I have a question (to devs or anyone else):
I read trezor uses
RFC6979 deterministic ecdsa signatures to prevent leaking of seed or any other private data through the "random" number used in non-deterministic signatures. I read that
hereIs there an easy way to check wether this is true by looking at a transaction signed by trezor?
I am not sure if BitcoinJ uses deterministic signatures by default and if they use the same pseudorandom function as described in RFC6979, but if both are true you can try importing TREZOR's seed into Wallet32 and see if they produce the same signatures for the same combination of privkey/message.
Thanks, stick, for that description / suggestion. I will try this once I get my plastic trezors (I have my metal one in "productive" use now and don't want to fiddle with it).
You can easily see that the signatures produced by TREZOR are deterministic, because they produce same result for same combination of private key/message (that's what we use in unit testing afterall ...)
Seeing they are deterministic isn't an indication against you potentially leeking seeds through the k value, is it? Even if you leaked seeds like that, signatures could still be deterministic.
Btw: thanks again for an awesome product, I can't wait to give some plastics away to friends, who I can then finally offer a good method to store their BTC.