Nostr Web Client

They bothered to implement anti-exfil (provably random nonces). This means that a malicious firmware or even malicious hardware wallet can’t steal your coin! For every other hardware wallet, you’re blindly trusting Amazon/UPS/five factories in China/the webserver you got the firmware from/etc/etc. The idea that none of these parties have anyone working there who might want to go steal people’s coin is absurd, frankly.

crimsonleaf363 1y ago 💬 1

I think this is also a good time to bring this up. It's possible for Nunchuk and Coinkite to have malicious actors in their supply chain. They could collaborate and compromise someone's Tapsigner.

Reply to this note

Please Login to reply.

Discussion

Jeff Swann 1y ago 💬 2

cc nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 👀?

crimsonleaf363 1y ago

Anyone in the supply chain with access to the Tapsigner can take a photo of the back of it. Someone with access to Nunchuk's server can get a copy of the encrypted backup.

crimsonleaf363 1y ago

nostr:npub1cvqlzvmjercdn0ypsmv8f7j9lge6ahsnueh5rparh53wuswftv4q49yjt3 nostr:npub1qp302p7ry80x8xpcafm4d4szpxvzy8r70lyveg39gk0xgycwu35s06yn58 Can you comment?

DETERMINISTIC OPTIMISM 🌞 1y ago

https://primal.net/e/note1ftmvf7qlfnpvfjv5cd80980qds4xzvemqyd2kcldcf5tfnlmsxnsy6k6qd