Search content
Sort by
Showing 20 of 26 results by jeanluca
Re: Security of a Multi-Signature Wallet in a hypothetical hacker scenario
thanks a lot for explaining this.
So if I make a transaction, and this transaction is still in the mempool, the hacker can change it and steal it, is that what you mean?
Why does he have to know the address in that case, can't he just brute force and test all the transactions in the mempool, or is that impossible?
So if I make a transaction, and this transaction is still in the mempool, the hacker can change it and steal it, is that what you mean?
Why does he have to know the address in that case, can't he just brute force and test all the transactions in the mempool, or is that impossible?
Security of a Multi-Signature Wallet in a hypothetical hacker scenario
⭐ Merited by ABCbits (1)
Suppose you have a MultiSig wallet with 4 seeds. 2 Seeds are required for signing.
Now, consider the following scenarios where a hacker manages to obtain 3 of the 4 seeds:
a) Can the hacker steal all the coins in the wallet without access to the 4th seed and without any knowledge of which addresses belong to the wallet?
b) If the hacker knows some of the addresses associated with the wallet that hold Bitcoin, would they be able to steal coins from those specific addresses?
My expectation is that the hacker might still be able to steal coins, even without the 4th seed, because having 2 seeds is sufficient to sign transactions. They could, in theory, brute force or search the blockchain to identify wallet-related addresses and initiate transactions.
Am I missing any critical considerations here about the security of multi-signature wallets in this case?
Now, consider the following scenarios where a hacker manages to obtain 3 of the 4 seeds:
a) Can the hacker steal all the coins in the wallet without access to the 4th seed and without any knowledge of which addresses belong to the wallet?
b) If the hacker knows some of the addresses associated with the wallet that hold Bitcoin, would they be able to steal coins from those specific addresses?
My expectation is that the hacker might still be able to steal coins, even without the 4th seed, because having 2 seeds is sufficient to sign transactions. They could, in theory, brute force or search the blockchain to identify wallet-related addresses and initiate transactions.
Am I missing any critical considerations here about the security of multi-signature wallets in this case?
how to sign multisig transaction with sparrow wallet using a Trezor
So what I did was, setup a 2 out of 3 multi sig using jade hardware wallets (QR codes). This works great, sending, receiving, no issues.
Now I loaded one of the seeds into a Trezor Safe 3. I thought I could replace one of my jades with this Trezor. However, on the sparrow signing tab (see image)
https://orange.surf/content/images/2022/10/multisig-demo-spend-4.png
it is unclear how I should sign with a Trezor. It is connected to my laptop, but signing only seems to work with QR codes.
Any suggestions how I can sign with my Trezor ?
Now I loaded one of the seeds into a Trezor Safe 3. I thought I could replace one of my jades with this Trezor. However, on the sparrow signing tab (see image)
https://orange.surf/content/images/2022/10/multisig-demo-spend-4.png
it is unclear how I should sign with a Trezor. It is connected to my laptop, but signing only seems to work with QR codes.
Any suggestions how I can sign with my Trezor ?
Correct me if I'm wrong, but the only way to view the xpub of my Jade is with a QR. Is there a way to view the xpub somewhere and not in a software wallet? The thing is, that when I scan my xpub in, for example, Sparrow wallet, it will show me a fingerprint an xpub. But how do I know that what I see is correct? I have no way to verify this outside my software wallet
Also, when you register a multi sig wallet in your Jade, you'll also see xpubs and fingerprints per seed. But how do I know if they're correct?
Also, when you register a multi sig wallet in your Jade, you'll also see xpubs and fingerprints per seed. But how do I know if they're correct?
AFAIK, contrary to Passport 2 Jade doesn't reveal xpub's fingerprint on its display Passport 2 does! thus the one way to see it is to use 3rd party software like Sparrow.
You may also see for yourself the correctness of Sparrow (in respect of displaying that fingeprint) via stand-alone iancoleman BIP 39 generator.
1) Launch it on the cold air gapped machine.
2) Input your Jade Seed into "BIP39 Mnemonic" field.
3) Select the correct derivation path
4) Look at "BIP32 Extended Public Key" and copy somewhere the record of this field.
5) Find SHA256 digest of this record and after this the RIPEMD160 digest of that SHA256 hash. May do it even online as SEED can not be determined from xpub.
6) Take first four bites of RIPEMD160[SHA256]. According to BIP32 the result you get will represent the fingeprint of relevant xpub.
How important is the finger print? I tried to compute the fingerprint, but mine was not the same as the one sparrow shows. Probably due to the fact that it show the Master Fingerprint.
Correct me if I'm wrong, but the only way to view the xpub of my Jade is with a QR. Is there a way to view the xpub somewhere and not in a software wallet? The thing is, that when I scan my xpub in, for example, Sparrow wallet, it will show me a fingerprint an xpub. But how do I know that what I see is correct? I have no way to verify this outside my software wallet
Also, when you register a multi sig wallet in your Jade, you'll also see xpubs and fingerprints per seed. But how do I know if they're correct?
Also, when you register a multi sig wallet in your Jade, you'll also see xpubs and fingerprints per seed. But how do I know if they're correct?
Re: How to do (MultiSig) wallet export with Specter using a Jade
The thing is, on a Jade you can Register a multi-sig wallet. I think the sole purpose for this is that you can then verify receiving addresses. So, the way to register a wallet on a Jade, in Sparrow wallet, is to go to settings, then export. Under export there is somewhere a button specific for Jade. If you click on the button you get a QR code. This QR code holds all the information of the multisig wallet. Now, when you scan a receiving address QR code, Jade will use its seed and this Registered wallet to verify it.
So, in sparrow wallet their are many export options. In Specter there are just one QR export, which is not recognised by my Jade. I would expect that there would be just one standardised way of exporting a wallet
So, in sparrow wallet their are many export options. In Specter there are just one QR export, which is not recognised by my Jade. I would expect that there would be just one standardised way of exporting a wallet
How to do (MultiSig) wallet export with Specter using a Jade
I want to export my MultiSig wallet from within Specter and scan the QR code with my Jade so I can register the wallet in there.
But whatever I do, I get an error in my Jade (Unhandled QR payload). What I did was inside Specter, select the wallet, goto settings, goto export and click the export button and Animate the QR
For example, with the Sparrow wallet it works like a charm. But I have to add that Sparrow wallet has a button specific for "Jade export"
This also raises another question, Why does the jade has its own export button, is it not using the standards? But I see a lot of different export buttons in the Sparrow wallet. Why are there so many export, is there no standard?
So, my main question is, is it possible to do what I want or does the Specter Destop wallet not support a Jade export?
But whatever I do, I get an error in my Jade (Unhandled QR payload). What I did was inside Specter, select the wallet, goto settings, goto export and click the export button and Animate the QR
For example, with the Sparrow wallet it works like a charm. But I have to add that Sparrow wallet has a button specific for "Jade export"
This also raises another question, Why does the jade has its own export button, is it not using the standards? But I see a lot of different export buttons in the Sparrow wallet. Why are there so many export, is there no standard?
So, my main question is, is it possible to do what I want or does the Specter Destop wallet not support a Jade export?
Hi, I've setup a multi sig wallet (2 out of 3) and everything looks fine. In my test setup I have just one Jade and 3 seeds (QR codes), I can easily swap, but lets assume I have 3 jades for now! On my desktop I have Spectre.
Now I would like to verify the receiving address, but when I scan the address and verify it with one of my jades I get
Register wallet record before attempting to verify address.
My understanding here is that I need to scan the multi sig config. In Spectre I can go to the wallet -> Settings -> Export -> Go to export details
Now I see a QR code which can be animated (it contains 3 qr codes when animating). When I try to scan this I get:
Unhandled QR payload.
So my question is, how can I register a wallet given the above case?
Now I would like to verify the receiving address, but when I scan the address and verify it with one of my jades I get
Register wallet record before attempting to verify address.
My understanding here is that I need to scan the multi sig config. In Spectre I can go to the wallet -> Settings -> Export -> Go to export details
Now I see a QR code which can be animated (it contains 3 qr codes when animating). When I try to scan this I get:
Unhandled QR payload.
So my question is, how can I register a wallet given the above case?
Re: How can I validate the generated bitcoin address with my hardware wallet
Yes, I understand how that flow works. But still, if I setup a single sig wallet, what would stop the software from creating behind the scene a multi-sig wallet with a 1 out of 2. Meaning I can still sign transactions with my jade as if nothing has happened, but the hacker can do the same with his seed. The question is, will the jade verify these addresses?
Re: How can I validate the generated bitcoin address with my hardware wallet
Thanks for all the feedback, that really helped! I have a last question:
Suppose I want to setup a wallet with 1 seed with Sparrow wallet. Now all can just work find. But what has happens now behind the scene in my hacked Sparrow wallet, is that it created a multi sig wallet, a 1-out-of-2 wallet. So I can use my seed just fine, but the hacker now also has access. Now I can validate the receiving address with my jade and it will tell me that it is valid but. Is there a way I can protect myself against this? Can I detect this? I can also imagine that something like this is possible if I create a multisig wallet.
Again, I can check receiving addresses using another software wallet. But is there a way to detect something is wrong without the extra software wallet?
Suppose I want to setup a wallet with 1 seed with Sparrow wallet. Now all can just work find. But what has happens now behind the scene in my hacked Sparrow wallet, is that it created a multi sig wallet, a 1-out-of-2 wallet. So I can use my seed just fine, but the hacker now also has access. Now I can validate the receiving address with my jade and it will tell me that it is valid but. Is there a way I can protect myself against this? Can I detect this? I can also imagine that something like this is possible if I create a multisig wallet.
Again, I can check receiving addresses using another software wallet. But is there a way to detect something is wrong without the extra software wallet?
Re: How can I validate the generated bitcoin address with my hardware wallet
If something is open source doesn't mean that people look at the code all the time, but I agree that it might help.
But even though Sparrow wallet shows address doesn't mean they are from my seed. I'm not sure if Jade also shows the from address, maybe it only shows the to address and the amount.
I think that it would make sense to be able to validate a bitcoin address with a hardware wallet
The only solution right now for me would be to use two different software wallets and compare the receiving addresses.
But even though Sparrow wallet shows address doesn't mean they are from my seed. I'm not sure if Jade also shows the from address, maybe it only shows the to address and the amount.
I think that it would make sense to be able to validate a bitcoin address with a hardware wallet
The only solution right now for me would be to use two different software wallets and compare the receiving addresses.
How can I validate the generated bitcoin address with my hardware wallet
I want to use Sparrow wallet (desktop) and Bitcoin Keeper (mobile). Now I don't want to trust them as anything can happen with these projects, so I use it in combination with hardware wallets (jade). This works like a charm.
If I want to receive bitcoin I click on the receive button and the software generates an address. My question is, how can I validate that this address belongs to my seed? Right now, in this whole receive part, the hardware wallet is not involved. I have not heard so far anyone about this, so maybe I miss something.
If I want to receive bitcoin I click on the receive button and the software generates an address. My question is, how can I validate that this address belongs to my seed? Right now, in this whole receive part, the hardware wallet is not involved. I have not heard so far anyone about this, so maybe I miss something.
For airgapped signing devices like SeedSigner, Sparrow is the best I've come across. Not totally sure, but Specter is also used for airgapped multi-sig purposes. For mobile, I think BlueWallet can be used for airgapped signing, but I wouldn't recommend using a mobile device for that use, as they're designed to connect to as many networks as possible (which is the opposite of airgapped).
I don't think there's multi-sig taproot support in any of these wallet software yet.
I don't think there's multi-sig taproot support in any of these wallet software yet.
Correct me if I'm wrong, but if I use airgapped hardware wallets to sign, it doesn't really matter what app I use. When I sign (on the hardware wallet) that device will tell me how much bitcoin I'm about to send and to which address. So there is no way it can steel my bitcoins, right?
I will check to the wallets you mention, thanks for the suggestions!
I want to test some Bitcoin wallets for multi-sig (2 out of 3) support with Air gapped hardware wallets. So I'm not looking for wallets which require a seed phrase!
The first wallet I tested was Sparrow wallet. Works just great, no comments (well, except that it was not able to use the camera on my Raspberry Pi 5
Anyay, now I'm looking for other wallets like Sparrow, but I haven't find any so far. For example, I just tried Electrum (deskopt and mobile) but that one just requires a seed phrase.
So my question is, what are good equivalents of Sparrow wallets? I would also love to have one for mobile, that would be great I think. Is there a wallet that has multi-sig on Taproot?
The first wallet I tested was Sparrow wallet. Works just great, no comments (well, except that it was not able to use the camera on my Raspberry Pi 5
Anyay, now I'm looking for other wallets like Sparrow, but I haven't find any so far. For example, I just tried Electrum (deskopt and mobile) but that one just requires a seed phrase.
So my question is, what are good equivalents of Sparrow wallets? I would also love to have one for mobile, that would be great I think. Is there a wallet that has multi-sig on Taproot?
Good morning BTCers
I would like to experiment with making payments on the lightning network (maybe later bitcoin network too) using code. I'm a NodeJs/Python developer and would like to get started.
The way I see it (as a Noob!) I would run my own Lightning Node and interact with that. Anyway, as all of this is a new topic for me. For example, I found already https://pypi.org/project/pylightning/
but I would like to have a bit more context of what I'm doing. I'm looking for articles that can help met get started programming (in nodejs or python) and Lightning. Any suggestions?
The goal of all this is that I will be able to create an interface that shows me my balance and I can send payment to one or more people in one go.
Thnx
I would like to experiment with making payments on the lightning network (maybe later bitcoin network too) using code. I'm a NodeJs/Python developer and would like to get started.
The way I see it (as a Noob!) I would run my own Lightning Node and interact with that. Anyway, as all of this is a new topic for me. For example, I found already https://pypi.org/project/pylightning/
but I would like to have a bit more context of what I'm doing. I'm looking for articles that can help met get started programming (in nodejs or python) and Lightning. Any suggestions?
The goal of all this is that I will be able to create an interface that shows me my balance and I can send payment to one or more people in one go.
Thnx