Replying to Avatar RealJohnDoe

How do y'all rationalize the closed source secure elements vulnerability. Because I would like one..😐
Avatar
Dr. Bitcoin, MD 1y ago

That’s very easy.

Step 1) suppose the secure element is backdoored

Step 2) stay air gapped forever

Step 3) input your own entropy from dice rolls

Step 4) after signing a transaction, verify the transaction signature on your own node before broadcasting (which I believe but am not certain is done anyway)…just in case the signature is invalid and merely an attempt to disclose private key or seed or something else nefarious.

Step 5) recognize that after the above, a back doored chip can do nothing nefarious other than sign incorrectly, in which case you need a new signing device/hardware wallet.

Reply to this note

Please Login to reply.

Discussion

6e
6e70253f... 1y ago

Step 1: Don't rely on a secure element in the first place as most use cases are fine with a stateless device.

Step 2: Save a truck load of money. The end.

Avatar
Dr. Bitcoin, MD 1y ago

If you think any coldcard device is a truckload of money, you need to work harder and stack longer. Then there will come a time when such things are cheap.

But you’re right, stateless is often good enough. I treat my coldcard as stateless

6e
6e70253f... 1y ago

Okay Mr Money Pants. I can't wait to get as rich as you so I can just burn sats just because. :)

Avatar
Dr. Bitcoin, MD 1y ago

The funny thing is, all ya gotta do is buy bitcoin and wait. The more you buy and the sooner you start waiting the better.

But you’ll likely never be as rich as me. I played the fiat harvesting game well and got blessed by bitcoin long ago.

6e
6e70253f... 1y ago

Tell me more...

6e
6e70253f... 1y ago

You do highlight my point thou. For the majority of plebs, hardware wallets like this, arent really needed. Even for you it's likely still a waste of sats, you're better off with something else, unless you're making regular large transactions.

Avatar
DETERMINISTIC OPTIMISM 🌞 1y ago

How do you create a key without a proper HWW?

Avatar
Dr. Bitcoin, MD 1y ago

It’s a convenience item. I use it in paranoid mode. But I don’t have to.

You can calculate your own private keys by hand from dice rolls, but I choose not to.

But nobody would ever disagree that minimizing trust is always safe, presuming you don’t outsmart yourself.