Conversation

GnuPG Key Encryption vs OpenPGP Hardware Protection whonix.org/wiki/OpenPGP#G ^TNT

kicksecure.com

OpenPGP

OpenPGP, gpg, Related Tools, Links, Advanced Topics, The OpenPGP Web of Trust, Bootstrapping OpenPGP keys from the web

Replying to

Trezor Model T has open source firmware, passphrase protection based on a passphrase entered on the device and supports U2F, SSH and GPG in addition to being a Bitcoin wallet. Passphrases are dynamically mixed with the main seed protected by the hardware so there's deniability.

Replying to

Though I'd personally prefer #ledger or even better #linux due to... ^PS medium.com/@Zero404Cool/t

Replying to

Using a full blown Linux environment would be dramatically less secure from having far larger attack surface and wouldn't resolve hardware attacks based on physical access. This is an attack that needs to be hardened against at the hardware level and can't ever truly be solved.

Replying to

I trust Linux dm-crypt / luks trust full disk encryption more. Once power is off, all bets are on. No compromise reports yet (when using strong passphrases). Can be combined with air gaped computer. ^PS

whonix.org

Full Disk Encryption and Encrypted Images

Full Disk Encryption and Encrypted Images, Additional Security Measures

Replying to

The primary attack vector for a hardware wallet is an online attack. Linux has drastically more attack surface for either an online attack or physical attack vector when powered on. Trezor's passphrase feature doesn't store it so it's deniable with any number of hidden keys.

Replying to

and

Using Linux for this, especially with the typical userspace, is drastically less secure than running a tiny hardened crypto application in a minimal embedded environment. I don't understand why you would want that. Linux has garbage security even for a general purpose OS...

Replying to

and

... and this is a bad use case for a general purpose OS. It also doesn't store data but rather a seed used to generate keys to access data. The passphrase is appended to the seed phrase before deriving the main key from it. Encrypting it with the passphrase would be a downgrade.

Replying to

and

You linked to a post about a physical attack vector on an SoC which is entirely applicable to a Linux installation. The post is also dishonest and pushing misinformation, but you're misunderstanding it if you think Linux is better. Linux is far more vulnerable to the same attack.

Replying to

and

The mitigations implemented in the Trezor firmware against the attack wouldn't be present, and there would be drastically more attack surface. An attacker could much more easily gain code execution. An air gap doesn't remove online attack vectors at all.

2:34 PM · Oct 30, 2018Twitter Web Client

Replying to

and

It still needs to be kept updated too, and there would be massive attack surface simply for that. Simple update verification, full verified boot and downgrade protection with minimal state are important. The entire point is not having the attack surface of a general purpose OS.

Replying to

and

I think you're just misinterpreting that post and drawing the wrong conclusions. It's about a hardware attack, and a general purpose computer running Linux is far more vulnerable to the same kind of attacks. It ignores the passphrase feature and is unnecessarily dishonest too.

Show replies