Replying to Avatar Cyph3rp9nk

It is a known vulnerability in trezor that is patched with a passphrase, in return your software, firmware and hardware are open source.

In the next generation of trezor the problem of not using secure element is fixed with tropic square, an open source secure element.

Jade solves the problem of not using secure element by using a kind of software secure element, a kind of multi-signature, again all open source.

Although coldcard has a good architecture by using two secure elements to not trust each other, cryptography should not rely on black boxes, because that is trust and cryptography should not require trust.
Avatar
Peris 2y ago

When you say the vulnerability is patched with a passphrase you mean there is no way they can extract anything from it without the passphrase, is that right?

Reply to this note

Please Login to reply.

Discussion

Avatar
Cyph3rp9nk 2y ago

Exactly.

With trezor T you also fix the vulnerability with secure sd, you use a sd card to encrypt the seed, without the sd you can't extract anything and you can also add the passphrase.