Avatar
semisol 1y ago

it’s hilarious how a lot of HWWs use SEs that are broken, are uncertified or made for cheap IoT devices (often all of these)… or none at all

if your device is stateful a quality SE is a must, it’s only a few dollars more

Reply to this note

Please Login to reply.

Discussion

Avatar
Leathermint 1y ago

How do we know if it's a cheap one?

Avatar
semisol 1y ago

ATECC508A, ATECC608A and ATECC608B are all vulnerable to fault injection

Avatar
Leathermint 1y ago

And who currently use these?

Avatar
semisol 1y ago

A lot.. https://bitcointalk.org/index.php?topic=5304483.0

Avatar
kidwarp 1y ago

Fuck shit biscuits lmfao

Avatar
node 1y ago

Whoa!!!!!!!

Avatar
Leathermint 1y ago

That's really interesting. Thank you.

On an other note, do you know what this means? I've always wondered what kind of government deal was taken by coldcard with the government to protect others from selling their code.

(I mean the MIT + CC)

Avatar
semisol 1y ago

It doesn’t meet the definition of open source (commercial use is not permitted for Coldcard firmware). The term source available is used instead

Avatar
Leathermint 1y ago

I understand that but I was asking more precisely which understand that but I was asking more precisely what this acronym meant. I tought it could give me a clearer picture of the specific laws that are used.

Avatar
semisol 1y ago

MIT+CC is MIT license with Commons Clause

Avatar
frphank 1y ago

Those are secp256r1 not k1. What role do they play in Bitcoin?

Where are the details on that exploit?

00
nicodemus 1y ago

Do you have a list of HWWs with shitty / no SEs?

Avatar
charliesurf 1y ago

all of them except ledger i suppose...

Avatar
kmclash 1y ago

Would you recommend any particular HWW?