pull down to refresh

this territory is moderated
7 sats \ 2 replies \ @klk 23h
Nice article! But the biggest advantage of a SeedSigner is not the airgapdpness (?) but the supply chain attack cost.
The problem with hardware wallets is that there is a required amount of trust in the supply chain and the tamper proof methods of the manufacturer. But how the hell can I know that you haven't gotten some tempered hardware yourselves on the first place or that an old employee hasn't kept some tamper proof bags for later use.
It's about trust and probability. But having a device built from generic hardware and without any possible way (storage, cable, wireless) of communicating the stolen keys in case of malicious code or hardware, gives you peace of mind.
What you give up is having your seed protected behind a security chip. But for HODL wallets that's fine. And allows you to create key QRs for you and loved ones for free.
reply
113 sats \ 0 replies \ @bitbox OP 22h
There are good ways to protect against malicious supply chains, like cryptographic tamper protection as we use: https://blog.bitbox.swiss/en/supply-chain-attacks/
For the issue that the BitBox could be compromised by a rogue employee, we have implemented Anti-Klepto, which prevents your seed from secretly being exfiltrated via signature nonces (also known as Dark-Skippy): https://blog.bitbox.swiss/en/how-almost-all-hardware-wallets-can-steal-your-seed/
With generic hardware, you're not solving this problem, but only moving it. Suddenly you don't have to worry about the hardware being malicious, but the code that you're flashing. Hardware wallets are made so you don't have to trust your host device, but if you're flashing your firmware from the host device to the generic hardware, that's where you're exposed to a potential attack surface.
/Joko
reply
Agreed, on all counts. I'm not associated with BitBox, I just remembered they had already posted their take on airgap and figured I'd share with you. Let's see what they have to tell you later on this too! Cheers.
reply