> There’ll be less eyes on the design Same issue with MCUs, really. Anyway, large ...

Why Nostr? What is Njump?

Semisol / semisol

npub122…cgrkj

2025-05-27 19:19:44

in reply to nevent1q…33qd

> There’ll be less eyes on the design

Same issue with MCUs, really. Anyway, large SE companies conduct their own testing *and* rigorous independent certifications. (semi-formal validation)

Not sure you can reach that level even if you open source, because the majority of the security is in the physical design, and so physical attack tests. And not the logic.

I have also significantly reviewed the design of the SE I am using.

> There’s no do over in BTC but there is in the fiat world

In the end, there is still damage. Fake digital signatures can be as damaging as blindly signing contracts. Credit card fraud can lead to millions lost for banks.

In the end, *someone* is losing something from it being insecure, and so they have a strong incentive to ensure they buy secure products.

> we can DIY build one

But does anyone? Or do we rely on the manufacturer and Espressif to solely deliver a correct product?

What if the boot ROM on the MCU logs your seed to a hidden area on the chip?

Author Public Key

npub12262qa4uhw7u8gdwlgmntqtv7aye8vdcmvszkqwgs0zchel6mz7s6cgrkj

Seen on

wss://nos.lol wss://nostr.land wss://theforest.nostr1.com wss://relay.damus.io

Show more details

Published at

2025-05-27 19:19:44

Kind type

1 Short Text Note

Event JSON

{ "id": "0e29d9972882bf4002e6ec2e7abe91d9c1f4ab82f91319d0e036231f98ccd948", "pubkey": "52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd", "created_at": 1748373584, "kind": 1, "tags": [ [ "e", "b4c22f8266c34dc3b3b34e85590a5afd6814ef85bfedb50311670431eee14955", "wss://puravida.nostr.land/", "root" ], [ "e", "0064f1af3a58a8060fe707531e01000175790aa9fbc913c9a789a18f32e9d3a7", "", "reply" ], [ "p", "922945779f93fd0b3759f1157e3d9fa20f3fd24c4b8f2bcf520cacf649af776d" ], [ "p", "6c5fbbb2ed7c3a8df0f17376ad38167bef90ad337d0cc46d26f0ca68620b9a71" ], [ "p", "e217899785048ee15da66ab1c4633b8679d141e96c526017d5e7b1991ce584b9" ] ], "content": "\u003e There’ll be less eyes on the design\n\nSame issue with MCUs, really. Anyway, large SE companies conduct their own testing *and* rigorous independent certifications. (semi-formal validation)\n\nNot sure you can reach that level even if you open source, because the majority of the security is in the physical design, and so physical attack tests. And not the logic.\n\nI have also significantly reviewed the design of the SE I am using.\n\n\u003e There’s no do over in BTC but there is in the fiat world\n\nIn the end, there is still damage. Fake digital signatures can be as damaging as blindly signing contracts. Credit card fraud can lead to millions lost for banks.\n\nIn the end, *someone* is losing something from it being insecure, and so they have a strong incentive to ensure they buy secure products.\n\n\u003e we can DIY build one\n\nBut does anyone? Or do we rely on the manufacturer and Espressif to solely deliver a correct product?\n\nWhat if the boot ROM on the MCU logs your seed to a hidden area on the chip?", "sig": "6cf49855af7b15958e77492394678a757e7a8a1b35b32d5f6f034659c75e85930c9770be710873970659355256e5a8a8e63a56f6686a8f08d883ad5a4519a594" }