BR073 - Security Challenges in Bitcoin Hardware Wallets: A Technical Overview ft. Lloyd Fournier, Craig Raw, Rob Hamilton, odudex & NVK
I’m joined by guests Lloyd Fournier, Craig Raw, Rob Hamilton and odudex to discuss bitcoin wallets and signers.
Housekeeping
Calling for guests to join a ham radio panel. Email producer@coinkite.com if you are interested.
Keep the audience questions coming! Send boosts or email questions to producer@coinkite.com.
Check out the previous episode if you want to understand more about Dark Skippy
Discussion Topics
00:04:40 KRUX/DIY Frost devices
00:17:39 DOS ware/Hardware wallets
00:29:53 PSBT Protocol
00:40:57 UX Security Tradeoffs
00:48:09 Hardware Signers
00:54:52 Battle between Push for better UX & More Security
01:16:35 Key generation protocol
01:53:53 Feature Request to Sparrow wallet
02:04:57 Audience Questions
“Geographically distributed multisig is probably the best self custody model today. But specifically what kinds of places are suitable for storing private key material internationally or even just away from your home territory? Many people do not have high trust family/friends that live in different areas and I am skeptical of the privacy and security bank safety deposit boxes.” - Densest_Sprite0R
“How have best practices evolved as we migrate from ecdsa to Schnorr it terms of interactivity / uptime that then therefore reshapes UX? e.g concurrent sessions, nonce counters, etc” - Vivek
“Are you aware of any known attack methods to add malicious code to an sd card with out any physical access to it? Like with some type of radio frequency attack etc…?” - Kidwarp
“Explain if you could why the anti exfil protocols don’t work air-gapped.” 🙏🏻 - @basisbtc
“Ask your esteemed panel what the solution to all these problems is and why it is miniscript.” - Coinjoined Chris ⚡
“How does the seed leak stuff work - the nonce signature stuff was not explained easy / detailed enough for us noobs? Is it just publishing encoded information somehow? Would it make any kind of difference if you use a passphrase?” - M4v1
I’d love to hear some of your favorite ways that a pwned hardware signer can steal funds that do not involve DarkSkippy (or similar). - Rearden
02:21:42 Closing Remarks and Gratitude
02:25:42 Listener Engagement and Resources
Get in touch with the pod
Nostr & LN ⚡nvk@nvk.org (not an email!)