> Creating good randomness is a daunting task - Ledger devices rely on dedicated silicon logic in our certified smartcard chips that have been the gold standard of secure industries for the past 40 years to guarantee high quality randomness and tamper resistance.
https://web.archive.org/web/20221030030843/https://cointeleg...
https://web.archive.org/web/20220901153130/https://www.coind...
https://old.reddit.com/r/ledgerwalletleak/comments/ki1nsz/re...
https://old.reddit.com/r/CryptoCurrency/comments/rts1w2/got_...
It requires careful budgeting for future purchases (as the coin-join takes time).
Trezor now has experimental support for directly coin-joining bitcoin that is stored on the cold-wallet, but I don't think anyone should trust it.
Why don’t we just admit these tools are just fundamentally broken?
Whatever security goals they claim to pursue exist only in their marketing copy.
For being offline wallets, their products sure do come with many connectivity options and live/online service integrations.
I believe that that's actually a big part of it. Many people have a desire to be (or at least feel) smarter than the average, to be ahead of the curve.
Cryptocurrencies, and its marketers, sit in a particularly effective sweet spot of finance- and technobabble (with a sprinkle of defiance of authorities and the status quo on top), catering to that desire.
- super early stage: curiosity + belief this could replace money as we know it
- early stage: speculation + elements of previous wave
- 2017-onwards: a mix of speculation++, a lot of ignorance, and the mass wanting to be “a part” of a technological future they often feel left out from + the quasi constant FOMO many experience when realizing they could have invested in FB, AMZN, APPL but didn’t. And many disingenuous (or delusional) crypto evangelists manipulating that FOMO and convincing people this is the next big financial movement of the century.
> Our position is simple: Your wallet. Your keys. Your crypto. Built-in private key encryption and a password-protected login means you’re always in complete control.
An average person that reads this wouldn't think about needing to add more protections.
It does sound like wasm makes the misstep somewhat easier in that it doesn't try to provide an RNG sufficient for cryptographic usage, but that also applies to quite a few other development platforms.
And the whole system has been built on anonymity because it is "trustless," so it can never work in its present form. Sure, there is someone, or multiple people, at Wells Fargo who can move your money. But they will never be anonymous, and all of their actions are logged and tracked, and we have laws on the books requiring banks to be liable for such fraud and return the money to the customer. And failing that, if the whole bank goes down from the fraud, your money is FDIC insured, and the government will make you whole. Whereas in crypto, if someone gets your private key, you are instantly and irrevocably fucked. Crypto can never be anything more than a gambling tool unless it drops this "trustless" myth.
Second, key(s) custody is paramount beyond the blockchain technology used. And... this was very basic: "Seed generation of Trust Wallet was flawed, the total entropy was only 32 bits. We have created a file containing all possible seeds."
In the last few years, at least in my country, many banks seem to be transitioning from "patchy security, but take responsibility" to "better security, but blame the client". I.e., they add lots of mandatory over-the-top 2FA, etc. but if a client complains of a transfer they didn't make, surely it's the client's fault, because security is really good. This makes me trust such banks much less. Firstly, because even being a tech-savvy user that doesn't typically fall for scams, etc., nobody is perfect and I don't think anyone is 100% free of making a security blunder in a moment of being sleep deprived, ill, drunk, etc. And secondly, because what if they get hacked somehow and they make me responsible? No, I very much prefer worse security but listening to clients.
Similarly, in crypto, "your keys, your coins" doesn't give me trust. What if I lose my keys somehow? In the bank, they know who I am, as long as I have a means of ID I can get my money. And as you mention, even if the bank fails, the government has my back.
For all these reasons, while I do hold some crypto, I'd never keep a significant portion of my assets in that form.
https://medium.com/mike-hearn/type-safety-and-rngs-40e3ec71a...
Browsers have a number of problems that make it difficult to build wallets, but I’m not going to try and convince you to stop making them here. Suffice it to say there are alternatives for writing cross platform wallets you could consider.
Browsers just aren't intended for doing things that require the generation and safe storage of private keys. The developers don't care about these use cases. Like with so many others, if you want to do it properly you have to go outside the browser.
Back when I was involved with the cryptocurrency world (pre-2016) I kept hitting this general reluctance to just write normal desktop apps, and whenever I advised people to do it for security or stability reasons they'd insist on writing something browser/JS based instead. I did write desktop based wallets, but was considered old fashioned for doing so (at the ripe age of 35). Way too frequently people would end up losing all their money to dumb and entirely predictable hacks as a consequence of using a web-based wallet, or even just lose because of sites going offline. Browsers improved a bit since but as this episode shows, they still aren't intended for it.
Part of why people wanted to write js was that it is easy to distribute the results. They optimized for developer convenience over security. Chrome offers a portability layer and keeps extensions up to date for you. Years passed and I saw the same problem crop up in other contexts too: the right approach was to write a desktop app, people tried to hack Chrome into compliance instead so they could let it handle distribution, it didn't work, and that sometimes led to disaster for their users.
These days I have a company that tries to solve this problem. We make Conveyor [1], which has the goal of making desktop app distribution as easy as for a web app. And it mostly succeeds: it can cross-build/package apps for every platform, and on Win/macOS it can provide update-on-start so you can iterate as quickly as with a web app. You pick your preferred portability layer (flutter, jvm, electron, something rusty etc) and can choose between more battle tested frameworks or more experimental frameworks depending on your appetite for risk. Whatever you pick, the distribution experience is the same. You don't have to compromise on UX either. Frameworks like Compose for Desktop, Flutter, heck even JavaFX give you nice solid 60fps animations and can be made to look good easily. You can store private keys in the user's secure keystores. If your site goes down it's not an emergency, your app still works, only updates stop until you're back online. Even if your certificates expire your app will still work!
I hope that people will take this stuff more seriously in future. It's got a lot easier to distribute apps without relying on browsers or stores over time. Browser developers do a good job but are ultimately constrained by the web's origins. It's not just cryptocurrency wallets that can benefit from escaping the browser either! Quite a lot of security bugs can be eliminated when you leave the browser. For example you can write apps that are immune by design to XSS, XSRF, SQL injection, phishing and other common bug classes.
At some point I should probably write these thoughts down in a more modern blog post.
This sounds like webcrypto and it’s interface which is designed to make some data unexportable.
These days you can argue that a browser is intended to do anything, as there seems to be no scope limit to what goes into HTML5. But it's not what they're really about. Why did this exploit occur, well, WebCrypto apparently isn't directly exposed to WASM as C/C++ APIs even though that seems like an obvious thing to do. Or an even more obvious possibility: expose it as a subset of some existing API like POSIX. But WASM is api-lite, so everything beyond pure computation requires invoking JS and that's not how any existing C++ is written.
Eventually people will blast through this stuff. But, it was worked out in other platforms in the 80s and early 90s.
This requires some careful consideration to prevent phishing and other nastiness, but a native application could use native window prompts and techniques such as Windows Hello/TouchID as an authentication technique that's hard to spoof.
The complexity and risks are still there but you can hide away the important secrets much better with a native application than a browser extension ever could. It would also allow access to better sources of randomness and all kinds of sandboxing and exploit protection that aren't available with WASM.
The traditional Web3 model is too open to abuse. It is as if they took the old "allow this Java applet outside of the sandbox? y/n " dialog and added banking.
To extend the web from a desktop app there are a few ways to do it. Chrome extensions offer native messaging [2]. By pairing a desktop app with an extension you can have the minimal logic needed in the extension to bridge between your app and the page. But you have to get the user to install the extension manually, as Chrome will try to block apps doing it for you.
Another way for credentials specifically is to use SSL client certificates. They were designed specifically to let you log in to services with cryptographic keys. There's a discussion of the extinct <keygen> tag running elsewhere on HN right now. The app can generate a client certificate, get it signed by some authority, and install it into the user's key store. Now browsers should use it automatically when challenged by a server (except maybe Firefox?). You have to pay attention to how it's used to avoid bad browser UX, e.g. you'd have to use an XMLHttpRequest to ensure you control error handling if the cert is missing. But this is one way to make phishing harder, for example (there is no password for the user to type in).
Another way is to use loopback connections, but that's not ideal.
Ultimately, yes, the web is controlled by the Chrome team and they want you to only write Chrome apps. If you name your project "web3" you have to accept that it's kind of meaningless because you're not Chrome so your views and ideas don't matter, in the end. That's why it never made sense to me and I didn't work on it. In the early days it made a bit more sense because the Ethereum guys tried to make a custom browser called Mist using Electron, but they gave up and did a talk/blog post on why they burned out on it [3].
In the end I concluded the web just isn't a good proving ground for experimental or new ideas.
[1] https://hydraulic.software/blog/8-packaging-electron-apps.ht...
[2] https://developer.chrome.com/docs/extensions/mv3/nativeMessa...
2013: https://bitcoin.org/en/alert/2013-08-11-android
All that trust I have to put in the non-crypto financial system doesn't seem too bad when you realize that the trust picture isn't all that different in the crypto world.
Do you trust that the exchange won't steal your money?
Do you trust that the software developers haven't intentionally or accidentally left any holes in the software you use to manage your money, or the smart contracts you interact with?
Do you trust the vendor you're buying from to not steal your money? If you're thinking "escrow services", do you trust the escrow service to not steal your money?
Do you trust in all that, and more, sufficiently to operate in a system where there is no way to undo erroneous or malicious transactions? Except for like when ETH rolled back the chain after the DAO incident...you know, going contrary to the immutable ledger concept this whole mess is built on...what you might even say is the most essential trust in crypto.
It is about implementation, not about WASM
Anyhow, they could still have used webcrypto through WASM or even through JavaScript (as they can send the data back). This is really not a problem with WASM but moreso with the stupid implementation of this wallet.
edit: According to this PR they were indeed using std::mt19937 [1]. In fact I would go further ahead and say this is a general issue of C++ itself which just does not provide good PRNGs in the stdlib at all, with multiple ways of achieving different (but similarly broken) PRNG results.
The implementation: "Whoops there's something we did wrong on the way."
[1] https://github.com/trustwallet/wallet-core/blob/3.1.0/wasm/s... [2] https://github.com/trustwallet/wallet-core/pull/2240
I don't think it will collapse. It has found product-market fit: mostly gambling, some money laundering and crime, and some legitimate use for international wires and payments under oppressive political conditions (this last part is the smallest amount by volume).
There will occasionally be attempts to pump some new use case (e.g. NFTs), but these are just casino advertising. They'll draw in some new suckers/players and the cycle will repeat.
The maximalist cult will continue to exist as well, patiently awaiting the coming of the space brothers in the form of a massive economic collapse causing Bitcoin to "moon" and become the new global reserve currency. This is identical to the goldbug cult of previous generations and involves many of the same types of people. Apocalyptic cults can exist for a long, long time and failed prophecies do not deter true believers.
this was the case in the 90s pretty often.
now we choose to highlight properly run organizations and advances, while largely ignoring the rest. new problems presented by home computing and electronic funds transfer didnt go away.
its more likely the same will happen with crypto assets and industry. when I look at mainstream news like Bloomberg, thats what I see already.
The real question is how big the risk is relative to inflation, central banks collapses, bank runs and all other types of institutional risks.
No. False equivalence.
The other examples have a long history of applications that add value to people's lives (as well as disbenefits depending on your viewpoint and ideology).
Crypto-currency has never yet demonstrated any significant value to normal people, though plenty of the latter.
From the technological level is also about the freedom to experiment with finances where regulations don't enable to. Even if it is at a sandbox level.
“At some point there won't be any more suckers left. That's when banking will really collapse.”
The news every day sends the message more urgently that a global hard money that can never be debased by money printing and that is free from the whims of governments and dictators is sorely needed.
Why is this a bad thing?
This is repeated by the crypto people as some kind of root of all evil, and it puzzles me.
I see monetary policy - including the ability of devaluing a currency - as a powerful tool central banks have to keep the economy working.
I fail to see how "hard money", which normally comes peppered with some vague desire for a deflationary economy as desirable. In my view this would very quickly turn into an intolerable distopia.
Precious materials like gold are probably the best you can get as the material itself has some value.
"There's a sucker born every minute" — P. T. Barnum
After that 'discovery' in the mid-1800s, there seems to be an endless supply, and at today's higher brithrates and infant survival rates... we can't really expect that they'll ever run out ;-P
https://en.wikipedia.org/wiki/There%27s_a_sucker_born_every_...
As long as there is survivorship bias I think it will survive. Can think of it more as a poverty tax, like the lottery.
When there is a possibility of easy money, people will overlook every kind of red flag and inconvenience.
That's a really weird definition of "privacy". Crypto currency makes it easier for them, not harder. They don't even have to go to the effort of getting warrants because you're literally giving them your data saying "Track me, please!"
> will decide they don’t need financial privacy
The block chain is publicly auditable. That's the opposite of privacy.
> that can get locked for having the wrong opinion
Any actual evidence of this happening?