Oddbean new post about login | logout Nope! There’s no tradeoff, what I’m proposing allows you trust that *both* need to be compromised, instead of just the hardware wallet.
Interesting. This is definitely above my technical expertise, but good to see this being discussed. I think we can all agree that any hardware wallet (ledger included 🤢) are better than trusting custodians
Ah okay. So you’re saying hardware wallet would use the nonce unless it thought the nonce was leaking, in which case it wouldn’t sign. The change is just that software _could_ specify the nonce to use as an additional security measure