Oddbean new post about | logout
 I think it’s time for me to get a new hardware wallet.

I’ve been using a Ledger Nano S for many years now. It must be six years at this point.


I need a wallet that supports #Bitcoin and #Monero, which only leaves Ledger and Trezor (not aware of any other).

I feel like Ledger has made multiple L’s in the last few years.

Trezor seems more based, so I’ll probably get the Trezor Safe 5. 
 Id just have a dedicated Graphene phone with a strong passphrase and Stack Duo .

but maybe your threat model is different. 
 cupcake was just released today. monero only tho 
 Tried searching for it.

Is it the new mobile app by the same guys that make Cake Wallet?

Cause that’s not a hardware wallet, like I’m looking for.

I’ve used Cake for a long time, but want a hardware wallet to store the majority. 
 Yep, it's the new wallet by cake, and what it does is you are supposed to install it on a backup phone that you do not use, and that becomes your hardware wallet. Since something like a Pixel or an Android or an iPhone is a more general device, it doesn't look like you're buying a crypto hardware wallet. It does not have any internet or network permissions and transfers data between itself and cake wallet with live QR codes in order to sign transactions. 
 The big advantage Ledger had for a long time was physical attack resistance with a secure element. Trezor wallets originally didn't use them, and had vulnerability disclosures where a skilled actor could dump encrypted device PINs which could be used to brute force them.

Using an additional passphrase and (on applicable models) a microSD card as a key would mitigate this issue but both the security of the passphrase and the threat actor not having the microSD card is important to make this countermeasure effective.

Trezor didn't use them until the Safe 3 and later. Safe 3 and 5 are far more secure than their predecessors.  
 Blockstream jade is secure enough? I see on their website it says it use a virtual secure element..not sure what's means . 
 Jade doesn't have a secure element, so a second independent device is involved in decrypting the device's sensitive data to make the wallet resistant to attacks.

Connecting a Jade to a device with a companion app and typing the correct PIN will connect the device to a remote server ran by the manufacturer (called a Blind Oracle) which then sends back a decryption key to decrypt the Jade and make it useable.

The seed phrase in the Jade is stored on the flash storage, but it is encrypted with a key split between the Jade and oracle. The PIN is used and set up during the key exchange with Oracle and you can't test that it's a correct PIN without connecting to the oracle.

Not really a fan of the "virtual secure element" naming but that's my opinion. It essentially makes the device secure by not having the device keep any unencrypted sensitive data such as keys in the same device. Some might say it's jumping hoops, but it works and also keeps the device cheap.

For higher threat models the Jade can run stateless, which is essentially the exact same as a SeedSigner where you scan a SeedQR or a insert a seed phrase and perform the operations. The device clears when powered down. You can also run your own oracle but I don't know much about that.

Jade and SeedSigner run on a threat model that they know their hardware isn't secure enough, so they either never store any seeds, or store them encrypted and involve a secondary source or device in the decryption or access procedure to compensate. Both of those projects depend on commercially available hardware and you can run Jade software on a M5Stack or other product. I don't see anything wrong with Jade but I prefer Trezor above them because of other features.
 
 (You can also DIY your own Trezor like Jade and SeedSigner but they'd have the same hardware security as the older models - if not less. Would be better if the Trezor ran stateless in DIY models.) 
 Ledger support for liquid is basically nothing (there's an old app for ledger nano s, which is ancient now, not even sure the app still works..). Does Trezor fare any better?

I got a jade just for liquid, but it's my least favorite hww. 
 I don't use Liquid and to my knowledge Trezor have zero plans to add support for it. I imagine since it's Blockstream that their own products would be the best choice for anything using Liquid. 
 Thank you, so if the jade can't connect to the oracle server you can't access your funds..interesting.. but you still have your 12 words or the alternative is to use a seedQR like a seedsigner 
 You'll still have the 12 digit seed phrase that you backed up, but on the Jade it is stored encrypted after setup and can't be decrypted without the Oracle.

If that happened then you'd insert the seed phrase into the Jade manually / from the stateless mode to access your funds. You'd also need to do this after you typed the PIN wrong 3 times as it clears the Jade and the oracle data as a security measure. 
 SeedSigner/XMRSigner or Cupcake are good alternatives.