thejohn on Nostr: So I wanted to deep dive on the old NONCE attack on hardware wallets, specifically ...
So I wanted to deep dive on the old NONCE attack on hardware wallets, specifically whether the COLDCARD Mk4 leverages each of it's True Random Number Generators (TRNG) on both secure elements to generate random numbers and combine them using XOR.
Checking out this blog post... and HOLY SHIT, my respect for COLDCARD's security just skyrocketed. They don’t just use both secure elements but they also throw in the Microprocessor’s TRNG and XOR them together, with all of them chatting over a few millimeters of copper via encrypted comms. And that’s just scratching the surface!
No wonder NVK (npub1az9…m8y8) loses his mind when people use Raspberry Pis as hardware wallets.
This is the blog post:
https://blog.coinkite.com/understanding-mk4-security-model
It's worth a read if you want a wow moment 🙂
Checking out this blog post... and HOLY SHIT, my respect for COLDCARD's security just skyrocketed. They don’t just use both secure elements but they also throw in the Microprocessor’s TRNG and XOR them together, with all of them chatting over a few millimeters of copper via encrypted comms. And that’s just scratching the surface!
No wonder NVK (npub1az9…m8y8) loses his mind when people use Raspberry Pis as hardware wallets.
This is the blog post:
https://blog.coinkite.com/understanding-mk4-security-model
It's worth a read if you want a wow moment 🙂