This cannot be said about SEs
It is like saying people are cowards because they do not buy your stuff when you also give it out for free and demand an egregious price
Yeah… unfortunately shitty memes are not worth $1
bitkey uses a silicon labs efr32mg24 secure mcu rather than a traditional secure element. we chose this for better transparency & open source while maintaining strong security features like puf-encrypted key storage and side-channel attack protections. as nostr:nprofile1qyx8wumn8ghj7cnjvghxjmcpz4mhxue69uhk2er9dchxummnw3ezumrpdejqqg8zp79rswk9u9fkvyquzcywunenl29j67f9pn4jkk52h2jrjjnw0sg43a9l mentioned more information are here: https://bitkey.build/processing-our-processor-choice/
The side channel attack countermeasures only apply to hardware accelerated encryption. The Bitkey does not use these blocks
The used cryptography libraries lack DFA, DPA or other SCA and fault countermeasures
Certain product types of the MCU the Bitkey uses have reduced fault countermeasures
It also does not appear that there is any sort of countermeasures against LFI, or probing attacks, allowing extraction of keys in memory
it is economically infeasible to:
- Make an IC design that uses only open IP blocks
- Find a good process node with an open PDK
- Do reproducible synthesis, placement, routing and other steps of the ASIC flow
- Verify with extremely high confidence that ICs received are the same as the sent mask
that’s way more accurate
The problem: navigation tools keep recommending garbage
And the ones in the Coldcard/Passport are known to be weak
The Jade security model is broken if Blockstream servers are hacked and someone gets physical access to your device
nostr:atnevent1qqsxh0s82qh5xykyska44l2un0ykl65nmf2cwymd94880h8xv3jnf8qpzpmhxue69uhkummnw3ezumrpdejqzrthwden5te0dehhxtnvdakqz9thwden5te0dp5hxapwdehhxarj9ekxzmnyqyv8wumn8ghj7un9d3shjtnwdaehw6r9wfjjucm0d5vv2k6q
if you care about security and want an HWW without all the bullshit, reply/zap and I will add you to a waitlist 👀
(or as a developer, if you want security-hardened processors or SEs, DM me) nostr:note1gxspmttnwxy7vdd5vm2exzd34dxcpdqjfyazz5ryghdjs4jmd4fs8eypxm
Anyone know which hardware wallets use this chip?
nostr:npub1jg552aulj07skd6e7y2hu0vl5g8nl5jvfw8jhn6jpjk0vjd0waksvl6n8n Jade ?
nostr:npub1s0vtkgej33n7ec4d7ycxmwt78up8hpfa30d0yfksrshq7t82mchqynpq6j Passport/Prime ?
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 ColdcardQ ?
Any others?
nostr:note1gxspmttnwxy7vdd5vm2exzd34dxcpdqjfyazz5ryghdjs4jmd4fs8eypxm
Only Jade
NVK’s Satslink device which they never actually released, even though they had preorders planned to use this
Backdoor found in ESP32 chips that allow arbitrary memory access and more remotely via Bluetooth
The number of people following spambots like nostr:nprofile1qqsqrd09hfxrc9rv6m5sufax34wteym36pea406dwuz2hzsxkl5sykqprdmhxue69uhhwmm59ejx7amwd9ek7mn5dpjh2upwvdsj7gwezw3
how much would you pay for a spambot filter that wasn’t a dumb WoT
you can’t choose how much free money you get, sorry nostr:note1g5l2grvrmj3nrwectvx8r46xuafe0hmapmjgcykp3pajl0suzqtqvs9pnj
They are not included in the send as your zap amount is just the received amount
So you are guaranteed to have losses
I am not going to try to explain economics but if one person has sent more sats than they received, at least one person has received more than they sent
none lol