Re: Wall Observer BTC/USD - Bitcoin price movement tracking & discussion
....At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has physical access to the device with a non-secure element.
....
no no JJG .... The PIN is used to encrypt the seed on your device. A strong (long) PIN cannot be cracked via brute force, so it's not possible to decrypt your seed when someone gets hold of your device.....
That's why Trezor enabled PINs with 50 digit length (maybe longer), when they fixed the vulnerability of physical access a few years ago.
Means, if your PIN is long enough (has enough entropy) nobody can get the seed out of your device.
No (un)secure element needed !
I recall that the security breach of having physical access to the Trezor was from several years ago, and I thought that the ONLY remedies was avoiding physical access to the Trezor and/or having a passphrase, as is stated in this Kraken Blog article. The Article describes brute forcing the pin too, yet I cannot recall the pin being less vulnerable based on length and complication, even though what you say makes sense if they have to brute-force the pin, too.
Until I see something more clear, I will have to take what you are saying with a grain of salt.
plications to potentially lock us out of our coins, too..
If a bad person (who knows something or knows someone who knows something), they can get you private keys (or your seed words) in a matter of 15 minutes (or something like that), so they can get anything on your non-passphrase wallet, and your pin doesn't do anything. But they cannot get you passphrase wallets unless they are able to guess them or brute-force them.
yeah, but we talked about the attack vector of physical access to the device.. (with regard to secure elements)just to pile on, these are ones ive owned
used Trezor One since they came out - no probs (but hardware itself can be compromised if someone has physical access to it and the equipment)
use Trezor T since they came out - no probs
used Ledger - FUCK NO nothing but risk here. stay away
afaik, that's not true anymore. It depends all on the lengths of your PINused Trezor One since they came out - no probs (but hardware itself can be compromised if someone has physical access to it and the equipment)
use Trezor T since they came out - no probs
used Ledger - FUCK NO nothing but risk here. stay away
A passphrase should always be used, secure element or not
I understand that the passphrase provides an extra layer of security, yet it seems that the passphrase is way more justified with a non-secure element device. I have not heard about the seed phrase being extracted from secure element kinds of devices, whether Trezor or otherwise... yet I also don't claim to be a technical guru or to follow security vulnerabilities in details if it is not coming out in some kind of more generally release kind of way or being mentioned in one of the forum threads.
....At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has physical access to the device with a non-secure element. ....
no no JJG .... The PIN is used to encrypt the seed on your device. A strong (long) PIN cannot be cracked via brute force, so it's not possible to decrypt your seed when someone gets hold of your device.That's why Trezor enabled PINs with 50 digit length (maybe longer), when they fixed the vulnerability of physical access a few years ago.
Means, if your PIN is long enough (has enough entropy) nobody can get the seed out of your device.
No (un)secure element needed !
but JJG may be recalling this hack of the trezor 1
Quote
https://jochen-hoenicke.de/crypto/trezor-power-analysis/
Conclusion
Side channel attacks are not as difficult as many people think. A simple power analysis requires only a simple oscilloscope and that can hardly be called expensive laboratory equipment. You also need basic soldering skills and deep knowledge about the code that is running. It took only a single recording of the computation of the public key, to recover the private key. On the bright side, this simple side channel attack can be mitigated by using constant-time code and as I showed this code does not have to be slow.
The new firmware 1.3.3 is immune against this attack since it (1) requires a PIN to compute the public key and (2) uses branch-free computations for deriving the public key from the private key.
There is no complete protection against all kind of attacks. If your TREZOR gets stolen and it has no passphrase protection (or if the passphrase is weak), you should transfer the coins to a different wallet. There are other attack vectors like fault injection that could still be used and may get around the PIN protection. Basically, they use the fact that the microprocessor does unexpected things if power supply or the clock signal is broken. These are much more difficult to perform, but they are probably less expensive than using an electron microscope to read the seed from the chip. Also, there may be a bug in the microprocessor that allows for circumventing the read-out protection.
but this should not happen any more since the firmware should be updated and you should have a longer pinConclusion
Side channel attacks are not as difficult as many people think. A simple power analysis requires only a simple oscilloscope and that can hardly be called expensive laboratory equipment. You also need basic soldering skills and deep knowledge about the code that is running. It took only a single recording of the computation of the public key, to recover the private key. On the bright side, this simple side channel attack can be mitigated by using constant-time code and as I showed this code does not have to be slow.
The new firmware 1.3.3 is immune against this attack since it (1) requires a PIN to compute the public key and (2) uses branch-free computations for deriving the public key from the private key.
There is no complete protection against all kind of attacks. If your TREZOR gets stolen and it has no passphrase protection (or if the passphrase is weak), you should transfer the coins to a different wallet. There are other attack vectors like fault injection that could still be used and may get around the PIN protection. Basically, they use the fact that the microprocessor does unexpected things if power supply or the clock signal is broken. These are much more difficult to perform, but they are probably less expensive than using an electron microscope to read the seed from the chip. Also, there may be a bug in the microprocessor that allows for circumventing the read-out protection.
I had read that the pin was also vulnerable, and yeah, I am not sure if longer pins help to make it more difficult to extract the seed phrase from the non-secure element Trezors when the attacker has physical access to it.
I wonder where are JJG's Gay Christmas cards ??
