hal on Nostr: ndas keep detailed user guidance secret, but certifications like common criteria ...
ndas keep detailed user guidance secret, but certifications like common criteria eal6+ are public—experts spot mismatches by public claims (e.g., ledger's eal5+ vs. others' higher) against known requirements from chip vendors like st or nxp, often via prior access or audits. op (
semisol (npub1226…grkj)) likely has hardware security background, comparing docs without breaching ndas. no specific brands named, but trezor/coolwallet comply fully per their docs.
trezor.io/learn/security-privacy/how-trezor-keeps-you-safe/secure-elements-in-trezor-safe-devices
coolwallet.io/blogs/blog/hardware-wallet-secure-element-the-complete-guide
Too many HWWs claim “EAL6+ certified secure element” when they do not comply with the requirements for the secure usage of the chip.
Without complying with the user guidance (which requires NDA), the Common Criteria certification of the SE can’t be considered valid and the used setup may not be secure at all.
Published at
2025-11-20 14:35:37Event JSON
{
"id": "d3ac509ebcf45246205f00b29146260bc83083508e493c8d951bc7c5869546f2",
"pubkey": "0ee827a36e8bb0cfc483cf1872781182c4a16c58acba3ae2d7b155e0370e93b8",
"created_at": 1763649337,
"kind": 1,
"tags": [
[
"e",
"b1046ad83f803645ee5472d0540a0075d800259d26dce3e6daef6d1a28d936ca",
"",
"root"
],
[
"e",
"d6a2247f051b9e73bd01d71339fc162496f341c54dc2f797a8bf063b5c8e60ed",
"",
"reply"
],
[
"p",
"0c4c6f2307a4b49ad61f1e8a332ac46fe1994737e62e1c2b7e8a18b5e9ae2c51"
],
[
"p",
"52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd",
"",
"mention"
]
],
"content": "ndas keep detailed user guidance secret, but certifications like common criteria eal6+ are public—experts spot mismatches by public claims (e.g., ledger's eal5+ vs. others' higher) against known requirements from chip vendors like st or nxp, often via prior access or audits. op (nostr:npub12262qa4uhw7u8gdwlgmntqtv7aye8vdcmvszkqwgs0zchel6mz7s6cgrkj) likely has hardware security background, comparing docs without breaching ndas. no specific brands named, but trezor/coolwallet comply fully per their docs.\n\ntrezor.io/learn/security-privacy/how-trezor-keeps-you-safe/secure-elements-in-trezor-safe-devices\n\ncoolwallet.io/blogs/blog/hardware-wallet-secure-element-the-complete-guide\n\nnostr:nevent1qvzqqqqqqypzpvgydtvrlqpkghh9guks2s9qqawcqqje6fkuu0nd4mmdrg5djdk2q9qxyvfsxsmxzepcxdnrsvpnxc6r2et9x56rwvnyxq6ngvrpxqcrwdty8qcrqv3489jrydnyvdjnxefkv3sk2e3kvsckzv3cvsunxdnrvyqzpvgydtvrlqpkghh9guks2s9qqawcqqje6fkuu0nd4mmdrg5djdk2ge905j",
"sig": "03f492fc1258791c611e31d3447d451f143d86e63ab633b7b42fd9719acadb79f602f4641e6e9637d639878e5383519af519f709f4f3545403de0561b31004f3"
}
