Oddbean new post about | logout
cryptowolf | 10 months ago (raw) | root | parent | reply | flag +4 
 I re-read your message regarding not knowing the technical nuances.

I personally do know the technical nuances for most hardware wallets and always advise people to use something that is fully open source hardware, firmware, and software as well as  an opensource secure element.

Currently the new Trezor is the only one out there with all this in mind and fully offline seed storage.

Also the most user friendly and versatile for newbies.
nostr.build | 10 months ago (raw) | root | parent | reply | flag +5 
 Coldcard and Passport are both open source and fully off-line.
Problem with Trezor is you have to plug it into the computer. Coldcard and Passport are fully air gapped..
cryptowolf | 10 months ago (raw) | root | parent | reply | flag +5 
 Coldcard has a proprietary secure element.
No thank you.  

Signing transactions by scanning QR codes off screens have also been exposed to have security flaws.
cryptowolf | 10 months ago (raw) | root | parent | reply | flag +4 
 "It is impossible to hack a Trezor without being able to touch the Trezor. It doesn't matter if it is connected to your computer, and the hacker has control of your computer. They won't be able to physically touch/press the confirm button the Trezor. (Nor would they be able to put in the pin number if it is a model T) Now, if you have your seed phrase saved on your computer... that's a different story."
BTCapsule 🏴🧡 | 10 months ago (raw) | root | parent | reply | flag +4 
 If I’m not mistaken, the creators of Trezor developed BIP39/84 and they are the reason we have HD wallets and mnemonic seed phrases.
henq | 10 months ago (raw) | root | parent | reply | flag +1 
 I remember HD wallets before Trezor. There was Multibit with unrelated private/pubic keys pairs, that became later Multibit HD, before the arrival of Trezor, iirc
nostr.build | 10 months ago (raw) | root | parent | reply | flag +3 
 Coldcard actually uses two different third-party, known elements, and overall there is more risk plugging your signing device into a computer than using psbt / chip transfer/ QR codes.
Personally, I don’t want my signing device to touch the computer. Some people might be more likely to lose their seeds, so a device like Jade or BitKey might be ideal.
Ultimately I think all the devices we have talked about are very secure, and it is just a matter of preference. 

“The COLDCARD Mk4, unlike its predecessors and other products like it on the market, has two Secure Elements (SE) : Microchip’s ATECC608B (which we will refer to as SE1) and Maxim’s DS28C36B (referred to as SE2)”

https://blog.coinkite.com/understanding-mk4-security-model/
toxicbitcoiner | 10 months ago (raw) | root | parent | reply | flag +4 
 AFAIK there is no such thing as an open source SE.
cryptowolf | 10 months ago (raw) | root | parent | reply | flag 
 Trezor's secure element is open source.
Stated this in the notes above.
toxicbitcoiner | 10 months ago (raw) | root | parent | reply | flag +2 
 Only 1/3 of the Trezor devices currently available has a SE. I see nothing on their site about the SE being open source. Last time I checked, a few months ago, there were no open source SEs on the market anywhere.
cryptowolf | 10 months ago (raw) | root | parent | reply | flag 
 Correct 1 out of the 3 optjons they offer has an SE for those that think they need an SE.   

Hahaha you obviously don't dig deep enough.
You could have always looked into what kind of SE they use, and the license associated with a quick web search.

Just read the headlines.  Good for your "toxic bitcoiner". 😆