Dr. Bitcoin, MD's avatar
Dr. Bitcoin, MD drgo@nostrplebs.com 1 year ago
That’s very easy. Step 1) suppose the secure element is backdoored Step 2) stay air gapped forever Step 3) input your own entropy from dice rolls Step 4) after signing a transaction, verify the transaction signature on your own node before broadcasting (which I believe but am not certain is done anyway)…just in case the signature is invalid and merely an attempt to disclose private key or seed or something else nefarious. Step 5) recognize that after the above, a back doored chip can do nothing nefarious other than sign incorrectly, in which case you need a new signing device/hardware wallet.
↑ Parent

Replies (1)

Default avatar
npub1decz...rrvn 1 year ago
Step 1: Don't rely on a secure element in the first place as most use cases are fine with a stateless device. Step 2: Save a truck load of money. The end.