Discussion
Why so fancy? Price to lower later?
Donβt like itβs ugly π€·π½ββοΈ
Hi, is it possible to use bitkey wallet with bitkey hardware without bitkey server? Thanks
More expensive than a Bitaxe π€ Did you play with yours yet?
I did. Itβs great.
Awesome, we're always hanging around the OSMU discord if you wanna drop by sometime. https://discord.com/invite/5zwCPEM9
I want one but I also don't. My nocoiner gf finds this concept palletable for custody so hopefully ure thing here hits that mark.
Been using nostr:npub1cashappn03s3cl2ljsdntv0v28e2um5lgx4vjctqjt23pcwzjhsqmtdg5l for a long time so this is super exciting!
"Simplicity is the key to excellence" - Dieter Rams
Whatβs this?
The article postulates that a screen only protects against an address being swapped between the companion app and the hardware wallet. I don't see a discussion of the companion app being compromised, which is one of the scenarios a hardware wallet is supposed to protect against. After all, if the companion app cannot be compromised, why use a hardware wallet in the first place?
At WalletScrutiny.com, we tag products without a screen as "No interface to authorize transactions". The following attack is possible with all such devices. While the presence of an input device like a button or a fingerprint sensor can help to raise suspicions, NFC cards without a button can be attacked almost completely undetectable.
Let's say the release manager of the companion app gets under duress and forced to steal all the funds of all the users. He could change the companion app such that the first signing of a transaction is not shown on the companion app screen so the unsuspecting user presses that sign button again - we all know how NFC doesn't always work on the first try.
The first transaction is "pay that coffee". The second transaction is "send all the rest from all accounts to this address, please. And don't worry about any spending limits.".
The first transaction gets broadcast. The second transaction gets phoned home to the attacker but else disregarded on the app.
Now the attacker can collect valid transactions that wipe balances until somebody realizes what's going on. The attacker would simply wait for funds "under management" reaching some maximum at which point he sends all these transactions to the blockchain.
Send it ππ«
ππΌ
So how this works?
Ugly π€¦π½ββοΈ
Interesting and admirable. Anything you can do to make self-custody easier and more secure is a win for #Bitcoin adoption..πππ§‘π
Side note: I really like Shamir and Super Shamir in the Trazor model T. I think it should be added to #Bitcoin.
I would also like to see it included in the #sparrow wallet.