Bitcoin Forum
November 16, 2024, 04:31:52 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Hey bitcoiners if you are interested in the rebrand from Cobo to Keystone...  (Read 390 times)
BitcoinLixin (OP)
Newbie
*
Offline Offline

Activity: 13
Merit: 23


View Profile WWW
September 13, 2021, 11:57:03 AM
Merited by JayJuanGee (4), DaveF (2), dkbit98 (2)
 #1

Hey bitcoiners,

I am Lixin, CEO of Keystone hardware wallet. I was formerly the head of hardware wallet in Cobo, leading the team developing Cobo Vault.
Here is the proof of not being a fake account.

I know some of you have tons of questions about the rebranding, so I am here to address that.

Here are some questions I was asked frequently, we can start from these questions.

Why rebrand from Cobo to Keystone?
Back in September or October of 2020, the founders of Cobo told me that they don't want to do Cobo Vault product any more.
Reasons are -
1) There are very little product synergy between Cobo Vault and Cobo's main business Cobo Wallet and Cobo Custody. Both of them are custodial services. Cobo Wallet is for retail users while Cobo Custody is for enterprise users.
2) At that time Cobo Wallet was making tons of money because of the "DeFi Summer". They want to stop Cobo Vault and pivot all the dev resources to Cobo Wallet. Even though at that time Cobo Vault has broken even and growing very healthily.
We (the Cobo Vault team) were incubated by Cobo and ran as a subordinate company, separated from Cobo HQ for over 3 years. We were very dedicated to decentralized service and the hardware wallet product. We fully respect Cobo's decision but we can't work for Cobo Wallet.
So I bought out the Cobo's equity of the subordinate company (along with the intellectual properties). And the original Cobo Vault team left Cobo to create Keystone, which takes all the product legacies of Cobo Vault and also comes with some product improvements (details in a separate question).
For more details you can read -
https://blog.keyst.one/leaving-cobo-to-continue-the-cobo-vault-legacy-29bb2f8f026e
https://www.youtube.com/watch?v=XuRgGZTW82o

Can I upgrade my Cobo Vault to Keystone firmware?
I am sorry this is not allowed by Cobo. Even though Cobo Vault firmware is open sourced, the firmware needs to be signed by a specific key which is owned by Cobo team. We have made a migration firmware to upgrade Cobo Vault to Keystone firmware but Cobo refused to sign that firmware.
They are doing this because they want to convert those Cobo Vault users to Cobo Wallet.
Right now Cobo is refunding Cobo Vault users. From their refund application form, you can see that you need to register a Cobo Wallet account to get the refund. Also as an incentive, they will upgrade your Cobo Wallet account to VIP1.
For more details about the compatibility between Cobo Vault and Keystone -
https://twitter.com/BitcoinLixin/status/1405135132277706756

Can I still use my Cobo Vault?
If you have upgraded your Cobo Vault to BTC-only firmware (I believe most of the users here are doing so), and use it with BlueWallet, Specter, Sparrow or other 3rd party BTC wallet, you are good to go.
But please note that Keystone team can't fix any bugs or vulnerabilities of this product any more.
If you are using your Cobo Vault with multi-coin firmware and the mobile companion app by Cobo, we are not sure how long this companion app will be listed.
Thanks to the openness of QR code, right now we are launching a software companion app (in review now) to make Cobo Vault still usable.
Please note that these coins we can't support due to backend limitations - IOST, EOS, ETC, CFX, DCR, FIRO(XZC), Omni-USDT.
It's suggested that Cobo Vault users use Cobo's own companion app to move these coins to other wallets before using the companion app we offer.
The purpose of this companion app is just keeping Cobo Vault still functional. No new features will be added to this companion app.

What's the improvement of Keystone compared to Cobo Vault?
There are mainly 3 improvements -
1) We moved the microSD card slot out so it's much easier to plug it.
2) We upgrade to UR2.0 which is a much more advanced and robust QR protocol by Blockchain Commons team.
3) More integrations are coming (Casa and Caravan).
More details here -
https://blog.keyst.one/whats-new-for-keystone-a33f4e24c9cb

Compensation for old Cobo Vault supporters
1. You can get full refund by Cobo if you purchase your Cobo Vault after June 1st 2020 - https://support.cobo.com/hc/en-us/articles/4407973083287-Cobo-Vault-Offline-Notice
2. You can get 50% off for purchasing Keystone hardware wallet - https://twitter.com/BitcoinLixin/status/1399701850983596044

Thanks for your patience reading all the info. Please let me know if you have any further questions.
dkbit98
Legendary
*
Offline Offline

Activity: 2422
Merit: 7578



View Profile WWW
September 13, 2021, 12:54:18 PM
Merited by JayJuanGee (1)
 #2

Even though Cobo Vault firmware is open sourced, the firmware needs to be signed by a specific key which is owned by Cobo team. We have made a migration firmware to upgrade Cobo Vault to Keystone firmware but Cobo refused to sign that firmware.
Does Keystone hardware wallet also have this feature for signing a key for upgrading firmware and who owns this key now?

It's suggested that Cobo Vault users use Cobo's own companion app to move these coins to other wallets before using the companion app we offer.
The purpose of this companion app is just keeping Cobo Vault still functional. No new features will be added to this companion app.
Is it possible in theory for someone to wipe out Cobo hardware wallet code and load Keystone code on it manually if he understands how?
Similar question would be, can someone make Keystone DIY wallet from scratch following instructions like it's possible with other competition hardware wallets (Trezor, etc.)

You can get full refund by Cobo if you purchase your Cobo Vault after June 1st 2020 - https://support.cobo.com/hc/en-us/articles/4407973083287-Cobo-Vault-Offline-Notice
Is there any stats or is it a secret how many Cobo hardware wallets have been sold so far?
It is good they are doing some refunds, but it is only from June of last year and I believe this devices exist longer than that,
so other people will have to switch to Keystone wallet with 50% discount and use spare parts from Cobo, or buy some other brand hardware wallet.



█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
tenant48
Full Member
***
Offline Offline

Activity: 350
Merit: 169


View Profile
September 13, 2021, 01:37:47 PM
 #3

I was just looking at buying a Keystone wallet. I really like the presence of a removable battery and also the absence of changing the addresses of coins, which makes it impossible to attack with the substitution of the address index:
https://blog.sia.tech/a-ransom-attack-on-hardware-wallets-534c075b3a92

I would like to see more popular coins available, such as ZEC.

Still wondering whether your servers are always available, do they have overloads? Is the commission calculated correctly?

BitcoinLixin (OP)
Newbie
*
Offline Offline

Activity: 13
Merit: 23


View Profile WWW
September 14, 2021, 06:05:31 AM
Merited by JayJuanGee (1), dkbit98 (1)
 #4

Thanks so much for these great questions!

Even though Cobo Vault firmware is open sourced, the firmware needs to be signed by a specific key which is owned by Cobo team. We have made a migration firmware to upgrade Cobo Vault to Keystone firmware but Cobo refused to sign that firmware.
Does Keystone hardware wallet also have this feature for signing a key for upgrading firmware and who owns this key now?
Yes. Keystone has the same scheme and we own the key. This thread describe the reason why we maintain this scheme - https://twitter.com/BitcoinLixin/status/1410283646045474816
TL;DR
1) If the key is public, hackers may use a 3rd party firmware to hack entry level users. They may pretend to be a CS guy and trick the user installing a malicious firmware.
2) With our next gen we will have a cypherpunk version which allows users to burn their own firmware. And this version won't be shipped with a workable firmware so the user has to compile his own firmware and hopefully this will avoid new comers from buying it.
3) If one day the worst thing happens to Keystone, we will release this signing key to the community.

It's suggested that Cobo Vault users use Cobo's own companion app to move these coins to other wallets before using the companion app we offer.
The purpose of this companion app is just keeping Cobo Vault still functional. No new features will be added to this companion app.
Is it possible in theory for someone to wipe out Cobo hardware wallet code and load Keystone code on it manually if he understands how?
Similar question would be, can someone make Keystone DIY wallet from scratch following instructions like it's possible with other competition hardware wallets (Trezor, etc.)
No. Cobo device only accepts the firmware that is signed by a specific key and that key is controlled by Cobo team now. People can compile Keystone's firmware but can't installed into Cobo device.
Yes. It's possible to do so and we have open sourced the hardware design like Trezor and Coldcard - https://github.com/KeystoneHQ/Keystone-developer-documents/tree/main/hardware

You can get full refund by Cobo if you purchase your Cobo Vault after June 1st 2020 - https://support.cobo.com/hc/en-us/articles/4407973083287-Cobo-Vault-Offline-Notice
Is there any stats or is it a secret how many Cobo hardware wallets have been sold so far?
It is good they are doing some refunds, but it is only from June of last year and I believe this devices exist longer than that,
so other people will have to switch to Keystone wallet with 50% discount and use spare parts from Cobo, or buy some other brand hardware wallet.
I think Cobo won't allow me to share the sales number of Cobo Vault Sad
I am not sure how Cobo decide that date (June 1st 2020).
BitcoinLixin (OP)
Newbie
*
Offline Offline

Activity: 13
Merit: 23


View Profile WWW
September 14, 2021, 06:35:22 AM
Merited by tenant48 (1)
 #5

I was just looking at buying a Keystone wallet. I really like the presence of a removable battery and also the absence of changing the addresses of coins, which makes it impossible to attack with the substitution of the address index:
https://blog.sia.tech/a-ransom-attack-on-hardware-wallets-534c075b3a92
Thanks!
Actually if you use Keystone with BlueWallet or other 3rd party wallet who has change address, we will show the index (image below) to prevent this ransom attack.
https://i.ibb.co/JjsLKRF/15041631600774-pic.png
If you didn't notice this when you sign the tx, after you sign it by accident, you can still see the index in your signing history.

I would like to see more popular coins available, such as ZEC.
In the near future our focus is still BTC, ETH and EVM chains.
ZEC is on our list but no ETA yet.

Still wondering whether your servers are always available, do they have overloads? Is the commission calculated correctly?
Yes. You are right. No matter how to optimize our own server, it's still a single point of failure.
To prevent this, we make Keystone compatible with many 3rd party wallets (thanks to PSBT) - https://support.keyst.one/3rd-party-wallets/bitcoin-wallets
You can use your own node too.
DaveF
Legendary
*
Offline Offline

Activity: 3654
Merit: 6671


Crypto Swap Exchange


View Profile WWW
September 14, 2021, 11:55:31 AM
Merited by dkbit98 (1)
 #6

Although it was an extreme edge case and destructive to the device do you have any plans to change the hardware to avoid the way shown to get around the self destruct?
And
Do you have any plans to replace it with a solution that does not require a new device every couple of years as the battery that runs the wipe dies?

Neither are super critical, and if I get one it's probably the essential anyway but I do like the concept of the feature.

-Dave

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
dkbit98
Legendary
*
Offline Offline

Activity: 2422
Merit: 7578



View Profile WWW
September 14, 2021, 02:51:45 PM
 #7

With our next gen we will have a cypherpunk version which allows users to burn their own firmware. And this version won't be shipped with a workable firmware so the user has to compile his own firmware and hopefully this will avoid new comers from buying it.
Interesting to see that you are working on next gen Keystone device, I think this is the first time I heard about this, and I would like to see first version coming out.

If one day the worst thing happens to Keystone, we will release this signing key to the community.
Good to hear that, just remember that everything in Bitcointalk forum is saved and archived Wink

I think Cobo won't allow me to share the sales number of Cobo Vault Sad
I am not sure how Cobo decide that date (June 1st 2020).
Is this information going to be available for Keystone wallet? I don't see anyone who can stop you to release this info as you are the new boss.
Both trezor and ledger reportedly sold millions of hardware wallet devices, but I can't find any precise numbers for that.

Although it was an extreme edge case and destructive to the device do you have any plans to change the hardware to avoid the way shown to get around the self destruct?
Good question.
Few months ago I saw how easy is to bypass that Cobo self-destruct mechanism:
https://medium.com/swlh/defeating-the-cobo-vault-pros-self-destruct-mechanism-abf321e2f5b5

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
tenant48
Full Member
***
Offline Offline

Activity: 350
Merit: 169


View Profile
September 14, 2021, 04:13:14 PM
 #8

I was just looking at buying a Keystone wallet. I really like the presence of a removable battery and also the absence of changing the addresses of coins, which makes it impossible to attack with the substitution of the address index:
https://blog.sia.tech/a-ransom-attack-on-hardware-wallets-534c075b3a92
Thanks!
Actually if you use Keystone with BlueWallet or other 3rd party wallet who has change address, we will show the index (image below) to prevent this ransom attack.

If you didn't notice this when you sign the tx, after you sign it by accident, you can still see the index in your signing history.
It's very good that you are showing the index for the change address! Trezor wallets don't show that. Ledger doesn't want to burden users with the problem of index spoofing at all.

I would like to advise you to add the following features to your wallets to differentiate you from your competitors for the better:

1. Many users do not trust the random number generators built into wallets, so it would be nice to let the user enter an arbitrary sequence of 0 and 1 (128 or 256) to form their own seed of 12 or 24 words.

2. Give an opportunity to import third-party cold private keys using: QR code, via SD card or virtual keyboard.
These features can only be added to the Pro model, which will significantly differ from the Essential model.

I hope you will listen to my advice and make a truly professional wallet that will significantly differ for the better from other wallets on the market.

BitcoinLixin (OP)
Newbie
*
Offline Offline

Activity: 13
Merit: 23


View Profile WWW
September 15, 2021, 02:01:17 AM
Merited by JayJuanGee (1)
 #9

Hey Dave thanks for your questions!

Although it was an extreme edge case and destructive to the device do you have any plans to change the hardware to avoid the way shown to get around the self destruct?

Sorry I don't quite understand this question. Do you mind rephrasing a bit?

Do you have any plans to replace it with a solution that does not require a new device every couple of years as the battery that runs the wipe dies?
Yes! Actually we designed the AAA battery support for this kind of scenario. I know some hodlers touch their HW every 2+ years. In that case rechargeable battery won't work.
Details - https://twitter.com/KeystoneWallet/status/1413185377934917632
BitcoinLixin (OP)
Newbie
*
Offline Offline

Activity: 13
Merit: 23


View Profile WWW
September 15, 2021, 02:12:28 AM
 #10

If one day the worst thing happens to Keystone, we will release this signing key to the community.
Good to hear that, just remember that everything in Bitcointalk forum is saved and archived Wink
Thanks for the kind reminder and we will deliver what we promised Smiley

I think Cobo won't allow me to share the sales number of Cobo Vault Sad
I am not sure how Cobo decide that date (June 1st 2020).
Is this information going to be available for Keystone wallet? I don't see anyone who can stop you to release this info as you are the new boss.
Both trezor and ledger reportedly sold millions of hardware wallet devices, but I can't find any precise numbers for that.
We may disclose this number at a proper time.
But what I can disclose right now is that we have broken even in Aug (last month).

Right now we have only been selling this for 3.5 months I don't think that sales number can indicate anything.
But that may lead to misunderstanding. Hope you can understand.

Although it was an extreme edge case and destructive to the device do you have any plans to change the hardware to avoid the way shown to get around the self destruct?
Good question.
Few months ago I saw how easy is to bypass that Cobo self-destruct mechanism:
https://medium.com/swlh/defeating-the-cobo-vault-pros-self-destruct-mechanism-abf321e2f5b5
Oh I see what dose Dave mean.
Actually we had multiple layers of self destruct mechanism. I had some discussion here - https://twitter.com/CryptoKershaw/status/1421230350433505285
Also from Nick's article you can see that he was also aware of the multiple layers of self-destruct mechanism -
Quote
The firmware also shows three other pins used as “passive” tamper sensors; these ones can’t wake the device up from sleep, but can detect tampering of some kind while the device is active.
BitcoinLixin (OP)
Newbie
*
Offline Offline

Activity: 13
Merit: 23


View Profile WWW
September 15, 2021, 02:26:13 AM
Merited by JayJuanGee (1)
 #11

Thanks! Great feature requests!

It's very good that you are showing the index for the change address! Trezor wallets don't show that. Ledger doesn't want to burden users with the problem of index spoofing at all.
We don't see this a burden for an average user. But it's extremely important to people who are very keen to security.

1. Many users do not trust the random number generators built into wallets, so it would be nice to let the user enter an arbitrary sequence of 0 and 1 (128 or 256) to form their own seed of 12 or 24 words.
We feel that flipping coins for 128/256 times is not very user-friendly so we implemented dice roll to do so. You can roll several dice simultaneously so it's has better UX.
And our dice roll result aligns with Ian Coleman's tool so it's easier to verify it without coding capabilities. Details - https://blog.keyst.one/how-to-verify-the-recovery-phrase-created-by-dice-rolling-af01c16b765e

We also implemented auto calculation for the 24th checksum word so a user can randomly pick their 23 words to bypass the random number (entropy) generation by the SE. Details - https://support.keyst.one/advanced-features/recovery-phrase/construct-own-recovery-phrase

2. Give an opportunity to import third-party cold private keys using: QR code, via SD card or virtual keyboard.
These features can only be added to the Pro model, which will significantly differ from the Essential model.
We will look into this. BTW we will also do BIP 85.
3t4inpmok
Newbie
*
Offline Offline

Activity: 2
Merit: 2


View Profile
September 16, 2021, 01:10:53 PM
Merited by JayJuanGee (1)
 #12

Hey Lixin!

Thank you for the Q&A.

I'd like to raise 3 questions, one of them critical, holding me back buying the device Sad

A while back, I came across this article by Stepan of Specter
https://medium.com/cryptoadvance/hardware-wallets-can-be-hacked-but-this-is-fine-a6156bbd199

I did some testing with a couple of (hardware)wallets, initiating them with same the private key material. I created an unsigned PSBT, took the exact same PBST to each of the different wallets signing the tx. The resulting signatures were the same, expect the signature produced by Cobo Vault. Even though, the signature was different it was still a valid signature (From what I understand this can be the case in EC).

After some research, I came accross a couple of posts, e.g. of Andrew Chow and Pieter Wuille,
https://bitcoin.stackexchange.com/a/83785

And this post in Cobo Vaults github,
https://github.com/CoboVault/cobo-vault-se-firmware/issues/33

I don't understand the reply by aaronisme "you can verify it by signing the same data multiple times and verify the signature."
https://github.com/CoboVault/cobo-vault-se-firmware/issues/33#issuecomment-719134100

1. Verify against what? How would the verification process look like in practice? Please elaborate.

It's suggested that Cobo Vault users use Cobo's own companion app to move these coins to other wallets before using the companion app we offer.
2. Friend of mine uses Cobo Vault together with the Shitcoin App. If I advise him buying buying a Keystone, why move the Coins? Can't he just put the Cobo-Seed into a Keystone-Device and use that with the Keystone App?

3. Liking the idea for a cyperpunk device, how do you plan to maintain Support for the Keystone Device one would buy today?

Appreciate your answers and wish you best of luck in this new Chapter!
BitcoinLixin (OP)
Newbie
*
Offline Offline

Activity: 13
Merit: 23


View Profile WWW
September 17, 2021, 02:13:50 AM
Merited by JayJuanGee (1), dkbit98 (1)
 #13

Thanks for those questions!

A while back, I came across this article by Stepan of Specter
https://medium.com/cryptoadvance/hardware-wallets-can-be-hacked-but-this-is-fine-a6156bbd199

I did some testing with a couple of (hardware)wallets, initiating them with same the private key material. I created an unsigned PSBT, took the exact same PBST to each of the different wallets signing the tx. The resulting signatures were the same, expect the signature produced by Cobo Vault. Even though, the signature was different it was still a valid signature (From what I understand this can be the case in EC).

After some research, I came accross a couple of posts, e.g. of Andrew Chow and Pieter Wuille,
https://bitcoin.stackexchange.com/a/83785

And this post in Cobo Vaults github,
https://github.com/CoboVault/cobo-vault-se-firmware/issues/33
You have found the right sources.
Actually there are 2 ways of doing Bitcoin's cryptographic signature.
The first one is called the non-deterministic way. In this way, each signing will pick a random number k. Then run the signing algorithm with this k. As each time the k is different, so the results are different but they are all valid results. Actually this is the original way of doing ECDSA signing.
The second one is called the deterministic way. In this way, k is "derived" from the message you are signing. With that being said, if you sign the same piece of message each time, k is the same (deterministic). So you will get the same result. This is a newer implementation of ECDSA and it's defined by RFC6879.
We are using the original implementation.

I don't understand the reply by aaronisme "you can verify it by signing the same data multiple times and verify the signature."
https://github.com/CoboVault/cobo-vault-se-firmware/issues/33#issuecomment-719134100

1. Verify against what? How would the verification process look like in practice? Please elaborate.
I think here Aaron means that you can verify each different results by writing some code or using some 3rd party tool like https://8gwifi.org/ecsignverify.jsp

It's suggested that Cobo Vault users use Cobo's own companion app to move these coins to other wallets before using the companion app we offer.
2. Friend of mine uses Cobo Vault together with the Shitcoin App. If I advise him buying buying a Keystone, why move the Coins? Can't he just put the Cobo-Seed into a Keystone-Device and use that with the Keystone App?
This is saying that Keystone supports less coins compared to Cobo Vault. IOST, EOS, ETC, CFX, DCR, FIRO(XZC), Omni-USDT are removed.
Your friend should move these coins to other other wallets before he imports Cobo's seed into Keystone.

3. Liking the idea for a cyperpunk device, how do you plan to maintain Support for the Keystone Device one would buy today?
Thanks! (Please forgive me if I don't fully understand your question.)
 Cypherpunk version would be a parallel product to the normal version we are selling now. I can't see any conflict between releasing Cypherpunk version and maintaining the current version.
tenant48
Full Member
***
Offline Offline

Activity: 350
Merit: 169


View Profile
September 17, 2021, 06:19:58 AM
Merited by JayJuanGee (1)
 #14

2. Friend of mine uses Cobo Vault together with the Shitcoin App. If I advise him buying buying a Keystone, why move the Coins? Can't he just put the Cobo-Seed into a Keystone-Device and use that with the Keystone App?

I think you are well aware that Cobo and Keystone are now completely different companies. And giving advice to transfer the seed from a wallet of another manufacturer, which in theory could be deliberately compromised, on Keystone wallet surprises me. For the same reason, Cobo refused Keystone to sign the migration firmware for wallets with its logo, so as not to spoil its reputation in case of problems.
It surprises me even more that such a question is asked by a rather seriously knowledgeable user who, in the above question, describes the theoretical possibility of compromising private keys using signed transactions.
In addition to everything, you are new to this forum and for what purpose did you appear here and where you were before I do not understand?
All this leads to bad thoughts.
I also want to warn Lixin to be careful, not everyone is friendly on this forum, and every random word of yours can be used against you.

3t4inpmok
Newbie
*
Offline Offline

Activity: 2
Merit: 2


View Profile
September 17, 2021, 01:35:30 PM
Last edit: September 17, 2021, 02:05:48 PM by 3t4inpmok
Merited by JayJuanGee (1)
 #15

Hey,

I'm not sure to whom you are critical of.

No bad blood, but to further contribute to this thread:

I think you are well aware that Cobo and Keystone are now completely different companies.
Yes, I'm aware and sorry for the troublesome time Lixin/team must have experienced behind the scenes.

And giving advice to transfer the seed from a wallet of another manufacturer, which in theory could be deliberately compromised, on Keystone wallet surprises me. For the same reason, Cobo refused Keystone to sign the migration firmware for wallets with its logo, so as not to spoil its reputation in case of problems.
Are you saying Keystone or Cobo has/had bad intentions?

Either way, you shouldn't have used Cobo Vault in the first place and on the other hand need to decide if you want to use Keystone (which I was trying to do so by asking my questions). Topic on signing firmware has a bad taste but unfortunately this practice seems to be common sense in public companies. In addition, for what I've understood of Lixin's explanations (twitter/blog) Cobo as a company and Lixin/team operated like they where two seperate parties. Cobo funded. Lixin/team developed.

Topic on moving seeds: What I was initially confused about is why Lixin suggest moving funds. I wasn't reading his initial post correctly. Namely, that some specific coins are not supported on their Keystone backend / app. In case of multi-coin usage (and only having coins on supported derivations), I think putting an existing (and well-tested) mnemonic into a new Keystone device is far superior than creating a new/seperate one and actually moving funds. Creating a new mnemonic means you have to again generate it in an untrusted manner, test integrity and functionality. Also, you have to handle it logistically (e.g. new seed plate). And move the funds. I don't understand your claim... What does the seed have to do with the actual usage of the device (which for altcoins, probably should be a well-maintained one like Lixins product)?

In the bitcoin-only case, looking at the source code, it seems that Keystone and Cobo are quite the same for now. In practice, if you're fine using the old features (QR, SD slot, etc) one could still use Cobo Vault for a long time. Even though that doens't mean buying a Keystone now is unreasonable: you support the development/fund of their new endeavour.

It surprises me even more that such a question is asked by a rather seriously knowledgeable user who, in the above question, describes the theoretical possibility of compromising private keys using signed transactions.
In addition to everything, you are new to this forum and for what purpose did you appear here and where you were before I do not understand?
All this leads to bad thoughts.
I also want to warn Lixin to be careful, not everyone is friendly on this forum, and every random word of yours can be used against you.
If I had bad intentions asking these questions it simply wouldn't matter (beauty of bitcoin and opensource). Satoshi only appeared for a short time as well. You don't have to trust him. Moreover, it's not like I'm asking for Lixin's seed...

You have found the right sources.
Actually there are 2 ways of doing Bitcoin's cryptographic signature.
The first one is called the non-deterministic way. In this way, each signing will pick a random number k. Then run the signing algorithm with this k. As each time the k is different, so the results are different but they are all valid results. Actually this is the original way of doing ECDSA signing.
The second one is called the deterministic way. In this way, k is "derived" from the message you are signing. With that being said, if you sign the same piece of message each time, k is the same (deterministic). So you will get the same result. This is a newer implementation of ECDSA and it's defined by RFC6879.
We are using the original implementation.
Thank you, I learned a lot from this. I tried it again with my Cobo Vault testing device.
This time, I did sign a exact same PSBT multiple times with Cobo Vault and can confirm, sig differs! Smiley
Although, this does not verify the source of provided RNG is sufficient (in general) it mitigates a lot of trust in a potential advisory.
Non-deterministic / deterministic, maybe in further iterations the User can decide by himself? Smiley

I think here Aaron means that you can verify each different results by writing some code or using some 3rd party tool like https://8gwifi.org/ecsignverify.jsp
Thanks.

It's suggested that Cobo Vault users use Cobo's own companion app to move these coins to other wallets before using the companion app we offer.
2. Friend of mine uses Cobo Vault together with the Shitcoin App. If I advise him buying buying a Keystone, why move the Coins? Can't he just put the Cobo-Seed into a Keystone-Device and use that with the Keystone App?
This is saying that Keystone supports less coins compared to Cobo Vault. IOST, EOS, ETC, CFX, DCR, FIRO(XZC), Omni-USDT are removed.
Your friend should move these coins to other other wallets before he imports Cobo's seed into Keystone.
As stated in previous comment I misread your initial post, sorry...  Cool

3. Liking the idea for a cyperpunk device, how do you plan to maintain Support for the Keystone Device one would buy today?
Thanks! (Please forgive me if I don't fully understand your question.)
 Cypherpunk version would be a parallel product to the normal version we are selling now. I can't see any conflict between releasing Cypherpunk version and maintaining the current version.
Parallel product cleared this up (I was referencing to a potential abandoning of the current version when a secondary product line is introduced).

Thanks for the Discussion and thanks for answering my questions.

PS, Lixin, lots of respect for handling this situation like you do! If you find the time would be happy to hear more of you on podcasts. Keep going <3
DaveF
Legendary
*
Offline Offline

Activity: 3654
Merit: 6671


Crypto Swap Exchange


View Profile WWW
September 18, 2021, 01:03:59 AM
 #16

@BitcoinLixin are the units being sold on Amazon from the new split off company or are they old Cobo units?
Kind of tough to tell from the wording on the page, they are shown as keystone but they are still listed under the cobo vault store.

-Dave


█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
BitcoinLixin (OP)
Newbie
*
Offline Offline

Activity: 13
Merit: 23


View Profile WWW
September 18, 2021, 06:44:26 AM
 #17

Non-deterministic / deterministic, maybe in further iterations the User can decide by himself? Smiley
Our next gen will move to deterministic to align with other products.

Parallel product cleared this up (I was referencing to a potential abandoning of the current version when a secondary product line is introduced).
Yeah I can totally understand your concern. The cypherpunk version is only for the most hardcore bitcoiners (they have to compile firmware all by themselves and burn to the device). Not designed for average users.
And we will still maintain the current product line of Keystone.
BitcoinLixin (OP)
Newbie
*
Offline Offline

Activity: 13
Merit: 23


View Profile WWW
September 18, 2021, 06:52:46 AM
Merited by JayJuanGee (1)
 #18

Hey Dave thanks for your question!

@BitcoinLixin are the units being sold on Amazon from the new split off company or are they old Cobo units?
Kind of tough to tell from the wording on the page, they are shown as keystone but they are still listed under the cobo vault store.

-Dave


Those are new Keystone devices. And that Amazon store was fully managed by ourselves rather than any 3rd party.
The old Amazon store can't fully remove the Cobo Vault brand so we have to do it in that way. Sorry for the confusion.
And we are opening a new Amazon store which is fully branded with Keystone. But it takes a bit time (Amazon requires complicated KYC process).
tenant48
Full Member
***
Offline Offline

Activity: 350
Merit: 169


View Profile
September 18, 2021, 09:23:41 AM
Merited by JayJuanGee (1)
 #19

Are you saying Keystone or Cobo has/had bad intentions?
You start to manipulate. I didn't say Cobo or Keystone had bad intentions.
I wrote that Cobo and Keystone are completely different companies. And each of them must be responsible for its own generated seed. The fact that Lixin previously worked at Cobo does not mean that he can be responsible for the processes that are currently happening at Cobo. Likewise, Cobo should not be held responsible for Keystone processes.
Asking Lixin a question about transferring a seed from one wallet manufacturer to another manufacturer's wallet is forgivable for a beginner, but for a person who is well versed in cryptography, it can be understood as a provocation, hoping for his carelessness.
In addition, you registered your account 9 days after Lixin appeared here and immediately started with a negative, so it is highly likely that you are an employee from a competing company.
I am not against your constructive criticism of Keystone. But do not create deliberate provocations, and allow Keystone to develop normally.
Personally, I think that such wallets as Keystone and Ellipal are the most secure, although they are not very popular yet and must be present on the market.

dkbit98
Legendary
*
Offline Offline

Activity: 2422
Merit: 7578



View Profile WWW
September 18, 2021, 11:33:45 AM
Merited by JayJuanGee (1)
 #20

I wrote that Cobo and Keystone are completely different companies. And each of them must be responsible for its own generated seed.
They are not completely different, not long ago they worked together, and both devices are almost identical with few small changes.
There is no company here that is generating seed, only user can generate, import or transfer seed, and nobody can access it even if they want to do it because Keystone/Cobo is airgapped device.

Personally, I think that such wallets as Keystone and Ellipal are the most secure, although they are not very popular yet and must be present on the market.
Ellipal is not most secure device, it's really just a closed source mobile phone with android os, there is no multisig support and no basic coin control feature.
I would never use this device as my hardware wallet, especially with price they charge now $139.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!