Secure elements and hardware wallets
Why are secure elements used in Hardware Wallets?
Plain and simple for UX.
If your encryption depends on a numerical PIN of a few digits you are screwed.
The secure element adds a layer of encryption so that in case you can extract the seed from the chip you can not attack it by brute force.
If you use a sufficiently strong passphrase or if hardware wallets allow you to enter a password for encryption, there would be no need for secure elements, it's all about UX.
On the other hand, in cryptography you should never trust. Secure elements are a black box, and by contract you can't even publish their vulnerabilities. What's the point of using encryption if you're trusting a third party? that's useless.
It is true that there are solutions like coldcard where two secure elements are used so you don't have to trust them, but I still think it's stupid, I don't care about the UX, I want my bitcoins to be safe.
When you understand this, you realize how stupid the hardware wallet industry is.
Cyph3rp9nk
npub1ln…arrnt
2024-08-06 11:49:23
Author Public Key
npub1lnms53w04qt742qnhxag5d6awy7nz6055flnmjkr6jg39hm86dlq7arrntPublished at
2024-08-06 11:49:23Event JSON
{
"id": "188488cfd7dc1ac117e19f4d76cb9c9f9ebc0609d0266add08c8440274010992",
"pubkey": "fcf70a45cfa817eaa813b9ba8a375d713d3169f4a27f3dcac3d49112df67d37e",
"created_at": 1722944963,
"kind": 1,
"tags": [],
"content": "Secure elements and hardware wallets\n\nWhy are secure elements used in Hardware Wallets?\n\nPlain and simple for UX.\n\nIf your encryption depends on a numerical PIN of a few digits you are screwed.\n\nThe secure element adds a layer of encryption so that in case you can extract the seed from the chip you can not attack it by brute force.\n\nIf you use a sufficiently strong passphrase or if hardware wallets allow you to enter a password for encryption, there would be no need for secure elements, it's all about UX.\n\nOn the other hand, in cryptography you should never trust. Secure elements are a black box, and by contract you can't even publish their vulnerabilities. What's the point of using encryption if you're trusting a third party? that's useless. \n\nIt is true that there are solutions like coldcard where two secure elements are used so you don't have to trust them, but I still think it's stupid, I don't care about the UX, I want my bitcoins to be safe.\n\nWhen you understand this, you realize how stupid the hardware wallet industry is.",
"sig": "107d2b07606d0ada8e1c5052c893bd81cc967ff0d2ad10cc054fd0e98a6d6018c15564c8bfc0c22f65e73bb052b11a5689da18cb0c4b61603e6ddd0b3ba38479"
}