Managed to fuck up both my car and garage door because the garage door only went up 75% of the way before getting stuck, just enough to be out of my rearview mirror's coverage when I was backing out. 😡

Why is it that often when I use a webclient for Nostr I have trouble

making posts or liking? I am using Mullvad but I wouldn't think that

would matter. I'm also using Firefox and Linux. #asknostr

Even making this post the send button wouldn't work. I had to refresh Coracle.

Just read the "Dark Skippy" attack ( darkskippy.com ) from Lloyd Fournier and Robin Linux (h/t Alex Waltz). Nice write up! I've always thought it should be simpler than grinding, though (but the grinding in that attack is very practical). I feel like a variant of what they call 'predetermined nonce attack' on that page could work. If I make a *big* assumption - that the attacker has access to the victim's wallet's xpub - then I think you can extract the master secret from only 1 signature or 2 signatures, without any grinding or pollard rho. With 2 signatures the full master secret of the wallet; with 1, only the xpriv for the (BIP32) account (so compromises only 1 account; but many wallets just use one account anyway!).

Let's see if there's any error in these steps:

1. Attacker uses RNG to generate sequence of 32 byte randoms (b1, b2  ..)

2. First signature that the client requests is generated using b1 as nonce. hence attacker can obviously extract the secret key x1 = (s1 - b1) / e1.

3. We have to assume knowledge of xpub. Given xpub and one private key (x1) from the account branch, then due to unhardened derivation, we can already derive the xpriv for the account (though not for the level above; so this is equivalent to master secret, only for single-account wallets, not for multiple account).

But if we have access to 2 signatures we can exfiltrate anything, including the full master secret:

4. Second signature that the client requests, on (currently unknown) private key x2, is generated using nonce = (b2 + master secret), which is still indistinguishable from random because b2 is. Here we need the xpriv as per above to regenerate (poss. by trial and error, but that's trivial) the correct x2 given the above xpriv derivation. Then attacker extracts master secret = s2 - b2 -ex2.

(Am I wrong somewhere there? Wouldn't be too surprised. But either way, exfiltration via these channels *one way or another* seems like it's very hard to prevent. (I know there *are* anti-exfil measures in existence, so please don't take this as me dismissing them - I haven't even really studied them!).To generate bitcoin signatures on serious amount, use the software that's as easy as possible to vet and has the least layers between your eyes and it .. is my extremely unconventional advice on this topic).

Didn't know about this one until now 🥹

Kinda sounds like a single sig tbh 😂

Help… I need your advice #nostr fam…

I met this girl online… she likes all of my posts and her profile pic is 🔥

She sends me messages every day and I would like to ask her out but the only thing she cares about is how my crypto trading is going… What should I do???

#asknostr

What's the best way to strip metadata in media before posting on nostr using android?

#asknostr

Is there any money to be made in running a cashu mint?

I suppose not because then everyone would do it

#asknostr

Anyone know flight sites that accept btc as payment? I know cheapair is one - are there others? #asknostr

The bunker is in the phone.

nsec.app

Gm what freedom skills have you acquired this 1,008 blocks?

#asknostr

I've been playing with ecash using minibits wallet. I sent myself a lightning transaction but the status is "prepared". I have another stuck in " draft". Doesn't seem like I can modify these transactions. Will they expire at some point and return to my balance? #minibits #ecash #cashu #asknostr

I've been playing with ecash using minibits wallet. I sent myself a lightning transaction but the status is "prepared". I have another stuck in " draft". Doesn't seem like I can modify these transactions. Will they expire at some point and return to my balance? #minibits #ecash #cashu #asknostr

Getting zapped in nuts it's even more fun!

> nvk@npub.cash

What's your nuts zapping address?

nostr:note1ajja9rdmkdr8q8xtpeff8whje2zkyuylku8jnu5736ry0pvd7lfq8s2ptc

Is this legit Michael Saylor? #asknostr #bitcoin

Exiting news! 🔥

Cashu-Address.com has transitioned to a new domain: npub.cash!

Finally, the protocols reference implementation has its own name, and a way cooler domain as well (thanks nostr:npub12rv5lskctqxxs2c8rf2zlzc7xx3qpvzs3w4etgemauy9thegr43sf485vg 💜 )

Why npub.cash? Because it is a nostr-native, Cashu powered, Lightning Address for everyone! 💜 ⚡

What's changing? Nothing much, but the name. Rest assured, your existing cashu-address.com addresses remain fully operational and are now synonymous with npub.cash. Furthermore, any aliases purchased are valid across both domains.

Please leave your thoughts and feedback. Cashu-Address and npub.cash are still in development and your feedback is not only appreciated, but needed 💜

Anyone want to test this out for me?

No, my wallet don't have it I guess. I can't find it on Tangem nor on Safepal. Electrum I heard about it but never looked into it. Blue Wallet I had it installed before for 1 day.

#AskNostr anyone know if there is a Nostr like Instagram, tiktok and YouTube

Would recommend for dates 💯. Makes you smell like freshly baked cookies

#datechain

I don't drink (alcohol, you smart asses). Is there such a thing as a good non-alcoholic beer?

#asknostr

slowing converting from a rust skeptic to rust maxi. the compiler will initially frustrate you but it is really just trying to teach you something important.

The haskell compiler is similar in a way: it forces you to think about the separation of side effects from pure code. Rust forces you to think about the correctness of references to objects in memory.

Initially it is frustrating but in the end it leads to enlightenment.

⁉️🤔 #Seedsigner OR #Coldcard ❓ 🧡💜 #asknostr #bitcoin ⚡️ #nostr #coldwallet #btcwallet 💜🧡 $boost #bitcoinwallet