Hi HN, project author here! Happy to answer any questions. It’s common for blockchain developers and advanced users—who create their own tools for interacting with a blockchain—to store secret keys in plaintext .env files, configuration files, or software wallets. This makes secret keys an easy target for attackers. B.T.N.H.W. was created to address this issue. Hardware wallet designed for advanced users and developers working with EVM-compatible blockchains. It is fully open-source.
Any thoughts about porting this to Pico 2 and utilising the secure enclave it has? (Though it’s still flawed, there’s been multiple total compromise bugs announced a few days ago: https://news.ycombinator.com/item?id=42705338)
Good question. The short answer is no. The longer answer is that there’s no such device on the horizon, because reliable security enclaves are expensive—and even if cost weren’t an issue, the resulting device would be too cumbersome to maintain and use. For now, the secureLock mechanism is sufficient. However, in the near future I’d like to add an on-device screen for verifying messages before signing, using something like this module:
