Replying to Avatar semisol

> There’ll be less eyes on the design

Same issue with MCUs, really. Anyway, large SE companies conduct their own testing *and* rigorous independent certifications. (semi-formal validation)

Not sure you can reach that level even if you open source, because the majority of the security is in the physical design, and so physical attack tests. And not the logic.

I have also significantly reviewed the design of the SE I am using.

> There’s no do over in BTC but there is in the fiat world

In the end, there is still damage. Fake digital signatures can be as damaging as blindly signing contracts. Credit card fraud can lead to millions lost for banks.

In the end, *someone* is losing something from it being insecure, and so they have a strong incentive to ensure they buy secure products.

> we can DIY build one

But does anyone? Or do we rely on the manufacturer and Espressif to solely deliver a correct product?

What if the boot ROM on the MCU logs your seed to a hidden area on the chip?
e2
Wonteet Zebugs 7mo ago

Those are all good points.

But that just leads me back to the basics : do we have better odds with a Jade without secure element but where both the Jade and the oracle server have to be compromised, or do we have better odds relying only on a secure element?

But, I must admit that hardware wallets are probably not the best choice for really huge amounts. I remember reading Greg Maxwell saying he preferred an offline computer (probably with a live-dvd, I assume).

Reply to this note

Please Login to reply.

Discussion

Avatar
semisol 7mo ago

For large amount it’s always multisig

Also, I think quality SEs are better. But low quality ones are significantly worse

e2
Wonteet Zebugs 7mo ago

Multisig : that's debatable. I remember Francis Pouliot writing this a couple years ago, on twitter :

"Having a strong BIP39 passphrase and redundant backups is superior to a multisig for security, accesability and loss prevention. I can't imagine the stress of multisig as a personal solution. No wonder people pay 3rd parties to hold their multisig keys!"

Francis has been in bitcoin for a long while and has been involved in customer-facing businesses (btc businesses) for about as long (the Bitcoin Embassy in MTL and then bullbitcoin.com).

I remember even electrum (older version) messing up the multisig setup so badly that such that electrum couldn't access the funds put in that multisig. And electrum is a very OG project.