So... the Ledger hardware wallet's security relies on the attacker not being able to size-optimize its firmware better than the compiler. Yeah. https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/ …
Show this thread
-
Specifically the measurement stuff. Also https://en.wikipedia.org/wiki/Trusted_Platform_Module …
Because this is a cheap microcontroller. Their problem is they chose a cheap crappy secure element with no I/O to implement secure I/O, bodging around it by adding another nonsecure microcontroller to handle the I/O. But you can't do attestation on a random micro.
-
-
Isn’t the device like $100?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.