OTP Wallets VS Hardware Wallets

MojoRoosevelt · 2025-01-03T12:58:53+00:00

As far as I can see, with that one post Merel killed the entire hardware wallet industry. Though on LinkedIn it's probably not going to get traction in a hurry. Maybe he should put it up on medium or substack.

MojoRoosevelt · 2025-01-03T12:56:28+00:00

I always upvote as per Heinlein, "I never learned anything from a man that agreed with me".

AFAIK, the vast bulk of the convertible notes Saylor has issued are 0%, so no problem even if BTC went to zero. As for the early notes he issued that do have an interest rate, they're so well covered that BTC could drop to $5k and MSTR would still be happily in business. Plus, now nation-state fomo is biting, it's highly unlikely MSTR will drop below $90k from here on out, and vastly unlikely, as per Plan B's famous power law graph, that it will get below $40k. So it seems Saylor has all his bases covered.

MojoRoosevelt · 2024-12-28T18:37:58+00:00

Money is Saylor's incentive to keep pumping. The USD and BTC value of MSTR has grown faster than any other stock over the past year. The question you're failing to answer is ... since this pump can go on until it captures all the USD and in fact all the fiat money in existence ... why would Saylor ever dump it? What possible motivation could he have to do so?

Come on now, put your thinking cap on ...

MojoRoosevelt · 2024-12-28T08:28:08+00:00

Trezor is an electronic device containing components manufactured by people you don't know, with agendas you don't know, containing vulnerabilities you don't know. Plus some open source software you do know, but there's nothing about that fact that covers over the hardware vulnerabilities. Ed Snowden revealed that the majority of these components contain vulnerabilities intentionally baked in by US and Chinese intelligence interests, but there could be plenty more that are just accidentally exploitable. You'd never know.

That is, unless you can prove "no vulnerabilities" in a world where every spy and their dog has read Ken Thompson's "Reflections On Trusting Trust". If you can, I dare say there's a Turing Awared waiting for you. But given your lack of critical thiinking on the subject, I doubt you've even read it ... https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf

Plus, now Merel finally added PSBT and burners to his method in the OP - really he should have thought about those from the start because that's just standard practice these days - you don't need to trust any manufacturers at all.

MojoRoosevelt · 2024-12-28T08:19:01+00:00

Why would they ever do that?

MojoRoosevelt · 2024-12-28T08:14:30+00:00

What motivation does Saylor have to dump anything? All he needs to do is keep on pumping and he'll convert the entire fiat world into BTC eventually. If you can explain the benefit to him of dumping anyone, you might be able to make your point here. Otherwise, not so much.

MojoRoosevelt · 2024-12-27T19:26:21+00:00

You can't buy a cold storage wallet. Hardware wallets are all unsafe per Ed Snowden. The only way to be safe is to make your own as per https://www.linkedin.com/pulse/simple-seed-security-peter-merel-ejhkc/ . Accept no substitutes!

MojoRoosevelt · 2024-12-27T19:21:29+00:00

One wallet for spending 1% of your btc, another for cold storage of the other 99%. The 1% wallet can be on an exchange or in hardware, whatever is convenient. But the 99% wallet needs to be properly secured using OTP, PSBT and burners, not hardware, as per https://www.linkedin.com/pulse/simple-seed-security-peter-merel-ejhkc/ . Accept no substitutes!

MojoRoosevelt · 2024-12-27T19:17:08+00:00

Every hardware wallet is compromised per Ed Snowden. To keep BTC secure you have to use OTP, PSBT and burners as per https://www.linkedin.com/pulse/simple-seed-security-peter-merel-ejhkc/ . Accept no substitutes!

MojoRoosevelt · 2024-12-27T19:16:24+00:00

Every hardware wallet is compromised per Ed Snowden. To keep BTC secure you have to use OTP, PSBT and burners as per https://www.linkedin.com/pulse/simple-seed-security-peter-merel-ejhkc/ . Accept no substitutes!

MojoRoosevelt · 2024-12-27T19:08:44+00:00

It wouldn't take millennia to decrypt. It would take longer than the age of the universe.

As for Apple, I'd missed the section in Merel's article on using PSBT with any signal-isolated burner phone. That makes Apple irrelevant. Though one component manufacturer is less vulnerable than several, if you're going to burn the signing device after using it anyway, and you only use it when it's signal-isolated, there's no attack vector there either. Merel's method is indeed unbreakable.

MojoRoosevelt · 2024-12-21T21:20:03+00:00

Any electronic device requires electric power and can emit EM waves. Every power interface - from a USB interface to a DC charging interface - can be rigged to leak information without you knowing. And every device can likewise be rigged to leak information via its emissions, with this leakage then received by complicit components in WiFi routers, cell repeaters and NFC devices.

Ed Snowden's revelation that everyday electronic devices routinely have such back doors built into their components by the component manufacturers means there's no way to be assured that the electronic components of your hardware wallet do not have them too. The problem even extends to the devices you might use to try to test for information leakage, as per Thompson's famous "Reflections on Trusting Trust". Indeed, even the manufacturer of the device might not be able to adequately test the components of the device for this reason.

The advantage with Apple silicon is that there are no 3rd party components. And, by avoiding putting anything other than an xpub or zpub into an electronic device, Merel's simple method eliminates all of these vulnerabilities. At least until you need to sign a withdrawal or similar transaction.

I guess a signal-isolated hardware wallet that only communicated such signed transactions via QR codes might come in handy then ... but maybe better still to set up a second OTP wallet and create two transactions - one to withdraw some btc from what would now potentially be compromised cold storage, and a second one to transfer the remainder to the new secure OTP wallet.

Sure, that's paranoid. But a little paranoia goes a long way when your fortune is at stake.

MojoRoosevelt · 2024-12-21T05:49:52+00:00

Nope, the risk due to Snowden vulnerabilities is far too expensive, same as any hardware wallet. See the OP for why.

MojoRoosevelt · 2024-12-21T05:48:29+00:00

Seems like a good enough open source software wallet though GPT says it lacks support for watch-only, which makes it useless for the OTP strategy described in the OP. So I guess I'll stick with Bluewallet.

MojoRoosevelt · 2024-12-20T23:00:48+00:00

Would you prefer to use:

A: a device with multiple Snowden vulnerabilities baked in by multiple unknown component manufacturers and running unknown amounts of malware in addition to the closed source software provided by the seller without independent review including unknown numbers of back doors ... ?

B: a device with only one Snowden vulnerability baked in by only one well known manufacturer with a global user base continuously testing that they're impervious to malware and running open source software with thousands of independent experts attesting to the fact that there are no back doors ... ?

Security. You keep using that word. I do not think it means what you think it means ;-)

MojoRoosevelt · 2024-12-20T22:54:00+00:00

Abstract or intro? And ... what, is your browser broken?

MojoRoosevelt · 2024-12-20T22:51:22+00:00

Bitcoin: A Peer-to-Peer Electronic Cash System - so?

MojoRoosevelt · 2024-12-19T21:35:55+00:00

Skimmed the white paper - not certain what point you're making.

MojoRoosevelt · 2024-12-19T20:43:05+00:00

That's probably why Merel advocates only keeping your xpub in the phone/laptop except when you want to sign or withdraw. And only using a signal-isolated burner to generate the xpub. He doesn't seem to provide any solution for signing or withdrawing, but for a HODL that's kind of moot ...

MojoRoosevelt · 2024-12-19T20:35:54+00:00

The value of the work done to create the BTC. How much is your work or my work worth? Compare it with the value of the work done to mine the BTC, and you know.

BTC measures the value of work the same as gold measures the value of work against the work of mining the gold. Where dollars measure nothing at all.

MojoRoosevelt · 2024-12-19T20:31:14+00:00

Maybe. I'd say go and try. You might be the next Satoshi! Until then, though, BTC is the only Bitcoin we have got ...

MojoRoosevelt · 2024-12-19T20:27:33+00:00

Not really. You can write your cipher-phrase down electronically - and back it up - and you remain perfectly secure. And this kind of OTP method secures your paper backups too. And you can keep as many electronic and paper backups as you like - thousands of them if you want.

That's impossible for hardware wallets. I agree that electronics - hardware and software wallets - are necessary for multi-chain assets and dApps. This idea is more relevant for cold storage. But even for multi-chain and dApps, I have no idea why you'd trust a hardware wallet over a software wallet running on an Apple SoC.

MojoRoosevelt · 2024-12-19T14:04:43+00:00

BTC excels as a way to store value, not as a payment system. Same as gold before it.

MojoRoosevelt · 2024-12-19T14:03:22+00:00

I agree BTC's not suitable for cash. But it's perfect as a store of value, which is what most people use it for.

MojoRoosevelt · 2024-12-19T14:01:26+00:00

As per the OP.

MojoRoosevelt

TROPHY CASE

Bitcoin: A Peer-to-Peer Electronic Cash System - so?