Oddbean new post about login | logout Because it breaks the air gap barrier and it's pointless over engineering
Can’t you generate your own provable randomness with 256 dice rolls with the cold card? Seems Matt is way off-base here.
Point is the signature nonce, not the private key itself
Signature is worthless without the private key 🤷♂️
Signature can leak the private key to an attacker via the nonce :)
Interesting. Would require physical possession though?
Nope, just compromised firmware/hardware.
It seems like the trade off is to either trust your wallet software to not generate leaking nonce or to trust your hardware wallet to not leak via nonce. IMO trusting the hardware wallet is the better option as that is the device that you are trusting to not be compromised already
Nope! There’s no tradeoff, what I’m proposing allows you trust that *both* need to be compromised, instead of just the hardware wallet.
Interesting. This is definitely above my technical expertise, but good to see this being discussed. I think we can all agree that any hardware wallet (ledger included 🤢) are better than trusting custodians
Ah okay. So you’re saying hardware wallet would use the nonce unless it thought the nonce was leaking, in which case it wouldn’t sign. The change is just that software _could_ specify the nonce to use as an additional security measure
The “air gap barrier” isn’t broken lol. The computer is sending instructions (in the form of amount/address) and the hardware wallet is responding. I’m just saying add a nonce to those instructions.
If the HW device doesn't simply use the provided nonce as-is (seems undesirable due to sensitivity of nonces), can't the HW device still grind it's portion of the nonce to exfil? It seems like an extra round of communication is unavoidable? (but likely worthwhile!)