Hardware wallets discussion
What about secure elements, Ledger, Bitbox02, Coldcard and Seedsigners peculiarities? Let's dive in with this article.
An article collecting info, ideas and notes from many sources and thanks to robertobipunto. Here we go deep inside the hardware wallets subject.
Ledger
As you know Ledger told about a new service for recovery of your keys. This put all the bitcoiner community into fear. Let’s checkout about this.
There is nothing to fear (or rather, no more than yesterday) until the firmware is updated, after the firmware is updated there may be additional fears compared to yesterday, but cases of hardware wallets that can 'extract' the mnemonic (on screen or on microSD) at the explicit request of the user are not uncommon.
You must enter the PIN to make the update (it is clear that in the case of theft of a hardware wallet, it is the case that the funds are transferred ASAP anyway)
Coldcard and Bitbox02 already allow you to have the mnemonic later after initializing the device (clearly after unlocking it) and this is not a security issue, because if you can do that it means that you can (after unlocking the device) transfer the funds immediately.
Secure Element
The Secure Element serves to avoid/reduce the probability of an extraction by an adversary, as well as (in some cases) to perform certain operations internally within itself to limit the amount of secret information that is handled outside the Secure Element (thus in less secure memories).
The Secure Element protects the secret (seed or private key of an ATM) until you enter the PIN, once you do that the data is readable. The Secure Element (if we trust the manufacturer's claim) makes the data unreadable after entering a number of wrong PINs.
There are several hardware wallets (which also use Secure Element) that allow the mnemonic stored in the device to be displayed once the PIN has been entered.
So the 'extraction' of the mnemonic is nothing new if it is done with the user's authorization; Ledger until yesterday did not allow this, with a new firmware it will be possible, always and only with the user's consent of course.
Then, precisely, the fact that you can 'extract' the mnemonic is a non-issue if the operation is PIN-protected (clearly) because having the PIN, even if you can't extract the mnemonic you can still move all the funds by signing the TXs.
Then you may not like the fact that they offer a custody service done the way Ledger is doing it, but it is still an optional service, just don't join or even update the firmware.
A secure element (SE) is a tamper-resistant hardware component that is used to store sensitive information, such as encryption keys and personal identification numbers (PINs), in a secure manner. Why using secure elements?
Security: Because the information stored on a secure element is protected by physical and logical security mechanisms, it is extremely difficult for an attacker to extract the information without detection.
Isolation: The secure environment provided by a secure element ensures that sensitive information is kept separate from the main processing environment of a device, reducing the risk of data breaches caused by software vulnerabilities.