Bitcoin.Review Podcast with NVK & Guests BR093 - ECDSA Key Extraction, ESP32 Security Concerns, COLDCARD, Cove Wallet, Krux, Nunchuk, Invalid Mining Jobs, Javascript Injection Attack, CTV Back on the table? + MORE ft. Rob & Vivek
Mar 13, 2025
In this conversation with Rob Hamilton, a Bitcoin security expert from Anchor Watch, the focus is on vital issues in cryptocurrency security. They dive into ECDSA vulnerabilities and the importance of robust cryptographic practices. Rob and host Vivek discuss hardware wallet security, particularly regarding ESP32 technology. The duo also covers advancements in wallet policies and the significance of user-friendly security measures. Additionally, they explore the evolving landscape of Bitcoin mining technologies and the growing sophistication of cybersecurity threats.
AI Snips
Chapters
Transcript
Episode notes
JavaScript Cryptography Warning
- Avoid JavaScript libraries for cryptography due to security risks.
- Use C versions or other alternatives for implementing cryptography.
ECDSA Key Extraction Vulnerability
- Accepting hex strings as input types can introduce vulnerabilities, as seen in the ECDSA key extraction issue.
- Type checking and robust input validation are crucial for secure cryptographic implementations.
ESP32 Security Concerns
- The ESP32 is unsuitable for security-sensitive applications like Bitcoin wallets.
- Its design flaws and vulnerabilities make it inappropriate for protecting cryptocurrency.