can check the signatures of open source code to validate it has not been tampered with. But how do we do the same for hardware wallets? Title: Re: Auditing Hardware Wallets? Post by: achow101 on July 05, 2015, 05:27:00 PM It would be difficult to tamper with the hardware, but not impossible. I suppose you could monitor the network data of your computer. You could watch for anything strange such as your hardware wallet sending data over the internet when it shouldn't.
Title: Re: Auditing Hardware Wallets? Post by: unamis76 on July 05, 2015, 05:36:51 PM If I'm not mistaken, Ledger Wallet performs a hardware and software check upon first boot. If this can be tampered with, I don't know.
In my opinion, the best hardware wallet is still something that isn't usually used as a wallet but can be re-purposed for such. Although it can also be tampered with, it won't be targeted as much for Bitcoin related things. It should be possible to audit the hardware at home... but I don't see that being an easy task for a regular Joe. |