Is commodity hardware really suitable for the average person?
214 sats \ 6 comments \ @joko 23 Nov 2022 bitcoin
Disclaimer: I work for a hardware wallet company. The point of this thread is a healthy discussion, not to talk down certain projects or people.
In the recent years we've seen a huge influx of projects utilizing commodity hardware like the raspberry pi series to build nodes and hardware wallets. The reasoning for using commodity hardware is that there are less supply chain risks associated with them, because the retailer doesn't know what you are going to do with it. They can't just place a backdoor into every raspberry pi zero, hoping someone will generate a bitcoin wallet on it. This is certainly true!
But doesn't the risk just shift from the hardware supply chain to the software supply chain? Because the hardware can be flashed with any image, accidentally downloading the wrong image / compiling the wrong repository could present a very serious security threat. This also assumes the host device that's used for flashing has to be trusted, as it could theoretically flash another compromised image in the background.
What do you think? Am I too paranoid?
write
preview
related posts
12 sats \ 1 reply \ @sime 23 Nov 2022
It does shift. But we have to put trust somewhere: hardware or software.
Diversity in hardware wallets is good, its pushes the industry further.
The trade off is UX, people who decide to DIY are doing it for the love. And assume they will encounter some tradeoffs. But they are hackers and the hacker mindset is beautiful.
Our role as hardware wallet producers is to cater to those who don't have the skills or desire to DIY.
The DIY community pushes the hardware wallets producers to remain transparent.
reply
1 sat \ 0 replies \ @joko OP 23 Nov 2022
100% agree!
reply
1 sat \ 2 replies \ @ncryppt 23 Nov 2022
At least you can verify software builds to a certain degree
reply
1 sat \ 1 reply \ @joko OP 23 Nov 2022
That's true, but my points still stand that you have to trust the computer and that the average person won't be able to verify the software
reply
2 sats \ 0 replies \ @ncryppt 23 Nov 2022
Agreed, average joe will definitely not verify
reply
0 sats \ 0 replies \ @01xCc 23 Nov 2022
используй старый проверенный код соседа. скопируй у друга.
reply