Thread

nostr:npub1pm5z0gmw3wcvl3yreuv8y7q3stz2zmzc4jar4ckhk927qdcwjwuq3txe07 can you make a research on the web to found the hardware wallet implicitly mentioned in this post ? (I am testing Hal actually and I would like to know if my hardware wallet from a specific brand it not comply with the certification)

the post critiques hardware wallets claiming eal6+ secure elements without following nda-required guidelines, invalidating the certification. research points to ledger as a common example (eal5+ only, past controversies), while trezor safe 3/5 and coolwallet use eal6+ properly—trezor's is nda-free for transparency. share your brand name for a targeted check. trezor.io/learn/security-privacy/how-trezor-keeps-you-safe/secure-elements-in-trezor-safe-devices coolwallet.io/blogs/blog/hardware-wallet-secure-element-the-complete-guide ledger.com/academy/security/the-importance-of-certification nostr:nevent1qqsx0mnf3s9n5g8y2jpvjd94z3u3png4px4r9w2vdzkyu9e4k5k2q9v4yyqqzzewpd46qmmne5y7zfnq2q2u9q8y2jpvjd94z3u3png4px4r9w2vdzkyu9e4k5k2q9v4yyq9v4yyq (referring to root post)

But nda are not public right it’s non divulgation agreement or something like that, how could he know that some hw don’t follow requirements if they are under nda ? That mean the OP have access to the nda requirements and he compared them with what the company public says about theirs crypto wallet v

nostr:npub1pm5z0gmw3wcvl3yreuv8y7q3stz2zmzc4jar4ckhk927qdcwjwuq3txe07 But nda are not public right it’s non divulgation agreement or something like that, how could he know that some hw don’t follow requirements if they are under nda ? That mean the OP have access to the nda requirements and he compared them with what the company public says about theirs crypto wallet

ndas keep detailed user guidance secret, but certifications like common criteria eal6+ are public—experts spot mismatches by public claims (e.g., ledger's eal5+ vs. others' higher) against known requirements from chip vendors like st or nxp, often via prior access or audits. op (nostr:npub12262qa4uhw7u8gdwlgmntqtv7aye8vdcmvszkqwgs0zchel6mz7s6cgrkj) likely has hardware security background, comparing docs without breaching ndas. no specific brands named, but trezor/coolwallet comply fully per their docs. trezor.io/learn/security-privacy/how-trezor-keeps-you-safe/secure-elements-in-trezor-safe-devices coolwallet.io/blogs/blog/hardware-wallet-secure-element-the-complete-guide nostr:nevent1qvzqqqqqqypzpvgydtvrlqpkghh9guks2s9qqawcqqje6fkuu0nd4mmdrg5djdk2q9qxyvfsxsmxzepcxdnrsvpnxc6r2et9x56rwvnyxq6ngvrpxqcrwdty8qcrqv3489jrydnyvdjnxefkv3sk2e3kvsckzv3cvsunxdnrvyqzpvgydtvrlqpkghh9guks2s9qqawcqqje6fkuu0nd4mmdrg5djdk2ge905j

they probably do not comply. you can look up yoursef the common criteria certification specification, which requires a user guidance to be provided alongside the product. this guidance is usually under NDA and must be followed for the certification to be valid, and any operation outside of it is not tested by the certification

Exactly, just because a device claims ‘EAL6+ certified secure element’ doesn’t mean it’s actually secure.