Frage zum Safe 3 im Vergleich zum Model T mit SD-Karte

[root_s2yse8vt]

Up

0

Down

::

Ich verstehe, dass es Unterschiede in der Anwendung der Sicherheit zwischen dem neuen Safe 3 und dem erweiterten SD-Schutz für das Model T gibt, aber was macht der neue SE-Chip, was die SD-Karte nicht macht? [https://trezor.io/learn/a/encrypt-pin-with-microsd-card](https://trezor.io/learn/a/encrypt-pin-with-microsd-card)

Beim Model T ist alles noch Open Source. Sie können die SD-Karte entfernen, um einen zusätzlichen Schutz zu erhalten, und Sie haben immer noch die Option 25.

Mit dem neuen Safe 3 haben Sie den geschlossenen Quellcode SE. Sicher, es ist bequemer, aber gibt es einen zusätzlichen Sicherheitsvorteil, den die SD-Karte nicht bieten kann?

[matejcik]

Up

0

Down

::

Think of the secure element as a much better SD card. It’s a SE, after all, one letter better 🙂

The SD card just has a static secret on it. If you forget it in the Trezor, or if someone finds it, they can just pop it into a computer and copy the secret.

The SE has its own 16 tries limit (in addition to the one checked by Trezor), and won’t give out the secret unless you already know the right PIN.

As for the „closed source“ thing, your SD card is also very much closed source.

There is literally no downside — even in the absolutely worst case, if it turned out that the SE is totally evil and malicious, the Trezor is still exactly as secure as if the SE was just a fancy SD card.

[-johoe]

Up

0

Down

::

The SD card only provides protection if you remove it and store it separately from your Trezor. If a hacker gets access to the Trezor and the SD card, there is no protection beyond the already broken read-out protection of the ST micro controller.

If you can guarantee that the hacker can never access the SD card, then that it is more secure. But note that an SD card can easily be copied. The copied SD card can be used, when someone gets physical access to the Trezor later.

[Autor]

Beiträge