|
Charles Guillemet
@
P3b7_
Grenoble
|
|
CTO @Ledger. Cryptography, (Hardware) Security research. Interested in Tech, Security, Cryptography, Blockchain.
Built the Donjon (@DonjonLedger)
|
|
|
630
Tweetovi
|
265
Pratim
|
2.690
Osobe koje vas prate
|
| Tweetovi |
| Charles Guillemet proslijedio/la je tweet | ||
|
Nicolas Krassas
@Dinosn
|
3. velj |
|
TeamViewer stored user passwords encrypted, not hashed, and the key is now public
whynotsecurity.com/blog/teamviewe…
|
||
|
|
||
| Charles Guillemet proslijedio/la je tweet | ||
|
Ryan Hurst
@rmhrisk
|
2. velj |
|
I do like that Trezor is all OSS (primary value IMHO) but in practice I believe it has limited value. The Ledger “smart card pattern” vs “using generic processors” brings a lot of value when assessing against associated threat models.
|
||
|
|
||
|
Charles Guillemet
@P3b7_
|
2. velj |
|
Glitching is a low potential attacker threat. Secure Elements embedd hardware glitching detectors which trivially detect power glitches. They use internal clock, avoiding clock glitching.
But, they have to protect against many other threats such as EMFI, Laser FI, SCA...
|
||
|
|
||
|
Charles Guillemet
@P3b7_
|
2. velj |
|
If I remember correctly, the "bounty seed" is stored in the device, encrypted with a user given passphrase...
So, you're given 1 BTC to break an encryption algorithm 🤔
|
||
|
|
||
| Charles Guillemet proslijedio/la je tweet | ||
|
Aleksei
@hellman1908
|
2. velj |
|
I am starting a blog. First post is about the StarkWare Hash Challenge affine.group/2020/02/starkw…
|
||
|
|
||
|
Charles Guillemet
@P3b7_
|
1. velj |
|
I was talking about common criteria, which is clearly the most serious certification scheme.
For the rest, manufacturers keep their know-how secret mostly to keep their competitive advantage
|
||
|
|
||
|
Charles Guillemet
@P3b7_
|
1. velj |
|
I agree that more transparency in hardware would benefit to the industry.
But for now, proprietary secure elements are the best option in terms of security.
I'm looking forward your talk at Bitcoin 2020!
|
||
|
|
||
|
Charles Guillemet
@P3b7_
|
1. velj |
|
The 'how' is indeed confidential.
The threat model and the attacks against which these certified chips protect is public.
Consumers can have guarantees that a 3rd party lab assessed this resistance.
In particular, it's (at least) extremely difficult to extract secret from them
|
||
|
|
||
|
Charles Guillemet
@P3b7_
|
1. velj |
|
Yes, STM32 MCU datasheet is public, but no one (except ST) knows what is exactly inside the chip...
There is even some undocumented low level software in the chip... at least the one used to dump the flash content ;)
It's impossible to have guarantees on what's running in it
|
||
|
|
||
|
Charles Guillemet
@P3b7_
|
1. velj |
|
I'd say Atecc chips are almost as open as STM32 (datasheet is public, implementation of the circuit is not), especially if you don't use the crypto stack
Btw, these Atecc chips are not certified, so without a 3rd party audit, security of these chips is mostly the vendor's claim
|
||
|
|
||
|
Charles Guillemet
@P3b7_
|
1. velj |
|
I don't think 30 years spent in defining and improving a security evaluation and certification scheme can be qualified as "security theater"...
Typically, secure element include countermeasures against physical attacks like glitching (which is the most basic)
|
||
|
|
||
|
Charles Guillemet
@P3b7_
|
31. sij |
|
Exchanges agree with that :)
twitter.com/jespow/status/…
|
||
|
|
||
|
Charles Guillemet
@P3b7_
|
31. sij |
|
Still, it's more secure to HODL with a Hardware wallet rather than in an exchange
Considering an attacker w/ a physical access to the Trezor, a STRONG passphrase mitigates the attack
An attacker with simply a malware on your PC/mobile would get your exchange creds in 1 min... twitter.com/DonjonLedger/s…
|
||
|
|
||
|
Charles Guillemet
@P3b7_
|
31. sij |
|
Yes, it's a mitigation, rather than a fix...
|
||
|
|
||
|
Charles Guillemet
@P3b7_
|
31. sij |
|
"We responsibly disclosed the full details of this attack to the Trezor team [...]. We are going public with this vulnerability disclosure now so that the crypto community can protect themselves before a fix is released by the Trezor team."
The attack is not fixable, so ... twitter.com/krakenfx/statu…
|
||
|
|
||
|
Charles Guillemet
@P3b7_
|
31. sij |
|
To my knowledge, @DonjonLedger has not been contacted by Kraken security lab... :/
|
||
|
|
||
| Charles Guillemet proslijedio/la je tweet | ||
|
Ledger Donjon
@DonjonLedger
|
31. sij |
|
2/2. The attack is indeed feasible with a low-cost hardware. We built our own card to ensure this.
With a few additional efforts you might be able to dump the WHOLE chip in less than 1 minute pic.twitter.com/YuUvvcPpOy
|
||
|
|
||
| Charles Guillemet proslijedio/la je tweet | ||
|
Ledger Donjon
@DonjonLedger
|
31. sij |
|
1/2. Congrats @kraken for contributing to secure the ecosystem!
Your attack is very close to the one we implemented a year ago donjon.ledger.com/Unfixable-Key-…
As the attack is not fixable, we preferred not sharing the details to avoid exploitation on the field. twitter.com/krakenfx/statu…
|
||
|
|
||
| Charles Guillemet proslijedio/la je tweet | ||
|
Ledger
@Ledger
|
31. sij |
|
|
||
|
|
||
| Charles Guillemet proslijedio/la je tweet | ||
|
Ledger
@Ledger
|
31. sij |
|
Let’s take back control, for real!
On the day of the #Brexit, we empower people to take control and experience the #PowerOfCrypto.
Learn more: bit.ly/2GRkFCt pic.twitter.com/OPeJLEM649
|
||
|
|
||