Re: How can you verify the randomness that's coming from a hardware?
⭐ Merited by vapourminer (2)
I took a look at ledger nano and trezor hardwares. I found that there is a certification called AIS31-certified RNG which is the best in the world when talking about entropy.
Can you check if it's actually in there? What if some of the devices are shipped with a compromised RNG instead of the certified one?Quote
embedded in the Secure Element
You can check the hardware integrity by following this guide by the manufacturer
It shows how to open the hardware and check by yourself if everything is as expected. There are even pictures of hat to expect inside
https://support.ledger.com/hc/en-us/articles/4404382029329-Check-hardware-integrity?support=true
Quote
All Ledger devices pass the genuine check during the onboarding process and then each time when they connect to Manager in Ledger Live. Genuine Ledger devices hold a secret key that is set during manufacture. Only a genuine Ledger device can use its key to provide the cryptographic proof required to connect with Ledger’s secure server.
Advanced users additionally can check the hardware integrity of the Ledger device to check that it has not been tampered with. This article contains detailed technical information about the security of your device.
Important notice
Please note that opening your Ledger device will void the warranty.
Once opened, your Ledger device will no longer be refundable or exchangeable.
...
As an additional check, you can open the device to verify that no additional chip has been added, compared with the images below, and that the MCU is an STM32WB55 (on revisions 1, 2, 3) and STM32WB35 (on revision 4).
Hardware revisions
...
Advanced users additionally can check the hardware integrity of the Ledger device to check that it has not been tampered with. This article contains detailed technical information about the security of your device.
Important notice
Please note that opening your Ledger device will void the warranty.
Once opened, your Ledger device will no longer be refundable or exchangeable.
...
As an additional check, you can open the device to verify that no additional chip has been added, compared with the images below, and that the MCU is an STM32WB55 (on revisions 1, 2, 3) and STM32WB35 (on revision 4).
Hardware revisions
...
There is a lot more information there.