It works by storing your passwords and any other data you put in there encrypted (aes256-cbc) on the persistent storage. The device does not contain the secret key and there is no secure element, by design.
The device password is used to generate the key to decrypt the storage. https://gitlab.hax0rbana.org/signet/signet-base/-/blob/trunk/firmware/commands.c#L411
The password is hashed by scrypt to generate the key. https://gitlab.hax0rbana.org/signet/signet-client/-/blob/trunk/client/signetapplication.cpp#L213
As for has it been audited, well, yes and no. If your definition of an audit is that someone who did not write the code reviewed it for security, and this reviewer was experienced in cryptographic audits, then yes. If you mean, were they paid for their work, and did they write up a report, then no.
Also, I am the person who did the audit, because I wasn't going to trust the device without doing a code review first. So there's some bias here in me saying it's audited, but I didn't design or implement the code. I'm merely the maintainer of all software and firmware and the builder of hardware.
By not having a secure element that stores some secret, it means there's no secure element that needs to be audited (which is good because they're difficult to audit and nearly impossible to get access to in order to do the audit). It also makes it easier to backup & restore the device. The trade off here is that it means offline attacks are possible. If you chose a weak password, it'd be possible to brute force if someone got a backup of your device. So, yeah, a 6 digit PIN isn't going to cut it here.
Dr. Hax
npub16v…meqha
2024-09-14 04:28:29
in reply to nevent1q…20n4
Author Public Key
npub16v82nr4xt62nlydtj0mtxr49r6enc5r0sl2f7cq2zwdw7q92j5gs8meqhaPublished at
2024-09-14 04:28:29Event JSON
{
"id": "601811b78ed7ac6eb6c8f66fb073af8aad85597588f8fb6577f8a2bf0f7a42b6",
"pubkey": "d30ea98ea65e953f91ab93f6b30ea51eb33c506f87d49f600a139aef00aa9511",
"created_at": 1726288109,
"kind": 1,
"tags": [
[
"e",
"8b8ff1589996498f86eb58da60ef263a9846fb1ffe837121be5daf20601ad330",
"",
"root"
],
[
"e",
"ecd640da1ef026ee29c81b48aace559d6bfa5cc7eece1d67fa7b117a63279d26",
"",
"reply"
],
[
"p",
"d30ea98ea65e953f91ab93f6b30ea51eb33c506f87d49f600a139aef00aa9511"
],
[
"p",
"65912a7ad17fd5cf3bacce9759f3bea3a44f9a3397340e559cf067945dc638bf"
],
[
"r",
"https://gitlab.hax0rbana.org/signet/signet-base/-/blob/trunk/firmware/commands.c#L411"
],
[
"r",
"https://gitlab.hax0rbana.org/signet/signet-client/-/blob/trunk/client/signetapplication.cpp#L213"
]
],
"content": "It works by storing your passwords and any other data you put in there encrypted (aes256-cbc) on the persistent storage. The device does not contain the secret key and there is no secure element, by design.\n\nThe device password is used to generate the key to decrypt the storage. https://gitlab.hax0rbana.org/signet/signet-base/-/blob/trunk/firmware/commands.c#L411\n\nThe password is hashed by scrypt to generate the key. https://gitlab.hax0rbana.org/signet/signet-client/-/blob/trunk/client/signetapplication.cpp#L213\n\nAs for has it been audited, well, yes and no. If your definition of an audit is that someone who did not write the code reviewed it for security, and this reviewer was experienced in cryptographic audits, then yes. If you mean, were they paid for their work, and did they write up a report, then no.\n\nAlso, I am the person who did the audit, because I wasn't going to trust the device without doing a code review first. So there's some bias here in me saying it's audited, but I didn't design or implement the code. I'm merely the maintainer of all software and firmware and the builder of hardware.\n\nBy not having a secure element that stores some secret, it means there's no secure element that needs to be audited (which is good because they're difficult to audit and nearly impossible to get access to in order to do the audit). It also makes it easier to backup \u0026 restore the device. The trade off here is that it means offline attacks are possible. If you chose a weak password, it'd be possible to brute force if someone got a backup of your device. So, yeah, a 6 digit PIN isn't going to cut it here.",
"sig": "9548212b3dc1cae346dce472563af472b60c6625d980e2f4326c7ab0c523617be1031167c49aaea19f9d2ba47d50fb0dc5d556644d668cdb3da5beeb3ad391aa"
}