- This topic has 4 replies, 2 voices, and was last updated 8 months, 1 week ago by Castr0-.
- Thursday, March 31st, 2022 at 16:53 #205435FisyrParticipant
I was curious how well protected hardware wallets are in case a theft of the physical device happens. The way I understand it is that the wallets store your private key to sign any cryptocurrency transactions, but is there any mechanism that would prevent a competent hacker from dumping whatever information is stored in the wallet and recover the private key?
I know that these wallets use pins, but I presume these pins are not used in any kind of a private key derivation algorithm, so I wouldn’t expect it stopping someone who can take the device apart and knows what they are doing. I probably make it sound a lot easier than it actually is, but is it a valid concern?Thursday, March 31st, 2022 at 16:53 #205436PotentialClassroom75
I think kraken actually showed a few years ago that you could extract the seed from a trezor even if it means destroying the device. I wonder if a passphrase does anythingThursday, March 31st, 2022 at 16:53 #205437kasert778
Java smartcard type devices have had anti physical tampering security features for decades. Very tough to hack. The thing essentially self destructs when messed with.Thursday, March 31st, 2022 at 16:53 #205438brianddk
Trezor memory can be accessed through a glitch trigger in the STM32 hardware. If the memory is encrypted (default in later firmware), it needs to be decrypted. The encryption can either be based on a user key (PIN, weak), or a machine key (salt, strong).
If memory is decrypted, then the seed mnemonic can be extracted. If a BIP39-passphrase is used, the mnemonic is not enough to derive the keys, the passphrase is needed as well. Passphrase is not stored anywhere in the device so the user must memorize it and not forget it.
So countermeasures for Trezor are strong PIN (11-12 digits), strong passphrase, or using a salt file.
For ColdCard, I believe the stored memory can be accessed by delaminating the chip with a high precision laser. But that may be an old exploit, I don’t know the details.Thursday, March 31st, 2022 at 16:53 #205439Castr0-
That is too much technicall question. Just make sure that hardware wallet is in a safe place.
- You must be logged in to reply to this topic.
Related Forum Topics:
- → Any good resources on how to be safe (don’t get hacked/scammed) when using hot wallets? No hardware wallets, just rules to follow when browsing with online wallets.
- → A class action against Facebook, Google, Twitter against their attack on Cryptocurrency,Future class action Against Banks which improperly frozen customer accounts even in legitimate Crypto transactions
- → Aside from Ledger and Nano Hardware wallets, are there any cold storage wallets currently under development that supports ETH? Are there new features and inventions in the cold storage wallet industry?