Author

Topic: Should hardware wallets use secure elements for max security? (Read 198 times)

legendary
Activity: 2730
Merit: 7065
what if I forget or lose the passphrase?
If you lost just the password, aka the 25th seed word, you might be able to recover it. Brute forcing it with the appropriate software could work if you know parts of the passphrase, special characters used it it and how it should look. If you have no idea what the passphrase was brute forcing it would be impossible or take a lifetime.
newbie
Activity: 3
Merit: 0
Your crypto is particularly vulnerable to physical attacks if your hardware wallet doesn't have a secure element. Physical attacks or a lost device are always going to be a threat to Hodlers, but all the more so if your hardware wallet doesn't have a secure element.

Any thoughts?

While its true that hw wallet can be vulnerable to physical attacks, if you dont have a strong additional passphrase, an secure element could be just as vulnerable. Some wallets have taken additional steps to wipe the private key from the hw wallet if the wallet is opened or tampered with, which is a smart move, but could also be problematic. Having an additional passphrase will provide more protection since its not stored on an hw wallet and you could also split your coins across different passphrases.
There is actually a good reason why a hardware wallet should use a secure element. It ensures that your private key never leaves your hardware wallet, even if your phone or software is compromised. It's like your best final line of defense. Also...what if I forget or lose the passphrase?
HCP
legendary
Activity: 2086
Merit: 4361
Well, this is why I suggested ledger o trezor, and not shitkeys
It's worth noting that both Ledger and Trezor have been affected by "exploits" in the past... The Trezor ONE actually has a similar (the same?) problem as the KeepKey, as they use the same micro-controllers...

https://medium.com/@Zero404Cool/trezor-security-glitches-reveal-your-private-keys-761eeab03ff8
https://medium.com/@Zero404Cool/frozen-trezor-data-remanence-attacks-de4d70c9ee8c

I guess this is the problem with being "popular"... you're always going to be the target Undecided
legendary
Activity: 2352
Merit: 6089
bitcoindata.science

The maximum security for now for your bitcoins is a ledger nano or a trezor.
Without a secure element, the hardware wallet cab be easily hacked with side channel attack. Check this: https://thenextweb.com/hardfork/2019/12/10/cryptocurrency-shapeshift-keepkey-wallet-cold-hacker-voltage-attack/

Well, this is why I suggested ledger o trezor, and not shitkeys

You cannot buy any shitful product and just because it is labeled"hardware wallet" expect it to have security.
jr. member
Activity: 40
Merit: 1
I don't understand what is the op so worried about.
If you lose your device and for some reason a hacker finds it, he will not be able to steal your funds, unless if it is a zero day exploit (which nobody knows any for now).
If someone try your pin 3 times  device will reset.

The maximum security for now for your bitcoins is a ledger nano or a trezor.
Without a secure element, the hardware wallet cab be easily hacked with side channel attack. Check this: https://thenextweb.com/hardfork/2019/12/10/cryptocurrency-shapeshift-keepkey-wallet-cold-hacker-voltage-attack/
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
I don't understand what is the op so worried about.
If you lose your device and for some reason a hacker finds it, he will not be able to steal your funds, unless if it is a zero day exploit (which nobody knows any for now).
If someone try your pin 3 times  device will reset.

The maximum security for now for your bitcoins is a ledger nano or a trezor.
sr. member
Activity: 1344
Merit: 307
Your crypto is particularly vulnerable to physical attacks if your hardware wallet doesn't have a secure element. Physical attacks or a lost device are always going to be a threat to Hodlers, but all the more so if your hardware wallet doesn't have a secure element.

Any thoughts?

While its true that hw wallet can be vulnerable to physical attacks, if you dont have a strong additional passphrase, an secure element could be just as vulnerable. Some wallets have taken additional steps to wipe the private key from the hw wallet if the wallet is opened or tampered with, which is a smart move, but could also be problematic. Having an additional passphrase will provide more protection since its not stored on an hw wallet and you could also split your coins across different passphrases.
legendary
Activity: 2730
Merit: 7065
They should have a secure element, yes. The secure element is where the private keys are generated and stored and it makes sure that your private keys never leave the safety of the device.

Ledger explains the Secure Element topic very well here > https://www.ledger.com/academy/security/the-secure-element-whistanding-security-attacks/
newbie
Activity: 14
Merit: 0
Your crypto is particularly vulnerable to physical attacks if your hardware wallet doesn't have a secure element. Physical attacks or a lost device are always going to be a threat to Hodlers, but all the more so if your hardware wallet doesn't have a secure element.

Any thoughts?
Jump to: