It is a known vulnerability in trezor that is patched with a passphrase, in return your software, firmware and hardware are open source.
In the next generation of trezor the problem of not using secure element is fixed with tropic square, an open source secure element.
Jade solves the problem of not using secure element by using a kind of software secure element, a kind of multi-signature, again all open source.
Although coldcard has a good architecture by using two secure elements to not trust each other, cryptography should not rely on black boxes, because that is trust and cryptography should not require trust.
Cyph3rp9nk
npub1ln…arrnt
2023-08-07 18:29:29
in reply to nevent1q…834w
Author Public Key
npub1lnms53w04qt742qnhxag5d6awy7nz6055flnmjkr6jg39hm86dlq7arrntPublished at
2023-08-07 18:29:29Event JSON
{
"id": "95778784918335bc0b8b46c6f92ad8c633f0cc60ea5daf4ccfead4d71433b57b",
"pubkey": "fcf70a45cfa817eaa813b9ba8a375d713d3169f4a27f3dcac3d49112df67d37e",
"created_at": 1691432969,
"kind": 1,
"tags": [
[
"e",
"a5b6d5cbad378c9a3521f6dbb3289e3291da122a00c135333c72ab4198ee85c0",
"",
"reply"
],
[
"p",
"45f195cffcb8c9724efc248f0507a2fb65b579dfabe7cd35398598163cab7627"
]
],
"content": "It is a known vulnerability in trezor that is patched with a passphrase, in return your software, firmware and hardware are open source.\n\nIn the next generation of trezor the problem of not using secure element is fixed with tropic square, an open source secure element.\n\nJade solves the problem of not using secure element by using a kind of software secure element, a kind of multi-signature, again all open source.\n\nAlthough coldcard has a good architecture by using two secure elements to not trust each other, cryptography should not rely on black boxes, because that is trust and cryptography should not require trust.",
"sig": "067f3e2c36a939b166667a9e80876b2d3e7609c444c54dc110c9c8b953f393431a2335e3ddd16c1633291cd61dcb24137532a87ffd40b47b448f52eda61a9702"
}