Oddbean new post about | logout
morningglow | 2 months ago (raw) | root | parent | reply | flag +7 
 Be careful with seedsigner. I don’t think that have a secure element, so if someone get hold of your signer and knows what they are doing they can get your private key and bitcoin. I would only use it was party of a multisig setup using something like Sparrow.
AbstractEquilibrium | 2 months ago (raw) | root | parent | reply | flag +3 
 Does it need a secure element if it's not storing the seed persistently?
Matt Warren | 2 months ago (raw) | root | parent | reply | flag +1 
 No.
SovereignOrigin | 2 months ago (raw) | root | parent | reply | flag +3 
 Look into SeedQR and stateless signing.

Verify firmware signatures before running it.
vnprc | 2 months ago (raw) | root | parent | reply | flag +1 
 No. With seedsigner you keep your seed phrase backup secure and you don't need to be worried about your signing device getting stolen. It doesn't store the private key on the hardware. Every time you unplug it any private keys you have input are erased from RAM.

You do need to verify the firmware before you use it. The recent security news involving seedsigner used modified firmware. Store your seedsigner securely. If you suspect someone has tampered with it, erase and reinstall the firmware.

https://github.com/SeedSigner/seedsigner?tab=readme-ov-file#verifying-that-the-downloaded-files-are-authentic-optional-but-highly-recommended
⚡Lightning Art | 2 months ago (raw) | root | parent | reply | flag +2 
 The Seedsigner is stateless. Disconnect the power and all seeds are erased from RAM. After booting it up you can also remove the SD before loading any seeds.
morningglow | 2 months ago (raw) | root | parent | reply | flag +2 
 I think the thing that I picked up on was the new firmware attack. You need to secure your seedsigner to make sure a bad actor doesn’t puts compromised firmware on that could steel your keys.

So don’t share your SS with other people thinks it’s safe cos you wipe your seed ever time I use it.
⚡Lightning Art | 2 months ago (raw) | root | parent | reply | flag 
 I'd remove the SD with firmware if I was to loan it to someone. I don't store the SD anywhere near the device anyway. It is also very simple to verify the software or reflash the SD.
morningglow | 2 months ago (raw) | root | parent | reply | flag +1 
 Good to know. Thanks
⚡Lightning Art | 2 months ago (raw) | root | parent | reply | flag 
 For sure. We have to be aware of dark slippy or evil maids attacks and stay vigilant.
⚡Lightning Art | 2 months ago (raw) | root | parent | reply | flag 
 *dark skippy
morningglow | 2 months ago (raw) | root | parent | reply | flag +1 
 Not heard of a dark skippy attack…
⚡Lightning Art | 2 months ago (raw) | root | parent | reply | flag +1 
 https://youtu.be/DngAcl6E7xU
morningglow | 2 months ago (raw) | root | parent | reply | flag +2 
 I had heard of this on RHR from Odell. Scary stuff. Multi vender multisig is the way to go. Thanks for the video 👍
knicalvario | 2 months ago (raw) | root | parent | reply | flag +4 
 Odell is sponsored by CoinKite, maker of the ColdCards. You’ll see a pattern of CoinKite sponsored podcasts refusing to give the @SeedSigner an honest review. Your replies are similarly opinionated but don’t hold up in a community setting where truth rises to the top. 
I highly recommend not listening to those comments and build your own @SeedSigner. You’ll learn more and most likely have a different opinion of not only the device but also of those sponsored podcasts. Sponsorship is censorship.
CitizenPleb | 2 months ago (raw) | root | parent | reply | flag +1 
 Absolutely. Every podcast that shills a signing device (hardware wallet) is gonna be biased AF and never push back on their sponsor during an interview. It doesn’t matter who they are.