Jades don't have "secure element" chips in them. This was a design choice since 90% of all "cracks" of hardware wallets involve disrupting the secure element to gain control.
As a result of no secure element, the way the device encrypts the data on it (your seed) is by using the pin you enter. Obviously a 5 digit pin is a very small keyspace (which would be trivial to crack), so what happens is that pin is itself key-stretched to become a much larger encryption/decryption key off-device by using the website.
So the back-and-forth scanning of QR codes does that, essentially the "secure element" is the website / blind oracle which transforms your 5 digit pin into a proper encryption/decryption key.
Thank you. That comforts me a little. So the exchange has nothing to do with your seed (since you have to enter the pin before the seed anyway) and after it gets the pin and before it gets the seed it has no outside connection to the world again?
Correct. The only thing the pin+exchange is used for is to temporarily load the decryption key into the devices RAM. At no point is your seed - either in encrypted or decrypted form - ever off the device.
What happens if the blockstream website to "unlock the pin" goes away?
IIRC you can run your own pin server
Yes, just found this when you commented: https://help.blockstream.com/hc/en-us/articles/12800132096793-Set-up-a-personal-blind-oracle
What does it do? Verify the integrity of the device?
Jades don't have "secure element" chips in them. This was a design choice since 90% of all "cracks" of hardware wallets involve disrupting the secure element to gain control.
As a result of no secure element, the way the device encrypts the data on it (your seed) is by using the pin you enter. Obviously a 5 digit pin is a very small keyspace (which would be trivial to crack), so what happens is that pin is itself key-stretched to become a much larger encryption/decryption key off-device by using the website.
So the back-and-forth scanning of QR codes does that, essentially the "secure element" is the website / blind oracle which transforms your 5 digit pin into a proper encryption/decryption key.
Thank you. That comforts me a little. So the exchange has nothing to do with your seed (since you have to enter the pin before the seed anyway) and after it gets the pin and before it gets the seed it has no outside connection to the world again?
Correct. The only thing the pin+exchange is used for is to temporarily load the decryption key into the devices RAM. At no point is your seed - either in encrypted or decrypted form - ever off the device.
And it seems easy enough to setup the local pin server
In the camera on the Plus better than the old one and can it handle multi-sig QR codes?
Thanks Sessions.
A neat feature of the Jade Plus is that it can be used as a stateless signing device like the SeedSigner.
I have mine. The log in via website url QR thing is weird. They should also move it to the unlock Jade section and out of the QR section.
Bought it to play with and replace a Nano S. Prefer Seedsigner overall but its a decent unit.
🔗 Privacy-friendly: https://yewtu.be/watch?v=rv_cN7F7-TM