1/ great episode, awesome research.

A few notes.

https://abs.twimg.com/emoji/v2/... draggable="false" alt="👇" title="Rückhand Zeigefinger nach unten" aria-label="Emoji: Rückhand Zeigefinger nach unten"> https://twitter.com/stephanlivera/status/1310563271154397185">https://twitter.com/stephanli...
2/ I think @mflaxman wrote a fantastic piece, but I think it overestimate users capabilities. He is a talented technical guy, so things seem easier to him.

I’d say this guide is for the advanced user, but doesn’t need to be an computer engineer.
3/ I had discussions w/ him, we disagree on the extent of the seed gen attack surface and fisibility

You can verify the dice seed generation. If you have the chops or this leve of doubt, just spin a tails box and simultaneously enter the dice on the COLDCARD simulator
4/ Unlike other devices, many of COLDCARD users:

1: reinstall the signed firmware at arrival
2: are a bit more technical and do check/compile from source

(More eyes)

On road map one huge improvement here would be for us to start doing deterministic builds — accepting PRs ;)
5/ as he mention on are on the receiving end of support tickets and see the real world implications of multisig.

people screw up, A LOT!

In our experience more complexity, means more room to fuck up.
6/ as I said a few times Multisig is amazing

Many will use in the future.

Most will have multiple different wallets with different setups. (Ie spending, operational, savings, deep cold)

Please secure your bitcoin first, then get out there and learn! https://twitter.com/nvk/status/1297885028739952642">https://twitter.com/nvk/statu...
7/ @SpecterWallet (and @FullyNoded on iOS) have achieved something that I have been waiting for a long time, a better UX front end for your local Bitcoin Core full node.

Single or Multisig, this is a better setup.

You should use Tor + Core + Hardware Wallet (video guide coming)
8/ Cobo is really cool product, @LixingChang did a great job.

Due to Android and design architecture I think it’s secure enough for multisig and the UX is great (big screen) but not for single sig. As it evolves and gets battle tested this could change.
9/ I absolutely despise paper wallets, even as co-signers.

My opinion is don’t do that.

If you can afford to buy enough BTC to want to protect it, spend in security.
10/ in general, bitcoin security has come a long way.

It will still get easier!

But, trust minimization will always incur responsibility.

There is no way around learning.

The easier and the more you are not doing the more you are trusting someone else.
11/ I will probably add more stuff to this thread as it comes to mind.
12/ one more note on QR code vs MicroSD.

The purpose of air gapping is to remove synchronous attack point.

Data is data, an “SD attacker” could try malicious to be a “QR data attacker”.

Nothing is impossible, but I find it very unlikely due to how CC deals with SD
13/ we have R&D on future devices using Camera & QR too, interesting research is being done. Things are not as simple as putting a camera on a HW.

AFAIK QRs are also doomed for complex multisig PSBTs, too much data even for animated QR.
You can follow @nvk.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more