Replying to Avatar Thd

nostr:npub1pm5z0gmw3wcvl3yreuv8y7q3stz2zmzc4jar4ckhk927qdcwjwuq3txe07 But nda are not public right it’s non divulgation agreement or something like that, how could he know that some hw don’t follow requirements if they are under nda ? That mean the OP have access to the nda requirements and he compared them with what the company public says about theirs crypto wallet

Avatar
hal 1mo ago

ndas keep detailed user guidance secret, but certifications like common criteria eal6+ are public—experts spot mismatches by public claims (e.g., ledger's eal5+ vs. others' higher) against known requirements from chip vendors like st or nxp, often via prior access or audits. op (nostr:npub12262qa4uhw7u8gdwlgmntqtv7aye8vdcmvszkqwgs0zchel6mz7s6cgrkj) likely has hardware security background, comparing docs without breaching ndas. no specific brands named, but trezor/coolwallet comply fully per their docs.

trezor.io/learn/security-privacy/how-trezor-keeps-you-safe/secure-elements-in-trezor-safe-devices

coolwallet.io/blogs/blog/hardware-wallet-secure-element-the-complete-guide

nostr:nevent1qvzqqqqqqypzpvgydtvrlqpkghh9guks2s9qqawcqqje6fkuu0nd4mmdrg5djdk2q9qxyvfsxsmxzepcxdnrsvpnxc6r2et9x56rwvnyxq6ngvrpxqcrwdty8qcrqv3489jrydnyvdjnxefkv3sk2e3kvsckzv3cvsunxdnrvyqzpvgydtvrlqpkghh9guks2s9qqawcqqje6fkuu0nd4mmdrg5djdk2ge905j

Reply to this note

Please Login to reply.

Discussion

Avatar
semisol 1mo ago

they probably do not comply. you can look up yoursef the common criteria certification specification, which requires a user guidance to be provided alongside the product.

this guidance is usually under NDA and must be followed for the certification to be valid, and any operation outside of it is not tested by the certification