diff options
| author | nicolas.dorier <nicolas.dorier@gmail.com> | 2020-06-19 13:23:37 +0900 |
|---|---|---|
| committer | nicolas.dorier <nicolas.dorier@gmail.com> | 2020-06-19 13:23:37 +0900 |
| commit | 3a16c24f5e87614ac42173927297f0d013fdc0f2 (patch) | |
| tree | e61767e0fd9043b6d6d1a0a2b6c6a41c871538d0 /bip-0078.mediawiki | |
| parent | 7803bf8335780ae2fdcc256e4edd81bb9681089d (diff) | |
| download | bips-3a16c24f5e87614ac42173927297f0d013fdc0f2.tar.xz | |
Additional note for HW
Diffstat (limited to 'bip-0078.mediawiki')
| -rw-r--r-- | bip-0078.mediawiki | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/bip-0078.mediawiki b/bip-0078.mediawiki index d43249f..2acee5d 100644 --- a/bip-0078.mediawiki +++ b/bip-0078.mediawiki @@ -382,6 +382,7 @@ The sender's software wallet can verify that the payjoin proposal is legitimate However, a hardware wallet can't verify that this is indeed the case. This means that the security guarantee of the hardware wallet is decreased. If the sender's software is compromised, the hardware wallet would sign two valid transactions, thus sending two payments. Without payjoin, the maximum amount of money that could be lost by a compromised software is equal to one payment (via [[#output-substitution|payment output substitution]]). +Note that the sender can opt out payment output substitution my using the optional parameter <code>disableoutputsubstitution=true</code>. With payjoin, the maximum amount of money that can be lost is equal to two payments. |