Closed no111u3 closed 5 years ago
Nitrokey Storage doesn't contain a STM32. Instead it contains a certified smart card to store cryptographic keys.
Edit: this is about this paper: Shedding too much Light on a Microcontroller's Firmware Protection
@no111u3 to add:
Additionally, Nitrokey Pro and Storage products contain smart cards, which keep the actual secrets - OpenPGP keys, user custom data, and internal data encryption key.
Edit: Nitrokey Storage uses AVR32. Edit: Other than that, this is a great paper, and it is perfectly fine to have doubts about used MCUs. It increases the awareness about the potential hardware attacks, which I appreciate. One should assume models of other producers are prone too to similar attacks, unless it was specifically designed to avoid it. Thank you for reporting!
The current STM32 mcu's have easy to reproduce hack metodology - https://www.aisec.fraunhofer.de/en/FirmwareProtection.html.
I think stm32 mcu's are dangerous for key storage.