Saturday, 28 April 2018

Let's go over good vs. bad hardware wallet design.

EDIT I want to be clear you cannot screen cap the trezor pin.

This is an example of an awful hardware wallet design. To understand why let's refer to the OG the Trezor.

  1. Reliability. The Trezor doesn't have a battery. That means when it's in your pocket there is no chance of someone coming by and wirelessly stealing your private keys. I expect my hardware wallet to be stolen/lost. That being said I do expect that my device be able to work as long as I take care of it. Having a battery kind of limits the shelf life to 5 years or so.

  2. Keep it simple stupid. The Trezor only has a USB connection. That's okay. I'd rather see a camera personally. My understanding is the chip with the private keys is not connected to the USB output so that's good.

  3. I still have limited trust in hardware wallets. AFAIK the Trezor doesn't have an exploit that allows the private keys to leave the device without modifying the hardware. This is an acceptable limitation.

  4. The Trezor is open source.

  5. The Trezor has a screen. This is absolutely vital to prevent man in the middle attacks. It's moronic to have a hardware wallet without a screen.

  6. When you access your Trezor it presents you with a randomly ordered keypad you enter your pin through your computer with a mouse. This way there is no way to keylog or screen cap your pin.

So lets talk about the hoofoo.

  1. It doesn't have a screen. This is an immediate disqualification. There is a very real possibility that the address would be swapped in memory and you wouldn't know.

  2. It has wireless communication over bluetooth. Bluetooth is not a good standard for hardware wallets to use. For one you're broadcasting the encrypted data wirelessly. Not all encryption is created equal. AFAIK all the wifi standards are crackable with sufficient data collection in less than a month. look up blueborne

  3. As a general rule I'll never buy a product that claims to be "hacker proof" unless it's got a REALLY good design. This isn't it.

  4. 2FA? On a local device that makes no sense. Maybe they are talking about a 2FA through the blockchain with multisig but that costs money. Is he really saying 2FA is your fingerprint/facial recognition (both trivially compromised (seriously just use a picture of the owner) and spoofing a bluetooth device. This sounds so simple and easy I halfway want to buy one just to crack it the first day. This doesn't even qualify as 2FA in my opinion because both of the factors are controlled by a single device. The entire point of 2FA in my opinon is to have a completely separate device be responsible for authorizing you. Otherwise there is no point the device is a single point of failure.

  5. OMFG It allows you to access signing your private keys with finger print and face recognition... thats MORONIC!! Fingerprint scanners are in no way secure and face recognition ... did you see the apple keynote or youtube? This is probably the worst hardware wallet ever created.

  6. These idiots actually believe that you can't fake a bluetooth mac address? (again this guy is blatantly lying when he says that hardware wallets like the trezor have been hacked w/o a hardware modification)

  7. What the fuck is a motherbox? Having 2 devices that can recover your private key ... Does he mean seed? Does he not know the difference between a seed and a private key? Nothing in the video indicates he's using the BIP39 standard. What happens when your house burns down and you lose both your hardware wallet and the motherbox? What are the design specifications on this motherbox? Sorry but if it's capable of recovering private keys and seeds then the security details surrounding it need to be gone over.

Hoofoo is a scam. The claims made are provably false. Do not support this company.

Security features I'd like to see in a future version of a hardware wallet are as follows.

I really like the features of the trezor, they got a lot of things right as I mentioned above. Limited communication access on old wired technology. A screen. The way you input the pin so it cannot be screen recorded or keylogged (they should disable keyboard input on internet connected devices but that comes down to user error I guess)

  1. I'd prefer the USB to be charge only without communication. Instead I'd rather use QR codes to exchange the unsigned and signed transactions back and forth. I could see the device allowing you to scan a QR code, and you verifying it looks good. Then putting in your pin to sign.

  2. I'd like the option to hold a small battery powered qi charger to the back of the device to provide it power.

  3. I'd like the device to ship with the components visible in a clear plastic coating. I would like to be the one who encloses the device and that case once put on cannot be removed without destroying the hardware wallet.



Submitted April 28, 2018 at 08:08PM by lizard450 http://bit.ly/2Hy9a5u

No comments :

Post a Comment