- Does the hardware wallet have an entropy source?
- Yes, the
True
random number generator peripheral implemented on wallet microcontrollers is based on an analog circuit. This circuit generates a continuous analog noise that will be used by the RNG processing in order to produce a 32-bit random number. To verify the true randomness of the numbers generated a verification is performed based on the National Institute of Standards and Technology (NIST) Statistical Test Suite (STS) SP 800-22rev1a (April 2010).
- Yes, the
- Does the hardware wallet get entropy from the host machine?
- Yes, an external random 32 bytes buffer is used to increase internal entropy when performing cryptographically sensitive operations e.g. mnemonic generation
- How does the hardware wallet get entropy?
- The hardware wallet generates internal entropy from a peripheral device. This value is salted with several sources so as to make unfeasible some kinds of dictionary and lookup attacks (e.g. rainbow tables ). The salt is chosen in such a way that no two devices can generate the same value in (at least) the time frame of a human lifetime. Such values might not be particularly random. Internal entropy is eventually combined with an external entropy received from the user host device.
- What types of salt sources are considered ?
- Between devices (such as device UUID)
- Between device runs (at init time)
- Over time (after init, value continues to change)
- What are salt sources used in firmware ?
- MCU core registers
- We use constant values of three registers, namely: PC - shows which instruction perform next. SP - track the call stack LR - hold the address of the function.
- Device UUID
- Every Microcontroller has its universal unique identifier which is stored at the specific location in memory, depending on different families. As it is unique in every device, it can be used as a good salt for the entropy.
- SysTick timer
- All the Microprocessor have it, regardless of the manufacturer. Systick timer is a part of the core.
- Unconnected GPIO pins
- We configure a detached port as an input and then read the value from it. Because of specific physical processes appears noise, which goes with waves, which has minimal statistical dependence.
- MCU core registers
If you see an inverted skycoin logo in bootloader mode like in the following image, maybe you have either flashed for development or not official device.
If you are experiencing any issues:
- Determine if your particular case is mentioned in troubleshooting section and try to follow the corresponding instructions to fix it.
- Contact the developers via Skycoin development channel in Telegram.
If the Skywallet operates with an unofficial firmware, the user needs to confirm upon startup, that he wants to continue with this unofficial firmware and click I will take the risk.
If that does not happen in under 2 seconds, the device often will not be recognized. Unplug und re-connect the device. Click the right buttons twice within 2 seconds.
When a firmware is installed on the device, the Go CLI can be used to erase the firmware installed. To do so, the device needs to be in bootlaoder mode. Unplug the device and re-connect it, while pressing both buttons. Then go ahead with wiping the firmware or updating the firmware.
The official firmware distributed and signed by Skycoin checks the integrity of the bootloader and aborts if the bootloader hash is not registered in the firmware. Developers can build firmware themselves, that does not perform this check and can be freely used. Refer to the main README for instructions on how to build the firmware without the hash check.