With the present {hardware} wallets, there may be AFAIK no approach for a buyer to confirm if the HW pockets certainly generates safe, personal addresses. All checks really simply use varied strategies to confirm the firmware and {hardware} integrity which make hacks harder however not not possible. However nonetheless, you possibly can’t say if the HW pockets simply doesn’t emulate the unique software program whereas it does different issues. Even when the firmware is open supply, you possibly can’t say if the code you see is certainly operating on the {hardware}. And even while you modify the code and add it to the pockets, you continue to cannot make certain if the add really rewrites the firmware, or in case your code is simply interpreted someway to imitate your code however nonetheless managed by an attacker’s firmware.
At the very least, there are these potential assault vectors that the compromised HW wallets can do and software program cannot detect them:
- Seed won’t be randomly generated. As a substitute, some pre-generated seed (or one among) recognized to the attacker can be displayed. There is no such thing as a approach for the consumer to confirm it, because the HW pockets generates it fully (and the software program doesn’t even see it).
- The seed is random however the derived addresses (and xpubs) are usually not derived from the seed. As a substitute, some attacker’s pre-generated addresses are used. As a result of the consumer would not know the seed (and it clearly shouldn’t know), it may well’t confirm if the derivation is right. Passphrases don’t assist both; one other set of compromised addresses may very well be displayed as effectively and the consumer cannot confirm it.
The primary challenge comes from BIP39, and the second challenge comes from BIP32, extensively used requirements. Are there some other requirements/proposals that tackle these two weaknesses? Like producing part of the randomness on the consumer and implementing its utilization within the derived addresses.
My aim is to be secure till each HW and SW are faux. The present state is we’re secure if and provided that the HW will not be faux and real SW can not help.
Are my ideas cheap? Is that this an issue?