#PSA for #cashu wallet builders mints are starting to move to keysets v2, which means wallets need to be up-to-date to support them too. Although Cashu-TS (CTS) v2.7.0+ SUPPORTS keysets v2, you have to take steps to ensure your app is USING the tools in a keyset v2 supported way. TLDR: Tokens containing Keyset v2 Proofs CANNOT be fully decoded without "help" because the token contains a shortened keyset ID. You MUST rehydrate them using Mint Keyset info. If you are not already using CTS v3 for your wallets, I urge you to upgrade asap because it a) reflects the latest NUT specs and b) includes more quality of life tools for keysets v2. Docs here: https://cashu-ts.dev/documents/usage_get_token.html‌ [source: Rob W on Cashu R&D chat]

30 years later We built decentralised nuts and zaps All of it running on Bitcoin #ecash #bitcoin #history #nostr View quoted note →

Onion mint FTW @Arándano If you are in #switzerland Head to Biel / Bienne for some nuts View quoted note →

Divide et Impera ... it's 2026 and the humans still fall for it Don't feed the trolls

Don't shout at the deaf to watch out Lay a path for others to opt-out Be a light, when times be dark

note to flag I am testing nsec recovery wish me luck nostriches

*hat-tip* @npub1l6uy...zvtg for the disclosure and the write up, gg to the rapid patching and following sensible vul disclosure practices:

Conduition

Vulnerabilities in the Cashu ECash Protocol

I found some vulnerabilities in Cashu's protocol for deterministic wallet recovery.

"Along the way I hope readers take home a few lessons about #security #engineering in general: - Look closely at apps which perform automated tasks using sensitive bearer secrets. Avoid auto-trusting anything outside direct user input (and even then). - Deterministic secrets are fickle. Pay attention to how the derivation mechanism works, but also how it is used. There could be mistaken assumptions. - Be careful when using “SHOULD” in a cryptographic specification. Figure out when “SHOULD” needs to be “MUST”. - Watch out for injections - Anytime a large domain is pigeonholed into a smaller space. Big thanks to the #Cashu devs for bearing the bulk of the work of actually fixing this thing. While the initial research was challenging, there is little I find more prosaically daunting than corralling teams of open source devs to fix an obscure vulnerability, and they saved me from attempting that myself."

Conduition

Vulnerabilities in the Cashu ECash Protocol

I found some vulnerabilities in Cashu's protocol for deterministic wallet recovery.

running #knots already not flagging bip-110 activation #UASf > change my mind #bitcoin #noderunners #bip #bip110

Today is Keonne's last day as a free man for the next 5 years Spread some love to the cause to support family and $2 mil+ legal debt, privacy is a human right.

Supporting Keonne and Bill, the Samourai Wallet developers and their loved ones

Bill and Keonne aren

#freesamourai #supportdevs #amnesty

you still looking at the charts anon? sats is the money forget your master's slave-paper #meow