Xjyuk

What are the closest international airports in different countries?

Move arrows along a contour

Would it take any sort of amendment to make DC a state?

My employer is refusing to give me the pay that was advertised after an internal job move

Did Vladimir Lenin have a cat?

Why does the Rust compiler not optimize code assuming that two mutable references cannot alias?

Is it unprofessional to mention your cover letter and resume are best viewed in Chrome?

What is a good example for artistic ND filter applications?

Solve equation using Mathematica

How can Paypal know my card is being used in another account?

Create two random teams from a list of players

Was the Psych theme song written for the show?

How do discovery writers hibernate?

How to efficiently shred a lot of cabbage?

A basic question on circuits and matrix representation

Should I intervene when a colleague in a different department makes students run laps as part of their grade?

How to foreshadow to avoid a 'deus ex machina'-construction

Bouncing map back into its bounds, after user dragged it out

On the sensitivity conjecture?

"Valet parking " or "parking valet"

Patio gate not at right angle to the house

Just how much information should you share with a former client?

Why did some Apollo missions carry a grenade launcher?

When encrypting twice with two separate keys, can a single key decrypt both steps?

Can hardware wallets actually display the amount of funds leaving your control?

How can I verify the authenticity of a ledger Nano s hardware wallet?Is it possible to design a hardware wallet that can allow operation of a routing Lightning node with the security level of a hardware wallet?Possibility of hardware wallets being 'unsupported' in the future?Can the Large Bitcoin Collider project 'break' into offline hardware wallets like the Nano Ledger S?If anyone with your seed phrase can generate your wallet private keys, what is the advantage of a hardware wallet?Review sites for the hardware wallets?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

1

It would seem the answer is no, because the hardware wallet is not a full node and cannot know the total value represented by the input transactions. It must trust the host software for this. Am I correct, or did I miss something?

Basically, the concern is that a malicious host software could trick the user+wallet into signing a transaction that has a low amount of output value but a high total amount of input value. This would convert the user's Bitcoins into a miner reward. Though admittedly the motivation behind such an attack would be low because the attacker can't profit from it.

hardware-wallet

share|improve this question

asked 8 hours ago

HypertableHypertable

5844 bronze badges

add a comment | 

1

It would seem the answer is no, because the hardware wallet is not a full node and cannot know the total value represented by the input transactions. It must trust the host software for this. Am I correct, or did I miss something?

Basically, the concern is that a malicious host software could trick the user+wallet into signing a transaction that has a low amount of output value but a high total amount of input value. This would convert the user's Bitcoins into a miner reward. Though admittedly the motivation behind such an attack would be low because the attacker can't profit from it.

hardware-wallet

share|improve this question

asked 8 hours ago

HypertableHypertable

5844 bronze badges

add a comment | 

It would seem the answer is no, because the hardware wallet is not a full node and cannot know the total value represented by the input transactions. It must trust the host software for this. Am I correct, or did I miss something?

Basically, the concern is that a malicious host software could trick the user+wallet into signing a transaction that has a low amount of output value but a high total amount of input value. This would convert the user's Bitcoins into a miner reward. Though admittedly the motivation behind such an attack would be low because the attacker can't profit from it.

hardware-wallet

share|improve this question

asked 8 hours ago

HypertableHypertable

5844 bronze badges

share|improve this question

asked 8 hours ago

HypertableHypertable

5844 bronze badges

share|improve this question

asked 8 hours ago

HypertableHypertable

5844 bronze badges

asked 8 hours ago

HypertableHypertable

5844 bronze badges

asked 8 hours ago

HypertableHypertable

5844 bronze badges

1 Answer
1

active

oldest

votes

3

That is correct, a hardware wallet does not have access to any information from the blockchain except that provided by the host computer. So it does not know anything about the amounts unless the host provides it to them.

Because of this, hardware wallets have some extra requirements for signing. Many devices, for non-segwit inputs, require the entire previous transaction to be sent to the device. This way they can compute its txid and compare that to the txid specified for that input. In this way they can be sure of the amounts being sent as they can look at the output amount(s) in the previous transaction.

However Segwit actually fixes this issue for them. In Segwit, the amount for the input being signed is part of the data that is signed. So it directly commits to the amount being sent and therefore the host cannot lie about that amount or it will receive an invalid signature.

share|improve this answer

answered 8 hours ago

Andrew Chow♦Andrew Chow

37.2k44 gold badges2828 silver badges6868 bronze badges

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "308"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fbitcoin.stackexchange.com%2fquestions%2f89508%2fcan-hardware-wallets-actually-display-the-amount-of-funds-leaving-your-control%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

3

That is correct, a hardware wallet does not have access to any information from the blockchain except that provided by the host computer. So it does not know anything about the amounts unless the host provides it to them.

Because of this, hardware wallets have some extra requirements for signing. Many devices, for non-segwit inputs, require the entire previous transaction to be sent to the device. This way they can compute its txid and compare that to the txid specified for that input. In this way they can be sure of the amounts being sent as they can look at the output amount(s) in the previous transaction.

However Segwit actually fixes this issue for them. In Segwit, the amount for the input being signed is part of the data that is signed. So it directly commits to the amount being sent and therefore the host cannot lie about that amount or it will receive an invalid signature.

share|improve this answer

answered 8 hours ago

Andrew Chow♦Andrew Chow

37.2k44 gold badges2828 silver badges6868 bronze badges

add a comment | 

3

That is correct, a hardware wallet does not have access to any information from the blockchain except that provided by the host computer. So it does not know anything about the amounts unless the host provides it to them.

Because of this, hardware wallets have some extra requirements for signing. Many devices, for non-segwit inputs, require the entire previous transaction to be sent to the device. This way they can compute its txid and compare that to the txid specified for that input. In this way they can be sure of the amounts being sent as they can look at the output amount(s) in the previous transaction.

However Segwit actually fixes this issue for them. In Segwit, the amount for the input being signed is part of the data that is signed. So it directly commits to the amount being sent and therefore the host cannot lie about that amount or it will receive an invalid signature.

share|improve this answer

answered 8 hours ago

Andrew Chow♦Andrew Chow

37.2k44 gold badges2828 silver badges6868 bronze badges

add a comment | 

That is correct, a hardware wallet does not have access to any information from the blockchain except that provided by the host computer. So it does not know anything about the amounts unless the host provides it to them.

Because of this, hardware wallets have some extra requirements for signing. Many devices, for non-segwit inputs, require the entire previous transaction to be sent to the device. This way they can compute its txid and compare that to the txid specified for that input. In this way they can be sure of the amounts being sent as they can look at the output amount(s) in the previous transaction.

However Segwit actually fixes this issue for them. In Segwit, the amount for the input being signed is part of the data that is signed. So it directly commits to the amount being sent and therefore the host cannot lie about that amount or it will receive an invalid signature.

share|improve this answer

answered 8 hours ago

Andrew Chow♦Andrew Chow

37.2k44 gold badges2828 silver badges6868 bronze badges

share|improve this answer

answered 8 hours ago

Andrew Chow♦Andrew Chow

37.2k44 gold badges2828 silver badges6868 bronze badges

answered 8 hours ago

Andrew Chow♦Andrew Chow

37.2k44 gold badges2828 silver badges6868 bronze badges

answered 8 hours ago

Andrew Chow♦Andrew Chow

37.2k44 gold badges2828 silver badges6868 bronze badges