— — — — — — — — -
Our design goal of the hardware is to become “Internet isolated”. It’s equipped with a bare minimum set of interfaces and none of them has any networking capability, namely: a camera to read QR code from the phone app, a touchscreen to interact with the user, a MicroSD slot (under the back cover) for an occasional firmware update, and a charging-only USB port. Hackers’ chance to remotely access your secret data is pretty much zero.
The wallet exchanges data with the app through QR scans only. The data are all non-sensitive and the process requires your attention and manual effort to complete. Malwares have no chance to steal your secret either.
High-quality random source
— — — — — — — — — — — — —
Your private key is essentially a random number, therefore the quality of randomness is an important part of the overall security. The random numbers in ELLIPAL cold wallet are never calculated, but are all sourced from environmental noises and system entropy sources. The result is guaranteed unpredictable randomness which is cryptographically secure.
Static data security
— — — — — — — — — —
What happens when a thief gets hold of your wallet? Firstly guessing the password is futile: after 10 failed guesses the wallet will erase everything stored in it. ELLIPAL stores your sensitive data in a special security zone. It’s encrypted using AES-128 by a key derived from your password. Even if the thief has professional reverse engineering equipment to extract the encrypted data, it would take him/her many years to break it. By that time you would have already acquired a new wallet and recovered all your funds through mnemonics. For additional peace of mind, you may as well transfer all the funds to a new account.
Please remember that the mnemonics is the only and sure way to recover your accounts in case of physical loss or damage, or when you forget your password. Neither the mnemonics nor your password is stored in the wallet, therefore, they can not be stolen. Keep your mnemonics in a safe place and you can rest assured of your funds.
Runtime data security
We have employed multitude of runtime detection techniques to ensure the critical processes to be secure, which includes the initial account creation and transaction authorization. The runtime code and data cannot be falsified, nor can it be exploited to extract secret information. We take the “no trust” philosophy into our design thoroughly. The wallet never trusts its input unless everything is checked clear. For example, presenting the wallet with a fake QR scan will never work. It’s also true in firmware updates: if the firmware image is tampered it will be rejected.
Taken from Medium.