Jump to content


  • Posts

  • Joined

  • Last visited

1 Follower

Contact Methods

  • Website URL

Profile Information

  • Gender
  • Occupation
    Software Developer

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

RareData's Achievements

  1. 1. Security first. 2. We're two people. 3. Under-promise, over-deliver.
  2. The Ledger FLR app is a separate Towo Labs project. It's not a requirement for Ledger users to access FLR. The existing Ledger ETH app can also be used with Flare. The FLR app simply improves some UI/UX aspects. We target FTSO functionality for launch, but things like NFTs will have to come later. The beta is a gradual rollout, we will clarify. We advice users to get an empty wallet with a 12 or 24 word recovery phrase and with known Flare support. MetaMask is ideal and set its ETH address as message key. You can then use MetaMask to access Flare directly by adding a custom network, instructions will be published before launch. If for some unexpected reason Bifrost is delayed, you can still access Flare right away. If you wish, you can import your MetaMask to Bifrost Wallet once launched and keep using both or stop using MetaMask, if Bifrost has all features you need. Your addresses will be the same in both wallets, but Bifrost is multi-chain and will give access to LTC, DOGE, (...) addresses with no additional backup needed. Regarding multiple addresses, for the best user experience we recommend to use the first ETH address. If you use later addresses, you will need to switch between them.
  3. Towo Labs now runs an XRP Ledger validator from Pionen White Mountains, a former nuclear bunker 30 meters beneath the streets of Stockholm, Sweden. The data center is owned and run by Bahnhof, Sweden's oldest independent ISP, known to stand up for privacy and free speech. Twitter Announcement https://twitter.com/TowoLabs/status/1362733001835245574 Technical Specification Custom bare-metal server 3.4 GHz hexa-core CPU 64 GB DDR4 RAM Hardware RNG Mirrored NVMe SSDs Redundant PSUs 1 Gbit/s network link Master Public Key nHUtmbn4ALrdU6U8pmd8AMt4qKTdZTbYJ3u1LHyAzXga3Zuopv5Y Ephemeral Public Key (2021-02-19) n9JkSnNqXxEct1t78dwVZDjq7PsznXtukxjyGvGJr4TdwVSbd7DJ XRP Ledger TOML File https://www.towolabs.com/.well-known/xrp-ledger.toml By proving excellent uptime and reliability in the coming months, we hope to be included on the unique node lists published by Coil, Ripple and hopefully also the XRP Ledger Foundation before EOY 2021. If you're a validator operator or validator list publisher and would like to perform additional due diligence before adding our validator to your UNL, feel free to contact us in a DM on Twitter (@TowoLabs) or by email (see TOML file).
  4. Crunchbase is spreading misinformation. Towo Labs has received an investment from Xpring, but has not been acquired by Ripple.
  5. I was mostly referring to objects placed by the account under deletion. Performing the DoS you described would cost an attacker >= 5 XRP + 1 drop per account.
  6. For code simplicity and reducing the risk of severe harm to the XRP ledger, in case the audit does miss something, I strongly suggest the account has to do a full cleanup. If the intention is to delete an account, the owner typically wants to recover locked XRP above the minimum account reserve anyway.
  7. Please carefully consider dedicated signing devices or other airgapped systems, they may not have the luxury of performing lookups on the XRP ledger, to know if they've hit their limits. Also consider that extra logic or implementation requirements, to differentiate between full and light accounts, can easily get messy. Third-parties integrating with the XRP ledger should not be forced to rearrange items on their roadmaps or add new ones.
  8. It's only "critical" in the sense that Chrome 72 broke support for U2F, so if you updated your browser, your Ledger, Bitbox, Trezor, Secalot etc. would timeout incorrectly and not work with a few interfaces like XRP Toolkit and MyCrypto. As the new browser and old firmware was no longer compatible after Google's update. That's it. Source: https://support.ledger.com/hc/en-us/articles/360018810413-U2F-timeout-in-Chrome-browser
  9. This is ridiculous... Why don't you just generate a 24 word seed and derive an XRP account/secret "to deposit your XRP" manually. Why on earth would you buy a Ledger Nano S just for deriving an account and then destroy the device? If you take a look at this infographic: https://developers.ripple.com/set-up-secure-signing.html#use-a-dedicated-signing-device You'll see that hardware wallets are meant to be used, not just collect dust. They are literally the only way to achieve trustless transaction signing, without having to trust a computer or phone. Sooner rather than later, you'll e.g. be able to set trust lines (participate in airdrops) and trade on the DEX using your Ledger device. Like everything else with embedded software, including your home router, its firmware should be updated regularly. For hardware wallets, this is to protect against newly discovered vulnerabilities requiring physical access to the device and specialized lab equipment to exploit. Yet, Ledger always patches them, despite their incredibly low probability of affecting anyone. Compared to a software wallet, if your computer or phone with a much larger attack surface is compromised, any running software wallet would be compromised too. Your hardware wallet remains secure, even when connected to a compromised computer or interface. That's part of their security model and the only reason to use one in the first place.
  10. You might be interested in the XRP Toolkit roadmap: https://gitlab.com/xrptoolkit/xrptoolkit-client I really appreciate user suggestions and feedback, feel free to reach out afterwards.
  11. Well, here go you Bob, let me know what you think: https://medium.com/xrp-toolkit/on-a-mission-to-fix-the-lacking-hardware-wallet-xrp-support-f458d962768d
  12. Well, here go you Bob, let me know what you think: https://medium.com/xrp-toolkit/on-a-mission-to-fix-the-lacking-hardware-wallet-xrp-support-f458d962768d
  13. I'd argue that the lack of hardware wallet support is a major contributor to the slow XRPL DEX adoption. Now that there's U2F/WebUSB and soon Bluetooth support in the major browsers, users can use DEX interfaces in a plug n' play fashion without installing anything (and without trusting the DEX interface with their secret). Ethereum users have had Mycrypto.com and MyEtherWallet.com (millions of users) with proper hardware wallet support for a long time. Binance DEX is executing on something similar for their native chain, working with hardware wallet maker Ledger from day one, enabling user-controlled hardware wallets interoperable with their non-custody, feature-rich DEX interface. Don't you think Ripple and the likes of Coil/Kava/Strata Labs/(...) would benefit from hardware wallet multisigning and escrow support? Don't you think it would enable a much better usability/security tradeoff for DEX interfaces with hardware wallet support for order transactions?
  14. Bob, you're a star! This confirmed my hypothesis that the brightest at Ripple are aware of this issue and that PolySign is related to the problem of low XRP hardware wallet support. I'm doing what I can to change this, starting with implementing full XRP support together with Secalot (open-source software and hardware) and then going for Ledger/Trezor/others. It's 2019, we should be able to multisign using multiple hardware wallets, sign escrows, trust lines and IOU payments by now... Do you have any additional thoughts on XRP hardware wallet support?
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.