subzero
subzero copied to clipboard
square
Block's Bitcoin Cold Storage solution.
https://github.com/square/subzero/blob/1576d76a060fd74dee98f24beb6f35756cee6bf8/java/shared/pom.xml#L40 CVE-2018-1000613 CVE-2018-1000180 CVE-2017-13098 CVE-2020-26939 Recommended upgrade version:: 1.61
nCipher released the Security World Software version 12.60.11 on 2020-07-02 as GA release. This change builds the live image with SecWorld_Lin64-12.60.11.iso and Codesafe_Lin64-12.63.0.iso. Tested with a test transaction.
There are undoubtedly risks associated with usage of this cold storage protocol, with threats originating from the initialization (key gen, software installation and verification, etc.) to the operation (transactions and...
`.setCurrency(Wallet.Currency.TEST_NET)` is incorrect. We probably need to add a currency flag to InitWalletRequest and then make sure we use the proper currency everywhere.
The dev/staging experience can be improved in two ways: - support having multiple wallets on a single machine - support automatically initializing+finalizing wallets
The graphical UI code was an afterthought (the initial design was a command line tool). As a result, the code doesn't use the right design patterns (e.g. there's no MVC)....
Xor was simpler to implement but hmac would be cleaner.
We could improve the java code by implementing additional validation. E.g. prev tx hash is expected to be a specific length.
At startup, the DVD spends time configuring unnecessary services. A large portion of the boot time could be reduced by disabling unneeded services.
The segwit code in java/ predates Segwit support in BitcoinJ. We can probably clean some things up.