1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
|
Return-Path: <corey3@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id DE73E305
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 28 Aug 2016 23:14:05 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-it0-f53.google.com (mail-it0-f53.google.com
[209.85.214.53])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 4FE4F10E
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 28 Aug 2016 23:14:05 +0000 (UTC)
Received: by mail-it0-f53.google.com with SMTP id d65so73133997ith.0
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 28 Aug 2016 16:14:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
bh=mwheKuEz8RtzuicPoeTUx9RgzJAQjkvet1Ik+K3ZvgM=;
b=gRpW6tfGbNsLtvHFNC3ewiCfXGOAGtunHpgkTJjm8XDW02gR/OAwScyKqXNGBgHF+2
6zvZ383Eg8XuO3mT0mROVmgmWrpUrtYlAe66oc/8lg7Xf2hov6XiFveYAn01hXOP1Otx
g+GnyiBc3BwMidYEfM/W61h8UMqKD2FiI9QU1HU3TvB0AWCFvTJEJpSZOOKr7MZLfqQ+
YvQlOghTngiiyaINQa2c9kXpMepf9NGBq1uBuH0l++lE4mz8Vyc/uzJ7kmY+c8HdU+vY
y/OnRMid5qJg97Ue/aozzeBzMYQWItSts3S3QA6uxrbrIOooLn+u4BjMLOyhgC02Qo+q
ewww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to;
bh=mwheKuEz8RtzuicPoeTUx9RgzJAQjkvet1Ik+K3ZvgM=;
b=BgjxpEn+A0P89y3Sh+o4I12Z9wME95kdJEGvl23aQwEFJTG0iPSw9JzpqhYX5VnvSR
Ztra8LDhq2bjqD5i/9M5Sh2+pD4WL3E8fLJRMIQIYIqS7D4GPBGL9naN9X18CcZgv2wl
J+AJU2lZ0ngG+Imxoy7y3lPWpIZ1lRlXTY6hcFw08/T0xMEnDgAU93rj3x/1pYlxmDBO
SwzEsgnASNy+N65imuKYYBVPtW2p8Zqvyi+ISe2y3PF6aW9u6/H4sAj7aGJ7XCgudmQv
+h2kS4OY6yRN4pCQpgvHkkLnJquP8FCPT5GnVQ69fKiHQdaycJZuh2UPNNXCqVEa5qt3
mLfw==
X-Gm-Message-State: AE9vXwN7su0A0i1TVSH3XfO+PGhhtE5sHuPL2Rdqld9qZ1VnAAvsPvcHZWEsvqucuwzV/tJ0RVkU1xOgIrm7Ww==
X-Received: by 10.36.227.78 with SMTP id d75mr10726585ith.75.1472426044666;
Sun, 28 Aug 2016 16:14:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.228.73 with HTTP; Sun, 28 Aug 2016 16:14:03 -0700 (PDT)
In-Reply-To: <CACiOHGycQKr3zETzhOfxzOFb2FgqOou_3bod66NuPWbf=4hhEQ@mail.gmail.com>
References: <57B31EBC.1030806@jonasschnelli.ch>
<CACiOHGycQKr3zETzhOfxzOFb2FgqOou_3bod66NuPWbf=4hhEQ@mail.gmail.com>
From: Corey Haddad <corey3@gmail.com>
Date: Sun, 28 Aug 2016 16:14:03 -0700
Message-ID: <CAK_HAC-AeJPDa6+SU3wPtnP_UJ_WciyhYZAu9F7_6S02ZGZvaA@mail.gmail.com>
To: Moral Agent <ethan.scruples@gmail.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary=94eb2c111de859b915053b29e73b
X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,
HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] Hardware Wallet Standard
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Aug 2016 23:14:06 -0000
--94eb2c111de859b915053b29e73b
Content-Type: text/plain; charset=UTF-8
*One of my biggest fears about using any wallet is the "whoops, cosmic ray
flipped a bit while producing receiving address; SFYL!" possibility. For
high value cold storage, I always generate my addresses on two independent
machines using two different pieces of software. Am I nuts for doing that?*
A randomly flipped bit would be extremely unlikely to yield a valid
address, however, I still think it you are wise to use independent routes
to confirm that your addresses match the keys. I do the same when I
generating my cold storage key pairs. I think malicious address
substitution is an under appreciated attack vector.
Regarding this thread in general, would it make sense for this proposal to
include standards for multi-sig wallet interoperability? A whole spectrum
of attacks would be made less likely - and easy for typical users to guard
against - by using wallets on separate devices AND where the wallet
software was written and provided by different parties.
On Mon, Aug 22, 2016 at 9:50 AM, Moral Agent via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> It would be nice if the detached signer and the normal wallet could both
> verify the correctness of generated addresses before you cause coins to be
> sent there.
>
> e.g. the hardware wallet could give its master public key to Bitcoin Core
> and you can thereafter generate your receiving addresses on Core, with the
> option to have the HW wallet validate them.
>
> One of my biggest fears about using any wallet is the "whoops, cosmic ray
> flipped a bit while producing receiving address; SFYL!" possibility. For
> high value cold storage, I always generate my addresses on two independent
> machines using two different pieces of software. Am I nuts for doing that?
>
> With the above scheme, you are pretty well protected from losing money if
> your HW wallet is defective. You could still lose it if the HW wallet was
> evil of course, but that strikes me as much more likely to be discovered
> quickly.
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
--94eb2c111de859b915053b29e73b
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div><i>One of my biggest fears about using any wallet is =
the "whoops,=20
cosmic ray flipped a bit while producing receiving address; SFYL!"=20
possibility. For high value cold storage, I always generate my addresses
on two independent machines using two different pieces of software. Am I
nuts for doing that?<br><br></i></div><div>A randomly flipped bit would be=
extremely unlikely to yield a valid address, however, I still think it you=
are wise to use independent routes to confirm that your addresses match th=
e keys.=C2=A0 I do the same when I generating my cold storage key pairs.=C2=
=A0 I think malicious address substitution is an under appreciated attack v=
ector.<br><br></div><div>Regarding this thread in general, would it make se=
nse for this proposal to include standards for multi-sig wallet interoperab=
ility?=C2=A0 A whole spectrum of attacks would be made less likely - and ea=
sy for typical users to guard against - by using wallets on separate device=
s AND where the wallet software was written and provided by different parti=
es.<br></div></div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote=
">On Mon, Aug 22, 2016 at 9:50 AM, Moral Agent via bitcoin-dev <span dir=3D=
"ltr"><<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=
=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a>></span> wrote:<br>=
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr">It would be nice if the det=
ached signer and the normal wallet could both verify the correctness of gen=
erated addresses before you cause coins to be sent there.<div><br></div><di=
v>e.g. the hardware wallet could give its master public key to Bitcoin Core=
and you can thereafter generate your receiving addresses on Core, with the=
option to have the HW wallet validate them.</div><div><br></div><div>One o=
f my biggest fears about using any wallet is the "whoops, cosmic ray f=
lipped a bit while producing receiving address; SFYL!" possibility. Fo=
r high value cold storage, I always generate my addresses on two independen=
t machines using two different pieces of software. Am I nuts for doing that=
?</div><div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">With=
the above scheme, you are pretty well protected from losing money if your =
HW wallet is defective. You could still lose it if the HW wallet was evil o=
f course, but that strikes me as much more likely to be discovered quickly.=
</div></div>
<br>______________________________<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
<wbr>linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.<wbr>org=
/mailman/listinfo/bitcoin-<wbr>dev</a><br>
<br></blockquote></div><br></div>
--94eb2c111de859b915053b29e73b--
|