Conversation
Replying to
Using a full blown Linux environment would be dramatically less secure from having far larger attack surface and wouldn't resolve hardware attacks based on physical access. This is an attack that needs to be hardened against at the hardware level and can't ever truly be solved.
2
3
4
Replying to
I trust Linux dm-crypt / luks trust full disk encryption more. Once power is off, all bets are on. No compromise reports yet (when using strong passphrases). Can be combined with air gaped computer. ^PS
1
Replying to
The primary attack vector for a hardware wallet is an online attack. Linux has drastically more attack surface for either an online attack or physical attack vector when powered on. Trezor's passphrase feature doesn't store it so it's deniable with any number of hidden keys.
1
1
3
Using Linux for this, especially with the typical userspace, is drastically less secure than running a tiny hardened crypto application in a minimal embedded environment. I don't understand why you would want that. Linux has garbage security even for a general purpose OS...
1
1
... and this is a bad use case for a general purpose OS. It also doesn't store data but rather a seed used to generate keys to access data. The passphrase is appended to the seed phrase before deriving the main key from it. Encrypting it with the passphrase would be a downgrade.
1
You linked to a post about a physical attack vector on an SoC which is entirely applicable to a Linux installation. The post is also dishonest and pushing misinformation, but you're misunderstanding it if you think Linux is better. Linux is far more vulnerable to the same attack.
1
The mitigations implemented in the Trezor firmware against the attack wouldn't be present, and there would be drastically more attack surface. An attacker could much more easily gain code execution. An air gap doesn't remove online attack vectors at all.
1
It still needs to be kept updated too, and there would be massive attack surface simply for that. Simple update verification, full verified boot and downgrade protection with minimal state are important. The entire point is not having the attack surface of a general purpose OS.
1
1
I think you're just misinterpreting that post and drawing the wrong conclusions. It's about a hardware attack, and a general purpose computer running Linux is far more vulnerable to the same kind of attacks. It ignores the passphrase feature and is unnecessarily dishonest too.
2
1
It's far better to not have a general purpose OS when it's totally unnecessary. Only a tiny embedded application with thousands of lines of code, not millions, is needed. Running that tiny application on top of a massive general purpose OS would be a step backward in every way.
I completely agree with - this is the wrong conclusion. Hardware keys are the go to for maximum security. Your 'no' responses are incorrect for "implementation of software or device 100% Libre Software" and "can be independently reproduced and audited".
1
1
1
The comparison table is wrong when it comes to Nitrokey Start / Gnuk. Keys are encrypted, it is 100% libre software, can be audited, auditing isn't harder than GnuPG.
2
2
Show replies