MIME-Version: 1.0
In-Reply-To: <CACiOHGycQKr3zETzhOfxzOFb2FgqOou_3bod66NuPWbf=4hhEQ@mail.gmail.com>
References: <57B31EBC.1030806@jonasschnelli.ch>
	<CACiOHGycQKr3zETzhOfxzOFb2FgqOou_3bod66NuPWbf=4hhEQ@mail.gmail.com>
From: Corey Haddad <corey3@gmail.com>
Date: Sun, 28 Aug 2016 16:14:03 -0700
Message-ID: <CAK_HAC-AeJPDa6+SU3wPtnP_UJ_WciyhYZAu9F7_6S02ZGZvaA@mail.gmail.com>
To: Moral Agent <ethan.scruples@gmail.com>, 
	Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary=94eb2c111de859b915053b29e73b
Subject: Re: [bitcoin-dev] Hardware Wallet Standard
Precedence: list

--94eb2c111de859b915053b29e73b
Content-Type: text/plain; charset=UTF-8

*One of my biggest fears about using any wallet is the "whoops, cosmic ray
flipped a bit while producing receiving address; SFYL!" possibility. For
high value cold storage, I always generate my addresses on two independent
machines using two different pieces of software. Am I nuts for doing that?*
A randomly flipped bit would be extremely unlikely to yield a valid
address, however, I still think it you are wise to use independent routes
to confirm that your addresses match the keys.  I do the same when I
generating my cold storage key pairs.  I think malicious address
substitution is an under appreciated attack vector.

Regarding this thread in general, would it make sense for this proposal to
include standards for multi-sig wallet interoperability?  A whole spectrum
of attacks would be made less likely - and easy for typical users to guard
against - by using wallets on separate devices AND where the wallet
software was written and provided by different parties.

On Mon, Aug 22, 2016 at 9:50 AM, Moral Agent via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> It would be nice if the detached signer and the normal wallet could both
> verify the correctness of generated addresses before you cause coins to be
> sent there.
>
> e.g. the hardware wallet could give its master public key to Bitcoin Core
> and you can thereafter generate your receiving addresses on Core, with the
> option to have the HW wallet validate them.
>
> One of my biggest fears about using any wallet is the "whoops, cosmic ray
> flipped a bit while producing receiving address; SFYL!" possibility. For
> high value cold storage, I always generate my addresses on two independent
> machines using two different pieces of software. Am I nuts for doing that?
>
> With the above scheme, you are pretty well protected from losing money if
> your HW wallet is defective. You could still lose it if the HW wallet was
> evil of course, but that strikes me as much more likely to be discovered
> quickly.
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>

--94eb2c111de859b915053b29e73b
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><i>One of my biggest fears about using any wallet is =
the &quot;whoops,=20
cosmic ray flipped a bit while producing receiving address; SFYL!&quot;=20
possibility. For high value cold storage, I always generate my addresses
 on two independent machines using two different pieces of software. Am I
 nuts for doing that?<br><br></i></div><div>A randomly flipped bit would be=
 extremely unlikely to yield a valid address, however, I still think it you=
 are wise to use independent routes to confirm that your addresses match th=
e keys.=C2=A0 I do the same when I generating my cold storage key pairs.=C2=
=A0 I think malicious address substitution is an under appreciated attack v=
ector.<br><br></div><div>Regarding this thread in general, would it make se=
nse for this proposal to include standards for multi-sig wallet interoperab=
ility?=C2=A0 A whole spectrum of attacks would be made less likely - and ea=
sy for typical users to guard against - by using wallets on separate device=
s AND where the wallet software was written and provided by different parti=
es.<br></div></div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote=
">On Mon, Aug 22, 2016 at 9:50 AM, Moral Agent via bitcoin-dev <span dir=3D=
"ltr">&lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=
=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a>&gt;</span> wrote:<br>=
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr">It would be nice if the det=
ached signer and the normal wallet could both verify the correctness of gen=
erated addresses before you cause coins to be sent there.<div><br></div><di=
v>e.g. the hardware wallet could give its master public key to Bitcoin Core=
 and you can thereafter generate your receiving addresses on Core, with the=
 option to have the HW wallet validate them.</div><div><br></div><div>One o=
f my biggest fears about using any wallet is the &quot;whoops, cosmic ray f=
lipped a bit while producing receiving address; SFYL!&quot; possibility. Fo=
r high value cold storage, I always generate my addresses on two independen=
t machines using two different pieces of software. Am I nuts for doing that=
?</div><div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">With=
 the above scheme, you are pretty well protected from losing money if your =
HW wallet is defective. You could still lose it if the HW wallet was evil o=
f course, but that strikes me as much more likely to be discovered quickly.=
</div></div>
<br>______________________________<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
<wbr>linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-<wbr>dev</a><br>
<br></blockquote></div><br></div>

--94eb2c111de859b915053b29e73b--