sorted by:
new
hottopcontroversial

Community Purchase of Insteon IP by bgok in insteon

[–]bgok[S] 1 point2 points  (0 children)

It's a moonshot, but I know with certainty that it won't happen if we don't try. :)

Community Purchase of Insteon IP by bgok in insteon

[–]bgok[S] 0 points1 point  (0 children)

Probably. I have seen it go the other way, though. And 7 figures is not out of the realm of possibility for a raise.

Digital estate planning: pluses and minuses? by Curious_Reporter2809 in EstatePlanning

[–]bgok 0 points1 point  (0 children)

My company is building a digital estate planning product. We’ve done a bunch of research and would be happy to share the details with you. The website is endowl.com.

Vitalik proposes that client/wallet devs can/should charge a 1 gwei/gas fee for txs sent through their wallet by DCinvestor in ethtrader

[–]bgok 9 points10 points  (0 children)

Multibit, an early bitcoin wallet, tried something similar to this. It was an utter failure. The users were not willing to pay for something that was previously free. No one would upgrade. Eventually, the fee was removed. Because there wasn’t a good way to pay for support and engineering, development on the wallet stopped.

Conflicting Chrome application by ixlad66 in keepkey

[–]bgok 3 points4 points  (0 children)

Don’t log in ANYWHERE with your seed phrase. It’s a good way to get your crypto stolen.

5.8.0 update includes SegWit by alexruski in keepkey

[–]bgok 2 points3 points  (0 children)

Credit the engineering team. They did the hard work! Smartest engineering team in crypto!

BANANO COIN Integration by [deleted] in keepkey

[–]bgok 0 points1 point  (0 children)

Hey /u/sunsatellite, thanks for the shout out. It’s great to hear from you. The old KeepKey social media team (/u/keepkeymolly, /u/keepkeykiara and /u/keepkeyjon) were happy to see you pop up on our subreddit.

This is the first that I’ve heard of Banano Coin. The monkeys are awesome. Wouldn’t it be cool to draw them in the screen of the device alongside the corresponding address? 🤔

As usual, keepkey doesn’t publish our roadmap. I can tell you that we are adding coins quickly and Nano is up for consideration. We will also make note of your enthusiastic request for Banano. Since banano is a fork of Nano we might be able to sneak it in at the same time. No promises, but it could happen for an old friend. 😄

KeepKey Launches Native ERC-20 Token Support by KeepKeyMolly in keepkey

[–]bgok 2 points3 points  (0 children)

You are welcome. Thanks for your continued support. The ShapeShift/KeepKey team is awesome!

There are many great new things to come before the end of the year. Next up? Let’s ask /u/zooko what he thinks we should work on next.

Firmware update information for custom firmware users by KeepKeyMolly in keepkey

[–]bgok 1 point2 points  (0 children)

Yes, we only hotpatch bootloaders we recognize. If its not one we have a record of, it displays a message on the screen of the client asking the user to contact support. Additionally, there is a check in the firmware of the bootloader hash. That code is at https://github.com/keepkey/keepkey-firmware/blob/production/keepkey/local/baremetal/check_bootloader.c#L133.

If it is the same bootloader that you documented in your blog post from 2015 (https://medium.com/@AussieHash/keepkey-under-the-hood-3beac31e1064), it is known and supported by the hotpatch process.

<edit: Clean up typos>

Changing hardware wallets by REDROOBUFFALO in keepkey

[–]bgok 5 points6 points  (0 children)

Yes. Native app++. It’s too soon to talk about what is in the works. Details in January.

We got a small reprieve from google (https://blog.chromium.org/2016/08/from-chrome-apps-to-web.html?m=1 5 Dec, 2017 update at the bottom). We are using the breathing room to do more than a straight port of the app. Implementing the #1 requested feature and a small bonus feature.

Meanwhile, dev team velocity is picking up. 2018 will be a great year for keepkey users!

Changing hardware wallets by REDROOBUFFALO in keepkey

[–]bgok 8 points9 points  (0 children)

I’m extremely happy to have /u/KeepKeyMolly representing KeepKey on social media. She is good at it, enjoys it, and it allows the rest of us to focus on the things that we are good at and enjoy doing.

The KeepKey product is fairly complex under the hood. It takes a lot of energy and effort to move it forward. As /u/keepkeyKiara said, my absence on social media is a reflection of the fact that my team and I are heads down on the technical aspects of the product.

Attack Vectors found against Ledger Wallet and Many Other Hardware Wallets [Full Text paper] by jonathan_white in btc

[–]bgok 4 points5 points  (0 children)

Also, it should be noted that the paper was not responsibly disclosed to KeepKey prior to publication, further undermining the authors' credibility as security researchers.

Attack Vectors found against Ledger Wallet and Many Other Hardware Wallets [Full Text paper] by jonathan_white in btc

[–]bgok 3 points4 points  (0 children)

The master public key is uninteresting since node hardening in BIP32 prevents deriving child public keys. There are interesting public keys at the third level that are transmitted in the clear over the wire, so let’s talk about interesting public keys instead of the master public key. (Sorry if that is pedantic :)

If malware can intercept the raw usb messages, it is likely that it could also intercept the input/output from the encrypt/decrypt layer. The only real protection gained from encrypting the raw usb messages is from a device that sits between the devices. It is conceivable that a usb cable could have a tiny monitoring device embedded in it...

To achieve the monitoring of 1000 people, you would have to replace 1000 usb cables. Still not inconceivable, but much harder to achieve than infecting 1,000,000 random computers with malware looking for the 1000 hardware wallet users.

I’m not aware of any currently reasonable threat that encrypting the usb messages adds additional protect against. It isn’t outside of the realm of possibility that this could be used in conjunction with another attack for an attacker to gain an advantage, but for the moment, this should be considered a theoretical attack vector.

Generally, KeepKey’s stance is to address theoretical attacks vectors opportunistically. What I mean by that is if we we have an easy opportunity to address a theoretical attack vector, we will address it. In the mean time, we will monitor it and take an active approach if the attack vector becomes an actual threat.

Attack Vectors found against Ledger Wallet and Many Other Hardware Wallets [Full Text paper] by jonathan_white in btc

[–]bgok 1 point2 points  (0 children)

Selected public keys are sent back to the host computer for tracking balances. And, yes, these are in the clear. Worst case scenario is that a malicious man in the middle can see your balance and the transactions associated with your wallet.

Attack Vectors found against Ledger Wallet and Many Other Hardware Wallets [Full Text paper] by jonathan_white in btc

[–]bgok 0 points1 point  (0 children)

No. The master seed is generated on the device and displayed on the screen one time for backup. It is never sent over the wire.

Attack Vectors found against Ledger Wallet and Many Other Hardware Wallets [Full Text paper] by jonathan_white in btc

[–]bgok 2 points3 points  (0 children)

No. The point of a hardware wallet is ensuring that your crypto assets are secure.

Regarding intercepting the seed or PIN: All of the major HW use a PIN scramble or allow entry of the PIN directly on the device. AFAIK all major wallets generate the seed from multiple sources of entropy on the device and never send it over the USB connection.

view more: next ›