I hope its OK for me to jump on this thread and share my inner most thoughts about these SE wallets. If I am honest I don't know if I am willing to trust that these chips are perfectly SECURE as they contend. Not going to pick on a specific mfg or chipset, just my general thinking. I read about this stuff until my eyes bleed at times.
My contention here is that I effectively create my "own" SE Trezor by using SD Protect on my Trezor T's. I know you will likely shrug this post off but to me its reassuring to know that my "T's" if I handed them all to you have 100% encrypted SEED and PIN masks! There is no question at all that the SEED and PIN are unavailable to acquire. Now to me that is SE in a way that lets me sleep well at night. Sure I need to handle my microSD card but that is child's play for the autoscripts I use to wipe and write back the needed file when the time comes. Seconds at most. My computers are all LUKS2 encrypted so all the needed files are truly beyond reach when I am not around!
And like we all know further compounding wallet security with long and difficult passphrases in addition does mitigate the SE weakness if any exists.
I agree with you about trusting the security of a secure element. Tech that can't be hacked today could be hackable tomorrow.
This is why I switched to Krux, and why I swear by it.
Instead of saving your seed phrase in a secure element, Krux lets you encrypt it (AES-CBC, PBKDF2 Iterations: 100,000 or more) using as strong of a decryption key as you want, and Krux can save the encrypted seed on a micro SD card (I don't) or as an encrypted QR code (yes!). However you save it, you'll need your decryption key to decrypt it.
This may sound complicated, but in use, it's really easy.
1: Scan the encrypted seed QR (or load the encrypted seed from micro SD).
2: Scan a QR of the decryption key (or type it on the device).
Done. Your seed is loaded.
The device has no PIN to unlock it, because it wipes out your seed & wallet on shutdown or reboot. So, if it gets stolen, no worries. There's nothing on it.
If somebody finds your seed QR (or micro SD), here's what they found - if they can even figure out how to read it:
Xq9PtK6rJ5Fvr+PjWm+5jJf8FUd2H0C7hP2TxvlMk7n4gJ8mOos8yUGlLeFQkNNp
That's just gibberish until it's decrypted.
Assuming you used a strong decryption key, it's uncrackable.
But, it gets better!
Krux lets you use a QR to enter your passphrase. This makes it easy to use a very strong passphrase.
And if you use BIP85, you can use the text from child seed phrases as passphrases or decryption keys, which means it's all deterministic and recoverable if lost.
stumble uniform virus forward slam lock jealous police trap improve almost frog/quote]
Sure, that's a 12 word seed phrase, but you could use it as a passphrase instead. If you'd like to test it, that is the child seed for this parent seed, using BIP85 index #42:
promote stairs concert liquid rapid enter nice defy valley program today visit
By using BIP85, you can have deterministic seeds, deterministic passphrases that are astoundingly strong, and you can have deterministic decryption keys for anything. Want to create an encrypted disk image with a very strong decryption key? Generate one from your parent seed using BIP85.
And if you ever lose any of it... you can get it back by manually restoring your parent seed and generating your child seeds again. Load your parent seed. Select "BIP85" and enter the index number & seed length (12 or 24 words). Done! There's your child seed.
I'm a huge fan of this method because it means also having a backup of my backups.
In other words:
I have a backup of my wallet's seed. On paper and on metal, and in encrypted QR form.
I have a backup of my decryption key. On paper and on metal, and in encrypted QR form.
And if anything goes wrong, if any of the above is lost, or if I just want to prove everything is 100% correct, I can regenerate it all by using my parent seed. My parent seed serves as the ultimate backup of everything.
And finally, to prevent my parent seed from being a risk if it's ever found, I use a passphrase on the parent seed.
All of this stuff sounds complicated until the first time you do it. Then it becomes obvious, because it's so simple. A parent seed always generates the same child seeds, and a seed phrase will always have the exact same text, which means it can be used as text.
A hacker with the best equipment money can buy could spend centuries trying to crack Xq9PtK6rJ5Fvr+PjWm+5jJf8FUd2H0C7hP2TxvlMk7n4gJ8mOos8yUGlLeFQkNNp
It can't be done.
On the other hand, every secure element is tech that will eventually be hackable, perhaps because somebody leaks the source for the SE design, or perhaps because there was a bug in the design or it was reverse engineered. It's been done before. It'll be done again.
I'm not saying hardware wallets that rely on secure element chips aren't safe. I'm just saying, I believe there's a better way. But companies wouldn't make money by following this method, because consumers tend to chase after specs. All this requires is an airgapped device with a camera and a screen.