Topic: Square is considering making a hardware wallet for Bitcoin - page 3. (Read 3812 times)

I wonder what could go wrong??  Probably nothing  
Now I can only imagine hypothetical scenario with Coinbase getting attacked by US and other governments around the world, and they would have to give all customer information to authorities.
That means, there it zero privacy and custody of coins is questionable, because they can probably be seized much easier with all that personal data being in government hands.
Tough luck for all the people in places where Coinbase is not working, I guess no Block for them...  and nothing to lose.

o_e_l_e_o  trigger warning below (didn't I tell you in another post to go outside and enjoy the weekend)....

This seems to have been put out there with very little discussion anyplace:

https://www.coinbase.com/blog/announcing-a-global-partnership-with-blocks-bitkey-wallet

So you will be able to link your fully KYCd Coinbase coins with your fully linked self custody wallet that links back to Block to have them keep a way of recovering your keys.

It's just like banking with Chase. But with crypto.

-Dave

Nope, unless you are using their convoluted system to sign a message on a Bitkey hardware wallet to transfer to their server for verification and then have their server send the address directly to me. Although all that actually does is shift the attack surface from your phone/computer to Bitkey's server, which I imagine would become a very attractive target for attackers since they could potentially intercept and alter thousands of addresses at once.

And of course let's not forget that all of this (signing messages to prove they haven't been altered) can already be achieved trivially easily without the involvement of any third parties.

But their system doesn't prevent that, either, right? So by their own logic, any address checking system is pointless (no matter if it's display-based or sketchy-centralized-server-based)?

They explain in that third post that since a screen doesn't provide protection against the address or transaction being altered somewhere else than on the user's device or the hardware wallet, then screens are pointless. For example, if you send me an address to pay you some bitcoin, a screen on my hardware wallet does nothing to prevent clipboard malware on your computer from altering that address before I receive it. Which of course is true, but also completely misses the point. It's like saying "Well, a seat belt won't save my life if my engine bursts in to flames and explodes, so why bother wearing one at all?"

Just because something doesn't protect against all attack vectors doesn't mean it is pointless. Which they then discover by having to engineer a ridiculous system which requires the input of a centralized server in order for a user to simply verify an address.

You know what? Let's do a new topic with a challenge: who can write down and verify a 12-word seed phrase the fastest. This way we will have some hard numbers to compare against whenever someone claims they have a faster and more convenient seed phrase backup solution.
Inspired by LoyceV's private key writing test..

That's sooo bad! Never would I have envisioned such a bad solution for a screen-less hardware wallet ^(?). If you have to resort to this, why not just spend the extra few cents in materials and add a small screen? That's so beyond me.
Companies put little screens on all sorts of things that don't even need one (like toys, back side of phones -- this goes way back to flip phones with outer screen -- and more). And here, in the very application that really needs one, for whatever reason they are pitching, users don't get one.
This decision was either really, really dumb or actually purposefully evil.

On the back of Ledger's recent debacle, seems like a good time to bump this thread given this wallet is also based on relying on third parties to store your back ups.

Three new blog posts were published last week: https://bitkey.build/

The first post says nothing of any real note, apart from reminding people just how difficult it is to store a seed phrase.

The second one is filled with increasing amounts of nonsense:

In what world is writing down 12 worlds on a piece of paper either lengthy or complex? I can't wait to see how quick and easy their set up process is, given that you need to download an app, register an account, verify your identity, set up and link the hardware device, link it all to an online server, and then set up social recovery with a number of "trusted" contacts. You can do all that in less than the 30 seconds it takes me to write down and double check a seed phrase?

So they want to protect against social engineering and phishing by implementing social recovery which is possibly the highest risk method when it comes to protecting against social engineering and phishing. Ok.

They often disingenuously compare the worst practices with seed phrases against best practices with their device. People can be social engineered for the seed phrase, but apparently not for their social recovery system? They talk about how people back up seed phrases to the cloud, and that makes them insecure. And what is stopping someone backing up their Bitkey account details to the cloud as well? Or how people leave their seed phrase lying around where it could be found, but apparently no one ever does this with their phone or hardware device?

The third post is particularly interesting. After two previous posts talking about how seed phrases are super complicated and risky and their solution is going to be super simple, they have come up with the most over-complicated design possible to justify not having a screen on their wallet. Basically, every time you want to send or receive coins, your hardware wallet has to sign the sending or receiving address and then transmit that signed message to Block's servers, where they will verify the address has not been tampered with, and then send that address back to the relevant party to be used. The obvious flaws are that Block can spy on literally everything you do and that you have absolutely zero security from a bad actor in Block sending a malicious address. The less obvious flaws are that you now can't make transactions or even generate a new receiving address if Block's servers are down, and it opens a new attack vector for man-in-the-middle attacks if you rely on Block's servers telling you what addresses to use.

But don't forget guys, it's far simpler than just writing down 12 words!

And for that, we should heavily criticize them.. As well as pointing this out and making it very clear to any potential customers. Education is key.

The problem is mental conditioning. From a few pages up in this thread:


There are people out there in their 20s who have never even stepped foot inside a bank. They have a checking account and savings account and so on and never interacted with another human about it. All online and all usernames and passwords recoverable. Same with brokerage accounts that could have hundreds of thousands of dollars. Never met a human who worked there. How do you convince them that they have to do that?

They are creating what people like not what is good for the people.

-Dave

Because of the incredible difficulty of generating a seed yourself, taking a pen and a piece of paper, and writing down a set of words. Are you out of your mind, who does that?
Square is creating a solution to get you away from traditional ways of moving money by using none of the foundations that were established with the introduction of bitcoin.   

I don't disagree with you, that there are lots of people who will think that this is a good thing and who will absolutely buy this device.

But it is a triumph of marketing on behalf of companies such as Block and centralized exchanges that they have convinced people that they are too stupid/careless to be able to safely write down 12 words and keep them safe, and that they need to trust third parties with their coins, keys, seed phrases, or recovery processed instead. The whole point of bitcoin is that you don't need to rely on third parties.

The odd headline seems to imply that the firm is willing to screw up during the testing phase in order to prevent future troubles when users buy the product. In general, this is logical and this is a simple marketing slogan, as if hinting that in the future they will be all right. But will it be?


What you don't need doesn't mean others don't.
I fully agree with your position, but Block users will have a lot of newbies who want to be able to recover lost seed phrases. Even on this forum, from time to time there are topics on the issue of the possibility of recovering seed-phrases and keys. Square started this whole story for a reason, and they have long analyzed the needs of potential customers. The key of which is access to lost seed phrases. They just give people what they want. You can say that this is bad, but this will not stop their customers from using this device.

This sentence from the second paragraph really does sum this whole thing up very well:

That is an awful lot of things that could go wrong, a large attack surface, and lots of capacity for bugs and vulnerabilities. Compare to a standard hardware wallet which you can use with any open source software such as Electrum, and does not have any of this extraneous bloatware that Block are tacking on.

Also, why the hell would anyone want a recovery service that runs on their servers? I want a seed phrase which is under my control and my control only. Not some third party nonsense.

Exactly the kind of people you want designing and building a new hardware wallet, then.

New update was released on Block website wallet.build with weird title sayin Why We Want To Fail Right Now.
They started sending Block devices to employees for internal beta testing, finding bugs and sending feedback, but they claim developing is not yet finished and there is room for improvement.
Over next few weeks Block plans to give employees over 200 hardware wallets and allow early access to the mobile app, this will include 19 countries with Andoid and iOS devices.
In next months testing results should be released in public and testing will expand to external larger group.
https://wallet.build/why-we-want-to-fail-right-now/

I don't think such a scenario is even worth entertaining, because it would be fundamentally ridiculous scenario to be in where you are having to restore your hardware wallet to a different device to double spend your own transaction to try to recover your coins. The fact that such a ridiculous scenario is even a possibility (since there is no screen on the hardware device so therefore no way to verify what you are actually signing before you sign it) should be enough to tell you that you don't want to to use this device.

I fail to see what advantages this screenless hardware devices has over a simple 2FA hardware key such as the YubiKey. With both you cannot send a transaction without it, and both are unable to provide the ability to independently verify your transaction prior to signing. The YubiKey will likely end up being significantly cheaper, though, as will all your transactions since they won't be 2-of-3 multi-sig. And of course with your own 2FA set up, you can back up your wallet properly using a seed phrase and not some crazy scheme based on a third party account and social contacts.

Exactly. Since there is no screen on the device, you don't know if the displayed address on the app belongs to your wallet or not. That's if you are generating an address and you are supposed to receive BTC.

Like n0nce mentioned, the software could in theory show one thing, but the hardware signs something else. You would only notice a difference if you quickly checked if the transaction data is correct on a blockchain explorer after the broadcast. Depending on if, when, and how full RBF gets implemented with the next Bitcoin Core release, it might be easy to doublespend the transaction back to yourself. But that depends on too many factors out of your control: how many nodes opt-in for Full RBF, how many pools do it, and will the Block app have an option to cancel/doublespend a transaction back to yourself. o_e_l_e_o is a better person to talk to about such scenarios. 

No, if the wrong address is only shown in the app, but the correct transaction is signed by the device, the funds will still reach the intended receiver.
You could end up with a hacked app though, that displays the correct address on your phone screen, but asks the hardware device to sign a transaction which sends all of your funds to an attacker's address. There will be no way of you to check that, if we assume compromised software.

In other words: eliminating the chance of a software attack is the main goal of hardware wallets; so assuming the software to be safe completely removes the need for such a device. We need to work in the 'compromised software' model for hardware wallets to even make sense. Therefore we can't rely on the software to display the right address and only ask for signatures of unmodified transactions.

That won't help you, as the block explorer doesn't display your transaction before it's submitted to the mempool and once you submit it, there's no way of 'taking it back', either.

Yeah, I said it before: a screen is absoutely fundamental. You need a physical 'communication channel' (light entering your eye) to verify what the wallet is actually signing.

I guess any transaction to be broadcasted can be checked and rechecked on the mobile app which is actually the wallet that contains one or more master private key. Or probably there can still be confusion unless the hardware authentication app is manufactured for people to check if it can truly be called hardware wallet or not. Still, on all wallets, while using online wallet with it, best to still check for clipboard malware by double checking the address before sending or passing it to cold storage wallet for signing.

This, of course, will be a disadvantage. If any glitch occurs in the application showing transaction information, such as the wrong recipient address, it will be possible to send to the wrong address and lose cryptocurrencies. What to do in this case? Check each time all transactions in https://blockchair.com/? Which will create another extra action. It seemed to be an insignificant detail at first glance, as the lack of a display (is it possible that the Block will save a lot on this) creates an unnecessary headache for users.

The difference between Block and proper hardware wallets like the ones you mentioned is that their native apps don't hold your seed or private keys. Those never leave the hardware. Based on what we know about Block, it's software app will store one of the multisig keys. Due to the lack of a screen, you won't be able to verify transaction details like with other hardware wallets. You have to rely exclusively on what the app shows.