Nostr Web Client

The robustness of a cryptographic protocol is based on knowing what the algorithm does, making it public and being tested, like a peer review but in real life.

The more times a cryptographic protocol has been tried to be attacked and failed, the more valid it is to be used in production.

Right now there are accusations that the NSA and NIST are hiding the development of new post-quantum cryptographic protocols.

"Daniel Bernstein at the University of Illinois Chicago says that the US National Institute of Standards and Technology (NIST) is deliberately obscuring the level of involvement the US National Security Agency (NSA) has in developing new encryption standards for “post-quantum cryptography” (PQC). He also believes that NIST has made errors – either accidental or deliberate – in calculations describing the security of the new standards. NIST denies the claims."

“NIST isn’t following procedures designed to stop NSA from weakening PQC,” says Bernstein. “People choosing cryptographic standards should be transparently and verifiably following clear public rules so that we don’t need to worry about their motivations. NIST promised transparency and then claimed it had shown all its work, but that claim simply isn’t true.”

The key here is that NIST will approve them for use in industry, industry will accept them because oh my god, the quantum age has arrived, and they will discard secure algorithms for insecure and poorly tested algorithms, a perfect strategy.

Quantum computing is currently a fallacy just like fusion energy, it is just a public money grabber.

On the other hand, it was recently discovered in the snowden papers that Cavium, which was then one of the main manufacturers of cryptographic coprocessors for VPN devices, had a backdoor introduced by the NSA in its chips, these chips were used for years by most manufacturers such as CISCO.

And some still recommend hardware wallets with secure elements that are closed source 😂.

Robust cryptography can only and only be opensource, you understand? from the beginning to the end.

Séimí Mac Síomón 2y ago

Hey man interesting post and food for thought, thank you.

Which hardware wallets use the closed source chips?

Reply to this note

Please Login to reply.

Discussion

Cyph3rp9nk 2y ago

Most of them use, it is better to start with the ones that don't and are completely open source both electronic and software.

Trezor T, but the seed can be extracted because of it so you have to mitigate it either using passphrase or the sd protection function, also you could mitigate it with a very long pin as it supports up to 50 characters, it is always better the combination of everything.

Trezor One, you must mitigate the problem with the passphrase or with a very long pin, as before it is always better the combination of everything.

Jade, at the moment has no known vulnerability. It performs the seed encryption through the pin and a second secret provided by a Blockstream server (Oracle server). You can set up your own oracle server if you don't trust the Blockstream server. Note that both secrets are needed to decrypt the seed, so blockstream can't do anything.

Jade is definitely the wallet that I recommend, even if you don't know about the supply chain you can assemble it yourself (DIY).

nostr:npub1jg552aulj07skd6e7y2hu0vl5g8nl5jvfw8jhn6jpjk0vjd0waksvl6n8n

Maxim 1y ago

For example BitBox. However, only one of the 4 keys is stored in this closed-source secure chip. The rest is all open-source.