Why Nostr? What is Njump?
2024-09-26 20:13:41
in reply to

Dikaios1517 on Nostr: That's more of a protection against in-transit manipulation of the device. The evil ...

That's more of a protection against in-transit manipulation of the device.

The evil maid attack is just referring to anyone who has trusted access to your home or wherever you store your device, and who would therefore have opportunity to maliciously flash firmware that could leak your private key, such as the dark skippy attack. It could also be done by someone breaking into your home and gaining physical access to your device, but it's still called the evil maid attack regardless.

With a ColdCard, the indicator light turning red on boot-up is a dead giveaway that firmware that hasn't been signed by the manufacturer is currently running. There is no such safeguard on a SeedSigner.

So, yes. Verifying the signature on firmware you download and install yourself is a great protection when you can be absolutely certain that the firmware running is what you personally installed. But if that device is ever out of your sight, how can you be certain that the firmware is still what you installed?
Author Public Key
npub1kun5628raxpm7usdkj62z2337hr77f3ryrg9cf0vjpyf4jvk9r9smv3lhe