Author: Hugo Nguyen 2021-02-11 13:45:33
Published on: 2021-02-11T13:45:33+00:00
In an email exchange between Pavol Rusnak and Hugo Nguyen, Pavol pointed out that the encryption key scheme used might be vulnerable to a rainbow table attack. Hugo agreed and suggested using a different scheme for better security, which involves generating a nonce and using it with HMAC-SHA256 to obtain the encryption key. The description is provided by the user, and the coordinator distributes the description along with the nonces to the signers. However, this new scheme requires a manual entry of shared secrets, which can impact UX. Christopher Allen raised concerns about reusing XPUBs inside different multisig wallets because loss of privacy in one wallet will affect the privacy of other wallets. Hugo agreed with Christopher and said that unique XPUBs should be used for each wallet to firewall them from each other. To address trust issues, Hugo suggested using a shared secret approach where the TOKEN doubles as a session ID to establish a common state on both sides. Pavol also asked about disabling encryption, but Hugo thought that not all use cases might require encryption and making it mandatory could be an overkill.
Updated on: 2023-06-14T17:27:08.230929+00:00