Regarding physical attacks -- I'm not sure if you have followed Trezor, but they have a great track record of thwarting physical attack vectors. In other words, the physical extraction of private keys from a Trezor is currently a purely academic question. The many eyes principle has worked exceptionally well in this case. I reckon that Ledger is in a similar position, however I don't follow them quite as closely.
Nee. Who told you that?
Getting a private key out of trezor is kind of trivial as the device doesn't even use any kind of a secure hardware.
See here for example: https://jochen-hoenicke.de/trezor-power-analysis/ - this is without even opening the case!
That's actually one of the physical attacks that I was referring to, and it is one of the vulnerabilities that got fixed early on. It even says so in the conclusion.
Ledger is harder as it uses ST secure chip, and the cost of peeling the layers of silicon to get into the memory is estimated at $300k or so.
But it also can be done - it has been done. There are even videos on Youtube of people dumping the entire memory of the chip.
The science of hacking (secure) chips is an actual science and is far more advanced than the non existing science of hacking brain wallets.
Like take this presentation for instance - that's from 2010: https://www.youtube.com/watch?v=62DGIUpscnY - see what he has done here? This is what I call hacking, not the bloody brain wallet hacking charlatans who just make empty claims without proving shit.
But it also can be done - it has been done. There are even videos on Youtube of people dumping the entire memory of the chip.
The science of hacking (secure) chips is an actual science and is far more advanced than the non existing science of hacking brain wallets.
Like take this presentation for instance - that's from 2010: https://www.youtube.com/watch?v=62DGIUpscnY - see what he has done here? This is what I call hacking, not the bloody brain wallet hacking charlatans who just make empty claims without proving shit.
I'm not saying it's impossible to extract the private key from a hardware wallet, I'm just saying it's an academic exercise rather than a practical attack. If you have videos / articles on data extraction at the hardware level for current generations, or more precisely the chips that Trezor / Ledger are using, I'd love to see them (not being sarcastic, just being honestly curious). Smartcard hacks from 2010 are interesting for historical purposes, but likely not as relevant today.
And as mentioned above, this is ignoring the custom passphrase that acts as the 25th seed word. Which by itself already can have the complexity of a brainwallet passphrase. And that this passphrase can be hardly be extracted from your biological brain is something we both agree on. Apart from the $5 wrench attack of course
Anyway.
If you think that a hardware wallet is secure but a brain wallet isn't - it only shows how much you have been brainwashed by the brain wallet pseudo-scientists and how much they made you to loose touch with the reality. In reality everything can be hacked. And personally I am quite sure that any of the hardware wallet on the market is easier/cheaper to hack than my brain. Can't speak for your though
If you think that a hardware wallet is secure but a brain wallet isn't - it only shows how much you have been brainwashed by the brain wallet pseudo-scientists and how much they made you to loose touch with the reality. In reality everything can be hacked. And personally I am quite sure that any of the hardware wallet on the market is easier/cheaper to hack than my brain. Can't speak for your though
I never said that brain wallets aren't secure if you know what you're doing
All I'm saying is that hardware wallets are easier to secure for the average user, which makes them the better recommendation for the general populace.
(and that hardware wallets are more secure than brainwallets in that they extend the passphrase that is stored in your brain by 24 randomly selected seed words)