Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 18EC1722 for ; Mon, 22 Aug 2016 16:50:15 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-it0-f46.google.com (mail-it0-f46.google.com [209.85.214.46]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B0A581AF for ; Mon, 22 Aug 2016 16:50:14 +0000 (UTC) Received: by mail-it0-f46.google.com with SMTP id e63so96546553ith.1 for ; Mon, 22 Aug 2016 09:50:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=9ERdR9XwDWdnFUF+mXs7wyEP8wdpLtjl98sb7P3bpRU=; b=fXnq5DPk3KafFE0x4XA49UZygC/AbAp81HxMvak08mV/4bGeHUzYCBGm4vYaWJBEzk P3lftyUOJOWc3krndUrJnXnvxTpnx2xbHVxCcpbB0+FWcJaJwoxcsl9KcnHtChESru4z +vL1sg9iU5KYWFoQFAcoG6k3Js9f4Az3QcgdsGj3CvVNhWtrAHmfney+DbXcUHcVa4dw OZcfz/lDXi5B6NwfIKLNyyRyu6fLi8szdCW2Ka0KAoH4N2mRx8uJC9zVY1/Zpg4bAUzF U3x2QnurxxtWwpwgBrjr3pykMDcP7/WHIkujN7I6Dnj31OIkU3ZFNYIYIFELPUPdEdaT uo7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=9ERdR9XwDWdnFUF+mXs7wyEP8wdpLtjl98sb7P3bpRU=; b=gc3Igy7X/h2zsaBpkUXqbtJlxj5694ZjHlF++CHOgWL+HhMR9eEAog+ZZeB1MNjjUq OK9ZaPzW6hV7pph7OdFYXFlV7uTwVYvNIVHiXqtAsXvefmLbAkaXk7zhtNNAn1tUjgpU muD3Cp+R/Tf51r/KM7+Ar2MerP4VjYs/RERoaqO0pt876KTWHCE6k11sXX9dCfShkfp0 hmpJNwotjJlNOIBoVUJhu3vdp6o4/cfv21NGq83Sxp5md1hhMhmdq71q7RyuqJqVOx7l B2ny6cKFCkfn/qRXsVX06l9WjGhjMO5F6UiCtmAPBRHuE+pA+iYgzNNEZNGmoVYXC5K0 C3Yg== X-Gm-Message-State: AEkoouv4T0gj8Bx+cvEoxK3P73J1fjHHNPY2ucGCmJwkONQhZG307RC/1eed+zaDogJUKurh7JWsFu1mo+5pkw== X-Received: by 10.107.128.25 with SMTP id b25mr27005498iod.110.1471884613971; Mon, 22 Aug 2016 09:50:13 -0700 (PDT) MIME-Version: 1.0 Received: by 10.50.80.15 with HTTP; Mon, 22 Aug 2016 09:50:13 -0700 (PDT) In-Reply-To: <57B31EBC.1030806@jonasschnelli.ch> References: <57B31EBC.1030806@jonasschnelli.ch> From: Moral Agent Date: Mon, 22 Aug 2016 12:50:13 -0400 Message-ID: To: Jonas Schnelli , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary=001a113fb59690f309053aabd707 X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Mon, 22 Aug 2016 16:58:17 +0000 Subject: Re: [bitcoin-dev] Hardware Wallet Standard X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Aug 2016 16:50:15 -0000 --001a113fb59690f309053aabd707 Content-Type: text/plain; charset=UTF-8 It would be nice if the detached signer and the normal wallet could both verify the correctness of generated addresses before you cause coins to be sent there. e.g. the hardware wallet could give its master public key to Bitcoin Core and you can thereafter generate your receiving addresses on Core, with the option to have the HW wallet validate them. One of my biggest fears about using any wallet is the "whoops, cosmic ray flipped a bit while producing receiving address; SFYL!" possibility. For high value cold storage, I always generate my addresses on two independent machines using two different pieces of software. Am I nuts for doing that? With the above scheme, you are pretty well protected from losing money if your HW wallet is defective. You could still lose it if the HW wallet was evil of course, but that strikes me as much more likely to be discovered quickly. --001a113fb59690f309053aabd707 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
It would be nice if the detached signer and the normal wal= let could both verify the correctness of generated addresses before you cau= se coins to be sent there.

e.g. the hardware wallet coul= d give its master public key to Bitcoin Core and you can thereafter generat= e your receiving addresses on Core, with the option to have the HW wallet v= alidate them.

One of my biggest fears about using = any wallet is the "whoops, cosmic ray flipped a bit while producing re= ceiving address; SFYL!" possibility. For high value cold storage, I al= ways generate my addresses on two independent machines using two different = pieces of software. Am I nuts for doing that?

With the above scheme, you are pret= ty well protected from losing money if your HW wallet is defective. You cou= ld still lose it if the HW wallet was evil of course, but that strikes me a= s much more likely to be discovered quickly.
--001a113fb59690f309053aabd707--