Ahh right, misunderstood you before - figured you were talking about the SE at a higher level, such as the difference between these devices and Ledger.

You are correct. BitBox02 and Trezor Safe 3 both say the encrypted seed is stored on the MCU, with part of the decryption key stored on the SE. Passport and Coldcard store the encrypted seed on the SE itself, on the other hand.

Already edited my post above - looks like it will support entry on the hardware wallet. But even Trezor T still allows users to enter the passphrase on the computer instead. They really need to remove this option altogether, but they can't while people still use the Trezor One I guess (which will be the case for many years yet).

And Passport and Coldcard. But completely different to Ledger, who run BOLOS and associated applications on the secure element itself.

It does not matter if Ledger go bankrupt or disappear. You can always pair your device with Electrum or Sparrow to access your coins, and as long as you have your seed phrase you can still restore it to another hardware wallet or airgapped device.

The bigger concern is the risk of your seed phrase leaving your device, or indeed, if it has already left your device since the ability for that to happen has been there all along, despite Ledger lying and saying the opposite. Ideally you should purchase another hardware wallet or move to using a permanently airgapped computer. If you don't want to do this then there are a few steps you could take to reduce your risk, but they are not a guarantee by any means, make no difference to what might already have happened in the past, and they will limit how you can use your hardware wallet.

Here's a question, and much like Satoshi I am not a lawyer:

When Gavin was being deposed during the Kleiman trial back in 2020, and therefore both under oath and permitted to break his NDA if required, could he not have said at some point during the deposition "I do not believe CSW is Satoshi" and be protected from any future frivolous retaliation from CSW?

I think the closest he got during the deposition was when he said "Yeah, I've learned things after that give me doubts", referring to things he had learned since the "signing session" which make him now doubt that CSW is Satoshi.

You will know all the addresses which my paynym generates for you. You will be unable to deduce any of the addresses which my paynym generates for other people. If 100 different people all send me 10 transactions using my paynyn, you will only know the address for the 10 transactions you made, and you won't know anything about the other 990 transactions (or indeed, if there have been any other transactions at all).

Yes, but that requires me to be online, generate a new address, communicate it with you securely, etc. With a paynym, you can just generate a new address for me on the fly without any interaction needed from me at all.

Yes to both.

Yes. The transaction will obviously still be mined and therefore publicly viewable, just as any other transaction is. As the sender, you will know the address you are sending to.

It ensures no address reuse, but it also means the receiver does not need to generate a new address for every transaction they want to receive and there is no difficulty in communicating that address privately. I could post a paynym publicly, and everyone who wants can use that paynym to send me coins to a fresh address each time, and no one can use that paynym to spy on the addresses it creates for anyone else.

Paynyms also serve another purpose in Samourai and Sparrow wallets in that they allow you to coordinate with other users to create StonewallX2 and Stowaway transactions for improved privacy.

Not seed phrase - passphrase.

The seed phrase will still be generated or imported on the device itself, but with Trezor One (unlike most other hardware wallets), any additional passphrase is entered on to the Trezor Suite software on the computer you are attached to, and not in to the hardware wallet itself. Obviously entering a passphrase in to a computer with an internet connection makes it very insecure, so potentially still having to do this on a brand new hardware wallet released in 2023 (when other hardware wallets haven't been doing this for years) would be very poor. There's no confirmation of this yet, though.

Edit: I've since noticed on this page (https://trezor.io/trezor-safe-3) that it says "device-entry passphrase", so at least that particular attack vector seems to have been removed.

There are multiple other reasons I wouldn't pick a Trezor though, even this new model or the other new model they are going to release.

Sure, but they have spent years telling everyone how not only do we not need secure elements, but that closed source secure elements can actually increase your risk. And now they implement it and call it ground breaking, as if everyone else hasn't been doing it for years already.

Ok, that's an even better set up.

Do you also use Samourai on the go while pointed at your Dojo? Or do you just use Dojo for Sentinel?

Did you check the logs to find out what was going on?

That's pretty much the opposite of my experience. I was pretty taken aback when I first installed Sparrow at just how easy it was to connect to my own node on the same device. Literally one click on the button which says "Bitcoin Core" in Sparrow and it was done. It's a little bit more involve to connect it to your Electrum server or a node/server on a different machine, but I've still gone through those processes several times with different machines and OSs without ever having too much trouble.

Note that the secure element is not open source. It's just a regular secure element. Pretty funny coming from the company that spent the best part of the last 10 years saying how closed source secure elements are a security risk and secure elements are unnecessary, while sweeping under the rug their unfixable seed extraction vulnerability.

It also isn't airgapped and still needs connected to the computer with a USB cable, and it also seems like you still have to enter any passphrase on the computer and not on the device itself, which remains a large security risk.

So all in all, this just looks like a rebranded Trezor One. Pretty disappointing to be honest, and still far behind some other hardware wallets on the market.

Completely agree that a salary of $11,000 is almost unlivable, but let's not fool ourselves in to thinking $60,000 is rich by any means.

Which again, is nothing. We've added another $40 billion to the debt since my last post. Even with 10 such proposals you are making, you delay the inevitable by a day or two, at most.

Don't you see that's what the government want? Worker against worker. Focus all your anger on some other person who is just slightly better off than you are. Never mind the multinational corporations evading billions in tax, never mind the banks laundering hundreds of billions, never mind the trillions wasted in our ridiculous healthcare or military budgets.

Yup, we can't possibly let the billionaire banks fail. Money printer goes BRRRR to bail them out, because who cares about the average Joe getting poorer and poorer as this goes on.

First you'll need to install and run a Tor daemon on your Raspberry Pi.

Inside the Sparrow terminal, go to to Preferences -> Server -> Edit, and then select whether you are using Bitcoin Core or Private Electrum. Select Continue. On the next screen go down to "Use Proxy?" and select "Yes", in "Proxy URL" put 127.0.0.1 on port 9050. This will route all external Sparrow traffic via Tor.

---

Excellent set up, by the way. Your own node, own Electrum server, Sparrow, all via Tor, for endless free coinjoins. Which Electrum server package are you running on your Raspberry Pi? Next up you'll want your own instance of https://github.com/mempool/mempool.

Exactly. It's happened many times before. An exchanges goes bankrupt because of their own shady practices or because of a hack, so they either launch a shitcoin and "pay" back their users in this worthless shitcoin instead of bitcoin, or they just print a few hundred million of an existing shitcoin out of nothing to keep themselves solvent. A prime example of this is Bitfinex and Tether, where they printed almost a billion USDT out of nothing and gave it to themselves after they were hacked and insolvent.

---

My most recent favorite snippet from the trial below. Gary Wang was a the CTO of FTX and co-founder alongside SBF:

What an absolute clown show.

There is actually a good argument for being able to remember a passphrase if you use a hardware wallet.

Most hardware wallets will let you apply a passphrase to the seed phrase which is already stored within the device, without having to re-enter the seed phrase. So if you have your hardware wallet with you, then if you remember (one or more of) your passphrase(s), then you can access your hidden wallets. Even if you are just using your hardware wallet at home, it means you don't have to go and dig out your back up.

I'm a big proponent of not relying on your memory for anything, and you should definitely have your passphrase backed up on paper separate to your seed phrase in at least two locations. However, I have more than one passphrase which I have entered in to various hardware wallets often enough that I can remember it, despite it being long and complicated. The same holds true for a number of different decryption keys, since all my devices use full disk encryption. Although all of these are backed up on paper, it would be a real pain to have to go and retrieve a back up every time I turned on my computer.

Binance have already been caught running a fractional reserve system and not holding enough coins to cover all withdrawals: https://bitcointalk.org/index.php?topic=5441480.msg62531977#msg62531977.

Even then, it proves nothing. So let's say Binance "prove" they have 500,000 BTC. How do we know that is everything they are supposed to have? How do we know that covers all customer deposits to Binance? We don't. It doesn't matter if they prove they are holding 500,000 BTC, if collectively all Binance users should be able to withdraw 750,000 BTC. Proof of reserves without proof of assets is meaningless.

Various exchanges have tried to do proof of assets as well, but it is completely trivial to fool by just having a handful of accounts with negative balances, which is exactly what FTX were doing as well. Alameda's account on FTX had a balance of negative $8 billion.

Binance did the same, with a few billion in USDT being moved out the day after their so-called "audits". And the same thing again with Bitfinex propping up Tether just before their "audits". Every centralized exchange is the same.

One fund, multiple assets:

If you've not been following the FTX trial, you really should, because the level of fraud on display is enough to even rival that of CSW. Here are two snippets of code (pictures courtesy of https://nitter.cz/molly0xFFF) which have been submitted as evidence in the trial. This code is regarding FTX's insurance fund which was widely publicized:

   

The first picture above shows how the value of 5,250,000 FTX Token supposedly in the insurance fund was "calculated". It wasn't. It was just coded in. insuranceFund.size = 5250000 FTT.

The second picture above shows how the value of USD in the insurance fund was "calculated". The daily trading volume on FTX was multiplied by a random number, and this was used to adjust the insurance fund to a new size.

This is the kind of bullshit centralized exchanges are using in their "proof of reserves", "safu funds", "insurance funds", "collateral funds", "1-to-1 matching reports", and all the other trash they peddle to convince you your funds are totally safe. Literal random number generators. They will do and say anything to get you to hand over your coins to them. Don't fall it.

I assume this is simply a translation error. Your transaction should not be "partially signed" online. Indeed, transactions can only be partially signed if you are using a multi-sig set up. With a standard single-sig cold wallet, the only thing that happens on your online machine is you create an unsigned transaction. That unsigned transaction is moved to your cold device to be signed, and then moved back again to be broadcast.

If you simply install Electrum on an internet connected device and use it as a hot wallet, then yes, it will not be as secure as a (good) hardware wallet. But you can also use Electrum as a cold wallet. What this means is that Electrum is installed on a computer which is permanently disconnected (airgapped) from the internet, meaning the device can never download malware and never be attacked via the internet since it is never connected to the internet. This airgapped computer stores your private keys, and your private keys never leave this airgapped computer so are never at risk of being exposed to the internet. You create unsigned transactions on your usual internet connected computer, move the unsigned transaction via a USB drive or QR code to your airgapped computer to be signed with your private keys, and then move the signed transaction back to your usual computer to be broadcast to the network.

So on examination, it seems all that site is doing is making sets of "lowercase", "uppercase", "numbers", "symbols", and then calculating a strength based on number of characters and number of different sets you use. So any string of 9 characters including lowercase letters and symbols will be given the exact same strength. For example, this string "~gm$r!)zf" is also given 1 month and 6 hours, despite being significantly more secure than "stay away". So yeah, a poor way of calculating password strength.

I've never really used password strength sites like this, but a quick search found another one which does take in to account dictionary words - https://www.passwordmonster.com/
For "stay away" it gives 114 seconds, and correctly identifies two dictionary words.
For "~gm$r!)zf" it gives 931 years.

However, this also seems very inaccurate to me. With 26 lowercase letters and 33 symbols in the standard ASCII set, then that second password has 59⁹ combinations, which is around 53 bits. There is no way it would take almost 1,000 years to crack a 53 bit password.

The best passwords, and the most accurate way of calculating strength, are those which are completely random and draw from lowercase, uppercase, numbers, and symbols, without any patterns. Then you can simply do 95^x, where x is the length of your password. A 20 character password of this format gives you >128 bits of security, which is what you should be aiming for. As soon as you replace a string of those characters with a dictionary word, then how much this decreases your security is unpredictable.

Do fast food workers not deserve PTO as well? What is with your race to the bottom, to make everyone except the super rich suffer? Perhaps we should be looking to improve the conditions for all workers, rather than slashing the meager benefits that already exist for a handful of workers?

Because it affects us all when our debt hits 300% of GDP, our economy collapses, and the USD becomes worthless.

My point is you can make all the small changes you want to the detriment of 99% of the population, and all you will do is slow the speed the of debt increase and never actually halt or reverse it. If you want to actually address the problem and not just delay it, then we need much larger scale changes.

Your best bet is just to put BADecker on ignore.

For reasons known only to the forum administration, he is given carte blanche to break all the forum rules, including ones which get other users permabanned without a second thought, such as plagiarism and death threats: https://bitcointalk.org/index.php?topic=5400571.msg60248138#msg60248138. This has been discussed at length before, and still he is allowed to break rules with abandon.

---

I don't really want to get dragged in to any more of BADecker's nonsense, but this nonsense about fenbendazole is the exact same nonsense that he peddled for ivermectin or bleach (yes, he actually suggested people drink bleach). Yes, there have been studies that show ivermectin can inhibit the growth of cancer cells in a Petri dish in a lab. And yes, the studies you linked show that fenbendazole can inhibit the growth of cancer cells in a Petri dish in a lab. And unsurprisingly, if you pour bleach on to cancer cells in a Petri dish in a lab, they'll die too. The same is true for arsenic, or mercury, or dynamite. All very good at killing cancer cells in a Petri dish - not so good at killing cancer cells inside a human.

For all the nonsense he suggests, there is either zero evidence that it works in humans, or more frequently (such as with ivermectin) there are mountains of evidence of show that it doesn't work and/or is actively harmful and dangerous.