Valid suggestion - will do that on github. And thanks for quick reply.
On the second note - I don't think you understand the technical part and value of the tool.
I have to write a wall of text.
TLDR -
we compete with kids, coz OpenAI wanted SciFi, so kids now have better instruments more suited to them than professionals (see screenshot with AI in my README on git), AI explains them how to use it. But does not explain consequences at all.
It's a matter of time they'll chat enough to shut down the whole Bitcoin and crypto.
(I know how it sounds, but there are multitude of historical precedents, that can be correlated with change in educational policy)
Wall of text (apologies for mistakes):
----
This is non-invasive TRNG scanners we're talking about (zero access required, absolutely).
If hackers execute this attack successfully. Bitcoin is gone completely, and all crypto.
(that is why it is hard, but possible, to find any papers on this type of attack - they constantly hidden and removed, but AI finds them and indexes them)
It's "guessing every random number in the world" attack (or on any Ledger for a starter), since devices are low-entropy. There is no remedy for devices.
Thermal noise, as low-power, low-res ADC samples is reproducible trivially, deterministically (noise generator on your phone does) and quite enumerable (12-bit 48kHz ADC - spectra is not dense). That's ADC on Ledger. Even good ADC's (expensive ones) are not that precise for security.
officially, we say - we whiten, but kids are not that naive nowadays - they know you can replay.
Good engineer knows that and keeps quiet (for everyone's best), until he discovers that AI teaches anyone after a little role play.Undocumented parts of Ledger (or any other secure device) architecture, especially factory parts harder to reproduce (by guessing). They obscured.
But AI navigates not just Ledger documentation, but NIST and regulations, and even reasons a little (by chance) - so it can guess it all, if you chat enough.
"regulations necessitate small chip on a factory" GPT-OSS
So we're not talking about "professional hackers" anymore.
We're talking about KIDS - engineering students, who same as me, questioned that thermal noise is random
(it isn't, it only appears so to the eye, see my github and technical conversation here; that definition of randomness is soviet misconception that NIST went along with).
Kids! Especially in places full of engineering (mining cities etc), where they also angry and motivated.
They also more efficient than "professional hackers" since the latter are essentially on government payroll: the "professional ones" read officially published exploits, they're not inventive.
I was a professional engineer for 10 years (big sector, even "big crypto" like ADA), FP educator, "good code style" - did not invent anything, overconfident in my ability.
Cardano let me publish useless paper about big standardization of financial contracts on their big serious blockchain. I worked with solvers and provers even (useless stuff, coverage test better).
I went off the grid, took risks - that's where novelty started. Now I'm better engineer, a bit more crazed though. But so are the kids!
So, imagine what bunch of younger people can do - when AI gives them instrument they can use, but cannot understand the consequences.
We already seen hacks exploiting software by replay timer (
https://thecyberexpress.com/bitcoin-keys-exposed-via-libbitcoin-explorer/), imagine AI giving power to exploit hardware logic stupidly, replay noise.
Undocumented DUN is likely last defense Ledger has, but it is only psychological. Good randomness is more expensive than $100.
So if my tool becomes obsolete - so is the "human world", since everything is on TRNGs - just architectures differ.
(large enough cluster can outrun military)
-----
So, if the "white-hat cluster" does not outrun "kids" - we won't be able to-regenerate new seeds and migrate funds in time.
We're on the run already - gotta admit it
.
Besides, speaking of psychology, kids don't need that much money - so offering reward for reporting generated seeds to warn that wallet is at risk (easy to verify proof) - could be a better deal.
Since it's clean BTC, easy to explain to friends when they grow up.
I would not panic-sell BTC (conventional money vulnerable too - and I'll never convince government/banks to build an explorer for their TRNGs), but the issue is critical and reasonably urgent.
There is time - but hard to predict how much.
Especially accounting for current world's situation (Mr. Robot tendencies, to me a fiction, but not to kids).
P.S. It is not only kids, obviously, in this info disorder no one knows what situation they might end up in.
Many freelancers wait for AI-fag to pass for instance, so they could start fixing bugs, or rewriting software from scratch
.
Some might choose to not do a moral thing.
I figured that saving blockchain is more stable profit (I convinced a 22yo spoiled kid that I'm messiah once).
So moral suites me in this particular situation - not anyone does figure.
If I was 14 - I would be running a tool, send everyone back to "hunt and gather until starve", lol.
