Twitter | Search | |
This is the legacy version of twitter.com. We will be shutting it down on 15 December 2020. Please switch to a supported browser or device. You can see a list of supported browsers in our Help Center.
Matt Odell
bitcoin & privacy advocate▫️ ▫️ projects, resources, disclosures, and pgp: ▫️ subscribe: ▫️ stay humble. stack sats.
21,821
Tweets
987
Following
49,353
Followers
Tweets
Matt Odell 57m
pretty much nailed this bitcoin price action in last week's RHR, not that it really matters, in this house we stack every dip and every rip
Reply Retweet Like
Matt Odell retweeted
Specter 3h
Get your Specter DIY Orange Pioneer Edition 👻🔥🚀
Reply Retweet Like
Matt Odell retweeted
Stephan Livera 4h
SLP231 of - Specter DIY: Build your own hardware wallet Stepan and I chat: - Making the device with off the shelf parts - Security - Air gapping with QR - Multi sig set ups - -Desktop
Reply Retweet Like
Matt Odell 18h
would be happy to rip this one in person dave, we can have some fun with it
Reply Retweet Like
Matt Odell 19h
Yup exactly, specter is much easier to use with your own node. I also think the UX is significantly better.
Reply Retweet Like
Matt Odell retweeted
BlueWallet 20h
Tools to empower individuals. Tools for censorship resistance.
Reply Retweet Like
Matt Odell 20h
right but that is the risk of any signed software, not hardware specific
Reply Retweet Like
Matt Odell 20h
we'll discuss it on the pod this week
Reply Retweet Like
Matt Odell 20h
if you dont verify then software can be modified by an attacker between you and the dev, good hardware wallets mitigate this a bit since they will also verify firmware upgrades automatically, so to be susceptible there you would also need the hardware to have been modified
Reply Retweet Like
Matt Odell 20h
page 14 of this guide shows you how to verify sigs on linux, mac, and windows using wasabi as an example: You should be doing this process for all bitcoin software you use (really any important software period) and hardware wallet firmware upgrades.
Reply Retweet Like
Matt Odell 21h
You cannot do it for apps downloaded from app stores. You can only verify sigs if the dev provides you the application file, the signature, and their pgp key. Most open source software devs provide them. It assures you that the app hasn't been modified between you and the dev.
Reply Retweet Like
Matt Odell 21h
Verify what?
Reply Retweet Like
Matt Odell 21h
Interesting. We disagree here. Software attacks seem much easier to pull off than offline hardware. Users should at least be verifying sigs of all software they download - even though most don't - but even then malicious changes seems much more likely than offline hardware.
Reply Retweet Like
Matt Odell 21h
Replying to @hodlmeister @Ledger
yes, this is my current recommend setup for most users:
Reply Retweet Like
Matt Odell 21h
I like 3 of 5 the best. Seems like a solid balance. My issues with 3 of 7 is privacy loss (not many people use multisig let alone 3 of 7) and that it's just overwhelming having that many keys/locations.
Reply Retweet Like
Matt Odell 21h
If you're downloading your wallet from the app store / play store then you are still susceptible to supply chain attacks.
Reply Retweet Like
Matt Odell 21h
You can and should have different types of signers. You are going to have to make a judgement call based on type of signer, storage method, storage location, and threat model. You can still keep an offline seed backup in a different location that is more difficult to access.
Reply Retweet Like
Matt Odell 21h
oh it doesn't from that perspective but then you lose the benefit of additional physical security provided by the hardware wallet and you won't know if a key is compromised (really doesn't matter with trezor since there is no physical security unless you use sd card feature)
Reply Retweet Like
Matt Odell 21h
Replying to @BTCUnaffected
fair, what's really interesting is that custodial mixers have a significantly worse trust profile yet have seen significantly more usage than any coinjoin implementation
Reply Retweet Like
Matt Odell 21h
Replying to @BTCUnaffected
Fair, although that would be clearly worse for light client users. In either scenario, sybil concerns are reduced as more dojo participants enter the pool.
Reply Retweet Like