The lack of a “secure element”. While coldcards implementation is so laughably better than ledger, it’s not a fair comparison (there’s just zero competition to CC in this respect), a stateless design has the advantage of no illusion to security. When you pull the power to a seedsigner, your seed isn’t stored on the device, thus falling back to your storage design’s native security assumptions (where/how you store your seed(s)).
Granted, the cost to attack a cold card’s stateful design is $250k+, so I’m really arguing about something out of scope for many.
However, the planned SS port to esp32 hardware further lowers the cost, adds optionality, and increases supply chain attack resilience (the argument is “what if someone hw hacks the suppliers”; search “supermicro bloomberg” for an example).
dimi / Dimi
npub1r7…znspg
2023-06-20 00:26:18
in reply to nevent1q…wrhj
Author Public Key
npub1r7psmkr4zv93xnal8un6d8hvmpsn5jvhfzn3kk38rfcel6awznks7znspgPublished at
2023-06-20 00:26:18Event JSON
{
"id": "69f207d4648c987ddfdb8ee8a5121d8b72c10b88c75821d5a1b0f9dab6aef7fb",
"pubkey": "1f830dd875130b134fbf3f27a69eecd8613a499748a71b5a271a719febae14ed",
"created_at": 1687213578,
"kind": 1,
"tags": [
[
"e",
"e51134bd2450bcf504897f4f278ba828a2c87708295064bad0c799f7486cc6df"
],
[
"e",
"d909cf0899aee672c2afc3e8ec05e35880addfdaa653987ff7b28a9af9fd066f"
],
[
"p",
"2779f3d9f42c7dee17f0e6bcdcf89a8f9d592d19e3b1bbd27ef1cffd1a7f98d1"
]
],
"content": "The lack of a “secure element”. While coldcards implementation is so laughably better than ledger, it’s not a fair comparison (there’s just zero competition to CC in this respect), a stateless design has the advantage of no illusion to security. When you pull the power to a seedsigner, your seed isn’t stored on the device, thus falling back to your storage design’s native security assumptions (where/how you store your seed(s)). \n\nGranted, the cost to attack a cold card’s stateful design is $250k+, so I’m really arguing about something out of scope for many. \n\nHowever, the planned SS port to esp32 hardware further lowers the cost, adds optionality, and increases supply chain attack resilience (the argument is “what if someone hw hacks the suppliers”; search “supermicro bloomberg” for an example).",
"sig": "60a70beb090a3f129448e9f56429a5926f610f635f8f29a93935911de6090987a27bcc7d1915e9fec441628f8a7e4f871a55a435d434a5ec78680322710cfe2c"
}