book icon indicating copy to clipboard operation
book copied to clipboard
verified publisher icon hashbang

More clarification on entropy sources for Trezor/Ledger HSMs

Open lukechilds opened this issue 5 years ago • 1 comments

The disadvantages section of both Trezor and Ledger say that the entropy source is controlled entirely by ARM:

https://github.com/hashbang/book/blob/1845c4c5c432e19a2c29b54f10c6f8d4f6137f2f/content/docs/security/personal-hsms/ledger.md#L20 https://github.com/hashbang/book/blob/1845c4c5c432e19a2c29b54f10c6f8d4f6137f2f/content/docs/security/personal-hsms/trezor.md#L15

I think it would be beneficial to clarify that the user can use their own external entropy as a source by importing a BIP39 mnemonic seed phrase.

If this has been carefully generated via a scheme like diceware then it's literally just using the universe as it's entropy source.

In my opinion this is a huge advantage of these two devices.

lukechilds avatar Apr 14 '20 08:04 lukechilds

@lrvick I know that BIP39 seed phrasing is something you were interested in. Did you know about this?

RyanSquared avatar Apr 14 '20 08:04 RyanSquared