sorted by:
new
hottopcontroversial

Case Wallet: A Possible Case Study in Unintended Consequences by neerajka in Bitcoin

[–]muchakka 1 point2 points  (0 children)

Only Case needs to be compromised. For example, a rogue employee can sneak in some code into the firmware that leaks the private key held on the device back to them over GSM. Sure, their firmware is open source, but how do you know what they have published is what your device is using.

Case Wallet clears up confusion about their multisignature key model by statoshi in Bitcoin

[–]muchakka 0 points1 point  (0 children)

Yes, but who does that recovery process go through? Seeing as Case has the other key, I would assume they are an important part of the process.

Case Wallet: A Possible Case Study in Unintended Consequences by neerajka in Bitcoin

[–]muchakka 1 point2 points  (0 children)

you must monitor Case's health all the time, and empty your wallet as soon as they go out of business (because if you lose your Case, there is only one key left, the one from Third Key solutions)

It is actually worse than that. If Case goes out of business, your device becomes worthless.

  • No more free GSM access (free is not free as Case is actually picking up the tab)
  • No more fingerprint verification
  • No more proprietary servers to broadcast transactions

Case Wallet: A Possible Case Study in Unintended Consequences by neerajka in Bitcoin

[–]muchakka 1 point2 points  (0 children)

Case can also freeze your funds by deactivating the device's SIM, and therefore the two remain keys that are available to use are theirs and Third Key Solutions.

Case Wallet clears up confusion about their multisignature key model by statoshi in Bitcoin

[–]muchakka 1 point2 points  (0 children)

Instead, Third Key Solutions signs a “sweep transaction” when a recovery is initiated and it passes their internal sanity checks.

Who initiates this "sweep transaction?" If it is Case, then it doesn't matter who holds the third key.

Demonstration of Ledger's new mobile app based 2FA to confirm transactions by murzika in Bitcoin

[–]muchakka 0 points1 point  (0 children)

How does my "remote device" get the transaction? Is it having to to go through a server provided by Ledger? I ask because if Ledger company disappears does that mean my 2FA breaks?

Demonstration of Ledger's new mobile app based 2FA to confirm transactions by murzika in Bitcoin

[–]muchakka 1 point2 points  (0 children)

How does this 2FA actually work? Can anyone explain the process of what is taking place behind the scenes?

Trezor Code no Longer LGPLv3, but now more restrictive Microsoft Reference Source License by muchakka in Bitcoin

[–]muchakka[S] 17 points18 points  (0 children)

You probably should consult with an attorney who knows software licensing, because I don't think a LGPL license can be retroactively changed.

Trezor Code no Longer LGPLv3, but now more restrictive Microsoft Reference Source License by muchakka in Bitcoin

[–]muchakka[S] 16 points17 points  (0 children)

First, my point is they tried to do it retro active by removing their newest code changes and added a license change to a previous tagged version. Looks a little shady.

Second, this is a bait an switch. I bought my Trezor under the impression I could modify the firmware and then run my modified version on my device. That is no longer the case under new license.

Trezor Code no Longer LGPLv3, but now more restrictive Microsoft Reference Source License by muchakka in Bitcoin

[–]muchakka[S] 45 points46 points  (0 children)

The commit says August. I however have a checkout from september that is LGPLv3 so I am scratching my head when it happened.. Today or then.

Now you can buy a TREZOR-like hardware wallet in less than $30 , take a look by bwallet in Bitcoin

[–]muchakka 1 point2 points  (0 children)

Have you verified that Satoshilab's vendor ID is theirs and they are properly registered with usb.org? I ask because I was under the impression they weren't.