Hardware wallet maker Ledger rekindled an old feud with competitor Trezor in a February 13 blog post highlighting the claimed benefits of its internal Secure Element chips. Trezor’s co-founder and CEO, SatoshiLabs, Marek “Slush” Palatinus, responded in a Tweeter accusing the post office of being “dishonest” and of not telling “the whole story”.
The Ledger journal compared the three types of internal chips common to hardware wallet devices: microcontrollers (MCU), Safe Memory chips and its own secure components.
He claimed that the MCUs found in the Trezor wallets were intended for general devices such as microwaves and television remote controls, and had no built-in countermeasures against physical security attacks.
In addition, he said that Safe Memory chips, used in some hardware wallets from other manufacturers, were not tested by third parties and were vulnerable to side channel attacks when private keys were transmitted to the MCU.
Only part of the story
Palatinus retweeted the message, claiming that Ledger was “dishonest” and “period[ing] only part of the whole story. “
A non-disclosure agreement (NDA) for suppliers of Secure Elements chips prevents wallet manufacturers from discussing security concerns, according to the tweet:
“Trezor uses non-NDA chips so that we can be completely transparent and act in your best interest.”
Palatinus promised to speak more about the implications of NDAs for end-user security at the Bitcoin 2020 conference in March.
Ledger had previously clashed with Trezor last March, when he released a report revealing five alleged vulnerabilities in Trezor’s hardware portfolios.
As Cointelegraph reported, Trezor was quick to respond, pointing out that none of the vulnerabilities were critical for hardware portfolios. In addition, none of the weaknesses could be exploited remotely, all requiring physical access to the device.
Things seemed to have calmed down since then, but with this last message, Ledger may well have revived an old ox.