Today on Reddit they were discussing security of Hardware Wallets and someone claimed that
https://www.reddit.com/r/Bitcoin/comments/66vka4/friendly_reminder_when_using_a_hardware_wallet/dgm8ohh/Actually no. The private key can be leaked in the bitcoin transaction itself.
Unless the wallet is following the RFC-6979 standard, it is impossible to tell if the wallet is leaking small amounts of the private key. Even if the wallet does follow the standard, to verify that it is not actually leaking data, you would need to audit each signature, which means that your auditing code needs the private key, defeating the purpose of the hardware wallet in the first place.
Unless you trust the entire supply chain, there is an opportunity for an attacker to get private keys.
https://bitcointalk.org/index.php?topic=285142.0So if I constantly reuse the same public BTC address and with every outgoing transaction that I perform does the transaction leak some part of the private key? If so doesn't this pose a huge security risk for everyone using Electrum since not everybody uses a new address for every transaction.
To prevent this from happening what should we do?
Use a new BTC address and never keep any BTC there if a outgoing transaction was made?
Also found this
https://en.bitcoin.it/wiki/Address_reuseBitcoin does not, at a low level, have any concept of addresses, only individual coins. Address reuse, at this layer, requires producing multiple digital signatures when you spend bitcoins. Multiple situations have been found where more than one digital signature can be used to calculate the private key needed to spend bitcoins. Even if you spend all the bitcoins claimed by this private key at once, it is still possible to double-spend them in theft before they confirm. While the known situations for finding the private key from signatures have been fixed, it is not prudent to assume there aren't more such situations yet unknown.
In the case of spending all the TXOs in a single transaction, there is an additional risk if someone is actively monitoring the network for vulnerable transactions. Upon receiving such a transaction, they can split up their double spends such that there is only one ECDSA verification per transaction (making a single transaction for each TXO). This will cause the attacker's transactions to relay across the rest of the nodes faster than the legitimate one, increasing success of a double spend.