Is there a way to have onion address peers?
Actually I am not sure if there are neutrino TOR peers..
Today we disclose Dark Skippy - a powerful new method for a malicious signing device to leak secret keys.
With a modified signing function, a device can efficiently and covertly exfiltrate a master secret seed by embedding it within transaction signatures
https://darkskippy.com/demo.mp4
If an attacker manages to corrupt a signing device, Dark Skippy can deliberately use weak & low entropy secret nonces to embed chunks of the seed words into transaction signatures.
It takes just two input signatures to leak a 12 word seedphrase onto the Bitcoin blockchain.
The attacker can watch on-chain until they spot an affected transaction, unblind and invert the low entropy nonces using an algorithm like Pollard's Kangaroo algorithm to learn the master secret seed.
Then the attacker can wait and steal the funds whenever they decide best.
Despite this attack vector not being new, we believe that Dark Skippy is now the best-in-class attack for malicious signing devices.
- The attack is impractical to detect
- Requires no additional communication channels
- Effective on stateless devices
- Exfils master secret
Beyond ensuring your device firmware is genuine and honest (opensource), mitigations include anti-exfil signing protocols and we present some new ideas for additions to PSBT specifications to disrupt this attack.
We encourage mitigation discussion and implementation exploration.
This attack highlights the importance of verifying and securing your device's firmware, and the danger of sharing stateless signing devices with other people.
We will be publicly releasing our code later this year.
Authors: nostr:npub1xh897wvhn93tda0zws94mdyc7eagc8qm0798clp7x48zh6kjwazq29gst6 (follow him so he gets onto nostr), Robin Linus, and myself.
If you have any concerns or questions we recommend checking out the FAQ page on our website:
Why are you using a nostr:nprofile1qqs09jtvjlmyrxjn37zv70a89csegcz7rpyqjmnw29cveedhv7vagqqpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhssu7403 and not other hw wallet in your video demonstration? That sucks..
nostr:nprofile1qqs09jtvjlmyrxjn37zv70a89csegcz7rpyqjmnw29cveedhv7vagqqpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhssu7403 has nothing to do with your point and you did not even make a clarification here.. Very unfair and probably done on purpose..
nostr:nprofile1qqsrf5h4ya83jk8u6t9jgc76h6kalz3plp9vusjpm2ygqgalqhxgp9gpr3mhxue69uhkummnw3ezumt4w35ku7thv9kxcet59e3k7mgpzemhxue69uhkkmr0vd4k2mn8vyh8xmmrd9skcqguwaehxw309ahx7um5wghxy6t5vdhkjmn9wgh8xmmrd9skctylktc I found a new picture for my node in my ZeusLN wallet:
https://www.heritagedaily.com/2024/07/marble-head-depicting-zeus-found-in-ancient-aphrodisias/152772
Using my own local relay thanks to nostr:nprofile1qqs827g8dkd07zjvlhh60csytujgd3l9mz7x807xk3fewge7rwlukxgpzpmhxue69uhkummnw3ezumt0d5hsz9thwden5te0wfjkccte9ejxzmt4wvhxjme0qy88wumn8ghj7mn0wvhxcmmv9uzk8xwq and its great #citrine relay
nostr:nprofile1qqsgqpp64xerkrg4zx6fvxx0cj97r26t0hu45yaz9zdexdkl0sd78dspr9mhxue69uhhyetvv9ujuumwdae8gtnnda3kjctv9ujduk2g super sad that you want/have to KYC all users now. I guess there is almost no reason (for me) to use you vs Kraken for buying/selling from a Swiss bank in CHF.
I would love to support a Swiss company vs a US one but no limit order, higher fee and longer bank transfer time were only acceptable because it was non-KYC, now I don't see the point to make such compromise.
Grüsse!
You still have nostr:nprofile1qqs2gazhwghppw36yu0muuzqykdrcndzeafml50pnqfcy9xjx5rylsspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsn5qnu7 sir.
Forget about bank accounts options (like Pocketbitcoin and Relai) that provide solutions for EU residents as well. They are force to apply through new MICA law and therefore KYC every user.
Such a nice P2P agreggator for Bitcoin.
Thanks nostr:nprofile1qqsytjceuq5qyls0wfj9jzrw4l4d6esapat5scrfeqdgpegkx5u9y2spr4mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmp0zasqzn for this tool.
Consider yourself to support the project!!
nostr isn't an identity backup. nostr *is* the identity. here's how to create a backup of it!
run your own relay. that's it!
you can do this in a multitude of methods. here's just a few simple examples to get you started.
on Android you can run a relay on your phone: https://github.com/greenart7c3/Citrine
on Windows you can run a relay on your computer: https://github.com/CodyTseng/nostr-relay-tray
on Umbrel/Start9/Mynode you can run a relay on your own server: https://apps.umbrel.com/app/nostr-relay
https://github.com/Start9Labs/nostr-rs-relay-startos
if you want a DIY method, you can run a variety of relays too:
https://github.com/cameri/nostream (i use this one.)
https://github.com/hoytech/strfry
good luck!
Are you using Obtanium?
Phone: 0xChat for privacy "whatsapp" concept and Amethyst for "scrolling"
Web: snort via TOR.
Este fin de semana, te propongo un plan PGP en 2 pasos:
1. Entiende qué es PGP y cuál es su utilizad en la video entrevista del L234 a @GwolfWolf
https://www.youtube.com/watch?v=kdFRXU9L_Wo
2. Y después pasa a la práctica con el tutorial de GPG en vivo junto a @DesobedienteTec
3. Comparte tu llave pública y envia mensajes encriptados de forma pública en NOSTR cómo hicimos hace unos dias Luna y un servidor en este post:
PS: El primero que comparta su llave pública se lleva unos sats ;)
#PGPZapathon
Hey nostr:nprofile1qqsd54k9fd0xwjwkttgr3svkg7reftu5una95nhacg95nxq7fmzkdscpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtcdmwcdp why I cannot find the APK out of PlayStore?
The GitHub repository does not seems to contain any APK release..
Encontré uno que parece ser válido: PGPro
Muy interesante y útil, me ha divertido el experimento. Por cierto he utilizado Open Keychain para Android, parece que sigue funcionando, en F-Droid sacaron una nueva version este año.
Sabes si hay algo similar para Iphone?
-----BEGIN PGP MESSAGE-----
wcDMA61g4ClOZLJfAQv8CLpf+4PfAkctA1Ut10w5cKdXJTDdoCfDhgyMLIOCorZN
ClNfcOx/zcw/X9Md3jmlWHS2PBYYC84++l001e9LLU+kppF9GTpl7qJFePtTIApA
5r6PYZv+sls17UQX+StTYE10Wj1M2p4KVOlmOc08GVApQvSdPti1sF042WIlg0Ua
os0Ltobca0zbhAiSjOw0oESrpikTKxR7VlXoNRLZbCaKDxPy0kZkUPgrAcRjaTww
9Bunm0yt5uHvYidZCsr8qFJGGpt/ePLVb/y6+KEli60Il8uN2X2Xxj6n7GfZHx4/
NlgjYw0k5OjKdn8+uaK6mLpjgPd71/9NVd78GPRvU2LRk1BYce4T+7LBURYn2t3I
L9kK8q0XXCJj4B7mxuY+KAsfwW1qcdf59hpCXm3gO+YqGakwdSiJ8fXxzLWY3qHB
oGL9SGg4qpkBoNjf3UDQwslXsG6dBxcZdfX6FIrNfgJp6dQa1swozO7gCmzjTj6E
T4KIdpOdAb//+hnf827nwV4DiukXVqI2hHsSAQdAug2aW26sH2T3JOm8jjD1utR3
IeqSm16kTRpALNUVNQowa1rbuN0wd6DG5h8SzbOrO1NRpQlWXs5MVTXjiNDgDF10
2KMD5wArTPHFQTcJ7MP50sQ4AVyLQSjFkm6lvAUH73lTqCKsidWP+wqs3KsKiwRD
5v9cYiSDhChOHjTPhOfMu6ABq69RzWLE97H8KhnJTZVZzcU9mGwUVDe9Os9KJwVk
Wiho0nlRscSkiKjrbVBRdPWyzbYkH+GA+GfiOZnhll8MQT0mB89F5kJIsKqdVgmE
hWDqMepcxfQP3sh3XnRQ6H5PRzG9ZhB/6GnmfrCJwhG3AOx4wtDfq5x1Qf/tTfMm
kcZavBlin8uIlHs9bw0wCee4SBeU0CRaPB3R5/P/XdLYS1m/8fWilj2nNJN7sRPp
DRV5gVrkEuA9XnQV0eCpwADJw8d7I5ey3BNWurZbxWGO6gXakf7cicF4Q6BxGrns
jSWmD8mYBhHRw4AVB9E8QN8dzWFoFbyHniSGb14NaM6P37++dVLFfdq6PGJfQAyu
gd4vQtUckYHJNBpzP0tViBaIirCIFS1nDIRvd9GMqQ7aFOxoZ1HRZ46vAQY0RqUQ
52s+mNuIAmxMgIggLM+qmM0xvmehMSPXPbJIah7taiXSpHjLZ5XkixBtJwgvc6a0
i8FDq+N7GCDgMj7lGI5BJZmjmwfy2CcfWftex4OeSr0cRPAz7oHvo4zeP3lcjW24
guE5UsVvD+qFPZoic+iAxtAZl7f8u6Im0pgTLQ025t04L2fsDEdVuVSu3w+h0HBk
EulTVtQsxZmw+wGEx3Pj0h2aOO1swBILn/+Jt4c1HhxKWg4X16Y9wa3n8q33pUyq
CgMNVil8cooaYEx4QdDGDaKDaJ34+gMpGsTYdQv3ugSocb7ELm17ayEi47Yx5OIM
AYQ0XW8mcTzL3heIrJLmeyZlYP0ASVWnDJzyVplT/ODWB8ewtvH+s8z9ZFe/Hh9B
Mj2bu8ok2yO19QMEAwwDSIZqLW1L7O9mPbYQRBS2nKOO48f3L0sSj/+5m79saMhd
vM8n62VJUt1fiXbuk6m/gWnFlCIaJpaLlrh8LZ8q3RuM4glsPR+yOvjq2Xco4b2I
DrqyemyBCl6qs9D8aXcYRHKLEcIZv/xWqJTgvGlwW0+8rHzRW2qVxlxRJlQHA+Pr
muAqePRxi6QqaNKshWbJcwbu4zD7ujwFPQCylVwjQjCWIkYCtkS8FI4TzcG0Xf7M
UsGjuRXlYoqNDyEFObUfliPIFuYFMUVUad9T9InaoyOIed/oflRpC21acQNrdgWR
fsnJzEUYNlJR2jAa+r48TTBDXYN6p3fIAPJk/hnfGRRLdT2jdrREb4w+/6/RqqX6
X4c9oiZwgLSXa0/s5I3EcHrd4Knc1keKXRmh2vMT3Y6hNyjAJd6ScyQvcLt/V41o
5bZ/5/8U84uNJKDcXKGEwK32pOMjyvrTBz98hATI9PjcP9wkAiegAhYAiX0YTPXH
zVkwbT0Igkp9sgZwFZEtuoDCbuBk1F6Ge0O+Ph+Xpk1hszrXK6GI3pAi4JVYE34K
lZ/y6sEmJMdYD8BJ4p30mllFGui0AYb2cmuwEsHq7qz861ypIAH/qHfGzENWOUrH
P8izlA5mxNk8LJYUcTcqnTRARJiul5lRPEwlVMMpNSJthIIs8zrRjXWZT+wfOmpk
evv1h0p7fa6ppqpqvZq1dYuj23K02xAdjks3T2M2C9mIgx56RRAWfC69MGEIzFQB
XDFdjPNmBtVkEFAIItep8L0J2yBcGeoSAGzS/XLhHiLDlkKporjtZuze
=o7uS
-----END PGP MESSAGE-----
This is like: I want to be a cowboy but my donkey does not like me to ride him.