undefined | Better HN

0 pointsamenghra3y ago0 comments

From the outset, you can't prove that RFC 6979 was used. I.e. RFC 6979 doesn't provide provable security. If you want a proof that there are no covert channels, you need to implement some kind of interactive protocol between the signer and the verifier -- I'm not aware of any standard/popular way of implementing that.

What you can do is use a dice to generate a key and the sign a bunch of messages with your hardware wallet and a piece of software that you trust. You can then compare the two outputs. This gives you a probabilistic trust level (the more messages you check, the higher the likelihood of there not being a backdoor). (note: I implemented this logic [1] to check that three different RFC 6979 implementations were returning the exact same bytes).

[1] https://github.com/alokmenghrajani/decv/

0 comments

amenghraOP3y ago

The best defense against potentially malicious hardware wallets is to set up a multisig scheme. If designed properly (with careful planning related to backup/recovery), you end up with better security properties (i.e. defense in depth).

j / k navigate · click thread line to collapse

0 comments

amenghraOP3y ago

j / k navigate · click thread line to collapse