Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    bitcoinhodler
    @bitcoinhodler
    So in order for the attacker to extract any info, they would need to compromise both GlacierScript (at the time you build your APP USBs), and coinb.in (at the time you build your withdrawal).
    Although -- there is one form of attack that might be possible, a "chosen nonce attack", where the signatures in the transaction can reveal a part of your private key. If the attacker could compromise GlacierScript to create such signatures, they could scan the blockchain for your withdrawals and possibly determine your private key. Since Glacier reuses addresses, this could be effective.
    I don't think such an attack is possible IF you use an uncompromised Bitcoin Core for signing transactions. And GlacierScript does so, and it has been reviewed and audited by many people (including myself), so I am confident in its security.
    Note: any wallet system will have the same kinds of attack vectors. In this regard, Glacier is better than any other system I'm aware of.
    hellosa-sa
    @hellosa-sa
    Thanks for that explanation. Which software package is responsible for generating the private keys?
    bitcoinhodler
    @bitcoinhodler
    Good question. That comes from GlacierScript itself, specifically this code here: https://github.com/GlacierProtocol/GlacierProtocol/blob/bda9582eda7280f6b154d63eb1c5359ab76fe369/glacierscript.py#L635
    Which, if compromised, could generate keys known to the attacker.
    hellosa-sa
    @hellosa-sa
    But in your view, have even the latest releases Of Glacier been reviewed thoroughly enough to support the idea that the code remains well-reviewed? I know many people reviewed and commented on earlier versions, but that enthusiasm from some of the other contributors dropped off over time. What would keep someone from slipping something malicious into the code now that not as many people are looking? Are all modifications to the code, however small, closely monitored?
    bitcoinhodler
    @bitcoinhodler
    The code that is currently released in Glacier has been thoroughly reviewed, yes.
    bitcoinhodler
    @bitcoinhodler
    You can look at the history of PRs to confirm this: https://github.com/GlacierProtocol/GlacierProtocol/pulls?q=is%3Apr+is%3Aclosed
    hellosa-sa
    @hellosa-sa
    Not specifically a Glacier question, but 2-of-4 is the default, or at least the example, in the protocol. Is there any good discussion published on how to best decide which m-of-n scheme to choose based on different user circumstances?
    bitcoinhodler
    @bitcoinhodler
    IIRC Glacier recommends 2-of-5 if you are entrusting keys to other people. But generally no, I'm not aware of any such discussion.
    hellosa-sa
    @hellosa-sa
    For anyone who might have private keys stored in bank safe deposit boxes as part of their Glacier Protocol, here's something to consider - I was granted access to my safe deposit box yesterday while wearing a medical mask. I was never asked to remove the mask so that they could verify my identity. Granted, I did still have to show my ID and had to have the key to my box, but it was still a bit shocking. Any person with similar physical characteristics to me could have pulled this off if they had my ID and safe key. This helped me understand that bank safe deposit boxes aren't as secure as I once believed them to be.
    bitcoinhodler
    @bitcoinhodler
    I have tested GlacierScript with Bitcoin Core v0.20.0rc2 (upcoming release). No changes needed. (Although, thanks to bug #38, Glacier is broken anyway, and nobody seems to care.)
    634-5789
    @634-5789
    I failed to withdraw a recent utxo from a 0.91beta glacier address. Is there a known compatibility issue? Older utxos work fine.
    634-5789
    @634-5789
    KeyError: ‘addresses‘ when entering the raw transaction of said utxo.
    634-5789
    @634-5789
    The output that’s not working was generated by a wasabi wallet.
    634-5789
    @634-5789
    The transaction has a segwit output. I think Bitcoin Core 0.14 can’t handle this, right?
    634-5789
    @634-5789
    Guess I have to go through updating to the latest Bitcoin Core. Thanks for this https://gist.github.com/bitcoinhodler/8be823fae7b46e924caa594abdde3bd0 @bitcoinhodler you contribution is very much appreciated.
    hellosa-sa
    @hellosa-sa
    @bitcoinhodler I second the appreciation for your contributions. If you are accepting btc donations I’d be happy to send one for the help you provided me and others. I would encourage others to do the same. We need to keep this project going and up to date
    bitcoinhodler
    @bitcoinhodler
    I believe you encountered GlacierProtocol/GlacierProtocol#14
    bitcoinhodler
    @bitcoinhodler
    No donations needed, but I appreciate the gesture. What this project needs is a public maintainer with a reputation to uphold. And more coders to review pull requests.
    634-5789
    @634-5789
    Wasn't Jameson Lopp involved lately? He'd meet the requirements for a public maintainer.
    And thanks for pointing out issue #14, must be this. I'll test it later this week.
    bitcoinhodler
    @bitcoinhodler
    Lopp was involved for a few minutes but hasn't been seen in months.
    I've added a warning to my gist to be careful and do your own research. Don't blindly trust those instructions. They have not been reviewed by the wider Glacier community (if there is such a thing) and if I wanted to be malicious I could direct you to download a hacked Bitcoin Core that sends all your coins to me.