Conversation
Replying to
Trezor Model T has open source firmware, passphrase protection based on a passphrase entered on the device and supports U2F, SSH and GPG in addition to being a Bitcoin wallet. Passphrases are dynamically mixed with the main seed protected by the hardware so there's deniability.
3
1
1
Replying to
1
Replying to
Using a full blown Linux environment would be dramatically less secure from having far larger attack surface and wouldn't resolve hardware attacks based on physical access. This is an attack that needs to be hardened against at the hardware level and can't ever truly be solved.
Ledger doesn't meet your criteria of open source since it relies on a proprietary secure element. It still has a general purpose CPU just as vulnerable to hardware attacks, but the secrets aren't directly accessible to it. They've had their own more severe security issues anyway.
1
I think it's better to have a proprietary secure element than not having one, but I can understand why they prefer having open source firmware including the implementation of cryptographic primitives. Ideally, there would be hardware with tamper resistance *and* open firmware.
1
Show replies
Replying to
I trust Linux dm-crypt / luks trust full disk encryption more. Once power is off, all bets are on. No compromise reports yet (when using strong passphrases). Can be combined with air gaped computer. ^PS
1
Replying to
The primary attack vector for a hardware wallet is an online attack. Linux has drastically more attack surface for either an online attack or physical attack vector when powered on. Trezor's passphrase feature doesn't store it so it's deniable with any number of hidden keys.
1
1
3
Show replies