129 sats \ 22 replies \ @elvismercury 3 Apr \ on: NVK v SeedSigner - Valid Concerns or Arrogants Attacks bitcoin
Evil maid finds your QR code stuffed in a book, you are sunk. Evil maid finds your Coldcard, you're fine, unless she also knows your pin, which will brick the device after some smallish number of tries.
There may be ways to do something akin to having a QR code that is the base address, and the 'real' address requires an additional pass phrase that's not stored with the QR code. Someone can advise on that I'm sure.
Evil maid finds your Coldcard, you're fine, unless she also knows your pin
Or unless she is extremely sophisticated attacker with expensive and bleeding edge forensic equipment.
All hardware wallets are in the end security-by-obscurity solutions. I'll admit that level of obscuration is very high, but it's still security-by-obscurity.
Seed Signer is signer-only device. Decoupling signing and key storage is different paradigm. Having different options is good, so shitting on Seed Signer is at best a not responsible thing to do.
reply
All hardware wallets are in the end security-by-obscurity solutions. I'll admit that level of obscuration is very high, but it's still security-by-obscurity.
I don't agree with this -- the design of secure enclaves is not about obscurity, it's about designing to make certain threat models really hard to exploit. Obscurity may be in play in other aspects of hw wallet design, but it's not the only element in play.
Seed Signer is signer-only device. Decoupling signing and key storage is different paradigm. Having different options is good, so shitting on Seed Signer is at best a not responsible thing to do.
Agree that it's a different paradigm, and agree that shitting on SS is dumb.
Also believe that shitting on CC is dumb, which is why I keep tilting at these windmills.
reply
I will expand on my reply.
Imagine we have some crazy sci-fi 3d scanners/printers that can clone atom-by-atom an object.
If you could clone a hardware wallet 1000 times you could brute-force all pins easy peasy.
Once we established that futuristic crazy sci-fi technology breaks pin-based HW the question is how far away we are from that future costwise/technologywise. And it's something we also need to consider if we want to put HW in a cold-storage for 50 years.
reply
Imagine we have some crazy sci-fi 3d scanners/printers that can clone atom-by-atom an object.
One question. Have you every set up and operated a 3d printer?
reply
Ok, this is why I said straw man argument. If you have your keys in any form. Words, QR, whatever in a place that is not secure then you are screwed by the evil maid. It has nothing to do with SeedSigner or ColdCard.
One could make the reverse argument. If you find someone's ColdCard you have their key you just need their pin. You find a SeedSigner you have nothing but a signing device. No keys are stored unless you choose to do that.
Everyone should be using passphrases anyway and they should not be stored with your keys or if you device has you keys it shouldn't be with the device. I do not like having any device that stores my keys. But that's a tradeoff. ColdCard's security model has benefits for sure but the maid attack doesn't seem like a SeedSigner issue to me.
Am I missing something? I have no dog in this hunt. I mostly want to make sure I'm not missing something.
reply
Ok, this is why I said straw man argument. If you have your keys in any form. Words, QR, whatever in a place that is not secure then you are screwed by the evil maid. It has nothing to do with SeedSigner or ColdCard.
I have no dog in the fight either, but I don't think this is a straw man. The basic way to use both devices creates a certain attack surface. With SS, you have a QR code on paper. Now you have the problem of safely storing that piece of paper where if someone gets their eyeballs on it even for a second, your funds are swept. It's not impossible to mitigate, but you have to mitigate it.
For CC, it's different. Possession of the device is not a big deal unless you're an attacker with stagger sophistication, which is a different use case than an Evil Maid.
Am I missing something? I have no dog in this hunt. I mostly want to make sure I'm not missing something.
Maybe you're not missing anything. The above is the main point of contention, as far as I'm concerned -- in either case you have to secure something, and the nature of how you have to secure it is pretty different. People may prefer one or the other tradeoff based on context.
reply
You are not required to have a QR on paper. You do need to enter your seed. Could be in steel as seed words.
reply
Point is there is a secret that you need to load into the SS somehow each time you want to use it. Unless you have taken additional precaution like with a passphrase, that thing is a bearer instrument that must be secured separately from the SS hardware and is subject to physical possession by Evil Maids.
reply
This is why you should use the pass phrase. If I understand the CC you have to have a passcode to unlock it. And the CC stores your seed. So that is different but as long as you do not have your SS pass phrase and seed in the same location it seems like a marginal difference to me. It is different though. You need to trust the CC. All one needs is the passcode then, right?
reply
The "front door" of the CC is gated by a pin, which can be arbitrarily long, I think; and since it can't really be brute-forced (the CC will brick after a smallish number of attempts) it's effective at normal Evil Maid prevention, though perhaps not vs "state-level Evil Maids" as another poster mentioned.
The passphrase is a different thing, which provides an additional level of security / multiplicity of your seed phrase. But for CC, you need to have got through the "outer moat" before passphrases become relevant. Also, passphrases are a general BIP standard, so they can be used anywhere -- I assume SS implements that, too.
You're right, though, these differences become quite small, especially when you get into the weeds and start layering different things on top of each other. I think you could be quite safe w/ either tool, but the manner of your safety would be slightly different.
reply
I don't own a CC so I wasn't sure if it was a pin or just an implementation of BIP-39.
It sounds like to me that the ColdCard maybe makes it harder to do some dumb things. Personally I don't like the idea of the device itself storing the seed (between boots) because then its just the pin someone has to know. This stuff is hard and there are so many different considerations.
I think using the different devices might make one consider their strengths with different weights of importance. It is a very valid consideration to have to have the seed phrase and device together in order to spend funds. But, if someone has your seed phrase its game over. They don't need the SS at all. The device isn't the issue unless it is running.
Based on what I've read and what others have said CC manages the risk of someone stealing the device well though so that may be a better security model. I'm still thinking about it. I've used ledger devices (don't trust their software now) and they seem to use a similar model. The seed is stored in the device. I don't like having to trust the device's security. Its very nuanced.
reply
For sure. That's why any discussion about this topic is either a) super nuanced, b) idiotic, or c) in bad faith. I'm glad this one is in category a :)
I kinda want to buy a CC to play with
reply
The only credible criticism I have seen of the seedsigner model is that it requires you to access unencrypted private key material for each spend. Fair point. You can encrypt the private key using a BIP39 passphrase. I don't like this solution because, as Lopp points out, this changes your setup from a single point of failure to two points of failure. If you lose the seed phrase (or QR code) you lose your money. If you lose the passphrase you lose your money. Far more people get rekt this way than get rekt by having their seed phrase or hardware wallet physically compromised.
It's just not that much work to go from a seed phrase + pass phrase to a multisig with 3 seed phrases. You need to find a third physically secure location and stamp out another steel plate AND THAT'S IT. Spending does not require an additional trip to a secure location and you now have redundancy against failure which protects you against your greatest enemy: yourself.
I recommend seed signer to every pleb who is willing to get their hands dirty. I believe it is one of the best security models. It definitely has the best user interface (mad props to Keith Mukai) and by learning to use it you also learn a ton about bitcoin and self custody.
Hard agree on all your criticisms of NVK. Also, you forgot to mention how Cold Card used to be open source right up until someone forked his code and started a competing company. Now it's just 'source available'. I get the distinct feeling NVK is an enemy of open source. His motivation appears to be selfish; oriented toward his own profit instead of promoting freedom technology.
reply
Also, you forgot to mention how Cold Card used to be open source right up until someone forked his code and started a competing company. Now it's just 'source available'. I get the distinct feeling NVK is an enemy of open source. His motivation appears to be selfish; oriented toward his own profit instead of promoting freedom technology.
The idea that the only valid form of software is free software -- which is what you're describing, which is a different license / conceptual entity than open source, which is why the term "open source" even exists -- is a pretty radical view, which reasonable people can disagree on.
Or at least, I disagree, and I think I'm reasonable.
reply
Its an opinion I agree with you @elvismercury. I value open source software and use it if at all possible but my views on freedom mean I believe others should be able to close source or do whatever they want with their work. Also I don't believe IP exists so for some I'm all over the place I guess. It makes sense to me though.
reply
reply
Not sure why you tie this idea to my post. I never said that and I don't believe it because it's ridiculous.
Mainly from this:
Also, you forgot to mention how Cold Card used to be open source right up until someone forked his code and started a competing company. Now it's just 'source available'. I get the distinct feeling NVK is an enemy of open source. His motivation appears to be selfish; oriented toward his own profit instead of promoting freedom technology.
Labeling a guy who doesn't want his labor to be used by a competitor to launch a competing product as "an enemy of open source" is a hell of a leap.
reply
NVK was all for open source when it brought a benefit to his business. Now he's against it because it brings competition. In addition, he constantly attacks his open source competitors. This is incompatible with the open source ethos. It's not a leap at all. Don't put words in my mouth pls.
reply
I'm not sure what words you think I put into your mouth -- I quoted your actual words, and then you just did what I described you as doing. Regardless, you can think whoever you want is an "enemy of open source", I don't care. Go nuts.
But "open source" as a construct is a term that describes a host of licenses, and NVK is both within his rights, and within the normative behavior of the "open source community", to adopt a particular one of those licenses for his business. You don't need to like it, but those are factual statements.
reply
Thanks for sharing this criticism. Its valid.
I am well aware of the criticisms you mention. I wanted to stick to the arguments he makes or should be making vs criticizing business decisions. You make valid points. I've heard his side of it. I would probably go a different direction if I were him, but I'm not.
SeedSigner has a very different target audience. I wish it was promoted more but it doesn't have a for profit company behind it. I honestly think this is a strength especially from state attack. Projects like SeedSigner are a big reason I'm bullish on bitcoin. Not that I believe we have to have signing devices but because they are very censorship resistant.
reply
it's true, just two different bricks, it's open source fud, @nvk stay humble, public apology please, you can do it!
reply