People were shitting a lot about umbrel. I'm happy that nostr:npub10vlhsqm4qar0g42p8g3plqyktmktd8hnprew45w638xzezgja95qapsp42 is using it as well. This make me more confident that umbrel is indeed a great solution to run a Bitcoin node with.
With enough software changes, a bitcoin hardware wallet could do most of what Signet does. There are some differences:
- Signet is here and now, not just hypothetical
- Public keys are not acceptable passwords at many sites due to annoying and often counterproductive password rules (length, character sets, etc)
- Bitcoin wallets generally don't act as a keyboard. They usually have some other mechanism to get data from the device to the host. Again, maybe with enough firmware changes it could be done
- Signet is only $40 USD, which is pretty cheap IMO
- The code is very small and just does one thing well. If one were to replace their hardware wallet's firmware with password manager firmware so it no longer acts as a hardware wallet, that same focus could be achieved. The flip side of this is that a hardware wallet with firmware to do BTC + password managent could try to be everything to everyone in a single device.
- Physically smaller than a Trezor Model T or Blockstream Jade
The advantage of the bitcoin wallets that have a screen is that the user can verify what thing (e.g. password) is being requested. In bitcoin, a single signed transaction is a BIG DEAL. One password out of a few hundred could also be a big deal, but I keep my super important passwords (e.g. password/key to encrypted backups) on a separate Signet device. So the impact is that the attacker can get through the first factor auth of some site, and then the attacker would immediately be detected because the user didn't receive the password that they wanted.
I'll be the first to admit that FIDO2 is a better solution than a Signet. The problem is that the service provider decides whether you can use FIDO2 or not. In other words, you basically need their permission/blessing.
It's funny you should mention using a nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl because I have contributed to that project and was working on another authentication system that would allow authenticating to a website with it, much in the same way FIDO2/passkeys work. The drawbacks to that approach are:
1. It's cumbersome to scan QR codes back and forth and navigate the menus
2. It suffers from the same adoption problem as FIDO2 where the website needs to change their authentication system and most have not chosen to do so
3. It only works on computers with cameras (fine for phones, but none of my laptops/desktops hsve cameras)
SeedSigner is a great project and very well run. I plan on getting back to that air gapped auth project in the future, but right now I need to wrap up some projects, or at least wrap up the loose ends so I can set 'em down for a bit without losing progress.
Thanks for the explanation/clarification.
As many of you know, I've been hot to trot with crypto since the late 90s when I found out about PGP. I've audited a bunch of cryptosystems and found some amazing bugs that I was able to exploit in practice, not just in theory.
Now I have a new project. Defensive this time.
It's an open source, encrypted hardware password manager called Signet. To explain why I think this is an important tool to add to your arsenal, let me share the story of how I got here.
I'd love to have crytographically secure logins everywhere. That's what FIDO2 (aka webauthn, aka passkeys) are, but there are some major problems with that.
1. Poor adoption
2. When it is adopted, often only as 2FA despite being stronger than passwords
3. Even where it is really the passwordless future that we've been promised, you still need a password in case you lose your device
It could be different. It cold be better. But in practice, this is what we have and will continue to have for the foreseeable future.
Password managers are the next best thing. Passwords can have as much entropy as cryptographic keys (when allowed to be that long and complex). You only have to remember a few passwords, possibly as few as one, depending on your threat model. Some password managers can also store secrets for TOTP generators.
However these have a few shortcomings as well:
1. You can't tell when passwords being accessed
2. It's possible for a non-root attacker on your machine to dump all password databases that have been unlocked since they gained access. This is true for all software password managers I've seen and nobody is claiming to defend against this.
3. Some of them (e.g. Lastpass) don't work when your you're offline.
4. Passwords are stored on a machine that is always online
That's why I am building Signet devices. They require a device password and physical button press to unlock, and then another button press for each password/secret.
So even an attacker who rooted your machine before you unlocked the device can not dump your entire database! You can also easily disconnect the device containing all your secrets when it's not in use. You can tell when an attempt is made to access your data because the light on the device will flash. Finally, it won't be accessed without your knowledge or consent, as you are not going to press the button to help out an attacker.
Overall, it is more secure than pure software password managers, while still remaining easy to use.
If you are thinking, wait hasn't that been done before? Yes. It has. It was called Signet and is the same project. But then the original authors mysterously disappeared. So I revived the Signet project, because I see no need to reinvent the wheel.
I have updated the hardware design, updated the software and now am maintaining all of it. I am also building the hardware.
The beauty of open source hardware & software is that you don't need to trust me to use the device. You can visually inspect the board to confirm the switch physically puts the CPU is put into bootloader mode. The firmware has reproducable builds, so you can verify the binary matches the code. Flash away and put your mind at ease.
If you want to learn more about these devices, check out https://hax0rbana.org/signet to watch a 2 minute intro video and links to places where you can buy them.
Can't a Bitcoin hardware wallet do at least in theory the same thing? Buy a Blockstream jade for 60$ generate a 12 word seed phrase and derive an infinite amount of public keys and use them as passwords on what every website your are visiting (through USB-C connection). You can label each pubKey so that you are not confused over time. If you want to increase the UX obviously some tiny software changes would help, but this shouldn't be a big deal. What is the difference, pros/cons to your approach? If you want it to be a DIY project, completely air gaped you could probably do it with a seedSigner (see on GitHub) and transmit the pubKeys through QR-Codes.
I don't mean to alarm anyone but someone just wrote a sha256 function for bitvm:
https://techmix.github.io/tapleaf-circuits/
I think this means we can validate merkle proofs now...which means we can also do 2WP sidechains now
😱😱😱😱
Things are moving so quickly, it's insane. If true this is a major breakthrough. Bitcoin can't scale they said...
Thanks for your work nostr:npub1yxp7j36cfqws7yj0hkfu2mx25308u4zua6ud22zglxp98ayhh96s8c399s. Since the BitVM paper I'm following as many interviews and posts of you as I can and I'm glad that such a calm, eloquent, focused and bright mind is part of the Bitcoin ecosystem. Thanks for your efforts!
Bonds bought between '10 and '22 are heavily under water at the moment. It doesn't make sense to sell them now at a massive loss.
Maybe this chart is just reflecting the fact that many of the purchased bonds lost up to 60% of their $ value.
Berlin? There is no capital gains tax for BTC in Germany if you HODL for >=365 days.
Ok, so the Ai Machine has finally begun it’s new life.
However, I now have an old Linux machine that I put together, and I’m curious what I should do with it? I already have an Umbrel and a Start9, so no I don’t need another bitcoin or Lightning node.
I also built a pretty big box/enclosure for it, so not sure what the best potential use for this guy could be. 🤔
(Testing our Pop! OS today on the new baby 👇🏻) https://video.nostr.build/a6f4830061586749bae0ca9f08ed62b2a4ec16af9e793cf7b136481205954921.mov
NixOS
But as long as we live in a fiat-dominant world, isn't it advantageous to get a low interest rate credit and let it be inflated away over time?
nostr:npub1jg552aulj07skd6e7y2hu0vl5g8nl5jvfw8jhn6jpjk0vjd0waksvl6n8n Do you guys ship the Codex32 book to Germany? Is there a way? How much would it be? Thanks in advance.
Where did the AI assistants from perplexity lab go?
Metformin is the way (and way cheaper).
nostr:npub12ezcwnc736grnfgxsxy4ea9tj5n60xl5pp59c7d82gfec80qmfrqayafkm I stumbled across your song satoshi saves on SoundCloud and I listened to it the entire Sunday. I would like to get a .mp3 file of the song and also want to pay for that. Is there a way to do so?
PS: I also send you a message a few days ago but maybe you didn't see it.
👀🎊 Let’s celebrate Bitcoin pump with zaps today ⚡️😆
Write your comments and thoughts about “what you think of nostr:npub1sg6plzptd64u62a878hep2kev88swjh3tw00gjsfl8f237lmu63q0uf63m and his contribution to #bitcoin and nostr?”
Will zap every valid comment ⚡️🧡
Waiting to hear interesting thoughts 💬
I really hope that he is serious about his engagement in africa. I truly believe that BTC and nostr are amazing opportunity for so many nations there. Many of them need to get away from the CFA (French Shitcoin). Nostr is providing a censorship resistant communication protocol to coordinate actions and/or build markets and BTC is the ultimate medium of exchange and store of value to build an alternative economy with.
