Take something like the Trezor for instance. It's 100% open source. You can even build your own hardware to run it. This is great, but it requires a significant amount of time and deep knowledge of programming, cryptography and possibly electronics.
But if I just buy it, I have to trust the company that their hardware and software actually do what they claim.
How can I be sure that the private key doesn't leave the device, when both the wallet and my PC are running software developed by the same company? Do they not have the hypothetical capability of deploying an update that is able to sign malicious transactions or just transfer the key to the host?
As an other example, the Jade has neither wireless nor wired connections and communicates the transaction via scanning and displaying QR codes. As far as I can tell, even a malicious manufacturer could not retrieve the private key from such a device (unless it had some hidden wireless module).
But what's stopping it from modifying the destination address on-device, while displaying the correct address for confirmation and then showing the malicious signed transaction?
Are my assumptions wrong? Is there no hardware wallet design that requires no trust?
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments