Replying to Avatar BitBees

‘Cause backdoor? Or sketchy code?
Avatar
Vake 1y ago

Cause it’s plugged into your computer via USB. A malicious Trezor Suite update could potentially swipe your seed.

Air-gapping offers incredible peace of mind.

Reply to this note

Please Login to reply.

Discussion

Avatar
AnonSequitur 1y ago

Going to ask what I suspect is not a great question, but doing it anyway… Coldcard does USB and air-gapped. Is there conventional wisdom on how much security the SD gives you above and beyond USB?

Never being connected is obviously preferable. But I’m sure the devs wouldn’t do it if it was an outsized liability.

Just learning and curious 🙏

Avatar
Vake 1y ago

This presentation by one of the guys at Bitbox claims air-gapping offers little practical benefit:

https://youtu.be/UdNxecnAcF8

As far as firmware updates goes, though, it gives me incredible peace of mind doing it via SD compared to USB, since even if the firmware update is malicious, it can’t extract your seed remotely if it’s air-gapped.

Avatar
AnonSequitur 1y ago

Awesome + informative, thank you 🙏

Avatar
ShiShi21m 1y ago

I haven't watched this presy but is he relying on the secure element?

Avatar
Vake 1y ago

Bitbox does have a secure element, but this presentation is primarily about whether or not air gapping is beneficial.

Avatar
ShiShi21m 1y ago

The reason I asked about SE, CuckCard uses 2 now so I was curious.

Avatar
ShiShi21m 1y ago

I think there is a clear benefit for Airgap, even moreso after watching his presentation.

Especially the benefit of QR signing.

Only so much data can be fit into a QR code.

Avatar
ShiShi21m 1y ago

In his defense, there was no product available that effectively signed QR transactions as smoothly as SeedSigner does today or even a year or two ago.

He did this examination in 2020-21.

Avatar
BitBees 1y ago

Followed. Great handle BTW Anonsequitur

Avatar
ShiShi21m 1y ago

You spelled CuckCard wrong