What are the fun things you are doing or did today being Christmas 🎄
For me i told everyone to rest so I can cook for them and do the house chores it was stressful but when will started eating and gisting it was worth it we talked about our past fun moment and it really made me laugh out loud.
This is one of my best Christmas season.
Topic: Wall Observer BTC/USD - Bitcoin price movement tracking & discussion - page 56. (Read 26710116 times)
December 25, 2024, 12:30:33 PM
December 25, 2024, 12:01:14 PM
December 25, 2024, 11:01:16 AM
December 25, 2024, 10:55:08 AM
....
At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has physical access to the device with a non-secure element.
....
At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has physical access to the device with a non-secure element.
....
no no JJG .... The PIN is used to encrypt the seed on your device. A strong (long) PIN cannot be cracked via brute force, so it's not possible to decrypt your seed when someone gets hold of your device.
That's why Trezor enabled PINs with 50 digit length (maybe longer), when they fixed the vulnerability of physical access a few years ago.
Means, if your PIN is long enough (has enough entropy) nobody can get the seed out of your device.
No (un)secure element needed !
I mentioned that for the t-one. you can write a really long pin.
but JJG may be recalling this hack of the trezor 1
....
but this should not happen any more since the firmware should be updated and you should have a longer pin
Model T is Trezor's latest (and possibly last) model without secure elements, but still having features like Shamir.
I'd prefer it to the newer Safe 5.
December 25, 2024, 10:51:35 AM
I wonder where are JJG's Gay Christmas cards ??
December 25, 2024, 10:38:01 AM
Merry Christmas!
plan on blowing away my A1C numbers bigly.. add an easy 0.5 for sure today
plan on blowing away my A1C numbers bigly.. add an easy 0.5 for sure today
Don't stretch A1C numbers too much. Once they go up it takes lot of effort to bring them down.
Enjoy the day and have a blessed Christmas.
December 25, 2024, 10:30:12 AM
Incidentally, I hope a jury of his peers will find a way to let him get away with it.
Well, they've made self-defense (including of others) defacto illegal, let's see how legalizing murdering richies does for the financial capital of the world.
Since when is shooting a guy that is actively killing people illegal?
They really will make a mess of this. The best thing to do is crush that one company. Find him innocent of everything but the printing and possession of the gun.
But they never do what they should do. So they will likely pull an Epstein with him.
Then spin bad stories about his bad behavior the last 15 years of his life.
Back in the sixties there were lots of shootings and bomb 💣 ings.
I guess we get to see it repeat.
We (wrongly1) have no right of self-defense in Canada let alone the right to defense of others. I mean one could argue it was in self-defense but the "actively killing people" is a stretch. Perhaps if he was directly related to one of those who died from an obvious denial of life-saving medical services, he might get off on a lesser charge but it sounds like this guy (wrongly1) believed he was righting society in general. No sane person is going to let someone away with tracking, hunting and killing another human... I mean that comes under the purview of gov't and the various 3-letter agencies.
Damn. I got off in the weeds. I actually came in here to wish everyone a Merry Christmas and to show off my gift
I've been using the mug on the left every morning (and some afternoons) for over 20 years (this may be why I was able to HODL some sats for so long and not that I would wish it on my worst enemy but you should see my underwear) and I knew the mug was looking worn but damn! Viva la difference. I don't know where Santa found it! From this day forward, it's hand-wash only for my go-to coffee mug - and my drawers.
Merry Christmas!
1 imo
December 25, 2024, 10:19:13 AM
Merry Christmas to everyone🎄✨🎅
December 25, 2024, 10:05:12 AM
Merry Christmas!
plan on blowing away my A1C numbers bigly.. add an easy 0.5 for sure today
plan on blowing away my A1C numbers bigly.. add an easy 0.5 for sure today
December 25, 2024, 10:01:18 AM
December 25, 2024, 09:48:56 AM
Santa should have known that the folks in New Jersey are a little on edge about all the drones...
December 25, 2024, 09:05:26 AM
Incidentally, I hope a jury of his peers will find a way to let him get away with it.
Well, they've made self-defense (including of others) defacto illegal, let's see how legalizing murdering richies does for the financial capital of the world.
Since when is shooting a guy that is actively killing people illegal?
They really will make a mess of this. The best thing to do is crush that one company. Find him innocent of everything but the printing and possession of the gun.
But they never do what they should do. So they will likely pull an Epstein with him.
Then spin bad stories about his bad behavior the last 15 years of his life.
Back in the sixties there were lots of shootings and bomb 💣 ings.
I guess we get to see it repeat.
December 25, 2024, 09:01:15 AM
December 25, 2024, 08:01:15 AM
December 25, 2024, 07:06:10 AM
I'm sorry if I'm repeating myself again, but a short update on my Lightning adventure.
I broke a new record last month, 680k sats in profits
I broke a new record last month, 680k sats in profits
So you got 0.00680000 btc correct?
that is around $670 usd correct?
other than gear and software how much of your btc is tied up to do this?
0.068 btc tied up means you get 10% payment a month 120% a year. this is too good to be true
0.680 btc tied up means you get 1% payment a month 12% a year. this is still good as it beats inflation
or are you more like 1.36 btc tied up to do it which is 0.5% a month and 6% a year.
even if it is that it still grows the btc nicely.
Yes, I received 680k sats in profit last month running a Lightning Node.
Yes, that's correct. That's around $670, give or take.
I have around 7 btc tied up on this Lightning Node.
I made a record profit last month, but looking back 12 months, I've made about 0.03 btc (3M sats) in profits this past year.
So, 0.03 btc out of 7 btc is about 0.4% APY.
It's not much, but it's honest work, and most importantly, it's all self-custody.
the self custody is a huge point! Nice play!
December 25, 2024, 07:01:19 AM
December 25, 2024, 06:54:10 AM
....
At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has physical access to the device with a non-secure element.
....
At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has physical access to the device with a non-secure element.
....
no no JJG .... The PIN is used to encrypt the seed on your device. A strong (long) PIN cannot be cracked via brute force, so it's not possible to decrypt your seed when someone gets hold of your device.
That's why Trezor enabled PINs with 50 digit length (maybe longer), when they fixed the vulnerability of physical access a few years ago.
Means, if your PIN is long enough (has enough entropy) nobody can get the seed out of your device.
No (un)secure element needed !
I mentioned that for the t-one. you can write a really long pin.
but JJG may be recalling this hack of the trezor 1
Quote
https://jochen-hoenicke.de/crypto/trezor-power-analysis/
Conclusion
Side channel attacks are not as difficult as many people think. A simple power analysis requires only a simple oscilloscope and that can hardly be called expensive laboratory equipment. You also need basic soldering skills and deep knowledge about the code that is running. It took only a single recording of the computation of the public key, to recover the private key. On the bright side, this simple side channel attack can be mitigated by using constant-time code and as I showed this code does not have to be slow.
The new firmware 1.3.3 is immune against this attack since it (1) requires a PIN to compute the public key and (2) uses branch-free computations for deriving the public key from the private key.
There is no complete protection against all kind of attacks. If your TREZOR gets stolen and it has no passphrase protection (or if the passphrase is weak), you should transfer the coins to a different wallet. There are other attack vectors like fault injection that could still be used and may get around the PIN protection. Basically, they use the fact that the microprocessor does unexpected things if power supply or the clock signal is broken. These are much more difficult to perform, but they are probably less expensive than using an electron microscope to read the seed from the chip. Also, there may be a bug in the microprocessor that allows for circumventing the read-out protection.
Conclusion
Side channel attacks are not as difficult as many people think. A simple power analysis requires only a simple oscilloscope and that can hardly be called expensive laboratory equipment. You also need basic soldering skills and deep knowledge about the code that is running. It took only a single recording of the computation of the public key, to recover the private key. On the bright side, this simple side channel attack can be mitigated by using constant-time code and as I showed this code does not have to be slow.
The new firmware 1.3.3 is immune against this attack since it (1) requires a PIN to compute the public key and (2) uses branch-free computations for deriving the public key from the private key.
There is no complete protection against all kind of attacks. If your TREZOR gets stolen and it has no passphrase protection (or if the passphrase is weak), you should transfer the coins to a different wallet. There are other attack vectors like fault injection that could still be used and may get around the PIN protection. Basically, they use the fact that the microprocessor does unexpected things if power supply or the clock signal is broken. These are much more difficult to perform, but they are probably less expensive than using an electron microscope to read the seed from the chip. Also, there may be a bug in the microprocessor that allows for circumventing the read-out protection.
but this should not happen any more since the firmware should be updated and you should have a longer pin
December 25, 2024, 06:48:26 AM
Incidentally, I hope a jury of his peers will find a way to let him get away with it.
Well, they've made self-defense (including of others) defacto illegal, let's see how legalizing murdering richies does for the financial capital of the world.
Those are richies that made their goldy-gold by killing poo-poories who can't fight back in court or would die while doing so. The punishment is only fair if you look at it that way.
December 25, 2024, 06:01:17 AM
December 25, 2024, 05:34:53 AM
plications to potentially lock us out of our coins, too..
If a bad person (who knows something or knows someone who knows something), they can get you private keys (or your seed words) in a matter of 15 minutes (or something like that), so they can get anything on your non-passphrase wallet, and your pin doesn't do anything. But they cannot get you passphrase wallets unless they are able to guess them or brute-force them.
just to pile on, these are ones ive owned
used Trezor One since they came out - no probs (but hardware itself can be compromised if someone has physical access to it and the equipment)
use Trezor T since they came out - no probs
used Ledger - FUCK NO nothing but risk here. stay away
afaik, that's not true anymore. It depends all on the lengths of your PINused Trezor One since they came out - no probs (but hardware itself can be compromised if someone has physical access to it and the equipment)
use Trezor T since they came out - no probs
used Ledger - FUCK NO nothing but risk here. stay away
If a bad person (who knows something or knows someone who knows something), they can get you private keys (or your seed words) in a matter of 15 minutes (or something like that), so they can get anything on your non-passphrase wallet, and your pin doesn't do anything. But they cannot get you passphrase wallets unless they are able to guess them or brute-force them.
yeah, but we talked about the attack vector of physical access to the device.. (with regard to secure elements)
A passphrase should always be used, secure element or not
Jump to: