Two Heads Are Better than One

Cheap Security Enhancement for Every Hardware Wallet Setup

Not your Entropy, Not your Seed

Do you use a hardware wallet? How were your seed words generated? Perhaps you simply took the first set of words provided to you by the hardware wallet, trusting it used a suitable entropy source. If you are a more advanced user, perhaps you entered dice rolls or a randomly selected piece of data into your hardware wallet. Still, how can you be sure the resulting seed words are derived from those dice rolls? How can you rule out being the victim of a bait-and-switch? Certainly when dealing with larger holdings of Bitcoin, I would sleep better at night if I had more transparency into this process.

Are You My Address?

The ability to audit doesn’t stop at the seed words though. You have probably been taking hardware wallet-generated addresses at face value as well. Yes, it is certainly true that the very act of entering your seed words into a hardware wallet presupposes a certain level of trust in the hardware, firmware and manufacturer, depending on the specifics of the hardware wallet. However, perhaps an attacker (even the manufacturer?) finds it difficult to access the seed words on your hardware wallet, but easy to plant an address for you to use? There is also the frightening possibility that even an honest hardware wallet contains a bug causing it to generate a dead-end-address, leading you to send your Bitcoins off into the void?

But Who Audits the Auditor?

But perhaps the Burrow contains malicious code or a bug! I’m a nice guy, but you don’t know me! You shouldn’t rely on me! Well, therein lies the beauty of this “auditor pair” approach. Security solutions that call for experts often use pairs of experts to audit each other. Just as the Burrow audits the hardware wallet, the hardware wallet audits the Burrow. Insofar as the hardware wallet and the Burrow are independent of one another, if the set of addresses match then you have enormous confidence in the integrity of the generated addresses. In effect, the Burrow and the hardware wallet are performing a joint audit on their independently generated work.

There’s a Place for Us

The Rudefox Burrow is a cheap way to add confidence in your hardware wallet solution which, incidentally, does not add to “process fatigue” (because you only perform the audit during the initial setup), and does not require a routine extra effort. So, follow me on Twitter to find out when I release the Burrow and the code (I expect to do it soon™) or reach out via Twitter DM and I’ll coach you through creating a tailored solution that suits your individual needs and doesn’t rely on trusting me or anyone else.

UPDATE: Initial Release of Rudefox Burrow

Read about the Initial Release of Burrow or proceed to the Quick Start to try it out.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
B.J. Dweck

Bitcoin Coding, Custody Solutions & Seminars | Austrian Econ | Voluntarism | Authentic Parenting | NVC | PET | Project-Based Learning | Recovering Carb Addict