--- Log opened Sun Dec 20 00:00:51 2020
00:12 -!- shesek [~shesek@164.90.217.137] has joined #rust-bitcoin
00:12 -!- shesek [~shesek@164.90.217.137] has quit [Changing host]
00:12 -!- shesek [~shesek@unaffiliated/shesek] has joined #rust-bitcoin
00:14 -!- shesek [~shesek@unaffiliated/shesek] has quit [Remote host closed the connection]
00:14 -!- shesek [~shesek@unaffiliated/shesek] has joined #rust-bitcoin
01:18 -!- jeremyrubin [~jr@c-73-15-215-148.hsd1.ca.comcast.net] has quit [Ping timeout: 264 seconds]
03:00 -!- shesek [~shesek@unaffiliated/shesek] has quit [Remote host closed the connection]
04:26 < sgeisler> I think #499 is ready for a (hopefully final) second review andytoshi, stevenroose
05:16 -!- DeanWeen [~dean@gateway/tor-sasl/deanguss] has quit [Remote host closed the connection]
05:16 -!- DeanWeen [~dean@gateway/tor-sasl/deanguss] has joined #rust-bitcoin
06:32 -!- titanbiscuit [~tbisk@104.200.131.166] has quit [Remote host closed the connection]
06:37 -!- titanbiscuit [~tbisk@104.200.131.173] has joined #rust-bitcoin
07:57 -!- belcher_ [~belcher@unaffiliated/belcher] has joined #rust-bitcoin
08:01 -!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 256 seconds]
10:11 -!- jrawsthorne [~jrawsthor@static.235.41.217.95.clients.your-server.de] has quit [Read error: Connection reset by peer]
10:12 -!- jrawsthorne [~jrawsthor@static.235.41.217.95.clients.your-server.de] has joined #rust-bitcoin
10:24 -!- jrawsthorne [~jrawsthor@static.235.41.217.95.clients.your-server.de] has quit [Read error: Connection reset by peer]
10:25 -!- jrawsthorne [~jrawsthor@static.235.41.217.95.clients.your-server.de] has joined #rust-bitcoin
10:27 -!- jrawsthorne [~jrawsthor@static.235.41.217.95.clients.your-server.de] has quit [Read error: Connection reset by peer]
10:27 -!- jrawsthorne [~jrawsthor@static.235.41.217.95.clients.your-server.de] has joined #rust-bitcoin
10:42 < cloudhead> anyone know if there's a rust library for interacting with the ledger nano?
10:44 < andytoshi> iirc "not really"
10:44 < andytoshi> there's one on crates that has a massive dep tree that i wouldn't touch
10:44 < andytoshi> and there's one i wrote as part of icboc which only supports some versions of the nano and it's incomplete
10:46 < cloudhead> ok I see, thanks
10:46 < cloudhead> any suggestions on another way to store keys via rust, that is reasonably secure?
10:46 < andytoshi> "don't" :P
10:47 < andytoshi> maybe check out https://crates.io/crates/memsec ?
10:47 < sgeisler> cloudhead: I haven't used it, but there is https://github.com/bitcoindevkit/rust-hwi with a quite horrible dependency graph (rust calling a python script (HWI) using a c library to communicate with the device)
10:47 < andytoshi> oh actually that may be pure rust, i wouldn't trust that
10:47 < andytoshi> look for bindings to libsodium or libgcrypt
10:48 < cloudhead> I guess I could prompt for seed-phrase and keep it in memory
10:48 < andytoshi> cloudhead: why do you have secrets off of secure hardware? or are you writing rust code for secure hardware?
10:48 < cloudhead> sgeisler: oh god!
10:49 < cloudhead> andytoshi: that's the thing, I'd rather the keys stay on secure hardware, but I'd like to create a proof of concept wallet for my light client
10:50 < cloudhead> so I can "make sure it works"
10:50 < andytoshi> so, the thing is that using rust's default allocator and no weird tricks, there is no way to keep it from copying your keys around your program's memory all over the place
10:50 < andytoshi> so then any unsafe code could potentially access it
10:51 < cloudhead> I see, which is where memsec can help
10:51 < andytoshi> right
10:51 < andytoshi> so, libgcrypt and libsodium both have APIs for this which will work on linux and windows
10:51 < andytoshi> and mac i guess
10:51 < sgeisler> re rust-HWI: I mean it probably is the most pragmatic approach given how horrible the ledger protocol is. There is a crate for "raw" ledger communication and I built a hacky PoC using it, but making it PSBT compatible is super annoying.
10:51 < cloudhead> I've used https://github.com/myfreeweb/secstr in the past
10:52 < andytoshi> so this has two benefits over doing it in rust ... 1 is that it's more likely to be effective, 2 is that it's across the FFI boundary so rust is unlikely to undermine you
10:52 < cloudhead> that makes sense
10:52 < andytoshi> cloudhead: that looks like it's doing the right things, from the readme
10:53 < andytoshi> yeah i am tempted to start advising the gmaxwell "bitcoin core on an old laptop" hww strategy
10:53 < andytoshi> but this is really a PITA to travel with
10:53 < cloudhead> ok good to know
10:54 < cloudhead> yeah, tbh I don't like the idea of a desktop wallet at all
10:54 < andytoshi> ledger protocol is a giant pile of shit and all of their surrounding code is insane (mountains of js, reporting all of your actions to their server, them leaking your email and shit). plus their crypto code is closed source
10:54 < andytoshi> and trezor and coldcard are flagrantly non-constant-time
10:54 < cloudhead> but need something to test the client that is reasonable
10:54 < cloudhead> ugh
10:55 < andytoshi> sgeisler: is working on porting libsecp-zkp to the trezor, so we could maybe come up with an alt firmware for it
10:55 < cloudhead> ah interesting
11:00 < cloudhead> ok thank you both, I think I have an idea of what to do
11:01 < andytoshi> oops i misspoke
11:02 < andytoshi> i meant coldcard
11:02 < andytoshi> definitely not trezor
11:02 < andytoshi> regarding sgeisler
11:07 -!- jeremyrubin [~jr@c-73-15-215-148.hsd1.ca.comcast.net] has joined #rust-bitcoin
11:46 -!- belcher_ is now known as belcher
11:52 -!- jeremyrubin [~jr@c-73-15-215-148.hsd1.ca.comcast.net] has quit [Ping timeout: 265 seconds]
12:22 < andytoshi> 499 looks great. running local scripts on it then will ack
12:45 -!- jeremyrubin [~jr@2607:fb90:46a:1b35:300e:3023:6b28:256b] has joined #rust-bitcoin
12:50 < sgeisler> andytoshi: which scripts are these? Isn't everything tested by CI anyway?
13:18 < andytoshi> sgeisler: (a) no, even if CI is working then it doesn't test every commit
13:18 < andytoshi> (b) no, sometimes it's just lying
13:18 < andytoshi> (c) it doesn't record the stuff that it does in a usable/permanent way
13:19 < andytoshi> let me publish my scripts .. thuogh i'm not sure they're very generally useful because i haven't documented them super well
13:19 < sgeisler> good to know, that's terrifying, gotta do that too then, so far I kinda trusted travis except if I was debugging stuff
13:21 < andytoshi> https://github.com/apoelstra/git-scripts/blob/master/check.py
13:22 < andytoshi> see https://github.com/rust-bitcoin/bitcoin_hashes/pull/107 and https://github.com/rust-bitcoin/bitcoin_hashes/pull/66 for travis failing to check things
13:22 < andytoshi> sgeisler: eh, well, just test things locally that you're going to ACK. unfortunate that there's no good way to test on weird arches aside from CI
13:28 < andytoshi> 499 merged
13:29 -!- jeremyrubin [~jr@2607:fb90:46a:1b35:300e:3023:6b28:256b] has quit [Ping timeout: 260 seconds]
13:31 < andytoshi> only thing left blocking release is https://github.com/rust-bitcoin/rust-bitcoin/pull/498 which needs a rebase and also has some open questions about rustc coherency rules. going to punt on it and start working on a release without it
13:31 < andytoshi> dr-orlovsky: stevenroose: sgeisler: let me know if you have anything lingering that you really want in the next release
13:48 -!- jeremyrubin [~jr@c-24-4-205-116.hsd1.ca.comcast.net] has joined #rust-bitcoin
15:39 -!- tibo [~tibo@2400:4050:2a83:7000:44d0:f07f:7311:7e31] has joined #rust-bitcoin
16:46 -!- fjahr [sid374480@gateway/web/irccloud.com/x-kgzulwjjzuyevisv] has quit [Ping timeout: 264 seconds]
16:47 -!- fjahr [sid374480@gateway/web/irccloud.com/x-rtehnbkvgybyoxca] has joined #rust-bitcoin
16:57 -!- Netsplit *.net <-> *.split quits: dr-orlovsky, jonatack, early, jrawsthorne, darosior, jeremyrubin
17:17 -!- Netsplit over, joins: dr-orlovsky, jeremyrubin, jonatack, darosior, early, jrawsthorne
21:56 < tibo> Anybody knows if there somewhere on the rust-bitcoin ecosystem a way to generate Low R signatures? (like it was implemented in bitcoin core here: https://github.com/bitcoin/bitcoin/pull/13666) I couldn't find anything after a quick search.
--- Log closed Mon Dec 21 00:00:53 2020