Bitcoin Forum
November 18, 2024, 07:56:44 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Do you consider the secure element crucial for hardware wallets?  (Read 193 times)
Forsyth Jones (OP)
Hero Member
*****
Offline Offline

Activity: 1358
Merit: 941


Duelbits - Play for Free | Win for Real


View Profile WWW
June 25, 2024, 07:30:28 PM
 #1

Most of the HW I know have SE. Some wallets like the first line of Trezor: Trezor One and Trezor model T don't have SE, due to Trezor not trusting them at that time.

However, without the SE, it's possible to extract the original seed from the device using labor techniques. If using a passphrase, it's impossible to access the funds, as the device doesn't store the passphrase entered by the user.

Secure elements are not open source, what do you think about that? As they depend on SE manufacturers, they want those who subscribe to SE on their devices to have an NDA non-disclosure agreement on how exactly SE handles information.

And if you have a T1 or Trezor model T, are you going to buy a new Trezor with SE?

What I am aware of is that Trezor's new line: Safe, has an SE that doesn't restrict them from freely publishing potential vulnerabilities. I have no information whether the SE of these devices are open source.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
.
.Duelbits.
..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE
DUELBITS
FANTASY
SPORTS
████▄▄█████▄▄
░▄████
███████████▄
▐███
███████████████▄
███
████████████████
███
████████████████▌
███
██████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
.
▬▬
VS
▬▬
████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
/// PLAY FOR  FREE  ///
WIN FOR REAL
..PLAY NOW..
C10H15N
Legendary
*
Offline Offline

Activity: 946
Merit: 1026



View Profile
June 25, 2024, 07:55:48 PM
Last edit: June 25, 2024, 10:42:01 PM by C10H15N
 #2

I don’t disagree with Trezor’s position concerning secure elements.

When the time comes to replace my hardware wallets, they will contain (open source) SE.  

Only when the tide goes out do you discover who's been swimming naked. -Warren Buffett
Charles-Tim
Legendary
*
Offline Offline

Activity: 1736
Merit: 5219


Leading Crypto Sports Betting & Casino Platform


View Profile
June 25, 2024, 08:17:18 PM
 #3

Trwzor Safe 3 secure element is open source.

Why not buy Tezor Model T if you want. You know already that passphrase can help against physical attack on the wallet. The seed phrase can be seen but a strong passphrase will be hard to brute force.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
Meuserna
Full Member
***
Offline Offline

Activity: 203
Merit: 230


View Profile
June 25, 2024, 10:31:19 PM
 #4

No.

Secure element chips usually require the manufacturer to sign a nondisclosure agreement, which prevents them from using open source code for parts that interact with the chip.

If a hardware wallet uses any code that isn't open source, I won't use it.

I prefer a hardware wallet like Krux or SeedSigner, which doesn't save the seed on the device.  Krux lets you create an encrypted SeedQR code.  Scan the QR code & scan the decryption key QR code to import your seed.  It's faster and easier to scan 2 QRs than it is to enter a PIN code on most hardware wallets.  And since Krux doesn't save your seed when you turn it off, there's no need for a PIN to unlock the device, because there's nothing on it to lock.

I'm surprised SeedSigner hasn't added the ability to use encrypted SeedQRs yet.  I assume they will at some point, because it's brilliant.
satscraper
Hero Member
*****
Offline Offline

Activity: 924
Merit: 1642



View Profile
June 26, 2024, 05:19:32 AM
Last edit: June 26, 2024, 05:35:12 AM by satscraper
 #5

We don't bother yourself with question why the security chip (BTW, also closed source)  is embedded into virtually every   trustworthy bank cards, we just take this for granted because we know that it adds the security to our funds. Why it should be opposite in regards to hardware wallets?

I think SE is  a necessary part of any HW. To be on the safe side HW producers  should embed even two or three of them from different brands.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
.
.Duelbits.
..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE
DUELBITS
FANTASY
SPORTS
████▄▄█████▄▄
░▄████
███████████▄
▐███
███████████████▄
███
████████████████
███
████████████████▌
███
██████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
.
▬▬
VS
▬▬
████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
/// PLAY FOR  FREE  ///
WIN FOR REAL
..PLAY NOW..
m2017
Legendary
*
Offline Offline

Activity: 2002
Merit: 1404


Playbet.io - Crypto Casino and Sportsbook


View Profile
June 26, 2024, 08:18:15 AM
Merited by C10H15N (1)
 #6

And if you have a T1 or Trezor model T, are you going to buy a new Trezor with SE?
There is an eternal struggle between shield and sword (defense and attack). To keep crypto assets safe, it is advisable to use technologically advanced security measures. But an important detail should be taken into account that any manufacturer, even a manufacturer of hardawre wallets, is, first of all, a commercial company aimed at making a profit. This means that the influence of marketers is inevitable. What will push manufacturers to release devices with cosmetic changes, but technically not providing anything new.

In comparison, the announced new trezor's HW is no different in terms of built-in SE, therefore, I see no point in duplicating technically identical devices. If a new device with an improved SE appears, I might still think about buying it. For now, I don’t see the point in this.

███████████████
█████████████████████
██████▄▄███████████████
██████▐████▄▄████████████
██████▐██▀▀▀██▄▄█████████
████████▌█████▀██▄▄██████
██████████████████▌█████
█████████████▀▄██▀▀██████
██████▐██▄▄█▌███████████
██████▐████▀█████████████
██████▀▀███████████████
█████████████████████
███████████████

.... ..Playbet.io..Casino & Sportsbook.....Grab up to  BTC + 800 Free Spins........
████████████████████████████████████████
██████████████████████████████████████████████
██████▄▄████████████████████████████████████████
██████▐████▄▄█████████████████████████████████████
██████▐██▀▀▀██▄▄██████████████████████████████████
████████▌█████▀██▄▄█████▄███▄███▄███▄█████████████
██████████████████▌████▀░░██▌██▄▄▄██████████████
█████████████▀▄██▀▀█████▄░░██▌██▄░░▄▄████▄███████
██████▐██▄▄█▌██████████▀███▀███▀███▀███▀█████████
██████▐████▀██████████████████████████████████████
██████▀▀████████████████████████████████████████
██████████████████████████████████████████████
████████████████████████████████████████
SFR10
Legendary
*
Offline Offline

Activity: 3192
Merit: 3529


Crypto Swap Exchange


View Profile WWW
June 26, 2024, 11:59:05 AM
 #7

Some wallets like the first line of Trezor: Trezor One and Trezor model T don't have SE, due to Trezor not trusting them at that time.
I did some digging, but I had no luck finding a source for the latter part... Would you mind pointing me in the right direction?

And if you have a T1 or Trezor model T, are you going to buy a new Trezor with SE?
As a Trezor Model One owner, I'll be upgrading to the Safe 3 soon, but it's mainly because of the lack of firmware updates on T1.
- I'm not trying to play down the role of SE in hardware wallets (it's always better to have another layer of protection), but even Trezor puts emphasis on using a strong passphrase in the "latter part of their SE page".

What I am aware of is that Trezor's new line: Safe, has an SE that doesn't restrict them from freely publishing potential vulnerabilities. I have no information whether the SE of these devices are open source.
Here you go: Infineon OPTIGA Trust M

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
crwth
Copper Member
Legendary
*
Offline Offline

Activity: 2954
Merit: 1280


https://linktr.ee/crwthopia


View Profile WWW
June 26, 2024, 12:11:17 PM
 #8

I imagine that the problem here or the topic in debate is SEs having an additional layer of security but it's not open source, right? So this has concerns with transparency and trust.

Well since it's Trezor Safe 3 has a design that could be transparent, it can vary depending on the user. I think it just makes it easier for people to just use it.

I think it's important to choose what you think is fit for your needs. I wouldn't upgrade it just because of the SE.

https://trezor.io/trezor-safe-3

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
.
.Duelbits.
..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE
DUELBITS
FANTASY
SPORTS
████▄▄█████▄▄
░▄████
███████████▄
▐███
███████████████▄
███
████████████████
███
████████████████▌
███
██████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
.
▬▬
VS
▬▬
████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
/// PLAY FOR  FREE  ///
WIN FOR REAL
..PLAY NOW..
Meuserna
Full Member
***
Offline Offline

Activity: 203
Merit: 230


View Profile
June 26, 2024, 07:57:03 PM
 #9

I imagine that the problem here or the topic in debate is SEs having an additional layer of security but it's not open source, right? So this has concerns with transparency and trust.

Exactly.  Some people are so used to trusting companies that they can't imagine having to trust themselves instead of trusting companies.  Perhaps they don't want the responsibility of having to learn how to secure their Bitcoin, so let a company do it?  I can't relate to that way of thinking at all.

The example above about bank cards having secure element chips is ridiculous.  Bank accounts are insured.  Bitcoin is not.

Phones and other devices also have secure element chips, but would you store your Bitcoin on a phone?  Foolish people do.  Foolish people get hacked.  I don't.

I also suspect many hardware wallet owners are more interested in the gadgets themselves than they are in the purpose of the gadget: security.  I'm not going to call anyone out by name, but all you have to do is watch some youtube reviews and it becomes obvious most hardware wallet reviewers are gadget-guys who don't really understand the hardware they're reviewing, which is why they don't realize the security risks that come with closed source code.  So many of them don't even understand the risks of having key extraction APIs on their hardware wallets!  That's crazy.  But they're more interested in the cool gadgets than they are interested in real security.  I see a lot of that in this forum and on reddit too.

There's a reason why Bitcoin is fully open source.  In my opinion, the code used to secure your Bitcoin should be fully open source too.
Yamane_Keto
Hero Member
*****
Offline Offline

Activity: 630
Merit: 510



View Profile WWW
June 27, 2024, 06:52:28 PM
 #10

If you are so afraid of physical attacks, adding a passphrase will not improve anything as it will be stored in the device and attacks such as Side Channel Attack can detect the passphrase.

You can avoid physical attacks by using SE, flash mode which is a mode that forces the wallet to delete all data once the device is shut down, or  air-gapped wallet then destroy the flash driver after each signing process.

えいごをはなせますか。
Meuserna
Full Member
***
Offline Offline

Activity: 203
Merit: 230


View Profile
June 27, 2024, 07:21:45 PM
 #11

Another thing about secure element chips:

Ledger proved keys can be extracted from the secure element.  They literally wrote the code to do it, and they put that code on all of their users devices whether the user wants it or not.  And they hilariously convinced their users not to worry about it, because even though the code allows Ledger (and other companies!!!) to extract your seed, it's optional.  As if hackers who figure out how to manipulate that code will care if a user opts into Ledger's key extraction scheme. lol

That's yet another reason why I believe the safest hardware wallet is one that is used stateless and airgapped.
Forsyth Jones (OP)
Hero Member
*****
Offline Offline

Activity: 1358
Merit: 941


Duelbits - Play for Free | Win for Real


View Profile WWW
June 27, 2024, 10:58:09 PM
 #12

If you are so afraid of physical attacks, adding a passphrase will not improve anything as it will be stored in the device and attacks such as Side Channel Attack can detect the passphrase.

You can avoid physical attacks by using SE, flash mode which is a mode that forces the wallet to delete all data once the device is shut down, or  air-gapped wallet then destroy the flash driver after each signing process.
What I know is that it's possible to extract the seed saved on the device, even with PIN protection. But I didn't find any information stating that it's possible to extract the currently used passphrase. Remembering that Trezor doesn't save the passphrase, I don't know the technical details, but I believe that it uses the passphrase to gen the hash of this password. But with each logout it is deleted.

Do you have any sources on this?

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
.
.Duelbits.
..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE
DUELBITS
FANTASY
SPORTS
████▄▄█████▄▄
░▄████
███████████▄
▐███
███████████████▄
███
████████████████
███
████████████████▌
███
██████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
.
▬▬
VS
▬▬
████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
/// PLAY FOR  FREE  ///
WIN FOR REAL
..PLAY NOW..
Meuserna
Full Member
***
Offline Offline

Activity: 203
Merit: 230


View Profile
June 28, 2024, 12:53:47 AM
Merited by Forsyth Jones (1)
 #13

What I know is that it's possible to extract the seed saved on the device, even with PIN protection. But I didn't find any information stating that it's possible to extract the currently used passphrase.

Why wouldn't it be possible?  Data is data.  If a seed can be extracted, there's no reason to believe any other data on the device can't be extracted too.  For example, if a hacker - or an unscrupulous manufacturer - had a reason to want to know what your settings are, that data can probably be extracted.

For small amounts of Bitcoin, none of this matters too much.  That style of hardware wallet is still probably safer than entering your seed into an app.  But honestly, for anything you plan on holding long term, I'd switch to a device that is stateless, airgapped, and has a large screen.

Stateless: Nothing is saved on the device, which means there's nothing on it for a thief to hack.

Airgapped: It can't be reached over the internet.

Large Screen: It clearly displays all text contained in QR codes, so there's no way for a hacker to trick you by altering the data you're sending TO the device.
Pmalek
Legendary
*
Offline Offline

Activity: 2954
Merit: 7563


Playgram - The Telegram Casino


View Profile
July 16, 2024, 07:41:19 AM
Merited by SFR10 (1)
 #14

I think we worry about key extraction a bit too much. Secure element chips are an extra level of security, but they are not crucial. These chips help in preventing physical attacks. But this is not something a thief will know. It's not something law enforcement will know. Successful physical attacks were all performed by experts in labs with the right equipment.

If you are in a position where you lost your hardware wallet (with or without an SE chip), you should be thinking about moving your coins somewhere else asap. Your seed backups are more important than the device itself. I wouldn't be comfortable with someone else having physical access to my wallet regardless of the chips under the hood.

Some wallets like the first line of Trezor: Trezor One and Trezor model T don't have SE, due to Trezor not trusting them at that time.
I did some digging, but I had no luck finding a source for the latter part... Would you mind pointing me in the right direction?
Here is one older source that covers this topic > https://blog.trezor.io/is-banking-grade-security-good-enough-for-your-bitcoins-284065561e9b

▄▄███████▄▄███████
▄███████████████▄▄▄▄▄
▄████████████████████▀░
▄█████████████████████▄░
▄█████████▀▀████████████▄
██████████████▀▀█████████
████████████████████████
██████████████▄▄█████████
▀█████████▄▄████████████▀
▀█████████████████████▀░
▀████████████████████▄░
▀███████████████▀▀▀▀▀
▀▀███████▀▀███████

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 
Playgram.io
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄░░
▀▄







▄▀
▀▀▀░░
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀█████▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
█████████▀██████████████
▀███████▌▐██████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
██████▄▄███████▄▄████████
███▄███████████████▄░░▀█▀
███████████░█████████░░
░█████▀██▄▄░▄▄██▀█████░
█████▄░▄███▄███▄░▄█████
███████████████████████
███████████████████████
██░▄▄▄░██░▄▄▄░██░▄▄▄░██
██░░░░██░░░░██░░░░████
██░░░░██░░░░██░░░░████
██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████
███████████████████████
███████████████████████
 
PLAY NOW

on Telegram
[/
dkbit98
Legendary
*
Offline Offline

Activity: 2422
Merit: 7590



View Profile WWW
July 17, 2024, 09:40:51 AM
 #15

Secure elements are not open source, what do you think about that? As they depend on SE manufacturers, they want those who subscribe to SE on their devices to have an NDA non-disclosure agreement on how exactly SE handles information.
Trezor doesn't have any secret NDA signed with manufacturer of secure element Infineon that is used in new devices Trezor Safe 3 and Safe 5.
They a using Infineon OPTIGA Trust M (v3) same secure element in both of this devices, with code that is published on github.
This is the best we can get now, but Trezor is also working on their own secure element with Tropic Square project.

Phones and other devices also have secure element chips, but would you store your Bitcoin on a phone?  Foolish people do.  Foolish people get hacked.  I don't.
Nobody got hacked ever because they had secure chips in their devices, but because they made other mistakes.
You also have to trust Chinese manufacturer and their microchips in devices that are used for making Krux.


█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Coin-Keeper
Hero Member
*****
Offline Offline

Activity: 762
Merit: 606



View Profile
July 18, 2024, 07:16:58 PM
 #16

If you are so afraid of physical attacks, adding a passphrase will not improve anything as it will be stored in the device and attacks such as Side Channel Attack can detect the passphrase.

You can avoid physical attacks by using SE, flash mode which is a mode that forces the wallet to delete all data once the device is shut down, or  air-gapped wallet then destroy the flash driver after each signing process.


I think you may not understand the passphrase handling with a Trezor.  The Passphrase BIP makes your security much better AND the hardware wallet NEVER sees or stores your passphrase at all.  Of course I want my SEED secure but even if my SEED is hopelessly compromised my 40 + character BIP passphrase will leave me still holding all my coins.  That is why I have a collection of Trezors and I have been in this game for over 10 years now.

BTC: 1PYSBbuKM3kW19xe9TXJQfq64rPhd8XorF
Staked and Verified: https://bitcointalk.org/index.php?topic=996318.msg17102755#msg17102755
Forsyth Jones (OP)
Hero Member
*****
Offline Offline

Activity: 1358
Merit: 941


Duelbits - Play for Free | Win for Real


View Profile WWW
July 18, 2024, 10:50:02 PM
 #17

Trezor doesn't have any secret NDA signed with manufacturer of secure element Infineon that is used in new devices Trezor Safe 3 and Safe 5.
They a using Infineon OPTIGA Trust M (v3) same secure element in both of this devices, with code that is published on github.
This is the best we can get now, but Trezor is also working on their own secure element with Tropic Square project.
Yes, I found out about this later and also, until then, the Trezor One and Trezor Model T devices didn't have secure elements, as Trezor chose not to include them, I don't know if there was an open source secure element in their days of releases.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
.
.Duelbits.
..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE
DUELBITS
FANTASY
SPORTS
████▄▄█████▄▄
░▄████
███████████▄
▐███
███████████████▄
███
████████████████
███
████████████████▌
███
██████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
.
▬▬
VS
▬▬
████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
/// PLAY FOR  FREE  ///
WIN FOR REAL
..PLAY NOW..
dkbit98
Legendary
*
Offline Offline

Activity: 2422
Merit: 7590



View Profile WWW
July 22, 2024, 06:18:32 PM
 #18

Secure elements are extremely important for all devices and this was proven in recent report from Cellebrite and GrapheneOS.
This report applies mostly for modern smartphones but it shows how random PIN can't be brute forced when there is good secure element.
There are several smartphones with secure elements but Pixels and Iphones have shown best results according to this report.
I would love to see some similar testing is done with hardware wallets with secure elements.

Read more about this:
https://threadreaderapp.com/thread/1791833221165965567.html

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!