[lxgr]

You have to trust somebody when it comes to hardware devices.

If you don't do anything, that includes the OEM, their supply chain, your delivery courier, an evil maid etc.

If you have the choice of reducing that list to only the OEM, isn't that a win? That's what attestation does.

[fooker]

Might as well trust a bank.

[dools]

> You have to trust somebody

I know, all the time, and thus the entire premise of crypto is flawed, as are the libertarian ideals that birthed it.

[PretzelPirate]

> trustless system

Crypto let's you choose who to trust. You can build your own wallet, you can buy one, or you can choose to let someone hold your assets for you.

Many people will choose to trust large centralized parties, and some will choose to generate their own keys offline with code they've verified.

Do they have to trust that any cryptographic libraries they use generate seeds properly? Yes, but there are plenty to choose from that are well known, well tested, and the developers are funded.

It's not as simple as saying "the entire premise of crypto currency is flawed because you have to have some trust." The people that much of the crypto community don't trust are large bankers and governments.

[lottin]

Nobody can build their own wallet directly from raw materials. Even in the very unlikely event that they had the know-how, they would still require highly specialised equipment manufactured by third parties. Therefore users of "crypto" have no option but to rely on goods and services provided by third parties just like everybody else. And the extent to which consumers can choose which parties to rely on (or "trust") depends entirely on the degree of competition in the market. Crypto isn't special with regards to trust. Calling it "trustless" is false advertising.

[mattdesl]

It’s not that hard to build your own wallet software, or if you really want, a paper wallet using dice and a pen.

But frankly it’s not that different than cryptography as a whole: nobody implements ECDSA themselves, or builds the computer that runs it, or smelt the metal and assemble transistors that runs the computer, or whatever. There is no such thing as “absolute lack of trust” but some protocols can be “less trust requiring” than others—e.g. more “trustless.”

[lottin]

How does a "paper wallet" work? I thought a wallet in order to work had to interact with other wallets?

[pjc50]

Surprisingly, no. All a "wallet" has to do is compute a signature using a private key. Then the resulting transaction has to be sent to a "mining" node (or the "mempool" of a group of nodes) and wait until one of them incorporates it into a transaction, computes fourty trillion hashes and then throws all but one of them away, and broadcasts the resulting signed block to the network.

Because there is no confirmation on sending bitcoin "into" a wallet, no action is required at all to receive and store it. It's only cashing out where it gets difficult. It also makes it possible to send to inaccessible or nonexistant wallets.

[mattdesl]

Wallets tend to have two main features: A) generate random private keys and B) given some private key, sign a transaction and broadcast this message to the network.

Pen, paper, and some dice (and a bit of work) can generate a private key for step A, which you can input into a hardware wallet, and which would have prevented the problem in the OP.

It’s also possible to write your own wallet software or use a “trusted” tool (eg: openssl or node) to create a private key, rather than rely on a random app or device off eBay to generate it for you.

The B) part is harder to do with pen and paper or an off-the-shelf tool as it involves a fair bit of protocol specific math—but it’s also harder to target in a hardware wallet supply chain attack.

[friend_and_foe]

I wouldn't say that.

So pure trustlessness start to finish is impossible. All information exchange requires shared protocols, and this necessitates trust. The idea here is to design protocols which, once the initial setup is complete, trust is no longer a factor.

This isn't just limited to cryptocurrency, it applies to all cryptography, and more broadly, to all security measures of any kind. Key exchange requires initial trust. The idea is that you do the due diligence to get set up, then you don't have to sweat it after. To say the entire system is flawed because setup requires trust is to say that all security measures are pointless.

[mattdesl]

“Trustless” is one of those crappy words that implies there is zero trust in the system. Obviously this is not true - you trust the protocol, the contracts, the hardware wallet supply chain. Hell, you have to trust that ECDSA is not broken.

Still, when we talk about ECDSA and other cryptographic protocols, you can use them without being forced to place your trust in the hands of a single person or private company. There isn’t really a great term to describe that ethos, so “trustless” is often used in place.