ALMOST through the hardest parts of @SeedSigner's PSBT review screens.
BIG breakthrough: realizing we can confirm change addrs much more easily than previously thought!
We can instantly provide assurances that single sig change addrs are legit. Multisig requires a 2nd step.
"35c5d905: change #0" means:
* For the seed that we selected to sign this psbt (ID'ed by its fingerprint)...
* The addr from the psbt was confirmed to match the seed's first (#0) change addr.
This is undeniably my seed's correct change addr. My change is not being stolen.
And, yes, probably the "confirmed address for seed" label could be improved. So f'n hard to convey complex concepts in limited real estate!
"confirmed change address"?
"confirmed from seed"?
"seed ownership confirmed"? (meh)
I really want the word "confirmed" in there.
For multisig the user would (optionally) scan in their "known-good" multisig wallet descriptor and compare that with the one in the psbt.
If they match, we can do the same sanity check on the change addr that we did for single sig.
Maybe keep it short and sweet?
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Experimenting with this @SeedSigner PSBT warning screen.
If your coordinator software gives you an evil PSBT that steals your change output, this would call that out.
But legit txs can obv be a full spend, too.
So too scary or confusing for noobs? Better wording ideas?
Obv a noob could misconstrue "input value" with "OMG is it stealing my WHOLE WALLET?!!"
But I think noobs are unlikely to ever construct a tx that spends exactly a whole utxo (and so wouldn't see this warning) unless they're actually sweeping their whole wallet.
The other possibility is that they're trying to sign with the wrong key.
(though me may be able to prevent this from happening, too)
Learning a lot more about what info @SeedSigner can pull out of a #Bitcoin PSBT.
What if you try to sign a PSBT w/the wrong seed? How do we detect that it is the wrong seed? Should we try to stop you or are there edge cases where it's better to let you try?
Live demo thus far!
@SeedSigner IF it makes sense to still offer the "Sign PSBT" button on what looks like the wrong seed, how should that be indicated?
The added question mark isn't super helpful, but there isn't much room to work with either.
And how does the seed/PSBT check work? We check each input utxo's `bip32_derivations` list which is generated by the `embit` library.
IF we find derivations AND the fingerprint within at least one of them matches our seed, THEN we know it's a valid seed for that PSBT.
Been collecting random easy-to-source metal plates to try to work out a super low budget, under-the-radar version of the awesome @SeedSigner SeedQR plates that @SeedMint21 has been testing.
My improvised versions obv won't be as nice nor as durable, though.
These credit card-sized bottle openers (wha..., why?) make the best impression of the bunch. Thicker and studier than they look. Shiny, smooth, w/nice rounded edges.
No indication of what grade of stainless steel. Assume meh.
Also testing a new QR template using dot targets instead of the inner grid, as suggested by @SeedMint21.
I think the dot targets are a bit better; there's less visual clutter. The overall scale on these plates is pretty small, but it's all easier on my eyes than I expected.
Here was the beginning of the end. Cracked the thick hammer bar but was able to finish this one.
The next two (not on video) were total failures in multiple ways. The jig itself just has too much wobble in its vertical guides. And acrylic just isn't strong enough, apparently.
The ideal jig would be something like a set of female headers, but loose and deep enough to directly contact the male headers' plastic base (there's no way to avoid dirty imagery here!) so that the force lands there instead of up at the pins. Much less room for error/skew.