I can’t trust the manufacturer of the generic pi board and chips either
Discussion
We trust the manufacturer to do a lot less. We don't trust the device to validate software, we don't trust it to persistently store keys, and we don't trust it to make wireless or wired connections with other devices. We just trust it to execute SeedSigner code.
Pi’s don’t have secure elements and since you can’t verify the quality of board, the chip and the cameras how do you prevent side channel attacks?
All side channel attacks I am aware of require running software that has been maliciously modified. So to avoid that, run our released code.
Even if you run fully verified and open-source software, side-channel attacks focus on how the software interacts with the hardware, particularly during sensitive operations like cryptographic computations.
You are vulnerable to
1. Hardware Backdoors
2. Timing Attacks
3. Power Analysis
4. Electromagnetic Emanations
Even with verified software, side-channel attacks can exploit weaknesses in pre-installed chips or the board itself. The software may perform securely from a logical perspective, but the physical properties of the hardware can leak information through side channels. To defend against these attacks, both the software and hardware need to be carefully designed with side-channel resistance in mind. Devices with secure hardware elements and robust physical defenses are more resistant to such attacks.
I'm just going to agree to disagree with you here. I strongly disagree with what you’re saying, but I just don’t have the time to refute every far fetched exotic attack scenario. Have a great afternoon.
They’ve certainly not open sourced their hardware.
The guy running their organization is an ex cop (Technical Surveillance Officer to be exact), the company also lost its mind defending the hire
Just so you know, that is not me. No idea who "Roberts" is. I was an LEO however, but have been very candid that digital forensics was my specialty. You should really double check it your sources, would have been easy to find this out.
The fuck are you talking about. I wasn’t saying shit about you.
I have great respect for your work and of other projects too. But all y’all frame your products as ideal and the one thing you need. And then fight amongst each other when there’s opportunity to help and grow with each other.
I guess I feel like I've tried to talk about tradeoffs a lot and have always been willing to admit there are some use cases where a conventional hardware wallet makes a lot of sense. Meanehile some manufacturers constantly misrepresent our project for seemingly self serving reasons. But I understand it can be frustrating from someone with your perspective. I just don't know what the answer is.