13:16:57 <plowsof11> Rucknium: bounty 4.2 ~xmr sent to MAGICs wallet @ https://btcpay.monerofund.org/i/4BdGbZvYQRKx44uYqqjs21
14:53:52 <unkn8wn69[m]> Hey Guys, does anyone have an idea why monerujo pocketchange sends the always 10x the amount of xmr for each bucket? Wouldn't that make it more fingerprintable on the block change? And also, does it send the xmr to each bucket in the same interval?
14:54:47 <unkn8wn69[m]> I think randomizing the number of buckets (individual transactions) and intervals between that would make it less obvious that a group of transactions originated through pocketchange
15:12:40 <ofrnxmr[m]> <unkn8wn69[m]> "I think randomizing the number..." <- No
15:13:26 <ofrnxmr[m]> <unkn8wn69[m]> "Hey Guys, does anyone have an..." <- Arbitrary and bad number
15:13:26 <ofrnxmr[m]> yes it does
15:13:26 <ofrnxmr[m]> i dont know
15:13:31 <ofrnxmr[m]> s/i dont know/i dont understand the question
15:13:31 <ofrnxmr[m]> if you mean "in the same transaction", yes
15:14:41 <ofrnxmr[m]> https://matrix.to/#/!OhIACQDGLqSrxxwtWU:monero.social/$EpjxcyC1vsO2J5-zAcgMriv6GMS0Xe1TVKuxpZFD3Og?via=monero.social&via=matrix.org&via=karapara.net
18:13:31 <unkn8wn69[m]> Oh I'm dumb it generates a transaction with 10 outputs not 10 transactions. 
18:14:57 <unkn8wn69[m]> I think pocket change is very great, i usually send my xmr to a new wallet frequently to make all into one input again, and therefore i think I'd get into the problem more often when trying to spent small amounts in a frequent manner.  
19:49:54 <r4v3r23[m]> https://twitter.com/ShrtCrct6102/status/1671190722337206272
19:50:08 <r4v3r23[m]> jonjones2000
20:07:44 <cryptogrampy[m]> <r4v3r23[m]> "https://twitter.com/ShrtCrct6102..." <- Very cool.  Can you share a screenshot of this in the app?
20:09:23 * r4v3r23[m] uploaded a video: (10437KiB) < https://libera.ems.host/_matrix/media/v3/download/monero.social/WOUxKHQmmhVKGvgtWixNWkvo/airgapped.mp4 >
20:10:27 <r4v3r23[m]> cryptogrampylmk if you can see this video
20:12:40 <r4v3r23[m]> UI is minimal and a proper UX is being worked on
20:13:03 <r4v3r23[m]> tested & compatible with CLI wallet
20:28:43 <cryptogrampy[m]> Wow very nice
21:04:10 <r4v3r23[m]> you can now burn your ledger/trezor and use old androids as a hww
21:08:05 <RavFX[m]> r4v3r23[m]: How safe is that? Can you cellebrite* it?
21:10:24 <r4v3r23[m]> factory reset the phone and keep it on airplane mode
21:10:36 <r4v3r23[m]> unless mossad is actively targetting you, youre good
21:10:51 <RavFX[m]> I mean, if I steal you're phone and plug it on my PC to extract the data.
21:11:01 <r4v3r23[m]> android phones are encrypted
21:12:08 <RavFX[m]> "Old phone", I mean.
21:12:08 <RavFX[m]> Once you boot it, if I can get to it I can bypass the encryption.
21:12:08 <RavFX[m]> The encryption protect the storage on boot, but if you boot it then it go to sleep, afaik I only have to bypass the pin lock (or whatever you got set)
21:12:26 <RavFX[m]> But I assume the wallet part is encrypted
21:12:38 <r4v3r23[m]> yes app is also encrypted
21:12:39 <RavFX[m]>  so only risk could be someone tempering with it
21:13:13 <r4v3r23[m]> id trust an android phone over a trezor/ledger in case a hacker had physical access
21:13:27 <RavFX[m]> Like replacing the app with the same one, recompiled with an extra backdoor.
21:13:27 <RavFX[m]> so it leak you're key when you use it
21:13:40 <ofrnxmr[m]> Adb backup db > restore db to a custom cersion
21:14:27 <RavFX[m]> Yeah, for backup it's nice
21:14:30 <RavFX[m]> but yeah, android is soo insecure...
21:14:33 <r4v3r23[m]> RavFX[m]: > <@gfdshygti53:monero.social> Like replacing the app with the same one, recompiled with an extra backdoor.
21:14:33 <r4v3r23[m]> > so it leak you're key when you use it
21:14:33 <r4v3r23[m]> how are you gonna do that when the phone is encrypted at rest?
21:14:34 <RavFX[m]> Oh wait, you probably mean to extract the db and crack it later.
21:15:37 <RavFX[m]> r4v3r23[m]: Old phone, you really think you can't bypass them.
21:15:37 <RavFX[m]> It's probably safer if you leave the phone OFF forever, except when you use the wallet, at least the encryption might actually protect the data
21:15:57 <r4v3r23[m]> RavFX[m]: https://beincrypto.com/cybersecurity-hacks-trezor-wallet-old-exploit/
21:15:59 <RavFX[m]> old already booted phone you can't trust it to be secure
21:16:00 <r4v3r23[m]> so are trezor.ledgers
21:16:41 <RavFX[m]> r4v3r23[m]: I know that old exploit, patched long time ago.
21:16:52 <r4v3r23[m]> RavFX[m]: its not the only one
21:17:00 <RavFX[m]> just compare the codebase you have in a phone and in a hardware wallet
21:17:04 <r4v3r23[m]> if youre actively targetted, no hww is gonna keep you safe
21:17:11 <RavFX[m]> the quantity of code, what can go wrong
21:17:26 <RavFX[m]> And I can easily get into encrypted phone that are already booted.
21:17:30 <RavFX[m]> old phone
21:17:34 <RavFX[m]> old android version....
21:17:37 <r4v3r23[m]> if you want to talk niche hypothetical attack vectors, sure lets go
21:18:12 <r4v3r23[m]> RavFX[m]: yeah?
21:18:56 <RavFX[m]> https://www.youtube.com/watch?v=OMHC2pK3g-w
21:19:20 <RavFX[m]> things like that, software is available on torrent and usenet
21:19:20 <RavFX[m]> Yeah, use an old phone...
21:20:09 <r4v3r23[m]> brute forcing a 4 digit pin? lol
21:20:53 <r4v3r23[m]> let me store my wealth on a device secured by "6969"
21:21:01 <RavFX[m]> One of the thing it can do.
21:21:01 <RavFX[m]> it depend of the phone brand/model.
21:21:02 <RavFX[m]> It use released exploits... But new exploit are getting founds ... And old phone don't **always** get update.
21:21:05 <naphtha[m]> xd
21:21:15 <naphtha[m]> you can set longer pins THOUGH
21:21:24 <naphtha[m]> mine is 8 digits
21:21:32 <r4v3r23[m]> or long ass password
21:22:00 <naphtha[m]> having your wealth protected on a phone is retarded though
21:22:07 <RavFX[m]> You can yes, But you really think there is only "one" exploit ;)
21:22:07 <RavFX[m]> That was random video.
21:22:08 <naphtha[m]> setting long ass pins and passwords gets very annoying
21:22:10 <naphtha[m]> if you use that device daily
21:22:24 <r4v3r23[m]> this is an advanced feature. it assumes youre taking basic precautions and dont use "Dogname123" as your password on every service
21:22:31 <r4v3r23[m]> naphtha[m]: cold storage isnt daily use
21:23:08 <RavFX[m]> The pass protect the boot. Once it's booted, well.
21:23:08 <RavFX[m]> If you can reach the target, just put a sim in his phone and use a SMS 0 day (available on some phone). Then you get to install what you want on the phone, or dump data.
21:23:10 <r4v3r23[m]> exceptions dont invalidate the rule, they affirm it. there will always be edge cases
21:23:16 <naphtha[m]> right but still i'd imagine the crypto algorithms arent made to be very difficult
21:23:25 <RavFX[m]> Get a new phone or something, or something well supported
21:23:32 <r4v3r23[m]> RavFX[m]: > <@gfdshygti53:monero.social> The pass protect the boot. Once it's booted, well.
21:23:32 <r4v3r23[m]> > 
21:23:32 <r4v3r23[m]> > If you can reach the target, just put a sim in his phone and use a SMS 0 day (available on some phone). Then you get to install what you want on the phone, or dump data.
21:23:32 <r4v3r23[m]> *airgapped device*
21:23:33 <naphtha[m]> so you can unlock your phone without waiting 30 seconds for the weak arm cpu to decrypt shit
21:23:43 <r4v3r23[m]> lets not strawman now
21:24:06 <naphtha[m]> RavFX[m]: > <@gfdshygti53:monero.social> The pass protect the boot. Once it's booted, well.
21:24:06 <naphtha[m]> > 
21:24:06 <naphtha[m]> > If you can reach the target, just put a sim in his phone and use a SMS 0 day (available on some phone). Then you get to install what you want on the phone, or dump data.
21:24:06 <naphtha[m]> depends what os
21:24:11 <naphtha[m]> and how you have it configured
21:24:24 <naphtha[m]> my pixel on graphene encrypts itself after a couple of hours automatically
21:25:16 <r4v3r23[m]> naphtha[m]: this is the recommended setup for this feature
21:25:20 <r4v3r23[m]> and old pixel running graphene/AOSP
21:26:51 <RavFX[m]> naphtha[m]: Yeah, not everyone do proper research.... (full message at <https://libera.ems.host/_matrix/media/v3/download/libera.chat/7c3b77a3161d27007a2071b25ffe134a5a46c661>)
21:28:45 <RavFX[m]> airgapped devices can be vulnerable still.
21:28:45 <RavFX[m]> Ideally you could make a stipped down rom
21:28:50 <RavFX[m]> remove the modem driver....
21:29:42 <r4v3r23[m]> the idea of a feature like this is to make the attack as hard as possible
21:29:44 <RavFX[m]> but again there is still the issue if someone take it.
21:29:46 <r4v3r23[m]> if you want to be super paranoid then memorize your seed and forget it
21:29:47 <bridgerton[m]> <Disciiple> old?
21:29:49 <r4v3r23[m]> but with enough force you can brute force a brain
21:30:04 <r4v3r23[m]> s/forget/thats/
21:30:10 <RavFX[m]> r4v3r23[m]: like a 5$ wrench ;)
21:30:20 <r4v3r23[m]> duh
21:30:31 <bridgerton[m]> <Disciiple> why old pixel instead of new?
21:30:38 <FrankieYawkey[m]> too much force is the problem
21:30:42 <RavFX[m]> yeah, use new devices...
21:30:43 * naphtha[m] uploaded an image: (26KiB) < https://libera.ems.host/_matrix/media/v3/download/kyun.host/tFDMnVTgqvNjzDAGfzdmEooK/security.png >
21:30:44 <naphtha[m]> meanwhile in reality
21:31:02 <naphtha[m]> xkcd is soy but this is one of the rare times hes right
21:32:24 <RavFX[m]> There are way to protect again 5$ wrench attacks, but... lets not go into that
21:33:48 <r4v3r23[m]> bridgerton[m]: new is fine
21:33:55 <FrankieYawkey[m]> why would a money printer not just wait
21:34:16 <r4v3r23[m]> naphtha[m]: exactly
21:46:13 <RavFX[m]> Ideally you want a phone made by an politically opposed faction... (full message at <https://libera.ems.host/_matrix/media/v3/download/libera.chat/bbd45da69cd2921db08fc6e8daf4dbf47da34668>)
21:47:59 <RavFX[m]> I don't know if it's still possible to have phone without radio drivers, aka, no phone/wifi capability (so one could not take over a phone by adding a sim and injecting an exploit that way. 
21:51:55 <ofrnxmr[m]> RavFX[m]: That. Titan phone had hardware toggles iirc
21:52:16 <ofrnxmr[m]> Maybe a different phone. I remember one where you could physically remove the camera etc, easily
21:52:37 <RavFX[m]> ofrnxmr[m]: That won't protect you if someone take ownership of you're phone.
21:52:37 <RavFX[m]> But yes, it's good to have.
21:53:32 <r4v3r23[m]> <RavFX[m]> "I don't know if it's still..." <- its possible. but for the vast majority of cases, unnecessary
21:54:05 <RavFX[m]> r4v3r23[m]: indeed