Nostr Web Client

NVK said he would never use a trezor because it doesn’t have a secure element. He even said he’d rather use a ledger because if someone gets your trezor they can extract the keys.

Cyph3rp9nk 2y ago

It is a known vulnerability in trezor that is patched with a passphrase, in return your software, firmware and hardware are open source.

In the next generation of trezor the problem of not using secure element is fixed with tropic square, an open source secure element.

Jade solves the problem of not using secure element by using a kind of software secure element, a kind of multi-signature, again all open source.

Although coldcard has a good architecture by using two secure elements to not trust each other, cryptography should not rely on black boxes, because that is trust and cryptography should not require trust.

Reply to this note

Please Login to reply.

Discussion

Peris 2y ago

When you say the vulnerability is patched with a passphrase you mean there is no way they can extract anything from it without the passphrase, is that right?

RealJohnDoe 2y ago

I would never use a device with a secure element. I use a Trezor Model T. I think my security hack is much better then what any device manufacturer does.

I just use a high entropy passphrase\password from an extremely hardened and secure keepass vault.

I have it set up so that it's extremely easy and quick to use. With auto type obfuscation and much more.

I'm not as worried about them hacking my seed phrase from a device, as I am about them getting one of my backups.

But the probability of them getting both my seed phrase and passphrase is extremely low. Without both, any one is useless..🤔🙂