Content pfp
Content
@
0 reply
0 recast
0 reaction

kia pfp
kia
@kia
bi-annual reminder: hardware wallets aren't cold
4 replies
0 recast
43 reactions

Cassie Heart pfp
Cassie Heart
@cassie
Spicy addendum: if the public key an address is derived from is exposed, it's also not cold.
1 reply
0 recast
1 reaction

kia pfp
kia
@kia
that is indeed spicy can you expand why you say that
1 reply
0 recast
2 reactions

Cassie Heart pfp
Cassie Heart
@cassie
Cold separation is intended to avoid any risk of key compromise, for long term storage. If you're using cold storage for long term but not also hedging bets on quantum compute or advancements on discrete logarithm attacks by keeping the public key also contained cold (as the hash is presumably QC safe), then your cold storage strategy is not fully risk adjusted.
2 replies
0 recast
3 reactions

kia pfp
kia
@kia
oooh i see the angle in such a scenario wouldn't derived addresses also be able to be worked backwards to the public key then? or is that much harder compared to working public to private key backwards.
1 reply
0 recast
0 reaction

Cassie Heart pfp
Cassie Heart
@cassie
Finding a hash preimage for sha3 or sha256 does not have known QC attacks that are faster than raw brute force (at this time): https://link.springer.com/chapter/10.1007/978-3-319-69453-5_18
2 replies
0 recast
0 reaction

kia pfp
kia
@kia
ok i hadn't realized elliptic curve is vulnerable to quantum but hashing pub -> address isn't. i am now onboard with the spicy take :D
0 reply
0 recast
1 reaction

kia pfp
kia
@kia
aaah
0 reply
0 recast
1 reaction