đ
Original date posted:2016-08-28
đ Original message:*One of my biggest fears about using any wallet is the "whoops, cosmic ray
flipped a bit while producing receiving address; SFYL!" possibility. For
high value cold storage, I always generate my addresses on two independent
machines using two different pieces of software. Am I nuts for doing that?*
A randomly flipped bit would be extremely unlikely to yield a valid
address, however, I still think it you are wise to use independent routes
to confirm that your addresses match the keys. I do the same when I
generating my cold storage key pairs. I think malicious address
substitution is an under appreciated attack vector.
Regarding this thread in general, would it make sense for this proposal to
include standards for multi-sig wallet interoperability? A whole spectrum
of attacks would be made less likely - and easy for typical users to guard
against - by using wallets on separate devices AND where the wallet
software was written and provided by different parties.
On Mon, Aug 22, 2016 at 9:50 AM, Moral Agent via bitcoin-dev <
bitcoin-dev at lists.linuxfoundation.org> wrote:
> It would be nice if the detached signer and the normal wallet could both
> verify the correctness of generated addresses before you cause coins to be
> sent there.
>
> e.g. the hardware wallet could give its master public key to Bitcoin Core
> and you can thereafter generate your receiving addresses on Core, with the
> option to have the HW wallet validate them.
>
> One of my biggest fears about using any wallet is the "whoops, cosmic ray
> flipped a bit while producing receiving address; SFYL!" possibility. For
> high value cold storage, I always generate my addresses on two independent
> machines using two different pieces of software. Am I nuts for doing that?
>
> With the above scheme, you are pretty well protected from losing money if
> your HW wallet is defective. You could still lose it if the HW wallet was
> evil of course, but that strikes me as much more likely to be discovered
> quickly.
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20160828/65c0f30a/attachment.html>;
Corey Haddad [ARCHIVE] /
npub1yvâŚu4zp6
2023-06-07 17:52:55
in reply to nevent1qâŚ7d9k
Author Public Key
npub1yvcp7ayqy5xa3qgtz9hj9hdn5c9shp6tuvrxu3tw99qj6dveq2csqu4zp6Seen on
wss://relay.nostr.bandPublished at
2023-06-07 17:52:55Event JSON
{
"id": "7df686eeec189fc1f3c1b8299475e6a8d7edf0d714f879ec3d33242783bfe606",
"pubkey": "23301f7480250dd8810b116f22ddb3a60b0b874be3066e456e29412d359902b1",
"created_at": 1686160375,
"kind": 1,
"tags": [
[
"e",
"6e7f7cb2c3110cb7289a3abd667304a3b4e6f9ba4e2581c492d7b93c214a5ea1",
"",
"root"
],
[
"e",
"9658bad806b64c7631b0b491cda27daa50e9085823e71aee6e2b8d5c4bb44d5c",
"",
"reply"
],
[
"p",
"45fe5a57f42bb740cd879288f26f61d357e7d8ca7c7d97e9dd6278bf2257d1ee"
]
],
"content": "đ
Original date posted:2016-08-28\nđ Original message:*One of my biggest fears about using any wallet is the \"whoops, cosmic ray\nflipped a bit while producing receiving address; SFYL!\" possibility. For\nhigh value cold storage, I always generate my addresses on two independent\nmachines using two different pieces of software. Am I nuts for doing that?*\nA randomly flipped bit would be extremely unlikely to yield a valid\naddress, however, I still think it you are wise to use independent routes\nto confirm that your addresses match the keys. I do the same when I\ngenerating my cold storage key pairs. I think malicious address\nsubstitution is an under appreciated attack vector.\n\nRegarding this thread in general, would it make sense for this proposal to\ninclude standards for multi-sig wallet interoperability? A whole spectrum\nof attacks would be made less likely - and easy for typical users to guard\nagainst - by using wallets on separate devices AND where the wallet\nsoftware was written and provided by different parties.\n\nOn Mon, Aug 22, 2016 at 9:50 AM, Moral Agent via bitcoin-dev \u003c\nbitcoin-dev at lists.linuxfoundation.org\u003e wrote:\n\n\u003e It would be nice if the detached signer and the normal wallet could both\n\u003e verify the correctness of generated addresses before you cause coins to be\n\u003e sent there.\n\u003e\n\u003e e.g. the hardware wallet could give its master public key to Bitcoin Core\n\u003e and you can thereafter generate your receiving addresses on Core, with the\n\u003e option to have the HW wallet validate them.\n\u003e\n\u003e One of my biggest fears about using any wallet is the \"whoops, cosmic ray\n\u003e flipped a bit while producing receiving address; SFYL!\" possibility. For\n\u003e high value cold storage, I always generate my addresses on two independent\n\u003e machines using two different pieces of software. Am I nuts for doing that?\n\u003e\n\u003e With the above scheme, you are pretty well protected from losing money if\n\u003e your HW wallet is defective. You could still lose it if the HW wallet was\n\u003e evil of course, but that strikes me as much more likely to be discovered\n\u003e quickly.\n\u003e\n\u003e _______________________________________________\n\u003e bitcoin-dev mailing list\n\u003e bitcoin-dev at lists.linuxfoundation.org\n\u003e https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev\n\u003e\n\u003e\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20160828/65c0f30a/attachment.html\u003e",
"sig": "49e43e97fb48da4c38ba7e442bbdc365c38237d0751037a45dcf64fd89b77cffbd1d7a278df42b833c8b89ea42af380d1483a79c130ff5085764c9c7360b0ccd"
}