<everchange000:matrix.org> @riekak:matrix.org: Monero is going up.

<everchange000:matrix.org> If I had more cash, I'd buy the dip.

<noperabo:matrix.org> cap

<snifflz1:matrix.org> yo

<plaiwanone:matrix.org> gm

<snifflz1:matrix.org> gm

<snifflz1:matrix.org> where can I download the ban list at

<321bob321> @snifflz1:matrix.org: github.com/Boog900/monero-ban-list/blob/main/ban_list.txt

<pyratevevo:matrix.org> @snifflz1:matrix.org: github.com/Boog900/monero-ban-list

<snifflz1:matrix.org> thanks. all good now

<kiersten5821:matrix.org> what does this ban list even do, is this useless if i have tx-proxy option?

not peering with them also helps other users

<kiersten5821:matrix.org> how?

<lza_menace> @kiersten5821:matrix.org: The nodes in the ban list have proven to be untrustworthy. By using it your node will not communicate with them and as a result not share them with other nodes. It’s keeping the overall network safer to a degree.

<kiersten5821:matrix.org> if i have a synced daemon on one computer can i literally just copy the lmdb files over to a new computer to get the daemon there?

<intr:unredacted.org> if you first gracefully stop the daemon before copying

<intr:unredacted.org> should work

<kiersten5821:matrix.org> ok nice thanks

<kiersten5821:matrix.org> let's say i restore a wallet from a certain height, if i use a remote node, does my node need to download ALL block contents from that height until now so it can scan the entire output set for owned outputs?

<kiersten5821:matrix.org> my understanding is this is the case but idk if there were any improvements?

<sbt:nope.chat> @lza_menace: Isn't it also advantageous to malicious node operators, since they know and will try to avoid all the "signature detection"

<rbrunner7> This is going on for a long time already, and they don't seem to be in a hurry to hide better. They also could improve the distribution of the nodes regarding IP numbers so it would be harder to filter them out with simple measures, but it seems they choose not to. Who knows, maybe the whole story is not that important for them. Or they are operating on a pretty tight budget.

<rbrunner7> We can dream up all kinds of scenarios where the NSA joins forces with the FSB to attack Monero with secret quantum computers, but reality often is a lot more boring :)

Hii!!!!

I'm looking for safe way to store my cryptocurrency. I had Ledger wallet but it's not safe as company can extract seed phrase from device easily. For right now I have TailsOS which I'm using to store and access my btc

With Monero I would like to host maybe local node. Of course I could just install Monero wallet on my machine, but I'm looking for safer way

I was thinking about Trezor but it's also relying on some stupid electron app

mlxdy: trezor is open hardware though

and open source too on the firmware and API side

actually wait

nvm i don't think they're open hardware

<ravfx:xmr.mx> When OVK?

<ravfx:xmr.mx> So I don't have to leave my hardware wallet connected and unlocked until it get one confirmation (Or having to unlock it again when it get confirmed)

<ravfx:xmr.mx> I tought Trezor where open to some point

how easy is it to make your own hardware wallet

shove everything into a microcontroller (no external chips to reduce the chance of bus sniffing)

have protection against voltage glitching or any methods to trick the chip into unlocking protections and allowing access to internal data

some new trezor models have issues when being used with monero

not a monero issue as older moldels work fine

ravfx: soon hopefully

and hell, if it doesn't come with the hard fork

i'll make a carrot wallet myself anyway

*models

So how are you storing your monero? (if you can say of course)

<ravfx:xmr.mx> Good question. > <Cindy> shove everything into a microcontroller (no external chips to reduce the chance of bus sniffing)

<ravfx:xmr.mx> You would need some controller that is not vulnerable to getting raped by people who know how...

<ravfx:xmr.mx> It's probably why they all use "secure enclave" things

<ravfx:xmr.mx> Maybe make your wallet like some old arcade cartridge, store everything battery backuped SRAM. Make it so if the casing get tempered with, it cut the power and SRAM go byebye

depends on your level of paranoia, you can create a wallet while offline and later send to it

<ravfx:xmr.mx> Use some Lithium 18600 cells or something with a charge controller so it charge when you plug it usb. But it's not used for anything but SRAM power

just because your paranoid doesn't mean that are not after you :)

write down your seed and store it somewhere safe

write it down again and put it somewhere else

hey, why not a third time

<ravfx:xmr.mx> Just put it in plain sight so no one can find it

HW wallets are good if you want to transact and unsure of the security of the device you are using

I'm not sure about security of my Ledger device haha

ravfx:xmr.mx: you can get normal view keys out if you modify the cli to print them :P

with that you can make a view wallet

but yeah. you can't export key images so it's useless except for seeing the confirmations

Maybe I'll generate new seed offline in ledger live and I'll only download neccesary software like Monero etc. and then just I'll by using it with third party software

This Ledger Live application is what I hate the most

It have a lot of annoying popups and they try to sell their service for storing seed phrase online

storing seeds as a service lolol

yes xD

and in their app there's ads of it everywhere

they offering you free trial hahaha

first one is free, sounds like drugs

I'm dying from laugh when I think about this

And in terms of service there's information that they can share that seed phrase with goverment

0_o

at least they say so

It's sad that without KYC is impossible to buy crypto at normal prices

I can't pass KYC as I'm not 18

Of course in few months it will change

I remember that in the past we had local monero

<ravfx:xmr.mx> DataHoarder: does not work with normal current view keys, you still need the hardware wallet to generate the key images

20:05:27 <DataHoarder> but yeah. you can't export key images so it's useless except for seeing the confirmations

you don't need the key images to view incoming :P

not the same but there is haveno with the network using haveno being called retoswap

which you may know of as you said "It's sad that without KYC is impossible to buy crypto at normal prices"

<ravfx:xmr.mx> I very rarely use the ledger live thing. It's only to upgrade the firmware or monero app > <mlxdy> It have a lot of annoying popups and they try to sell their service for storing seed phrase online

<ravfx:xmr.mx> Ledger have to continue to make money once the crypto hype is gone

And goverment have to continiue to control their citizens

RavFX: have you tried to use Ledger as FIDO key?

<ravfx:xmr.mx> mlxdy: Yeah, it just work

<ravfx:xmr.mx> And I don't have to buy 3 to have proper backups 😂

<ravfx:xmr.mx> The seed backup the FIDO key too

Okay so what if you'll lose your ledger?

<ravfx:xmr.mx> mlxdy: I throw some monero dust at Amazon and get a new one?

<ravfx:xmr.mx> Ledger Nano S are cheap anyway

<ravfx:xmr.mx> Small, easy to hide...

<ravfx:xmr.mx> I have no idea why people want to one with big screen, Stax or something like that.. At that point it's when it become a toy

I've seen that, is fucking joke. It's not even normal screen but like these in Kindles haha

<ravfx:xmr.mx> I never lost a ledger, no idea why people do that too.

<ravfx:xmr.mx> I did damage a ledger one time (don't use it as a finger fidget... Ledger meeting a computer screen at very high velocity can damage it 😂)

haha

<ravfx:xmr.mx> mlxdy: Yeah, totally useless imo

<ravfx:xmr.mx> I think it's so you can view your -99% NFT or something

ravfx: were you referring to the capcom suicide batteries?

<ravfx:xmr.mx> Cindy: Yeah

<ravfx:xmr.mx> But good lithium batteries are reliable now, if it's to power only sram it should last forever assuming you plug it frmm time to time

<ravfx:xmr.mx> Maybe add extra light sensor circuit that also cut the juice to the sram, so if the person manage to open it without triggering the trap, then you have a backup trap

<ravfx:xmr.mx> I wonder if one can get a chinese to make case that embdeeb micro metal wire all around inside the plastic

why not just sniff the bus while the device is running

<ravfx:xmr.mx> Cindy: Because the private spend key won't leave the device. so you can't spy on it from USB.

<ravfx:xmr.mx> And if you want to dig inside to reach it's actual memory bus then at that point you will have triggered the battery trap

capcom actually had motorola produce them a special kind of 68000 that would decrypt data after fetching them from the bus

<ravfx:xmr.mx> Yeah, you can encrypt the ram and have your controller do all the encryption work too

<ravfx:xmr.mx> and if you like have the usb data link encrypted too

yeah like that

nothing wrong with being extra careful

<ravfx:xmr.mx> indeed

but are there any actual secure MCUs

like ones that aren't vulnerable to being tortured

<ravfx:xmr.mx> Ah yeah, there many option

<ravfx:xmr.mx> That hardest part might or might not be to implement the monero signing stuff. Have to do some math :) I should take a look at making my own signer, one day

<ravfx:xmr.mx> Cindy: YEah, extra protection.

<ravfx:xmr.mx> If someone manage to reach it without triggering any traps

ideally everything should be within the chip, like those TPMs

<ravfx:xmr.mx> If you can find one that have sram that would be ideal

<ravfx:xmr.mx> But yeah the secure mcu stuff are what's in Ledger and Trezors

20:22:57 <mlxdy> Okay so what if you'll lose your ledger?

did you backup seed words? :P

you can restore (or even use offline tools to generate the paths) and recover all material

the problem with secure MCUs is voltage glitching

ive heard of the STM32's read out protection being bypassed by just fucking with the power source

> stm32 > secure

<ravfx:xmr.mx> DataHoarder: Yeah, you can convert LEdger 24 words to Monero 25 words and just pluck it in Feather. Like in an emergency or something

they usually are external secure coprocessors

<ravfx:xmr.mx> Cindy: yeah, initial Trezor key leaking bug

<ravfx:xmr.mx> It's why you want the data stored in sram and have trap to erase it.

but it's becoming even better nowadays Cindy you can laser etch and do laser faults

ideally i'd want a fuse in the chip to get blown and permanently brick it if the voltage gets fucked with too much

i've seen that before i think

i'd rather want the hardware signer to die than to spill its secrets and live

<ravfx:xmr.mx> Have a boot counter in the code, that save in sram too.

<ravfx:xmr.mx> And have the usb power to be stabilitzed by the voltage regulator (the same that charge the battery)

they can unsolder it

<ravfx:xmr.mx> Actually save the boot counter in the internet eeprom

<ravfx:xmr.mx> internal eeprom**

:P

internet eeprom LOL

<ravfx:xmr.mx> That way if they can manage to open it without traping the traps, and power glitch it (rebooting it in the same process), boot counter will be more than 1, if boot counter > 1, blow the fuses

<ravfx:xmr.mx> It should never boot more than one time thanks to the nice lithium batteries

you can have this same issues on normal setups btw :P

so microcontroller will always be running?

^ sram like some bank tokens

<ravfx:xmr.mx> yes

<ravfx:xmr.mx> sram because it's don't really use power when idle.

<ravfx:xmr.mx> And there not vulnerable to cold boot attack

<ravfx:xmr.mx> once it lost power, all the transistor instantly unlatch

<ravfx:xmr.mx> microcontrollers probably have sleep modes too when not running.

<ravfx:xmr.mx> Would have to check there power consumption when idle and size the battery appropriatly (maybe so it last 3 months would be ideal).

<ravfx:xmr.mx> If only power the sram it would last years

also i thought SRAM was expensive

more expensive than DRAM

at least

<ravfx:xmr.mx> It's not like you need a lot of ram

<ravfx:xmr.mx> Don't you have a bucket of 486 cache chips somewhere or something?

<ravfx:xmr.mx> That's 32K, it's wayyyy too much for the need 😂

Cindy: it's expensive, but cpu caches are SRAM

and yeah. you just need a couple of bytes

also since the chip is external, wouldn't they be able to just, i dunno

unsolder the read/write pin and solder it permanently to be read?

by hooking it to ground?

<ravfx:xmr.mx> Cindy: That why the casing need to contain a trap, you know, so it lose power if you damage or open the case.

<ravfx:xmr.mx> Plus the SRAM you encrypt it, the key for it reside in the mcu

<ravfx:xmr.mx> And lets get real, most LE are arguably funny and will just crack it open and oops.

<ravfx:xmr.mx> Same for thiefs... Lets harvest the gold or something

not lose power btw

you need to flush, as it has data remanence

<ravfx:xmr.mx> DataHoarder: SRAM, not DRAM

SRAM

yes

it has data remanence

<ravfx:xmr.mx> For how long, considering it does not have the tiny capacitors...

even without power

DRAM needs the capacitors

<321bob321> EMP

this is from 2002

better attacks are done nowadays

so if you detect tamper cutting power is not enough, you should flush data first

and yeah, power bus issues :P cacm.acm.org/research-highlights/sr…separation-to-steal-on-chip-secrets

also btw

don't microcontrollers have a internal power-up counter register?

<ravfx:xmr.mx> Cindy: Some probably have yeah

<ravfx:xmr.mx> Research shows that SRAM can partially retain data for a few milliseconds under extremely low temperatures (below

minutes :P

modern research:

> Data retention in SRAM is also significantly increased with lowering the operation temperature of the SoC. Data may be retained for around 1 ½ hours at 75°C, 3 days at 50°C, nearly two months at 20°C, and approximately 3 years at 0°C.

note this is retaining specific bits, not entire content

<ravfx:xmr.mx> Your talking about a SOC, what about discreete SRAM chip?

similar numbers nowadays

see the first link

<ravfx:xmr.mx> This article introduces Volt Boot, a method for executing physical memory disclosure attacks on on-chip SRAM memories by exploiting SoCs’ power domain separation

<ravfx:xmr.mx> But if it's not in a SoC...

and the correlation to temperature

21:03:13 <DataHoarder> cl.cam.ac.uk/techreports/UCAM-CL-TR-536.html

this is old research that looks at chips

but it's become worse since then

<ravfx:xmr.mx> On-chip memories, primarily SRAM, are integrated directly into the processor die, offering greater security against physical attacks (for example, probing attacks11,26) compared to off-chip memories. Research shows that SRAM can partially retain data for a few milliseconds under extremely low temperatures (below

<ravfx:xmr.mx> –

<ravfx:xmr.mx> 110

<ravfx:xmr.mx> ∘

<ravfx:xmr.mx> C[... more lines follow, see mrelay.p2pool.observer/e/je-i0OEKbmZvUFI5 ]

<ravfx:xmr.mx> That specific article seam to be for attacking SoC sram

<ravfx:xmr.mx> Chip are more godies inside, probably micro capacitors too, right?

see again the first link

which is attacking chips directly

no.

it's sram

it doesn't have micro capacitors

<ravfx:xmr.mx> They say SoC

open the FIRST link

21:12:23 <DataHoarder> 21:03:13 <DataHoarder> cl.cam.ac.uk/techreports/UCAM-CL-TR-536.html

<ravfx:xmr.mx> Power domain separation. SoCs integrate numerous circuit blocks, each exhibiting unique analog characteristics. To meet stringent performance and power efficiency requirements, these blocks are divided into separate voltage domains. The power management unit (PMU) within the SoC dynamically manages the voltage levels for these domains at runtime, tailoring them to the workload of each domain.

<ravfx:xmr.mx> In modern, complex SoCs, dozens of off-chip supply pins connect to various power domains, enabling precise control over analog circuit behavior. This setup mitigates challenges such as ground bounce, power-supply noise, and per-pin current limitations. We broadly categorize the power-supply domains of an SoC into three main areas, as illustrated in Figure 2:

I linked that second one cause it was interesting while searching for papers that came from this

ravfx:xmr.mx: you are still reading the wrong paper

again open the first link

21:14:03 <DataHoarder> 21:12:23 <DataHoarder> 21:03:13 <DataHoarder> cl.cam.ac.uk/techreports/UCAM-CL-TR-536.html

that has the PDF

> We built a special circuit board for testing static RAM chips.

they even list the models

it's 2003, and has become worse over time

is there a SoC that literally kills itself over voltage glitching

instead of handling it as a regular hardware fault

it's weird that MCU manufacturers haven't done this

yes, see rpi talk on recent ccc

this had fault detectors

<ravfx:xmr.mx> as far as cold attack on sram, you still need to reach the chip to freeze it.

<ravfx:xmr.mx> At that point there is nothing truly secure

and they go over how some were also bypassed by doing locality attacks

well yeah, ravfx:xmr.mx, that is the point

you need tamper detectors to cover this :P

wait Cindy

wrong talk

THIS is the one youtube.com/watch?v=V5KvW4elzXU

> 39C3 - Of Boot Vectors and Double Glitches: Bypassing RP2350's Secure Boot

<ravfx:xmr.mx> YEah, the trap I mentionned about should cut the power when the casing is broken or open (micro wires embdeebed in the case, light sensor.

<ravfx:xmr.mx> Now would have to have also a temperature sensor that work with a different power source, that would write "random" all over the sram assuming it's getting cold

<ravfx:xmr.mx> Get a NEC D

<ravfx:xmr.mx> NEC D4364C :p

<ravfx:xmr.mx> mrelay.p2pool.observer/m/xmr.mx/epFasLlyHhklyvfAUKjcFzIb.png (clipboard.png)

<ravfx:xmr.mx> Anyway, assuming the sram is encrypted, it's just extra protection for the mcu. Just an extra anti tamper thing.

<ravfx:xmr.mx> more thing can break when you mess with it

then you read fuses from mcu to decrypt sram :P

you have all the time in the world

burning fuses takes relatively a lot of power, so you can't reliably burn these on the spot

<ravfx:xmr.mx> So what about, instead of cuting the power to the sram, what about writing just 1 or 0's in it?

<ravfx:xmr.mx> Cutting the power the moment the case is open

<ravfx:xmr.mx> writting 1's all over the moment the case is open/broken

<ravfx:xmr.mx> At an extra shenanigans that rely on some rf signal

<ravfx:xmr.mx> signal gone -> erase (like in an event the device is relocated)

<ravfx:xmr.mx> That way we can probably just use the mcu sram instead of having a dedicated chip.

<ravfx:xmr.mx> Or actually leave it on a seperate chip for more fun and shenanigans

<ravfx:xmr.mx> But normally people steal the stuff before cracking it apart

<ravfx:xmr.mx> ideally if someone want to make a custom hardware wallet, one could make it so it does not look like an hardware wallet or something weird .

<ravfx:xmr.mx> like some random idea

<ravfx:xmr.mx> mrelay.p2pool.observer/m/xmr.mx/hIqlmTFYiTZibrOPJUYPEqcc.png (clipboard.png)

<ravfx:xmr.mx> hidden in plein sight, on the fridge!

ravfx: cover the interior of the case with a magnetic strip

and then put magnetic sensors all over the board

<ravfx:xmr.mx> There plenty if space in that thing

<ravfx:xmr.mx> And if one day the thing that make bip bip on the fridge vanish, restore your keys and move the crypto to your backup 😂

<ravfx:xmr.mx> Cindy: Yeah, we could continue all day to try to add security measures

lol

or maybe just use a grapheneOS pixel

<ravfx:xmr.mx> not a phone

<ravfx:xmr.mx> thieve can be interessed into stealing it

<ravfx:xmr.mx> if you get raided by LE, they will also take it (they have a tendency of taking the connected computing stuff, phones and the weird stuff)

true

<ravfx:xmr.mx> At the end, the extra security measures wont be used if no one think it's interresting

throw your signer into space

and communicate over a satellite

nobody can go to space and get your signer

<ravfx:xmr.mx> Cindy: it's about 10K I think, launching a primitive small cube sat

<ravfx:xmr.mx> but then it's going to need to be registred and they will know where it is

also the internal components needs to be hardened against radition

radiation*

<ravfx:xmr.mx> yep, at the end it make a very expensive custom personal signer

<ravfx:xmr.mx> just leave the thing in plain sight, in the kitchen

21:49:54 <br-m> <ravfx:xmr.mx> but then it's going to need to be registred and they will know where it is

they also know where your butt is at all times :P