matt on Nostr: If you sign on two devices and check that they match, yes, that addresses the issue, ...
If you sign on two devices and check that they match, yes, that addresses the issue, but now you have two devices with your seed and a very annoying UX (that might also fail due to fine signature grinding differences).
Really HWWs need to implement anti-exfil and generate keys with computer randomness - there’s no excuse for the fact that hardware wallets are trusted, they don’t need to be!
Published at
2024-08-06 18:10:06Event JSON
{
"id": "3e3dae5d556f4aadbca4c6b8a4737e38ab969c90a718c542ceea5ac5a346c6ba",
"pubkey": "3d2e51508699f98f0f2bdbe7a45b673c687fe6420f466dc296d90b908d51d594",
"created_at": 1722967806,
"kind": 1,
"tags": [
[
"e",
"4fb39bbf66c7e0231f4896ae3d2797e4148fa4fd5312cd0847ea1a1e3c18d058",
"",
"root"
],
[
"e",
"18a2609fdd1c791d0533b75c6bbb15727a035586c19c5f91a805f0a0e34d84b8",
"",
"reply"
],
[
"p",
"e88a691e98d9987c964521dff60025f60700378a4879180dcbbb4a5027850411"
],
[
"p",
"8685ebef665338dd6931e2ccdf3c19d9f0e5a1067c918f22e7081c2558f8faf8"
]
],
"content": "If you sign on two devices and check that they match, yes, that addresses the issue, but now you have two devices with your seed and a very annoying UX (that might also fail due to fine signature grinding differences).\n\nReally HWWs need to implement anti-exfil and generate keys with computer randomness - there’s no excuse for the fact that hardware wallets are trusted, they don’t need to be!",
"sig": "68c2d0433b3b8f1c889ab37ce82ec4a1f49627cd8dbf8652788d1eab023bbcc2f76cfcb10af22a243ca86c3205e13ecafdcc0792b0f7345dd58695dabc463a13"
}