Author

Topic: The “Auditability” of QR Code Signature Outputs (Read 147 times)

legendary
Activity: 2702
Merit: 4002
Thank God you did not mention Cobo products. I read the post specifically to confirm this.

I agree that scanning QR is the ideal solution, but as long as you keep your device protected and you do not download any untrusted apps, you are safe.
Any type of physical contact between these wallets and your devices may expose you to losing your money.

Do not forget to make sure that your computer is clean because some viruses modify the result of QR's scan.
legendary
Activity: 2730
Merit: 7065
I haven't checked bu I guess the one you are advertising all over the place does.  Wink

Btw, if you didn't write the Medium article from where you got this content from you need to give credit to the source and post a link from where you took it. if not it could be seen as copy/pasting.
jr. member
Activity: 40
Merit: 1
People purchase hardware wallets because they know the most secure way to store their private keys is to take them offline into cold storage. All hardware wallet services need a means of communicating between offline storage and online terminals. While the cold end (offline storage) is responsible for storing private keys and signing transactions, a hot end (online terminals) is needed to obtain data from the blockchain, construct transactions for the cold storage end to sign, and broadcast signed transactions to the blockchain.

In transmitting signature outputs, the majority of cold storage hardware uses data cables, Bluetooth, or even NFC. Because of the opacity of their data transmission, these methods make signature outputs extremely difficult to audit. An overlooked means of cold storage hardware communication is the QR code, a “what you see is what you get” solution. The QR code is the ideal means of data transmission between cold ends and hot ends because data output by QR codes is transparent. This enables users to easily ensure each unsigned transaction that is transmitted to the cold storage device is valid, as well as ensure signature outputs from the cold end do not reveal private keys or sensitive information in any way.

How many hardware wallets use QR codes to make transactions?
Jump to: