Cross Referencing Coldcard, Cobo Vault, and Rolls.Py for Seed Generation

by @vicariousdrama

662650–662806

Image for post
Image for post

Summary

In the past, it was common practice to allow a software or hardware wallet to generate a new wallet for you based on its random number generator. A set of seed words would be produced that you in turn wrote down. These words, along with the wallet type and derivation path serve as a backup and can be restored in any wallet supporting the BIP39 standard. But relying on the software or hardware wallet to generate randomness carries some risk as there is no good way to ascertain whether its truly random, or subject to supply chain…


Periodic autorun of Bitcoin’s gettxoutsetinfo

Image for post
Image for post

by @vicariousdrama

655466–655718

Introduction

In early August 2020, there was some serious questions raised about the ability to independently audit the supply of Ethereum. Comparatively, Bitcoin supply can be audited by anyone running a node by calling a one line command bitcoin-cli gettxoutsetinfo.

After a lively exchange on Twitter, Nunya Bidness proposed that Bitcoin node operators and Ethereum node operators pick a block in the future, and run the numbers and compare their respective supply amongst their base to ensure consistency. In support of this effort, BashCo created a simple script that runs, waits for a target block height, and reports…


HASHWallet “features” that raise concerns

by @vicariousdrama

654886–654896

Image for post
Image for post

Introduction

I want to be clear upfront that I don’t have this hardware wallet and have not physically examined it. All statements within are based purely upon the information that eSignus makes available on their website(s). As a result, some of the statements may be based on a misunderstanding. The device is yet to release so some aspects may change after the time of publication.

If you are a backer of the device, I implore you to do your own research (DYOR) and not to blindly trust either myself or the maker. For the eSignus and CardLab teams…


Hidden Accounts, Exposed XPubs, Leaked Keys, and Other Shenanigans

by @vicariousdrama

653892–654043

Image for post
Image for post

Summary

The SecuX V20 is the flagship hardware wallet offering from SecuX, which is a relative newcomer having been established in 2018. The device has a large touch screen color display, a battery to operate offline/disconnected, and interfaces with host over USB or Bluetooth. It touts an Infineon secure element chip that has been CC EAL5+ certified. While on the bulky side as far as wallets go, it looks pleasant, yet dated and resembles an oversized coaster or flattened hockey puck.

This article isn’t an unboxing or a walkthrough of user features. For that, I direct your attention…


Don’t Trust. Verify. What’s in your vault?

by @vicariousdrama

644428–648834

Image for post
Image for post

Introduction

Unchained Capital describes itself as a bitcoin native financial services company offering collaborative custody multisignature vaults and loans for bitcoin holders.

Unchained Capital has a YouTube channel where they cover some of the capabilities of their service from a marketing and user perspective. This article enumerates features I tested in September 2020. A lengthier 50+ page version of these results exists which I may post as a separate article. At the very least, reading through the bullet points may give you an idea of what to look into when verifying these features for your own needs.

Within…


XPubs, Watch Wallets, and Derivation Paths, Oh My!

by @vicariousdrama 649169–649173

Image for post
Image for post

Summary

Sparrow Wallet is a Bitcoin wallet facilitator that is gaining in popularity. According to the website, it is a wallet for those who value financial self sovereignty with an emphasis on transparency and usability. This wallet is available on Mac, Windows, and Linux from the download page.

This article is a follow up to a previous one I wrote titled ‘Address Verification when Changing Keys for Unchained Capital Vaults’. The intent is to provide similar steps for setting up a watch wallet to give another option for verifying addresses.

Creating a Watch Wallet with XPubs

Similar to Electrum, you can create a Watch…


Don’t Trust. Verify. by @vicariousdrama 649093–649108

Image for post
Image for post

Summary

Unchained Capital describes itself as a bitcoin native financial services company offering collaborative custody multisignature vaults and loans for bitcoin holders.

The vaults, which are free to setup with a KYC profile, allow the client to control 2 keys while they control a backup key. Periodically, a user may mark a key as lost or stolen or otherwise need or desire to replace it. Within the web application for managing Vaults, addresses are displayed that the user should verify independently to ensure that their signing devices will have the ability to spend. …


Don’t Trust. Verify. Service Capabilities and Caveats. by @vicariousdrama 640679–644340

Image for post
Image for post

Introduction

Casa Keymaster is a managed service that has been available since 2018 to help you stay in control of your bitcoin, maximizing security. In essence, it’s a multisig offering where you maintain full control of all but one key whether you’re using their gold 2-of-3 plan, the platinum 3-of-5 plan, or their diamond 3-of-6 plan. The key they maintain is an emergency key to help get you back solid if you lose one, or in some cases multiple keys in your possession.

If you haven’t yet read past articles by WizardofAus titled ‘Not Your Keys, Not Your Bitcoin’, and ‘Level…

Vicarious Drama

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store