<s​yntheticbird:monero.social> I read in diagonal and saw bricodepot + leroy merlin so I thought you were living in France, then I told myself that maybe these are internationally known.

Oh, in France there is also leroy merlin? Saw that only in Spain, in France I used always brico depote or drove 120km to buy tools in DE :D

<s​yntheticbird:monero.social> well leroy merlin is french so yeah there are plenty of them

<s​yntheticbird:monero.social> looking forward xmr signer

matrix updates and restarts coming

should be updated, see some logs indicating other maintenance but back in a bit

<r​brunner7:monero.social> Not sure this is the right room to discuss this. But anyway, vThor, you mean to say that XmrSigner holds any secret keys only in RAM, and when the power goes away, you have to load them somehow into the device *again* next time, over and over? If yes, color me surprised. Does user experience with Bitcoin's SeedSigner show convincingly that this is viable for longterm use?

<r​brunner7:monero.social> Found this SeedSigner feature request and discussion in the meantime: SeedSigner/seedsigner-os #31

Entering the seed every time from some other device/apparatus through the keyboard sounds a bit annoying, not to mention the potential exposure of having it in relatively accesible place.

Could you split the seed and have half on the device and half on the SD? (wonders if that is more or less secure )

<r​brunner7:monero.social> I am not that experienced in such things, but yeah, I do wonder what's the difference in security between having a QR sheet "in a relatively accessible place" to give it to the XmrSigner before use, and the XmrSigner writing stuff in an encrypted way to its SD card ...

<p​lowsof:matrix.org> this would be purely for UX improvements with a sprinkle of security theatre (if we are trying to defend against physical attacks). monero has built in encryption for our wallet so it would just be a forced wallet password small enough to be conveniently entered (but brute force-able as we have no secure element or fancy stuff here.. its just a pi)

You could possibly have two layers of security. One for accessing the pi and one for accessing the wallet on the pi. But if you're keeping the seed on a piece of paper/QR code in your wallet/filing cabinet, that is definitely the most vulnerable (one would imagine).

VOSTOEMISIO - FCMP Animated Explainer Video is now fully funded! ccs.getmonero.org/proposals/VOSTOEMISIO-FCMP-Animated-Explainer.html @luigi1111

rbunner7: yes it is only in memory and until some seconds/minutes(if not cooled down extremly, but would need to think more and research if the broadcom chip will reinit the memory on boot) after cutting the power. Yes you have to load them everytime into the device, it is like a paper wallet helper device actually. You would not use it (IMO) for daily use but for stored values (although the treshold will be for every used different). I myself try to get

away from any device owning after seeing how gov's are working

(but personal decision for my threat model). I overflew the issue at that moment only, but IMO I would never trust a hardware wallet out of various reasons, and I see te SeedSigner as far superior to any hardware wallet. Search on youtube for people forgotten there pin with all there funds in BTC (appart from the risk that the devices dies and you will lose funds, and the risk that gov will confiscate the leadger, or whatever hardware wallet - and you

will lose funds), it also shows that a hardware wallet is for low threat model - but then you don't need a hardware wallet at all... (all IMO). I strongly against to to save it on a microSD (even encrypted), but I have some ideas (but no time at the moment) to implement encryption of the seeds, actually using a password generating a seed via PBKDF2 and XOR both seeds. You could also generate various seeds and make something like a card deck where you

apply the same XOR technique. There are other ways, you could even tie the seed to the device (if one is insane - also IMO). But with password/passphrase there is already a lot of confusion. Also the offset could be changed.

About the wrong room, we could also move to a room which would fit more, or (unhappy to say that) us matrix, only matrix is not really working for me well (worse then expected), so you can invite me @vthor:nope.chat, but I can't initiate any conversation (no idea why...).

plowsof: yes a lot of things are security teather, and I have seen and heard that hardware wallet vendors try to descredit SeedSigner (what makes sense from there perspective how it is the inferior product IMO and don't wan't to loose there revenue). About the wallet password and XmrSigner, that can not be applied, because the wallet get recovered everytime temporarily in memory, and the password encrypts the wallet file. Although there is an option for

an encrypted seed (password encrypted seed), but I can find nowhere how to restore from that encrypted seed and password pair. Anyway any step further with passwords/passphrases/keyphrases should be implemented very thoughtful how now already exist confusions and naming will be pretty relevant.

<r​brunner7:monero.social> As far as I can see nobody shouts at us yet, so I think maybe we continue our little chat here until somebody does :)

And Secure Elements is IMO snake oil, which ends with anchor of trust and chain of trust. (back hinting on recovered funds from forgotten pins on BTC hardware wallets..., also on phones with "Secure Element" ( not even talking of f... arm TE.... but Pixel/iPhone SE...)

rbunner7: yeah back to the more relaxed irc years :)

<r​brunner7:monero.social> I think I understand your reasoning, and I think it's sound. I just see one problem, which worries me a bit: If you position XmrSigner as a device that is even more secure than a hardware wallet, is secure against confiscation by anybody, satisfies even extreme threat models - how many users will that probably get? This could turn out to be an awfully small niche, seems to me.

<r​brunner7:monero.social> I see a possible solution of preparing at least 2 very clearly separated edition of XmrSigner, or better said its OS and software: one what you see now, XmrSigner maximum threat model, and XmrSigner hardware wallet model. The second would be less safe, but much more convenient for people who would otherwise buy a Trezor or a Ledger, because they keep the keys.

<r​brunner7:monero.social> You see, I do worry about what I wrote in that Reddit post: We have exactly *two* hardware wallets supporting XMR now, and who knows whether they feel like following us when we hardfork to FCMP++ or simply throw in the towel and call it a day with XMR. We would end up with *zero* hardware wallets, but then, presto, XmrSigner hardware wallet edition to the rescue :)

midipoet: yes, but there is always 3 possible elements what you have, what you know, what you are (this one is crap from the beginning). Leaves you with what you have and what you know. People not trusting themself prefer what you have, and there is no secure way to store except combining it with what you know with a high enough entropy and a secure algorithm to encrypt. You can split and merge, and come up with your own systems (some how security by

obscurity, but if only yourself know it it could still be effective). I don't trust what you have personally, because in my expirience goc can take you everything away in any moment (except you stored it out of reach and nobody knows...). So I personally would always prefere memorizing a password or an seed. Wanted to add seed generation by password in the XmrSigner to, but the issue here is that people have bad password choices in general. I took

XmrSigner over because of a personal decission, I'm not a user of it, because for use cases I would use XmrSigner, I would use tails and my memorized seedphrase because everywhere on earth you can get a thumb drive and a $50-$100 throw away notebook quick, and I still try figure out who would use a "hardware wallet" (offline signer) and for which use case.

rbunner7: "satisfies even extreme threat models - how many users will that probably get?" It seems SeedSigner had a lot of users until the recent attacks and how I stated before, with an extrem threat model you want to be naked all the time, everything should be in your head (well I have a plan in the distant future (~1year) to create a "dark" cloud to store everything only by what you know for at least 2 years, where you could then store also wallets

and other critical stuff), but I can tell you 99% of the people want to feel secure and don't care actual about there security at all. My customers I had over the last decade(s) would spend a lot of money to buy a secure device only to render it insecure by there actions out of convinience.

"XmrSigner hardware wallet model. The second would be less safe, but much more convenient for people who would otherwise buy a Trezor or a Ledger, because they keep the keys." <- yes that could be relative easyly archived by using a MC with EEPROM in the chip, adding like $5 on top, but harder DIY, or adding a Java Card or OpenGPG card. And it would IMO still be superiour to a hardware wallet.

<r​brunner7:monero.social> "would spend a lot of money to buy a secure device only to render it insecure by there actions out of convinience" Like mentioned earlier today: I worry a bit that if people use the XmrSigner like a hardware wallet, let's say once a week, as it is now, forgetting keys all the time, they may go and totally destroy their security by letting the QR code page with the seed just lying around :)

You could also use a yubi key (what has exact the same issue then a hardware wallet btw), I used them as a 3rd element on my notebook with luks, So you could use that challenge response HMAC-SHA1 of the yubi key as "Secure Element" easy or a GPG key on the yubi key a little bit more difficult and solder the yubi key on the pi, and then prepare an epoxy with glitter and seal the device completely. Well on a low thread level (with low funds) you could also

store on a microSD (how I'm worried more on the microSD card MTTF, and even worse if one wants to save some few piconeros on the card, too). But honestly I think the SeedQR encrypted in your wallet is realtively secure (if you not afraid of gov or getting mugged) how the SeedQR does not revel anymore then 25/16 numbers (which represent the seed words)....

"I worry a bit that if people use the XmrSigner like a hardware wallet, let's say once a week, as it is now, forgetting keys all the time, they may go and totally destroy their security by letting the QR code page with the seed just lying around :)" <- yeah, but the only way would be making passwords mandatory, but I can tell you what will happen then: the will write the password on the SeedQR. You could use the device ID to encrypt the seed further -

but the (good) idea of the seeds is, that you can use the seeds everywhere to restore the wallet on almost any Wallet. So even if the Signer dies, you would not succed to find/build a new device you will not lose your funds (in this way...)

Maybe we should discuss that further there: github.com/XmrSigner/xmrsigner/discussions because I can nowadays still almost ever rememeber where was some information was but not anymore all the information itself.

"So you could use that challenge response HMAC-SHA1 of the yubi key as "Secure Element"" <- would need to remark that it still would not work like a SE that wipes itself, anyway a Secure Element not embeded in the IC itself, will always get desoldered to attack if, for phones they even sand layers on the IC down... So in this case the "Secure Element" makes only brute forcing and word list attacks harder.

midipoet: "Entering the seed every time from some other device/apparatus through the keyboard sounds a bit annoying" <- yeah at the moment it is a pain in the a** although not so bad either, because you need normally 2~3 letters per word to pick the word, but if I would deactivate the useless keys, jumping to the next letter would it make much more convinient.

<r​brunner7:monero.social> And Polyseed with its fewer words is of course very welcome here

<r​brunner7:monero.social> "you need normally 2~3 letters per word" In fact, you *never* need more than 3 - the words are chosen to be unique with only their first 3 letters given. At least the CLI wallet allows you enter seeds with 3-letter groups, if I remember correctly.

"words are chosen to be unique with only their first 3 letters given" <- correct for the english wordlists, but is not in all languages like that.

Revuo Monero Issue 216: October 24 - 31, 2024. revuo-xmr.com/weekly/issue-216