I mentioned the Trezor earlier particularly Model T where passphrase and recovery seed can be entered on it directly. It has a different model than a typical HSM since it doesn't store anything other than the seed which is combined with entered passphrases to derive wallets/keys.
-
-
The Trezor hardware isn't what's compelling about it. It's just a standard embedded computer with secure boot and a tamper evident case. I'd like to see more implementations that are fully compatible with not just the cryptocurrency wallet aspect but also SSH, GPG, U2F, etc.
-
I think they have by far the best approach to this on the Trezor Model T and I'd really like to see alternate implementations with different trade-offs like having a secure element for storing the seed and doing cryptographic operations at the expense of openness and flexibility.
-
Ideally, there would be a much more tamper resistant general purpose SoC available so it wouldn't need to be a compromise. They do have basic tamper resistance already but it would be good to have lower-level support from the SoC like memory encrypted with a hardware key, etc.
End of conversation
New conversation -
-
-
it was an addition to the existing firmware and used keys generated from the recovery seed (with PIN and passphrase support)
-
Ah, I misunderstood what you meant. I'm successfully using their current SSH support already and I plan on using their GPG support to replace my existing aging key which has been exposed to multiple generations of laptops and workstations. GPG makes key rotation horrible though.
- 1 more reply
New conversation -
-
-
Hopefully we get a world where we have the combination of all the above/ideal package - but right now, I think the most secure is hardware/most eyes on audited code
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.