Skip to content

GitLab

    • GitLab: the DevOps platform
    • Explore GitLab
    • Install GitLab
    • How GitLab compares
    • Get started
    • GitLab docs
    • GitLab Learn
  • Pricing
  • Talk to an expert
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    • Switch to GitLab Next
    • Menu
    Projects Groups Snippets
  • Get a free trial
  • Sign up
  • Login
  • Sign in / Register
  • walletScrutiny walletScrutiny
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 94
    • Issues 94
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 6
    • Merge requests 6
  • Deployments
    • Deployments
    • Releases
  • Packages & Registries
    • Packages & Registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • WalletScrutiny
  • walletScrutinywalletScrutiny
  • Issues
  • #380
Closed
Open
Created Dec 04, 2021 by Leo Wandersleb@GiszmoOwner

Investigate security aspects of Keystone hardware wallet

The provider claims the product to be open source but then mentions some source not even being available without singing an NDA first, which is in clear contradiction to claims about being Open Source.

If the stack is designed in a way that contains non-public code to parts that cannot put the private keys at risk, the product might still be reproducible like the BitBox02 where the closed source is only on the SE and never even sees the masterseed but given the Keystone is running a full Android OS, it's probably more complicated.

Assignee
Assign to
Time tracking