50 Hardware Wallets, compared feature by feature - page 12.

n0nce

hero member

Activity: 882

Merit: 5834

not your keys, not your coins!

Quote from: NeuroticFish on October 12, 2022, 03:30:53 AM

Just I can't go over the thing that I feel safe only if I see the transaction on the HW screen. All in all it's somewhere between "very nice" and "no, thank you".

A screen is definitely essential. Without visual confirmation on the hardware wallet itself, you cannot know whether your clipboard has been tampered with.
And clipboard attacks are definitely one of the easier ones to pull off, due to relatively simple access to it by applications. Think of all the websites that let you 'copy to clipboard' e.g. when sharing a video link. That's their code that puts something in your clipboard. The same way, it could replace an address on your clipboard with a different one and you'll send the funds to them, unknowingly.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: dkbit98 on October 12, 2022, 03:19:04 AM

USB connection with hardware wallets is not the same as regular USB connection, but it's true that this can't be considered as air-gapped device, unless USB is used only for charging.
However I don't see big advantage for microSD cards, and I much more prefer QR codes for air-gapped devices, like Passport and Keystone are using.

I agree USB can be a security risk since it's a data connection.
Even more, no matter it's done over USB or on a microSD, regular updates can also be seen as a security risk.

Quote from: dkbit98 on October 12, 2022, 03:19:04 AM

I don't like Bluetooth at all, and I am not a fan of NFC that is just antenna with shorter range, but for everything there are pros and cons.

This is why I am lately very fond of concepts like SeedSigner, although I don't know whether its lack of secure chip can be a problem or not, also don't know if it's overdoing its updates. But at least it uses images for transferring information.

I also have kinda dilemma about things like SatoChip. NFC doesn't have a big range and the credit cards have shown that NFC is not so badly insecure (I guess that some could counter me badly for this) and it's clearly doesn't need (nor support) updates. So on one side it could be seen as good. Just I can't go over the thing that I feel safe only if I see the transaction on the HW screen. All in all it's somewhere between "very nice" and "no, thank you".

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: maxirosson on October 11, 2022, 08:17:21 AM

AFAIK connecting to USB Data is less secure than using a microSD, because you are forced to connect your device to a machine with an internet connection. That's why coldcard allows you to disable the USB data, so you are 100% air-gapped. Probably Bluetooth is something in the middle between USB Data & microSD and should be with orange color in the spreadsheet.

USB connection with hardware wallets is not the same as regular USB connection, but it's true that this can't be considered as air-gapped device, unless USB is used only for charging.
However I don't see big advantage for microSD cards, and I much more prefer QR codes for air-gapped devices, like Passport and Keystone are using.
I don't like Bluetooth at all, and I am not a fan of NFC that is just antenna with shorter range, but for everything there are pros and cons.

maxirosson

member

Activity: 115

Merit: 314

AFAIK connecting to USB Data is less secure than using a microSD, because you are forced to connect your device to a machine with an internet connection. That's why coldcard allows you to disable the USB data, so you are 100% air-gapped. Probably Bluetooth is something in the middle between USB Data & microSD and should be with orange color in the spreadsheet.

Quote from: ?? on ??

Thanks for creating the spreadsheet and writing the article. I know about ColdCard hardware, but i just found found out existence of "Seed XOR" feature. Also, could you explain why "From USB Data" under "Firmware Upgrade" has red color while "From Bluetooth/microSD" has green color? Personally i don't see much difference from security perspective.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: maxirosson on October 10, 2022, 08:44:22 PM

Hi. I added my Bitcointalk profile link to the bottom of the spreadsheet: https://docs.google.com/spreadsheets/d/1-8DLbhxtOcDEBPl8-IAGWaoyx1H02JSz9hADCgAGyCo/edit#gid=0.

Confirmed ownership!
I am glad to see you joined Bitcointalk forum

Quote from: maxirosson on October 10, 2022, 08:44:22 PM

Thanks for the suggestion regarding the consecutive posts.

Don't mention it.
You are free to use some of my posts and topics I wrote related with hardware wallets, especially this one that containds exact models of Secure Elements and Microcontrollers used in Hardware Wallets:
https://bitcointalksearch.org/topic/secure-element-in-hardware-wallets-5304483

maxirosson

member

Activity: 115

Merit: 314

Hi. I added my Bitcointalk profile link to the bottom of the spreadsheet: https://docs.google.com/spreadsheets/d/1-8DLbhxtOcDEBPl8-IAGWaoyx1H02JSz9hADCgAGyCo/edit#gid=0.

Thanks for the suggestion regarding the consecutive posts.

Quote from: dkbit98 on October 10, 2022, 02:33:14 PM

Quote from: maxirosson on October 09, 2022, 09:33:51 AM

I am the author of the article. I didn't know someone already posted it here !!!

And you probably saw traffic coming from Bitcointalk and you registered after that.
It's not that I trust you or don't trust you, but maybe you could edit the original blog article (or spreadsheet) and add your bitcointalk forum profile link (or forum post link), that would prove that you are the original author Maxi Rosson.
And please try not to write many consecutive forum posts in short span of time, that is against forum rules Wink

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: maxirosson on October 09, 2022, 09:33:51 AM

I am the author of the article. I didn't know someone already posted it here !!!

And you probably saw traffic coming from Bitcointalk and you registered after that.
It's not that I trust you or don't trust you, but maybe you could edit the original blog article (or spreadsheet) and add your bitcointalk forum profile link (or forum post link), that would prove that you are the original author Maxi Rosson.
And please try not to write many consecutive forum posts in short span of time, that is against forum rules Wink

maxirosson

member

Activity: 115

Merit: 314

I am the author of the article. I didn't know someone already posted it here !!!

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Did you by any chance write that review or are you just plagiarizing someone else's work? In case you are not the author, stop with cheap copy/paste because it only leads in one direction...

https://bitcointalksearch.org/topic/26-hardware-wallets-compared-feature-by-feature-5415764

maxirosson

member

Activity: 115

Merit: 314

I wrote an article comparing 32 hardware wallets, comparing them feature by feature.

https://blog.thebitcoinhole.com/best-hardware-wallets-31141ed1aa05

I also included a spreadsheet with the summary:

https://docs.google.com/spreadsheets/d/1-8DLbhxtOcDEBPl8-IAGWaoyx1H02JSz9hADCgAGyCo/edit?usp=sharing

UPDATE
I deprecated the Google Spreadsheet and launched a new website comparing 40 Hardware Wallets:

https://wallets.thebitcoinhole.com/

The site offers some advantages compared with the spreadsheet:
- Improved usability and look & feel
- Possibility to filter wallets so you can only see and compare the ones you are interested
- Added more contextual information about each compared feature
- Fixed some data errors.

I plan to continue adding more features and wallets to compare.

Topic: 50 Hardware Wallets, compared feature by feature - page 12. (Read 3171 times)