Altcoins Talks - Cryptocurrency Forum
Crypto Discussion Forum => Cryptocurrency discussions => Topic started by: CryptoGirl on October 27, 2017, 10:40:22 AM
-
The Trezor
The Trezor is a relatively simple device that is powered by a micro-usb connector. It has a very simple injection molded plastic case with two plastic buttons and an LCD screen. Interestingly, the plastic case is joined together with what appears to be cyanoacrylate or super glue.
The Trezor uses a standard STM32F205 as the only microcontroller which creates a large hardware-based attack surface. This is a very common standard ARM Cortex M3 32-bit processor. This is not considered one of ST’s secure MCUs nor is it any sort of secure enclave. This general purpose MCU is where the private keys are generated and stored. Due to these reasons, the Trezor does not have a common criteria security certification.
(https://cdn-images-1.medium.com/max/1600/0*K_pUTtG7TQa-B6dB.)
The Ledger Nano S
The Ledger Nano S is also powered by a micro-usb, has two user input buttons, and an on-board screen. The biggest difference between the Trezor and the Ledger is the Ledger has two microcontrollers instead of just one. The first microcontroller is the STM32F042K and the second microcontroller is the ST31H320. The STM32F042K is very similar to the STM32F205 used in the Trezor with the notable exception that it has an internal rather than external clock. More interestingly, the Ledger has a proper bank grade ST31H320 secure enclave where the wallet’s private keys are stored. The ST31H320 finds itself already used in many other applications including banking, identification, and pay TV. Further, it meets EAL6+ common criteria security standards. The combined ST31/STM32 architecture has a lower but commendable EAL5+ certification. In addition to securely storing private keys, the secure enclave is able to store a device key which provides a high degree of assurance that the ledger device is not counterfeit and has not been compromised in the supply chain.
(https://cdn-images-1.medium.com/max/1600/0*lS52j7f7E8puVuBh.)
https://blog.gridplus.io/hardware-wallet-vulnerabilities-f20688361b88
-
And why are the hardware wallets vulnerable?
-
hardware wallets are still safer than online wallets. unless there's an emp...
-
According to the article, it's Trezor the one which is potentially vulnerable (at least when tried to be physically hacked) but ledger is far more secure.
-
I believe hardware wallets to be more safer than online wallets, because hardware wallets are somewhat offline and almost impossible to be hackable
-
I think the hardware wallets, especially ledger, are much more safer, because you are aware of e.g. keyloggers. But of course, you always have to be careful.
-
I guess the main point of this post is that even hardware wallets, which most consider as the safest, needs more improvement.