-
TheCharlatan
What is the point of not exporting a view key from a hardware wallet?
-
UkoeHB_
hardware wallets are for secure key management, so maybe you are concerned about the view key getting stolen
-
TheCharlatan
It should be protecting the view key from malware on your machine, right?
-
UkoeHB_
if that's where you would export it, I suppose so
-
TheCharlatan
I think it does not make any sense. You still have to do input selection, amount entering, amount masking, broadcasting, address entering and a bunch of other things on the host.
-
TheCharlatan
If you assume that your host is malicious, the host has all this information.
-
TheCharlatan
Which is effectively what you are trying not to expose by not exporting the view key.
-
TheCharlatan
Never mind that scanning will introduce a bunch of side channels that are probably hard to mitigate on the hardware wallet itself.
-
UkoeHB_
well once someone has your view key they will know about all the outputs you own indefinitely, and if they also know your normal address public spend key they can generate all your subaddresses which is quite useful for large-scale attacks
-
TheCharlatan
Besides, there is always the potential for the malicious host to embed metadata in the unsigned transaction that is not detected by the hardware wallet, but perfectly visible as a tag from the outside.
-
TheCharlatan
So the answer is forward secrecy in case you encounter a non-malicious host?
-
UkoeHB_
seems that way
-
UkoeHB_
forward secrecy for owned outputs, and lessens the chance a malicious host will learn your full set of subaddresses
-
TheCharlatan
seems like a high price to pay for that :/
-
Isthmus
-
Isthmus
How malformed can a transaction be and still calculate a tx_ID?
-
Isthmus
Note that you can just move the attack back by one function.
-
Isthmus
i.e. start with a valid transaction, fix 2 of the 3 inputs, and find a collision one of the subfields like one-time address or public
-
Isthmus
(assuming the verification is being carried out by Core codebase)
-
moneromooo
If it parses, it should have a txid, whatever the semantics of what gets parsed.
-
moneromooo
Parses meaning it can find all the stuff it wants. Inputs, outputs, proofs, etc.
-
» Isthmus nods
-
Isthmus
Thanks
-
Isthmus
If my node hears a fluffy block containing a certain hash, but I don't receive a copy of the transaction, how long will my node wait before writing off the block as bad/
-
Isthmus
s///?
-
Isthmus
dang
-
Isthmus
s/in ha/in transaction ha
-
monerobux
Isthmus meant to say: If my node hears a fluffy block containing a certain transaction hash, but I don't receive a copy of the transaction, how long will my node wait before writing off the block as bad/
-
moneromooo
It will not write it off as bad.