I've been poking around in the decompiled source of the Handcash Android app and noticed some questionable handling of private keys. From what I've been able to dig into so far, it appears the wallet uses SSSS to split the private key into at least three shares, two of which are sent off the device to the handcash backend and businesses with whom the user establishes Cashport connections with.
While I haven't had a chance to confirm it for myself, Handcash developer(?) u/apagut has responded to dispel my suspicions that the Hashcash backend could use these shares to sign transactions on a wallet user's behalf. However, when pressed for an explanation of why split key shares are ever given to entities that are never expected to reassemble it, the follow up response was less than informative.
You can read the brief exchange for yourself.
I don't have enough information yet to say exactly what is happening with private keys in Hashcash, but there is enough smoke to suspect a fire under the surface. Since Handcash appear beholden to nChain patents according to u/apagut, it's reasonable to assume they'll be dropping BCH support in favor of BSV. Perhaps this is no great loss; it might even be a dodged bullet.
[link] [comments]
source https://www.reddit.com/r/btc/comments/9yj5gg/bch_is_better_off_without_handcash/
No comments:
Post a Comment