EAL6+ vs EAL5+: Why Hardware Wallet Chip Certification Matters
I spent three years trusting a Ledger Nano S before realizing I had no idea what "secure element" actually meant. The spec sheet said "CC EAL5+ certified" and I assumed that was good enough. Then I started researching hardware wallet attacks and discovered my assumptions were completely wrong.
What Common Criteria EAL Ratings Actually Mean
Common Criteria (CC) is an international security certification standard (ISO/IEC 15408) used to evaluate everything from smartcards to military hardware. The Evaluation Assurance Level (EAL) scale runs from EAL1 to EAL7, but most consumer hardware lives in the EAL4βEAL6 range.
Here's what each level requires:
| EAL Level | What Gets Tested | Typical Use Case |
|---|---|---|
| EAL4 | Methodically designed, tested, and reviewed | Payment cards, SIM cards |
| EAL5 | Semi-formally designed and tested | Government ID cards, passport chips |
| EAL5+ | EAL5 + specific attack resistance (AVA_VAN.5) | Most hardware wallets |
| EAL6 | Semi-formally verified design and tested | Military communications, high-security banking |
Continue reading the full article on TildAlice
Top comments (0)