Bitcoin Forum
October 12, 2024, 06:34:06 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 ... 110 »
1  Bitcoin / Wallet software / Re: Verifiable builds need attention. Only 3 of 68 Android wallets are verifiable on: June 09, 2023, 08:47:12 PM
MercadoBitcoin's review was removed due to a DMCA takedown notice and I had forgotten to put it back up until the Foxbit takedown notice.

Today the latter just had its deadline to take court action expired, so I will re-instantiate it, too.
2  Bitcoin / Electrum / Re: Have you ever compiled Electrum from source code and check its hash with the rel on: May 31, 2022, 05:06:37 AM
EDIT: I've checked walletscrutiny and apparently, they didn't get a match after trying to compile it either.

Back then this was right but Electrum for Android turned reproducible meanwhile.
3  Bitcoin / Wallet software / Re: walletscrutiny: the majority of "wallets" are either custodial or closed source on: May 27, 2022, 02:56:40 AM
Good luck collecting donations, and I am hoping this won't mean that you will close one eye if let's say ColdCard, Trezor or someone else donates to you for good code review of their wallet
I know it's a lot of work tracking all those wallets, so I would suggest that you keep everything related with donations public as much as possible.
It's in the best interest of both users and wallet creators that something independent like Walletscrutiny exist.

There is only one wallet so far that donates to WalletScrutiny and that is Unstoppable. We made that transparent.

We are considering to add affiliate links wherever applicable - hardware wallets mostly - but it's problematic as it might color our judgement. Regarding the importance of hardware wallets as a whole for example. Not all agree that they are beneficial to users' security and prefer commodity hardware, preferably from before 2009.

... But I will say that if you're in the business of selling very valueable physical coins to people, you'd be quite mad to *not* have such a precautionary setup. Even better would be to have two geogeaphically distant locations where a "split-key" is generated at each of them and then combined at a 3rd location for final processing. This prevents any one person from knowing the exact PK.

Few people would consent to such an added expense of buildings, though.

Smoke and mirrors. The upside of keeping the keys around for a rainy day is gigantic and as any magician can explain to you, it's trivial to convince people there was no rabbit in the hat until you pulled it out. No matter how complex the ceremony of key generation, the designer can make sure to keep a copy.
4  Bitcoin / Wallet software / Re: Verifiable builds need attention. Only 3 of 68 Android wallets are verifiable on: December 12, 2021, 03:16:17 AM
Some people also reported that NVK blocked them on twitter so they can't comment on any of coldcard twitter posts, and he is hating all other hardware wallet devices...

#metoo
5  Bitcoin / Hardware wallets / Re: [ANN] BITHD.com Razor (Card Design Hardware Wallet Released) on: December 12, 2021, 03:14:32 AM
Just a heads up... my Razor came in the mail the other day, and I just have not had a chance to open it and/or test it due to trying to get myself and my partner setup with the government mandated lockdown due to Covid-19 Undecided

Now that things have settled down, rest assured that I will make the effort over the coming days to do a full unboxing and initial impressions (with pics and some very short and likely bad quality video Tongue) etc.

Thanks again to the BitPie crew for the review unit.

That didn't pan out as planned did it Cheesy I would appreciate some first-hand information. Is this Razor defunct or still good? I see it's out of stock and successfully tested the firmware for reproducibility.
6  Bitcoin / Hardware wallets / Re: BitHD RAZOR - Unboxing and initial impressions (Full Review to come) on: December 12, 2021, 03:09:45 AM
I know some people who received free BitHD Razor for promotional testing and they never could connect their device with mobile app.

Well, that's probably worth mentioning in my review.

They are using Trezor firmware but it's probably outdated and I don't see a single github contribution update in 2020 and 2021.

How not? last commits were 23 days ago.
7  Bitcoin / Hardware wallets / Re: Secure Element in Hardware Wallets on: December 12, 2021, 02:35:47 AM
OP presents SEs as green/good and lack thereof as red/bad. I agree that there is certain situations where a SE can save the day but equally does the SE with their NDA-requirement and secrecy lead to a situation where we trust a black box a whole lot for being our own bank and throw "don't trust - verify" too easily over board.

Especially hardware wallets that use their SE's TRNG as sole source of entropy should be called out! Nobody can prove the TRNG to be truly random and in the worst case it just creates hash("you won't guess this", serialNumber, sequenceNumber) "random" numbers that the inventor can trivially guess. Such a hardware wallet would allow the provider to know all the private keys generated by all the users, putting him in the position of being able to pull the rug at any time.

Please add in the OP:

  • Is a single TRNG the sole source of entropy?
  • Can the used entropy be audited or does the chip that mungs together all entropy spit out a master seed without accountability?
  • Does the MCU trust the SE? To my understanding, BitBox02 does not entrust the SE even to hold the master seed. It only holds a symmetric key to decrypt the master seed stored outside the SE.

As you can see in my footer, I work on WalletScrutiny where my primary goal is to prevent rug pulls as I see them as a systemic risk if we get another MtGox situation where half the community is affected. Reliance on a compromised TRNG is one of my big concerns.
8  Bitcoin / Wallet software / Re: Verifiable builds need attention. Only 3 of 68 Android wallets are verifiable on: December 11, 2021, 03:48:22 AM
btw ColdCard wallet is not open source anymore, but he still claims differently on his website... maybe he will change that in future also Smiley

Cringy :/ I used the term "open source" in a sloppy way, too but once somebody complained, I replaced it everywhere with "public source", as that is what I need to reproduce binaries.

As long as the site is not created to advertise certain project(s) and as long as they are giving correct information instead of falsified claims, things can remain healthy otherwise that's another case of why centralized "review" sites are generally bad.

WalletScrutiny is certainly not created to advertise any specific products. I did work for Mycelium before but I quit because of this conflict of interest and I'm pretty open about my disagreements in direction when it comes to shitcoins. Ideally WS would be easy to fork though but I don't dare yet to make the reviews themselves creative commons or something. The framework and tools are open source already though.
9  Bitcoin / Hardware wallets / Re: BitHD RAZOR - Unboxing and initial impressions (Full Review to come) on: December 11, 2021, 03:41:36 AM
There is not much information on the product and I try to make a review for WalletScrutiny but am right now in the dilemma that the firmware binary is reproducible but the companion app appears to be going south, with mostly scam accusations recently.

Also on https://bithd.com there is no social media links or links to bitpie, while bitpie has broken links to Play Store and the relation of the two ... well, it gets explained in a medium post.

Are they still around? Is this just user errors and poor communication? Maybe a language issue?

I can't find the Razor on sale neither. At least not in English. And hardware wallets should probably always be bought from the manufacturer anyway but they never sold it on their website, right?
10  Bitcoin / Wallet software / Re: Verifiable builds need attention. Only 3 of 68 Android wallets are verifiable on: November 09, 2021, 02:58:50 AM
I feel like bitcoinbinary was launched as a reaction to WalletScrutiny's review of ColdCard. It's @NVK's project.
11  Bitcoin / Wallet software / Re: Verifiable builds need attention. Only 3 of 68 Android wallets are verifiable on: August 08, 2021, 05:29:34 AM
...
How exactly are you testing Hardware Wallets?
I guess you first need to have actual device in your hand (purchased or received for testing from manufacturer) and then try to reproduce the code.

We look at claims about the functionality of the device to see if it falls into any of the k.o. criteria like not having a screen to verify what you approve. Then we look for the source code and the binary. If the source code compiles into the binary, the wallet is reproducible. Check out our full methodolgy.

So ... if you want to help, there is a ton to do from simple triage to compilation to design to spreading the word. Wink
I am helping in spreading the word about WalletScrutiny and I am monitoring hardware wallet changes, especially if they claim they are open source.
You can track that in my topics that is updated on regular basis like this one for example: LIST - Open Source Hardware Wallets.

I think we have all the products you list. We have to review most of them still.
12  Bitcoin / Wallet software / Re: Verifiable builds need attention. Only 3 of 68 Android wallets are verifiable on: August 03, 2021, 03:16:55 AM
Hi dkbit98,

WalletScrutiny is a ton of work and we are a small team, only.

In our Methodology you can read our priorities:

Quote
1. Re-evaluate new releases of Reproducible   wallets as they become available. If users opt for a wallet because it is reproducible, they should be waiting for this re-evaluation before updating.

Today I tested the latest releases of AirGap Vault and Green Wallet. Today, Green was a bit more work than usual.

Quote
2. Check if any of the Unreproducible!   wallets updated their issues on their repositories.

We really hope to see more reproducible products, so we always have an eye on the dozens of open issues.

Quote
3. Make general improvements of the platform

That is the a catch-all for improving scripts, design and often just investigations. It's probably the bulk of the work.

Quote
4. Evaluate the most relevant Development   wallets

For Android we have a good proxy for relevance - downloads. For iPhone we don't and neither for hardware wallets.

Unfortunately we are not progressing in the top category as fast as I wish we would but that has to do with severe lack of people to work with code. The k.o. criteria (custodial, bad interface, defunct, ...) are verdicts relatively inexperienced Bitcoiners can come to but when it comes to reproducing a wallet, it's mostly on me. Emanuel also does play with code and does a ton of work but refuses to open merge requests, so writing the difficult reviews is all on one person that also looks into all the other stuff.

So ... if you want to help, there is a ton to do from simple triage to compilation to design to spreading the word. Wink
13  Bitcoin / Project Development / Re: HODLER Wallet - The Only Open Source Multi-Asset Wallet on: April 09, 2021, 02:15:54 AM
Two years later, the thread had no replies, the website is down but ... the wallet has 1000 downloads on Google Play. Whats up? Is this project still alive? On GitHub there was also a long silence since 2019.

I'm poking around for inclusion in WalletScrutiny: https://walletscrutiny.com/android/tech.hodler.core/
14  Bitcoin / Wallet software / Re: Verifiable builds need attention. Only 3 of 68 Android wallets are verifiable on: March 22, 2021, 06:45:11 PM
If you think like that than you should not consider Lightning Network Bitcoin as a real Bitcoin and any wallet that is using LN (custodial or not) should not be on WalletScrutiny website.
Bitcoin Blue wallet is not custodial, and you can create separate page for all Lightning Network wallets and other second layer solutions if you want.
LN Blue wallet wallet can be custodial and non-custodial and there are many shitcoins that can work with LN and not just Bitcoin.
Just my suggestion.

LN Blue wallet is by default custodial and does not warn the user.

I see your point for LN-only wallets like Phoenix but else, the protocol not being as good as Bitcoin in the presence of an actual non-custodial Bitcoin account doesn't make the wallet custodial. Maybe Phoenix is "not a BTC wallet" but certainly not custodial.
15  Bitcoin / Wallet software / Re: Verifiable builds need attention. Only 3 of 68 Android wallets are verifiable on: March 22, 2021, 05:39:45 PM
So again, please show me one wrong categorization!

You can run your own node with Blue wallet or you can use their hosted Lightning wallet like for most LN wallets.

Sure, you can but nothing tells the user he should and the website and wallet description claim self-custody while the default LN account is not self-custodial and "- This wallet is
hosted by BlueWallet." does not convey the fact that they can do whatever with the user's funds.

Are you considering Green wallet by Blockstream with Liquid Network custodial or not?
Because I see it is very high rated on your website, or you think Lightning Network Bitcoin and Liquid Network Bitcoin L-BTC are not equal with real Bitcoin.
Looks like a double standards to me, but maybe I am wrong idk.

I personally would not touch Liquid Bitcoins as the current setup is not self-custodial to my own standards but I do not dig deep into all the shitcoins and protocols and personally draw the line around BTC. So if 8(?) federation members collude, they can steal your coins? There are bugs where the federation collapses and Blockstream can single-handedly spend the bitcoins? Yes, not something I would want to get tangled up with but it's not deceptive on the wallet level. It's only deceptive on the protocol level. The wallet does nothing wrong. If I would categorize it as custodial, I would have to do the same with all that support any shitcoin.

Please read the verdict explanation on all the non-verifiable wallets including the custodial ones:

Quote
The app cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The app might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.

WalletScrutiny is about providers of binaries, currently on the Play Store and the App Store, not about the protocol maintainers/developers.
16  Bitcoin / Wallet software / Re: walletscrutiny: the majority of "wallets" are either custodial or closed source on: March 12, 2021, 02:53:55 AM
Have you been able to find anything on the Tangem software?

First time I hear about Tangem.

https://tangem.com/apps/ looks like a companion app  which would not be reviewed by us but in the case of Ballet I made an exception as the private keys are handled by that "companion" app but in the case of tangem ... as the card has no display it can only blindly sign and surrender data it's been asked to do, so while it might not surrender the private keys, the "wallet" might empty the full account while the user thinks to be paying a coffee. Not funny. Not sure how to add it to walletscrutiny.

Edit: What a shitty product Cheesy All recent reviews claim it doesn't work at all. And as it has 1k downloads on GPlay, it meets the criteria to get a review. I need a pause ...
17  Bitcoin / Wallet software / Re: Verifiable builds need attention. Only 3 of 68 Android wallets are verifiable on: March 12, 2021, 01:03:13 AM
Interesting to see that no wallet has ever been audited and only few of them are reproducible, but I doubt if any information from this website is really accurate and I don't see any hardware wallet listed.
You have Bluewallet listed as Custodial, and it is clear that this is non-custodial open source wallet, and there is no provider that holds the coins.
This is probably one of the best Bitcoin mobile wallets today.



github:
https://github.com/bluewallet/bluewallet

The "audited" section is to avoid confusion of what we do. We do check reproducibility. That is we test if reviewing the code has any relevance for the binary the provider released. We do not audit wallets. Others might have audited wallets and certainly wallet providers make that claim.

If you find any factual errors, please let us know, ideally via our gitlab. The verdicts are very objective and follow the "methodology" linked in the top of the site.

We are exploring what to do about hardware wallets. Those work very differently and need a very different methodology. We will first expand to other software wallets.

The fact that you thought BlueWallet was self-custodial while implying to know the product tells me everything about why we have to keep the verdict as is for the time being. The provider added a pathetic "This wallet is hosted by BlueWallet" in the LN account creation and calls that a disclaimer.

So again, please show me one wrong categorization!
18  Bitcoin / Wallet software / Re: walletscrutiny: the majority of "wallets" are either custodial or closed source on: March 12, 2021, 12:51:06 AM
....
Is there any reason to press the button before he sees an update of the app on Google/Apple or his credentials revoked? I don't think so. He can probably keep pretending for a week or two.

Because if you leave Friday and don't come back Monday people are going to start looking.
IF someone does notice the code change and they come looking for you it's good to be someplace else.
Might as well be a beach on a tropical island with no extradition.

Uhm ... I suppose that button works on that tropical island, too. During Covid-home-office, he can pretend from the beach. I didn't mean to say that going to work normally would be a good idea although there is ways, too. If Dave is the release manager, he could "catch a backdoor" that conveniently deleted all its traces of infection. He'd just have to make sure to mix well that stash.

So is that better then a closed souse wallet that needs 3 checks against their internal code before it's uploaded and the uploads needs 2 different 2fa devices that 2 different people have?

Tell me who has that setup? I have yet to find a project that would even claim to do reproducible builds of their closed source product. Without reproducible builds, people sign off blindly.

Nobody has it, that I know of in the crypto space and that is the issue.
Yeah, possibly the big players [Coinbase, Gemini, Kracken, etc]

The standard claim by all of them is "We have the best security in the industry". I'm so tired of reading superlatives in every wallet description.

But, Mycelium, Electrum, etc. If they do they don't talk about it.

I would love for one of them to actually do some epic security measures and be somewhat upfront about it.

People trust non-reproducible wallets provided by anonymous developers. They trust custodial wallets that make no statement about using cold storage. Yesterday I reviewed a Ballet, a wallet that uses provider-generated BIP38 paper wallets and calls those "hardware wallets" and the app "companion app" and it's ok because Charlie Lee is running this shop. Unfortunately most people in the space are not at all literate about cryptography.
19  Bitcoin / Wallet software / Re: walletscrutiny: the majority of "wallets" are either custodial or closed source on: March 11, 2021, 03:37:30 PM
I know I have said it before and will keep saying it about open source wallets or anything. Unless you compile it yourself OR make sure that any auto-updating is turned off you are probably getting a false sense of security. Unless they can prove an audit of their update security.

I agree. My approach on that (not sure if I shared it here in this thread) is a monitoring app that can pull the plug (switch phone offline). This feature could maybe be added to the wallet itself with less than 100 lines of code, to make sure the wallet becomes less of a target for hackers as pulling the plug would happen for all users, not only those that run an extra app if something weird is detected but for a start it also works as a separate app. That app would detect every install of a relevant app (enlisted Bitcoin wallets) and check the fingerprint with ideally more than one independent server. If the hash is unknown, upload the apk and go offline. If the server finds the apk to be a non-white-listed release, signed with the provider's keys, it triggers an alert. All that run the app get their phones switched offline (or otherwise updates disabled) and a notification shown. For this to work, the provider has to publish their soon to be releases, reproducible binaries (maybe without signature if they don't want users to update to it just yet) for white-listing.

Having a code audit and being open source is good. But it the machine that uploads the files to the play store / itunes is not secure then it all goes out the window.

The machine or the machine's administrator. Under duress, who knows what would happen?

Employee "Dave" goes evil. Owner / programmer "giszmo" does everything properly, open source, code audits, etc.
3:30 PM on Friday Dave uploads the bad wallets to the online stores. They have nothing to do with the GitHub code. Says to giszmo "See you Monday" as always and walks out the door.
3:45 PM stores start pushing out bad version
4:00 PM Dave arrives at airport
10:30 PM Dave lands in some tropical island
11:45 PM Dave checks and 500 copies of the wallet have been downloaded and have ~ 35BTC in total.
6:00AM Sat 7200 copies have been downloaded and have ~90BTC in total.
Dave sits and wait's till there are 100+ BTC in the compromised wallets. And then hits the "Send to Dave" button.
Will probably get some more BTC till everyone figures out what is wrong and happening.

Is there any reason to press the button before he sees an update of the app on Google/Apple or his credentials revoked? I don't think so. He can probably keep pretending for a week or two.

So is that better then a closed souse wallet that needs 3 checks against their internal code before it's uploaded and the uploads needs 2 different 2fa devices that 2 different people have?

Tell me who has that setup? I have yet to find a project that would even claim to do reproducible builds of their closed source product. Without reproducible builds, people sign off blindly.

I like open source, I use open source, unless everything has multiple separate checks in the process it's not any better some times.

It signals but the open source community also helps fix issues at times. Mycelium got several issues fixed thanks to outside contributions.

Sorry, but I am going to keep saying that. And that the above rant or a similar one should be on every page that discussed the benefits of open source.

Public Source doesn't proof security. It only can make it painfully obvious if the app lacks security. Any app that cannot be deterministically built cannot avoid a single point of failure. A closed source app skips that scrutiny and has less of an incentive do do things right. Without really technical people demanding it, managers let it slip down in priority until "Dave" actually pulls it off and goes on prolonged vacation. (You actually got your cast wrong. It's Eve who goes on vacation Wink)
20  Bitcoin / Wallet software / Re: walletscrutiny: the majority of "wallets" are either custodial or closed source on: March 11, 2021, 04:10:32 AM
Seriously?Huh
You talk about security then you send people to an unknown github to download software?

I agree with many of your concerns. I'm not a contributor to YetiCold and only had a lengthy call with the main contributor @JWWeatherman_ which probably is worth nothing if in the end people lose funds but it might have skewed my confidence. I edited my comment above.

Your comment sounds like I was part of YetiCold. I am not. I just see this project is addressing many things in a very good way although I have not audited it very carefully. Many concerns can be mitigated the way they step through the whole process but one of my criticisms was also that there is no concise instructions one could read from start to finish. You actually have to do it to know how it goes. @JWWeatherman_ counters this with the videos that show the whole process.
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 ... 110 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!