White men are people too
Joined Jun 26, 2018
Profile not set
You wouldn't really use that wallet for payments though, just for storage. You can transfer some funds on your every day wallet.
Then I would consider the computer to be part of the system to replace a HD wallet. And it would have a far bigger attack surface than the HD wallet has. Probably also less convenient.
OK boby. If this is for my benefit you can stop explaining. I have long since written you off as incompetent as well as arrogant and condescending
This is not the security researchers mindset, rather the mindset of the whimsical engineer. If an attack is possible, it can become practical later on. Remember the amount of money involved
The answer so far seems to be "Yes, but I wouldn't do it, therefore nobody else would do it, since everyone thinks exactly the same way and are in the exact same situation as me. QED"
Freshly set up offline computers that you trust do not grow on trees. Using an offline computer for payments...even using cryptosteel is probably easier than all this.
Encrypting wallet files does not really solve the fundamental problem. You have to decrypt at some point with keys. The security of this process is what the hd wallet is for
Just plug it into a freshly set up offline computer, rasperry pi for instance. All the wallet files on the stick can be encrypted too.
Freshly set up offline computers that you trust do not grow on trees. Using an offline computer for payments...even using cryptosteel is probably easier than all this.
you would have to assume that software for all extra meters like temperature meter does not have a bug that can be exploited, you would have to assume the connections you do use like wifi/usb...
That is, temperature meter input is hard to control sufficiently well, so it is a bad example. Camera might be a better example, and even then it would be hard to do.
If a single person uses this setup for pocket money, sure, it is super secure. If a hundre million people use a standardized version of it to hold their life savings, it is a joke.
are all controlled by bugfree software and so on. Even evil maid attack can be a bit tricky on a properly designed hardware wallet (which btw I have not audited, I cannot really vouch for them)
you would have to assume that software for all extra meters like temperature meter does not have a bug that can be exploited, you would have to assume the connections you do use like wifi/usb...
I realize what is ment in the link is direct connection "attack surface", but you would then have to assume the device does what you ask and not try to "phone home" when you ask it not to...
You could use the electron cash portable wallet on a USB stick
Thanks for the suggestion, I shall think about it. My immediate concern is an USB stick is far more than a passive device (it is quite hackable), and it connects to an insecure machine
I am extremely skeptic about taking an insecure device and gluing "security" on top of it, which seems to be the suggestion here.
Further, cellphones are not primarily made for security, the demands for conveniency/entertainment are too big, and the security demands too small. They are however made with backdoors.
An example of why such things are problematic is car hacking, which as I understand it is typically done by hacking the entertainment system first. A cellphone is one big entertainment system
https://tinyurl.com/y77tjvhd claims attack surface on such a device is "extremely small". My understanding is it is huge, enormous. All the electronics not in use on it is potentially dangerous
So what is the (supposed?) next step of Q? Will finally some secret FISA stuff be released? Or some other real action?
Is there a hardware wallet made/coming soon for SV?
I started buying SV with fiat I had set aside right before the hashwar started. I suppose that means my choice of sides is hardening.
If so, what if other nodes are given another "truth" where blocks are added to the legitimate non secret chain so it too reaches 10 blocks, will they not also set a (different) checkpoint?
Will that not lead to a new checkpoint being set and legitimate blocks inconsistent with the 10 blocks (but shorter than 10 blocks) rejected?
So I suppose I made a mess of what I was going to say above. I will reiterate it, as maybe someone has a comment on it. Checkpoint depth 10, attacker gives 10 "secret" blocks to some nodes.
OK, I shall have to just conclude that you were not smart enough to get my points and leave it with that. Fine by me.
Your counters were like "I don't understand what you are saying, can you explain?". Did I dodge that?
