Bitcoin Review Podcast BR073 - Security Challenges in Bitcoin Hardware Wallets: A Technical Overview ft. Lloyd Fournier, Craig Raw, Rob Hamilton, odudex & NVK

I’m joined by guests Lloyd Fournier, Craig Raw, Rob Hamilton and odudex to discuss bitcoin wallets and signers.

Listen on your favorite podcast app:

Housekeeping

• Calling for guests to join a ham radio panel. Email producer@coinkite.com if you are interested.
• Keep the audience questions coming! Send boosts or email questions to producer@coinkite.com.
• Check out the previous episode if you want to understand more about Dark Skippy

Discussion Topics

• 00:04:40 KRUX/DIY Frost devices
• 00:17:39 DOS ware/Hardware wallets
• 00:29:53 PSBT Protocol
• 00:40:57 UX Security Tradeoffs
• 00:48:09 Hardware Signers
• 00:54:52 Battle between Push for better UX & More Security
• 01:16:35 Key generation protocol
• 01:53:53 Feature Request to Sparrow wallet
• 02:04:57 Audience Questions
  • “Geographically distributed multisig is probably the best self custody model today. But specifically what kinds of places are suitable for storing private key material internationally or even just away from your home territory? Many people do not have high trust family/friends that live in different areas and I am skeptical of the privacy and security bank safety deposit boxes.” - Densest_Sprite0R
  • “How have best practices evolved as we migrate from ecdsa to Schnorr it terms of interactivity / uptime that then therefore reshapes UX? e.g concurrent sessions, nonce counters, etc” - Vivek
  • “Are you aware of any known attack methods to add malicious code to an sd card with out any physical access to it? Like with some type of radio frequency attack etc…?” - Kidwarp
  • “Explain if you could why the anti exfil protocols don’t work air-gapped.” 🙏🏻 - @basisbtc
  • “Ask your esteemed panel what the solution to all these problems is and why it is miniscript.” - Coinjoined Chris ⚡
  • “How does the seed leak stuff work - the nonce signature stuff was not explained easy / detailed enough for us noobs? Is it just publishing encoded information somehow? Would it make any kind of difference if you use a passphrase?” - M4v1
  • I’d love to hear some of your favorite ways that a pwned hardware signer can steal funds that do not involve DarkSkippy (or similar). - Rearden
• 02:21:42 Closing Remarks and Gratitude
• 02:25:42 Listener Engagement and Resources

Episode submission ideas

• We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.

Get in touch with the pod

• Podcast Twitter
• NVK Twitter
• Telegram
• Email
• Nostr & LN ⚡nvk@nvk.org (not an email!)

---

Did I get anything wrong above? Help me correct it producer@coinkite.com