🏗️ 🧱 by 🧱

GitHub

Pull requests · frostsnap/frostsnap

Firmware and software for Frostsnap's bitcoin security system - Pull requests · frostsnap/frostsnap

incompetent or based

things to buy: - bitaxe - paco rabanne invictus - pirate flag - super pc - paul allen business cards - season epic pass - spacesuit

we got your IP, it's so over for you

if watching chart is distracting you, just listen

AGGR

Cryptocurrency market trades aggregator

Today the Australian government is announcing that teenagers under 16 will be banned from social media. This implies people over the age of 16 will need to link their government identification to every social media account. The announcement coincides with the preparation of a federal Misinformation Bill - compelling platforms to crack down on what our "eSafety" commissioner deems disinformation. For Australians, Nostr is an idea whose time has come.

Children under 16 to be banned from social media under government's proposed changes

Labor has backed setting the social media minimum age cut-off at 16 years old, with legislation set to be introduced this month.

DEDICATED SIGNING DEVICES FOR ALL

how much are the mega relays paying for hosting & bandwidth?

What's the deal with Claude subscription? Is it still easy to hit the usage limit? ppq.ai gets expensive with large code calls. Thinking of trying Cursor IDE to see what it thinks about the repos.

do NOT drink

w2c

programming

Today we disclose Dark Skippy - a powerful new method for a malicious signing device to leak secret keys. With a modified signing function, a device can efficiently and covertly exfiltrate a master secret seed by embedding it within transaction signatures If an attacker manages to corrupt a signing device, Dark Skippy can deliberately use weak & low entropy secret nonces to embed chunks of the seed words into transaction signatures. It takes just two input signatures to leak a 12 word seedphrase onto the Bitcoin blockchain. The attacker can watch on-chain until they spot an affected transaction, unblind and invert the low entropy nonces using an algorithm like Pollard's Kangaroo algorithm to learn the master secret seed. Then the attacker can wait and steal the funds whenever they decide best. Despite this attack vector not being new, we believe that Dark Skippy is now the best-in-class attack for malicious signing devices. - The attack is impractical to detect - Requires no additional communication channels - Effective on stateless devices - Exfils master secret Beyond ensuring your device firmware is genuine and honest (opensource), mitigations include anti-exfil signing protocols and we present some new ideas for additions to PSBT specifications to disrupt this attack. We encourage mitigation discussion and implementation exploration. This attack highlights the importance of verifying and securing your device's firmware, and the danger of sharing stateless signing devices with other people. We will be publicly releasing our code later this year. Authors: @Zero-Knowledge Goof (follow him so he gets onto nostr), Robin Linus, and myself. If you have any concerns or questions we recommend checking out the FAQ page on our website:

Dark Skippy Disclosure - A Powerful Method For Key Exfil Attacks

A powerful method for a malicious hardware wallet to leak its secret keys.

Check out our latest prototypes for the next generation of Bitcoin self-custody!

Frostsnap - Bitcoin Security

Take Bitcoin Saving Seriously.

Why shouldn't I eat a complimentary biscuit?