Twitter | Search | |
Bitfi - open source: bitfi.dev
World’s only crypto asset wallet where the private keys are generated on demand, and never permanently stored. Learn more at
10,841
Tweets
50
Following
18,099
Followers
Tweets
Bitfi - open source: bitfi.dev 26m
There is no chance that you won’t use Bitfi technology if you take the time to understand how it works. It makes all other wallet tech obsolete - we guarantee it. Learn about it today.
Reply Retweet Like
Bitfi - open source: bitfi.dev 2h
Reply Retweet Like
Bitfi - open source: bitfi.dev 2h
The only way not to think about money all the time is to have a lot of it. HODL.
Reply Retweet Like
Bitfi - open source: bitfi.dev 4h
Yes. This is something that can be added.
Reply Retweet Like
Bitfi - open source: bitfi.dev retweeted
Red Pill Finance 5h
is the hardware “wallet” gold standard.
Reply Retweet Like
Bitfi - open source: bitfi.dev 21h
If you are not a permabull, then why do you even need a hardware wallet?
Reply Retweet Like
Bitfi - open source: bitfi.dev 24h
Replying to @hodlitecoin
Hope after Bitcoin goes over $20K
Reply Retweet Like
Bitfi - open source: bitfi.dev Jan 27
Disbelief stage.
Reply Retweet Like
Bitfi - open source: bitfi.dev Jan 27
Cardano is in the works.
Reply Retweet Like
Bitfi - open source: bitfi.dev Jan 27
14) To tackle this final frontier in wallets, we are currently developing a trustless, consensus based mechanism for updates. This is something that will give 100% of users complete certainty about what their device is doing.
Reply Retweet Like
Bitfi - open source: bitfi.dev Jan 27
13) Finally, we realize that this type of system is still not optimal because only a small percentage of people can check the code (developers) and the rest have to rely on this small group to let them know if something is wrong. This is an issue affecting all wallets.
Reply Retweet Like
Bitfi - open source: bitfi.dev Jan 27
12) Other team members cannot publish an update etc without going through a multi-stage process. If a malicious update came from us directly there would be no denying its origin and the key team members are all very public individuals.
Reply Retweet Like
Bitfi - open source: bitfi.dev Jan 27
11) The publishing of a malicous update by our team is part of our threat model and something we address currently through a series of security controls (Least Privledge Access, Role Based Access Controls, Signature and Hash verification.
Reply Retweet Like
Bitfi - open source: bitfi.dev Jan 27
10) attempt to push lower-level code changes will immediately wipe out the unique identifier and force the device into a default unprovisioned state.
Reply Retweet Like
Bitfi - open source: bitfi.dev Jan 27
9) gained access to our servers and our admin application which monitors all wallet and device activity and prevents any communications or other changes to the device you would still not be able to push a malicious update because the update would require a signing key, and any
Reply Retweet Like
Bitfi - open source: bitfi.dev Jan 27
8) the OTA secure update keys. These are not publicly available and even if they were lost or stolen the OTA update packages are not enabled on the device, rendering them useless. If you were able to get our entire source code for our preloader, bootloader, OS, APP AND even
Reply Retweet Like
Bitfi - open source: bitfi.dev Jan 27
7) hashes are checked to verify they match after upload & by the device and server when a device pulls the update down. Any attempt to flash the devices lower level bootloader or operating system OTA would require an OTA update package specially built for our devices as well as
Reply Retweet Like
Bitfi - open source: bitfi.dev Jan 27
6) Provisioning is impossible without a special service and a series of keys that are tightly controlled and air-gapped from all other systems. All Application code compilation is done using deterministic builds and code signing is done on an air-gapped system and
Reply Retweet Like
Bitfi - open source: bitfi.dev Jan 27
5) Firmware is pulled by device when available, it hashes all bytes to perform ECDSA check. These checks are performed server-side to assure match of update package. ALL transactions with their corresponding signatures are available at
Reply Retweet Like
Bitfi - open source: bitfi.dev Jan 27
4) We continue to run a Responsible Disclosure Program which invites researchers to test devices and responsibly report vulnerabilities they may find.
Reply Retweet Like