Anti-exfil techniques spill engineering challenges into the user space. They also add a new dependency on the wallet coordinator to perform security-sensitivity tasks.
Tasks which they are not well suited for.
How can you even verify that the coordinator will be able to provide good entropy? You can’t.
So there’s also this hidden danger of using anti-exfil with singlesig with a coordinator running in unsafe environments, and THINK you’re safe, but you’re not. Turtles all the way down.
Just use multisig and be happy.
hugomofn /
npub1qp…6yn58
2024-08-07 01:57:24
in reply to nevent1q…ldtl
Author Public Key
npub1qp302p7ry80x8xpcafm4d4szpxvzy8r70lyveg39gk0xgycwu35s06yn58Published at
2024-08-07 01:57:24Event JSON
{
"id": "cd509e9d0c997740c877e50fe6858dff9253b8800886b6b4fe0d29af4b126025",
"pubkey": "0062f507c321de639838ea7756d6020998221c7e7fc8cca225459e64130ee469",
"created_at": 1722995844,
"kind": 1,
"tags": [
[
"e",
"b1dad9098dc9db096d4f3dd755eed519b49abf001abb3f52f23463ecb82f8d0d",
"",
"root"
]
],
"content": "Anti-exfil techniques spill engineering challenges into the user space. They also add a new dependency on the wallet coordinator to perform security-sensitivity tasks.\n\nTasks which they are not well suited for.\n\nHow can you even verify that the coordinator will be able to provide good entropy? You can’t.\n\nSo there’s also this hidden danger of using anti-exfil with singlesig with a coordinator running in unsafe environments, and THINK you’re safe, but you’re not. Turtles all the way down.\n\nJust use multisig and be happy.",
"sig": "aaef7f8cb9e23c1f539063d8b6fa5768da5f18d5db52458844792b5944811007c3aa2179897a03c85e824fb6e5d843bf8c8b394cb1df8c2402f711f6f8641ea7"
}