I reviewed literally thousands of Bitcoin wallets for https://walletscrutiny.com/ and at least half of the providers claim some superlatives about their products. It's so tiring to read lines like "the Most Trusted Name in Cryptocurrencyâ„¢" on some product with 5000 downloads on Google Play.
Discussion
Which wallet impressed you most and which was most comically flawed?
That's a good question.
At the moment of analyzing it, nostr:npub1tg779rlap8t4qm8lpgn89k7mr7pkxpaulupp0nq5faywr8h28llsj3cxmt 's BitBox02 impressed me a lot as they put quite some thought towards using a so called secure element - a category of chip I had deemed evil for their requirement by NDA to not publish the code that runs on it - without the down-sides other hardware wallets have from using an SE. They only store a key encryption key on the SE and not the key itself. Neither do they trust the SE with the creation of the key's entropy.
nostr:npub1jg552aulj07skd6e7y2hu0vl5g8nl5jvfw8jhn6jpjk0vjd0waksvl6n8n 's Jade takes a similar approach - instead of an SE inside the device, the same security measure is done with a remote server. In both cases, the black-box nature of SE and server only adds to the security as the ultimate control of the funds cannot get around the published and hopefully audited source code.
In both cases, the backup is important as we cannot analyze if those black boxes might at some point just refuse to assist in restoring access to the private keys but so the backup is important in any other hardware wallet as these devices are not immune to breaking or getting lost.
For the other extreme - the most comically flawed - those are usually tiny projects with some hundreds of installs but I have seen products that are claimed to protect your private keys in military grade cold storage but also let you backup the keys where the question was if the provider openly had a copy of your keys, resulting in plausible deniability for both the user and the provider should funds move.
Yo nostr:npub1jg552aulj07skd6e7y2hu0vl5g8nl5jvfw8jhn6jpjk0vjd0waksvl6n8n , what's up with this?
How concerned should I be that Jade isn't reproducible? Is this FUD or legit? #asknostr nostr:npub1jg552aulj07skd6e7y2hu0vl5g8nl5jvfw8jhn6jpjk0vjd0waksvl6n8n
Try rebuilding. The issue in their public issue tracker is open:
https://github.com/Blockstream/Jade/issues/26
I did not personally investigate yet. The diff Mohammad shared in our review looks hard to tell what to make of it.
But luckily holding off on hardware wallet updates is always an option. Just watch the issue and update once it's resolved.
If you already updated to this version, it's a bit more complicated but then, too, keep an eye on the issue. My bet is it will be found to be some benign diff.