Hey all.
I’m wondering if anyone knows if there is any real disadvantage from a security perspective in using the biometric auth + secure enclave rather than a hardware wallet? They strike me as largely the same security. Thoughts?
2 Likes
A hardware wallet has its own display that it has sole control over. When you press the “confirm” button on the hardware wallet you can be sure that what you see on its display is what you are signing.
A biometric sensor does not have its own display. If for example you are talking about a fingerprint sensor in a laptop and the laptop OS is compromised then it can most likely fool you into signing something that you don’t want to sign. I know that there can be ways that the secure enclave can have priority control over certain areas of a phone’s display but I don’t know to what extend this is or can be used.
If this question is about what to use with the NNS dapp then it should also be pointed out that NNS dapp with II and biometric auth uses delegations whereas NNS dapp with hardware wallet does not. Delegations have the convenience that after authenticating once with the biometric sensor (“logging in”) one can do multiple actions in the browser whereas with a hardware wallet you need to confirm every single action on the hardware wallet itself. Delegations though leave a larger attack surface because a temporary session key has to live in the browser where it could be attacked. But not sure if your question was related to the NNS dapp at all or more general.
4 Likes
Sorry yes it was mainly in relation to the NNS but appreciate the general answer. Someone else I asked elsewhere made the same point about the display. I have the impression - perhaps incorrectly - that attacks that mimic an application or take advantage of temporary session keys are extremely difficult to pull off but it’s true that the possiblity doesn’t exist with hardware wallets so it’s inaccurate to describe their security as equivalent.
2 Likes