If you sign on two devices and check that they match, yes, that addresses the issue, but now you have two devices with your seed and a very annoying UX (that might also fail due to fine signature grinding differences).
Really HWWs need to implement anti-exfil and generate keys with computer randomness - there’s no excuse for the fact that hardware wallets are trusted, they don’t need to be!
matt / Matt Corallo
npub185…swrdp
2024-08-06 18:10:06
in reply to nevent1q…vc6f
Author Public Key
npub185h9z5yxn8uc7retm0n6gkm88358lejzparxms5kmy9epr236k2qcswrdpPublished at
2024-08-06 18:10:06Event JSON
{
"id": "3e3dae5d556f4aadbca4c6b8a4737e38ab969c90a718c542ceea5ac5a346c6ba",
"pubkey": "3d2e51508699f98f0f2bdbe7a45b673c687fe6420f466dc296d90b908d51d594",
"created_at": 1722967806,
"kind": 1,
"tags": [
[
"e",
"4fb39bbf66c7e0231f4896ae3d2797e4148fa4fd5312cd0847ea1a1e3c18d058",
"",
"root"
],
[
"e",
"18a2609fdd1c791d0533b75c6bbb15727a035586c19c5f91a805f0a0e34d84b8",
"",
"reply"
],
[
"p",
"e88a691e98d9987c964521dff60025f60700378a4879180dcbbb4a5027850411"
],
[
"p",
"8685ebef665338dd6931e2ccdf3c19d9f0e5a1067c918f22e7081c2558f8faf8"
]
],
"content": "If you sign on two devices and check that they match, yes, that addresses the issue, but now you have two devices with your seed and a very annoying UX (that might also fail due to fine signature grinding differences).\n\nReally HWWs need to implement anti-exfil and generate keys with computer randomness - there’s no excuse for the fact that hardware wallets are trusted, they don’t need to be!",
"sig": "68c2d0433b3b8f1c889ab37ce82ec4a1f49627cd8dbf8652788d1eab023bbcc2f76cfcb10af22a243ca86c3205e13ecafdcc0792b0f7345dd58695dabc463a13"
}