Author: Will 2015-02-03 22:58:10
Published on: 2015-02-03T22:58:10+00:00
The conversation focuses on the security of Bitcoin transactions and the use of multisig authorization. The risk of using other channels such as desktop browsers, browser extensions, SMS or mobile apps is discussed with examples of phishing attacks that bypass phone 2FA. It is suggested that hardened single purpose computers are more secure than other channels when involved in multisig authorization. However, it is important that the devices used to input the two signatures cannot be in the same band to avoid MITM attacks. The use of small hardware devices such as TREZOR with BIP70 support and third-party cosigning services is recommended as a solution. A standard for passing partially signed transactions around might make sense in the future. The key is to make bitcoin invisible to the user and integrate it with apps running from popular OS's.
Updated on: 2023-06-09T16:24:47.687981+00:00