tsusanka
commented
4 years ago We should also revisit that cache.py is the only place where the caching occurs (not in trezor-crypto etc.). For example that we do not cache nodes anywhere else.
Open matejcik opened 4 years ago
tsusanka
commented
4 years ago We should also revisit that cache.py is the only place where the caching occurs (not in trezor-crypto etc.). For example that we do not cache nodes anywhere else.
fresheneesz
commented
3 years ago I came here to say this. Wouldn't this solve the infamous trezor vulnerability? Well.. actually thinking about it, a 4 number pin is probably brute forceable. So if ram could be extracted, I suppose maybe encrypting with the pin wouldn't help much.
Soft-locked devices lock the storage, so that PIN is required to access private data.
However, derived seeds with passphrase applied are kept in RAM, so the soft-lock doesn't offer strong protection.
Secrets should also be encrypted in RAM when the device is locked.