note to flag I am testing nsec recovery wish me luck nostriches

*hat-tip* @conduition for the disclosure and the write up, gg to the rapid patching and following sensible vul disclosure practices:

Conduition

Vulnerabilities in the Cashu ECash Protocol

I found some vulnerabilities in Cashu's protocol for deterministic wallet recovery.

"Along the way I hope readers take home a few lessons about #security #engineering in general: - Look closely at apps which perform automated tasks using sensitive bearer secrets. Avoid auto-trusting anything outside direct user input (and even then). - Deterministic secrets are fickle. Pay attention to how the derivation mechanism works, but also how it is used. There could be mistaken assumptions. - Be careful when using “SHOULD” in a cryptographic specification. Figure out when “SHOULD” needs to be “MUST”. - Watch out for injections - Anytime a large domain is pigeonholed into a smaller space. Big thanks to the #Cashu devs for bearing the bulk of the work of actually fixing this thing. While the initial research was challenging, there is little I find more prosaically daunting than corralling teams of open source devs to fix an obscure vulnerability, and they saved me from attempting that myself."

Conduition

Vulnerabilities in the Cashu ECash Protocol

I found some vulnerabilities in Cashu's protocol for deterministic wallet recovery.

running #knots already not flagging bip-110 activation #UASf > change my mind #bitcoin #noderunners #bip #bip110

Today is Keonne's last day as a free man for the next 5 years Spread some love to the cause to support family and $2 mil+ legal debt, privacy is a human right.

Supporting Keonne and Bill, the Samourai Wallet developers and their loved ones

Bill and Keonne aren

#freesamourai #supportdevs #amnesty

you still looking at the charts anon? sats is the money forget your master's slave-paper #meow