Friday, November 22, 2024

multi signature – Is that this scheme for multisig audit of Trezor + Coldcard okay?

The wallets can have a malicious random quantity generator.

There are a number of methods to be malicious. Usually random quantity mills are thought of malicious when they’re
someway predictable, so if you happen to use them another person can guess your “random quantity”.

However that does not appear to be what your plan protects you from.

What you confirm together with your process is that your {hardware} pockets don’t offer you a unique seed (if you do the preliminary setup or ask to export it) from the one it used to generate the personal keys and associated addresses, that it makes use of if you obtain or ship funds with him.
On this that means, the seed (from which personal and public keys are derived in HD wallets) wouldn’t be yours however belong solely to your {hardware} pockets: you’ll be able to obtain and ship utilizing the system, however if you happen to import the seed elsewhere there are not any related funds, as a result of it is totally different from the one utilized by Trezor.
Nonetheless I’ve by no means heard of such an issue on any {hardware} pockets.

The wallets can generate tackle for keys that aren’t mine

This do not make sense to me, public addresses are derived from personal keys, so the pockets have to have the personal
keys to generate addresses … i am undecided what you imply.

Moreover, you’ll be able to’t confirm that you’re the only proprietor of a seed or a personal key, probably the most you are able to do is make
certain that this doesn’t leak out, but when someway somebody manages to repeat, predict or generate it randomly, you’ll be able to’t
discover till the cash goes away.

So, all issues thought of, I feel you’ll be able to keep away from having to confirm the seeds that your wallets offer you, as a result of this
provides virtually nothing to the safety you have already got utilizing multisig addresses with 2 {hardware} wallets evaluated
as Trezor and Coldwallet, which are already closely scrutinized, as you’ll be able to see right here for instance.

PS: I do know that if the trezor has a malicious random quantity generator and it creates a personal key that not solely myself personal, this can be a privateness leak, however not an issue. And it is a privateness leak solely once I spend from this tackle, revealing the general public key on the blockchain.

I am not conscious of troubles with Trezor rng (have you ever any reference for this?), but when your personal keys are leaked you’ll lose your funds virtually istantly, there is no such thing as a want to attend you spend, as stated earlier than, public key and addresses derive from personal key, so in case you have this you do not want the rest

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles