Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Project Development
Re: Would you be willing to flip coin / roll dice 256 times for security of funds?
by
ashfame
on 14/07/2020, 18:48:55 UTC
Quote from: bitmover on Today at 01:19:14 PM
Quote from: ashfame on July 13, 2020, 11:28:24 PM
Hey folks, I am building an open source air-gapped crypto vault, and as an option to not rely on system's entropy to generate random numbers, I am working on offering a "bring your own entropy" option.

This makes the system trustless

I don't agree that this makes the system trustless.

Flipping the coin 256 times is not enough to generate a public address, you still need a computer and a software to do that. This would make you need to trust that software, even if it is open source (cause I am not really going to verify the software myself).

Great point! I have not actually considered the act of someone doubting the generation of addresses themselves. A malicious program can print out pre-programmed xpub keys and addresses from a known list.

So, its not trustless for you because you would need to verify it yourself to build trust but you don't wish to. I understand your perspective. But if you wish to, you can and there is no step in the process that you have to just blindly trust to act in good faith.

Trustless as per me is a system where you don't have to trust the system at any point to act in good faith. Its verifiable at every point from the source code to final product in hand. And that's what I am aiming for, in the project. Scratching my own itch & learning Smiley

Right now, what I see, is one has to trust some software or the other. Its painfully slow to do it all manually that software can't be practically eliminated from the usage. So one must verify the software themselves to act in good faith or rely on others to have done the same for them.

Same reason why its recommended to build from source rather than using pre-build binaries.

Now, once you have laid down your trust in an application to use, the second concern is of the environment in which this application runs. Can you trust the environment (verifying the environment is a huge task & controlling the environment is a tough task)? How about undiscovered or undisclosed vulnerabilities which will enable the malware to take control of the system and steal funds? A better alternative is to run this application on an air-gapped device, but then several Proof of concepts of different attacks for AirGap devices exist and hence emerges the WHY of my project.

Its not just a software app. Its 2 applications where one runs on a Raspberry Pi Zero with a custom linux OS to act as an air-gapped device where its not possible to get any information out because it truly runs as an air-gap device with no networking hardware available. Another application is just the wallet, which doesn't even have access to any sensitive information, just xpub keys, so you don't need to verify this at all. Please see this diagram - https://pbs.twimg.com/media/Ec40sGxUMAA8ycM?format=png&name=large

So, in a way, this lets you build your own hardware wallet with the ability to verify everything, hence a trustless system, perhaps the only one.