Trying to learn more about it. Article is a few years old.
Discussion
1. hardware wallet FREQUENT PUBLIC Use (not cold storage)
2. own CUSTOM done airgap or physical seed is best
3. Any hardware can fail/break after multiple use/accident
then comes using ready made product which can honeypot also
The signer creates the transaction. As part of that it creates a nonce, which is supposed to be random. What if instead of a random number it stored part of your seed encrypted under a secret only known by the signer? It would appear random, how could you tell? You can't. Then each time you put out a transaction, the nonce would leak part of your seed. After 6 of these your whole seed could be exposed on the blockchain to anybody who knows the key the signer encrypted it under.
BTW using an offline device like SeedSigner doesn't protect against this attack.
Psbts don't solve this?
I don't know enough to answer that question. I don't actually know the details of what PSBTs can specify or how they are signed. I was just going off of the what the link said.
Looking deeper into the article, it seems like promo for BitBox. And it's weird because they try to boost their device and software saying they're more secure because of their Anti-Klepto feature. But really it's even better to use hardware that doesn't use companion software and never even touches the software directly. For example, a Coldcard used with Sparrow
Definitely true itβs a promo for Bitbox. But the attack vector still looks real. Looks like those defenses do nothing against a malicious RNG.
Right. Bitbox and Jade apparently account for it. Not sure if ColdCard does.