Conversation

GnuPG Key Encryption vs OpenPGP Hardware Protection whonix.org/wiki/OpenPGP#G ^TNT

kicksecure.com

OpenPGP

OpenPGP, gpg, Related Tools, Links, Advanced Topics, The OpenPGP Web of Trust, Bootstrapping OpenPGP keys from the web

Replying to

Trezor Model T has open source firmware, passphrase protection based on a passphrase entered on the device and supports U2F, SSH and GPG in addition to being a Bitcoin wallet. Passphrases are dynamically mixed with the main seed protected by the hardware so there's deniability.

Replying to

Though I'd personally prefer #ledger or even better #linux due to... ^PS medium.com/@Zero404Cool/t

Replying to

Using a full blown Linux environment would be dramatically less secure from having far larger attack surface and wouldn't resolve hardware attacks based on physical access. This is an attack that needs to be hardened against at the hardware level and can't ever truly be solved.

Replying to

and

Ledger doesn't meet your criteria of open source since it relies on a proprietary secure element. It still has a general purpose CPU just as vulnerable to hardware attacks, but the secrets aren't directly accessible to it. They've had their own more severe security issues anyway.

Replying to

and

I think it's better to have a proprietary secure element than not having one, but I can understand why they prefer having open source firmware including the implementation of cryptographic primitives. Ideally, there would be hardware with tamper resistance *and* open firmware.

Replying to

and

The Titan M in the Pixel 3 will have open source firmware with reproducible builds: android-developers.googleblog.com/2018/10/buildi. I don't think there's an existing example of a secure element with that much of the design open source. I don't think it can be expected any would be fully open hardware.

android-developers.googleblog.com

Building a Titan: Better security through a tiny chip

At the Made by Google event last week, we talked about the combination of AI + Software + Hardware to help organize your information. To better protect that information at a hardware level, our new...

Replying to

and

The post you linked is referring to any normal general purpose CPU / SoC as non-secure which is overly dramatic. Secure elements can raise the cost of physical attacks but can't resolve them. The SoC has embedded memory and decent security features so it's not a terrible choice.

Replying to

and

A Trezor is essentially a tiny general purpose computer with full verified boot and very small attack surface. The main defense against a physical attack is really the passphrase feature. The PIN and hardware security (tamper evident case, embedded SoC) are very basic obstacles.

Replying to

and

A separate secure element for storing the seed would raise the complexity (cost) of extracting the seed with physical access, but it can still be done. The passphrase feature on the Trezor Model T where it can be entered on the device itself is a much more compelling feature.

9:48 PM · Oct 29, 2018Twitter Web Client

Replying to

and

The passphrase isn't stored, so an attacker can't extract it. It isn't exposed to enormous attack surface by entering it on the attached computer rather than the hardware wallet. Every passphrase is valid and derives different keys / wallets so it defends against coercion too.

Replying to

and

The alternatives incorporating secure elements lack a comparably secure high level design, and I'd definitely take the far greater security properties of the passphrase with on-device entry over unproven hardware anti-tampering. I'd prefer both, but it's not an option right now.