Secure Element in Hardware Wallets - page 8.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: ranochigo on January 02, 2021, 12:23:36 AM

I have quite a few discussions on it but I've never really had an argument that refuted my point that HW wallets are at the very least as secure as cold storage, when you consider all the possible attack vectors.

When considering all possible attack vectors, you come to the conclusion that a hardware wallet has a larger attack surface than an air-gapped wallet.

You can pretty much break everything down to be relatively equal.
But one important attack vector is the online machine it is used with. While in theory there shouldn't be any way to compromise the device from an online pc, this shouldn't be completely ignored.
Especially phishing attacks can work pretty well. And a vulnerability in the microcontroller and/or secure element can make the hardware wallet insecure when used with a compromised PC (which it is made for).
This attack vector only applies to hardware wallets, but not to air-gapped wallets.

I wouldn't consider a hardware wallet as secure as an air-gapped wallet solution.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: ABCbits on January 01, 2021, 08:36:11 AM

Now that i know there are open-source secure element, why don't Ledger migrate from closed-source to open-source secure element? Do they find secure element they currently use is more secure than all open-source secure element?

Apparently it is a question of security. There was some talk that they would create a new open-sourced chip, but I don't know what happened with that. There is an old reddit post from one of their team members that mentions that Ledger feels that there are currently no open-sourced chips that can be compared with closed-source chips in terms of security.

Quote

I just meant that today there are no open-source chips that can offer the same level of security as the closed-source chips. However, it is Ledger's intention to open-source as much as possible, but existing constraints within the chip industry make this a slow process.

https://www.reddit.com/r/ledgerwallet/comments/a30lc4/a_closer_look_into_ledger_security_the_secure/

ranochigo

legendary

Activity: 2954

Merit: 4158

Quote from: casperBGD on January 01, 2021, 03:55:35 PM

agree completely, but isn't that what hot wallets are for? to have wallet for your payments, that does not have all your funds in it
with fiat, you also do not hold all your funds, when you have to pay for bread and milk in the store

Depends on your needs, as with most stuff. Hardware wallets will undoubtedly protect you against physical and non-physical attacks. Plausible deniability baked into the device makes it a great device to be used to limit the losses from a $5 wrench attack. The bane is that you have to purchase a hardware wallet which depends on your holdings might be a big portion of your funds.

Quote from: casperBGD on January 01, 2021, 03:55:35 PM

thanks, that is what I thought as well, they are selling convenience, and that is ok, although if one has more funds, it is better to have several wallets, and use one or two for payments (or other type of hot wallet) and all the other store on the same way, as old laptop (for HODL purpose)

I have quite a few discussions on it but I've never really had an argument that refuted my point that HW wallets are at the very least as secure as cold storage, when you consider all the possible attack vectors. But I can stand by the fact that for most, they are considered as *equal* in terms of it's security.

Hardware wallets are expensive, the secure element is useful. If you want a cheaper but not as sophisticated alternative, use a RaspBerry Pi offline.

malevolent

legendary

Activity: 3472

Merit: 1721

Quote from: casperBGD on January 01, 2021, 03:55:35 PM

agree completely, but isn't that what hot wallets are for? to have wallet for your payments, that does not have all your funds in it
with fiat, you also do not hold all your funds, when you have to pay for bread and milk in the store

A different passphrase may be used to access long-term storage funds, or a different physical hardware wallet altogether. When making bigger payments away from home a hardware wallet will still be useful and more convenient.

casperBGD

legendary

Activity: 2156

Merit: 1151

Nil Satis Nisi Optimum

Quote from: malevolent on December 31, 2020, 09:47:32 PM

Quote from: casperBGD on December 29, 2020, 09:08:12 AM

what is a main Trezor advantage, in your opinion?

I can stick it in my pocket and connect it to my phone to pay someone when I'm away from home or abroad. A lot more convenient than taking a bigger device such as a laptop with me.

agree completely, but isn't that what hot wallets are for? to have wallet for your payments, that does not have all your funds in it
with fiat, you also do not hold all your funds, when you have to pay for bread and milk in the store

Quote from: bob123 on December 31, 2020, 12:11:40 PM

The difference is that your old laptop would be effectively an air-gapped wallet. This means it has to stay offline (not connected to any network) to be secure.
Together with encryption, that's a really solid setup. But the downside is that its not very convenient to use.

A Trezor (or other hardware wallets) have the advantage of them being used togeter with an online PC without the risk of losing coins.
Security-wise its not as good as an air-gapped wallet, but convenience-wise it is so much more pleasant to use.

You can connect your hardware wallet to an infected device without worrying to have your coins stolen since physical confirmation (in form of a button press) is needed to sign transactions.
That's what all good hardware wallets have in common. A downside of trezor is the physical security which can be avoided by using proper password encryption (which is also necessary with an air-gapped wallet btw).

thanks, that is what I thought as well, they are selling convenience, and that is ok, although if one has more funds, it is better to have several wallets, and use one or two for payments (or other type of hot wallet) and all the other store on the same way, as old laptop (for HODL purpose)

igor72

legendary

Activity: 1820

Merit: 1972

Crypto Swap Exchange

Quote from: bob123 on December 29, 2020, 06:54:10 AM

Quote from: dkbit98 on December 28, 2020, 08:12:23 AM

What are the benefits of Secure Element in Hardware Wallets?

- Seed words never leave device but they stay in Secure Element
- Secure updates
- Generating 'random' numbers
- No tempering

The mnemonic code (which you are referring to as "seed words") are not stored on the secure element.
The actual seed is stored there. The mnemonic code is only used to generate the seed.

If that were true, it would be possible to add a passphrase only during the input/generation of those 12(24) words. But at least in Ledger I can add a passphrase whenever I want.

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Quote from: ABCbits on January 01, 2021, 08:36:11 AM

Now that i know there are open-source secure element, why don't Ledger migrate from closed-source to open-source secure element? Do they find secure element they currently use is more secure than all open-source secure element?

Ledger is using ST31H320 and ST33J2M0 secure elements that are EAL6+ level of security but in combination with their normal STM32F042K chip overall security is downgraded back to EAL5+
Some Hardware like Ngrave are promising EAL7+ secure element, but as far as I know only ATECC608A is mostly open source and it can be found even in M5Stack Core2 ESP32 AWS Development Kit.

ABCbits

legendary

Activity: 2856

Merit: 7410

Crypto Swap Exchange

Quote from: Pmalek on December 28, 2020, 08:56:11 AM

It seems that Ledger has no intention of making the secure element fully open-source.

Now that i know there are open-source secure element, why don't Ledger migrate from closed-source to open-source secure element? Do they find secure element they currently use is more secure than all open-source secure element?

malevolent

legendary

Activity: 3472

Merit: 1721

Thanks for the list, OP, for some reason I thought all Secure Elements were closed source.

Quote from: casperBGD on December 29, 2020, 09:08:12 AM

what is a main Trezor advantage, in your opinion?

I can stick it in my pocket and connect it to my phone to pay someone when I'm away from home or abroad. A lot more convenient than taking a bigger device such as a laptop with me.

Coin-Keeper

hero member

Activity: 758

Merit: 606

Quote

witcher_sense : Found an old topic from Trezor explaining the reasons why they don't use secure elements https://blog.trezor.io/is-banking-grade-security-good-enough-for-your-bitcoins-284065561e9b

Great read and accurate as hell.

Spot on! I did OpSec for a living and I will take full open source hands down. There is an amazingly high probability that there are engineered backdoors in any close source "secure element" chip being mandated by Gov agencies. Tin foil hat, maybe, but the risks have shown to be entirely too prevalent for a wise person to assume them. BTC is moving to around 30K per coin so the incentive is there!

Here is my spin. Yep, my Trezor T's don't have a secure element chip. So I KNOW how they tick and so do all the other coders that care to "hit" them with everything they have in their tool belt. Along comes Trezor and GitHub and now SD encrypt completely removes the known weakness of the current Trezor T controller. Its GONE fully, so man up and learn how to use your device. Its safe and fully open source. For those that insist on continuing with closed source elements in their devices you have been warned, LOL. Let me remind members here that there has NEVER been an instance of that one controller weakness "in the wild" for Trezor T's. The "other guy" with a closed source controller/element has had numerous instances of theft happening with phished app's etc....

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: casperBGD on December 29, 2020, 09:08:12 AM

but what they are selling, just a piece of hardware with a software open-source light wallet installed on it?
what is the main difference between that solution, and same open-source software on some old laptop, that is not used for anything else, just to have access to your wallet?

why the Trezor is better (just asking, I do not think that it is not) from old laptop? and old laptop sitting somewhere is the basement could be not recognized as hardware wallet, or it would be harder than seeing Trezor as a wallet

what is a main Trezor advantage, in your opinion?

The difference is that your old laptop would be effectively an air-gapped wallet. This means it has to stay offline (not connected to any network) to be secure.
Together with encryption, that's a really solid setup. But the downside is that its not very convenient to use.

A Trezor (or other hardware wallets) have the advantage of them being used togeter with an online PC without the risk of losing coins.
Security-wise its not as good as an air-gapped wallet, but convenience-wise it is so much more pleasant to use.

You can connect your hardware wallet to an infected device without worrying to have your coins stolen since physical confirmation (in form of a button press) is needed to sign transactions.
That's what all good hardware wallets have in common. A downside of trezor is the physical security which can be avoided by using proper password encryption (which is also necessary with an air-gapped wallet btw).

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Four more hardware wallets added to the list and they all have various 'secure elements' integrated but like I said before, having secure element does not always make you hardware wallet better or more secure, and I would not recommend buying them:

-Jubiterwallet: EAL6+ SE Infineon, closed source
-Kasse HK-1000: EAL5+ ST31H320 A03, closed source
-Keevo: EAL5+ Infineon Optiga Trust-P, closed source
-Secux: EAL5+ Infineon CC, closed source

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

List is updated with CoolWallet S using CC EAL 5+ SE microchip Secure Element ~~but I couldn't yet identify what exactly chip they are using.~~ NXP P5CD081.

You can read what Kraken team found about CoolwalletS HERE in their report.

Secure element can be hacked or exploited like in any other device, that is why Android for example is having bounty program for anyone who exploits secure element in their devices.

Quote from: ranochigo on December 29, 2020, 09:23:57 AM

...

Let's not forget that Trezor Satoshilabs developers are the first one who created and used BIP39, that is now industry standard and every other hardware wallet is using it.

ranochigo

legendary

Activity: 2954

Merit: 4158

Quote from: casperBGD on December 29, 2020, 09:08:12 AM

but what they are selling, just a piece of hardware with a software open-source light wallet installed on it?
what is the main difference between that solution, and same open-source software on some old laptop, that is not used for anything else, just to have access to your wallet?

why the Trezor is better (just asking, I do not think that it is not) from old laptop? and old laptop sitting somewhere is the basement could be not recognized as hardware wallet, or it would be harder than seeing Trezor as a wallet

what is a main Trezor advantage, in your opinion?

Trezor was one of the first HW wallet maker and it was their choice to not put a secure element within their devices. Their rationale being that the main attack vector is from the net, among various other stuff [1]. I saw this counterargument (by Ledger) years ago and thought that it made more sense[2].

Trezor is designed to not be vulnerable to typical malware and viruses as its primary purpose is to receive and sign transactions, so the attack vector is pretty small. I think their firmware is also signed so that isn't a threat.

I think your final question is about HW wallets in general. As said, the secure element will mitigate the attacks as mentioned. It really depends largely on your usage. Are you confident with handling air gapped storage? Do you want a bit more convenience while ensuring the same level of security (relative)? Do you want to save money on HW wallets?

Personally, I bought a HW wallet not because it's more secure (the threats are largely irrelevant to me) but that it provides much more convenience and portability than an airgapped wallet. Trust me, a hardware wallets makes everything smoother than starting your RPI up and realising your Electrum got corrupted again and having to find and type in the seeds again.

[1] https://blog.trezor.io/is-banking-grade-security-good-enough-for-your-bitcoins-284065561e9b
[2] https://www.reddit.com/r/Bitcoin/comments/52x08n/is_bankinggrade_security_good_enough_for_your/d7odee4/

casperBGD

legendary

Activity: 2156

Merit: 1151

Nil Satis Nisi Optimum

Quote from: bob123 on December 29, 2020, 06:54:10 AM

Quote from: casperBGD on December 28, 2020, 08:20:09 AM

interesting topic, must say that I was not aware that Trezor does not have any secure element inside

That's the reason the trezor is highly vulnerable to physical attacks.
The trezor needs further protection mechanisms (e.g. strong password) to be sure that an evil maid attack won't make you lose your coins.

but what they are selling, just a piece of hardware with a software open-source light wallet installed on it?
what is the main difference between that solution, and same open-source software on some old laptop, that is not used for anything else, just to have access to your wallet?

why the Trezor is better (just asking, I do not think that it is not) from old laptop? and old laptop sitting somewhere is the basement could be not recognized as hardware wallet, or it would be harder than seeing Trezor as a wallet

what is a main Trezor advantage, in your opinion?

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: dkbit98 on December 28, 2020, 08:12:23 AM

What are the benefits of Secure Element in Hardware Wallets?

- Seed words never leave device but they stay in Secure Element
- Secure updates
- Generating 'random' numbers
- No tempering

The mnemonic code (which you are referring to as "seed words") are not stored on the secure element.
The actual seed is stored there. The mnemonic code is only used to generate the seed.

Secure updates and a RNG does not require a secure element. Any crypto co-processor is sufficient for this.

Yes, a secure element helps against tampering.

Quote from: casperBGD on December 28, 2020, 08:20:09 AM

interesting topic, must say that I was not aware that Trezor does not have any secure element inside

That's the reason the trezor is highly vulnerable to physical attacks.
The trezor needs further protection mechanisms (e.g. strong password) to be sure that an evil maid attack won't make you lose your coins.

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Quote from: witcher_sense on December 28, 2020, 09:40:40 AM

What part of Microchip ATECC608A is open source?

Some Hardware Wallet manufacturers are using Microchip ATECC608A and they claim Firmware they use is open source. Passport wallet released everything on their github.
Same chip is used for other devices, not just hardware wallets, and most of it is released on github, but full datasheet is under NDA:
https://github.com/MicrochipTech/cryptoauthlib

No chip or secure element is perfect and there will always be some bugs, but I am not so sure about government backdoors.

witcher_sense

legendary

Activity: 2310

Merit: 4313

🔐BitcoinMessage.Tools🔑

Quote from: dkbit98 on December 28, 2020, 08:12:23 AM

ColdCard Mk3: Microchip ATECC608A covered by epoxy, open source

I have some questions, not a tech-savvy person, just curious.

What part of Microchip ATECC608A is open source? As far as I know, Microchip has stopped publishing datasheets for their microchips after ATECC508A version, further versions are all NDA. Can I trust these secure elements if data is no longer available for everyone to see and check? How can I be sure that governments haven't forced Microchip to implement some backdoors to steal my crypto?

Found an old topic from Trezor explaining the reasons why they don't use secure elements https://blog.trezor.io/is-banking-grade-security-good-enough-for-your-bitcoins-284065561e9b

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Quote from: Pmalek on December 28, 2020, 08:56:11 AM

It seems that Ledger has no intention of making the secure element fully open-source.

NDA with chip manufacturer is very important, but who cares about 'stupid' customer data...it is open for everyone Roll Eyes

They don't want to ever change this, and that is why my open source wallets of choice would be ColdCard mk3, BitBox02 and CoboVault and not in that specific order.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

The summary page states that the vulnerabilities discovered in the Ledger Nano S were all fixed. But since it's closed source, it can't be reviewed. Unless there is a newer research that confirms the vulnerabilities are still there, can we assume this is no longer a threat?
As an extra tip, waiting a few weeks before performing a firmware update wouldn't be bad if someone has reasons to believe the servers might be hacked and are storing a fake firmware.

It seems that Ledger has no intention of making the secure element fully open-source.

Quote

We're great supporters of open-source and strive to open-source as much of our software as possible. In that light, we will soon open-source the part of the firmware that is responsible of displaying the dashboard where you can see the apps. The parts of the firmware that interact with secure parts of the Secure Element will not be open-sourced, since they are based on proprietary technology, protected by patents and an NDA we signed with the chip manufacturer.

https://www.reddit.com/r/ledgerwallet/comments/e1wh5q/is_ledger_going_to_make_the_firmware_open_source/

Topic: Secure Element in Hardware Wallets - page 8. (Read 3075 times)