So they are not holding the private key for the wallet, they are 'just' holding part of the key and they are sending the other part via email, guaranteeing that they never see that part that is send to a user's email! While the part they have is stored somewhere on a server. Seems great so far.
And this is being advertised as the safest way to store and safe-keep your keys.
I'll just stay away from this one.
Topic: A new take on "hardware" wallets? (Read 213 times)
Yeah... that comment about the 3.79M BTC being lost is more than a little deceptive... but hey... #marketing 
However, people *are* losing seed mnemonics... I'm probably into at least double digits of helping people who have either written their seed down incorrectly to start with (wrong words or missed a word etc), had it partially lost through accidents or simply lost the entire thing altogether... Then there are the folks who have a perfectly valid seed, but for the wrong wallet.
There have been numerous instances of these things happening on these boards over the last couple of years. Granted, they are more likely to be a fraction of the "lost" bitcoins... but it still is relatively common. All that does is prove that there isn't a 100% fail safe way of backing things up... and I'm not convinced that Evercoin's method of "shards" is the best way to mitigate it.
But hey, if you already have a Yubikey... I guess it's probably better than simply having a wallet app on your phone ¯\_(ツ)_/¯
However, people *are* losing seed mnemonics... I'm probably into at least double digits of helping people who have either written their seed down incorrectly to start with (wrong words or missed a word etc), had it partially lost through accidents or simply lost the entire thing altogether... Then there are the folks who have a perfectly valid seed, but for the wrong wallet.
There have been numerous instances of these things happening on these boards over the last couple of years. Granted, they are more likely to be a fraction of the "lost" bitcoins... but it still is relatively common. All that does is prove that there isn't a 100% fail safe way of backing things up... and I'm not convinced that Evercoin's method of "shards" is the best way to mitigate it.
But hey, if you already have a Yubikey... I guess it's probably better than simply having a wallet app on your phone ¯\_(ツ)_/¯
When I see false or distorted arguments in an advertising I just ignore the product. This is no exception:
Those ~4million bitcoins were lost when they were worthless, most of them when deterministic wallets (and seed mnemonic ) didn't even exist.
People are not losing their seeds all the time, neither losing bitcoins all the time anymore.
They are using a false premise to promote a somewhat online wallet faked as a hardware wallet.
Quote
The traditional wallet back up scheme is to take a 12 or 24 word passphrase and store it in a safe place. Unfortunately, this procedure is provably prone to user error. According to Fortune magazine, Chainalysis stated that as many as 3.79M bitcoins are likely to be lost forever due to mishandling private keys.
https://blog.evercoin.com/evercoin-is-now-the-safest-wallet-exchange-f3c3eeb07d54
https://blog.evercoin.com/evercoin-is-now-the-safest-wallet-exchange-f3c3eeb07d54
Those ~4million bitcoins were lost when they were worthless, most of them when deterministic wallets (and seed mnemonic ) didn't even exist.
People are not losing their seeds all the time, neither losing bitcoins all the time anymore.
They are using a false premise to promote a somewhat online wallet faked as a hardware wallet.
Outdated you mean?
I wouldn't call them outdated. Many of the biometric scanners are pretty up to date in terms of available technology. But even then, they remain poor in terms of security. Most fingerprint scanners can be fooled with a replica fingerprint, which can be lifted from anything you have recently touched, from a computer mouse to a door handle. Most facial recognition scanners can be fooled with a still photo, and most people have uploaded several to various social media sites. And they can all be fooled 100% of the time via physical force.if they are to keep one part of my private key and then just shut down their services, will I ever be able to find my coins if they decide to scam?
They do state on that blog post that the user is able to access their seed phrase (they simply call it your "mnemonic"), so that shouldn't be a concern. I still wouldn't touch their wallet though. 
There are a lot of things on that blog post which they are painting as an advantage to their wallet which I see as distinct disadvantages. I don't want my seed stored online, even if it is split in to "shards", and I definitely don't want it stored by a third party on my behalf and sent over a likely unencrypted email. This is less secure, not more, as they seem to be suggesting.
Heck, yeah that email part. How did I forget!
I wanted to ask this that why are they making this look like an advantage while sending the second part of that "shard" on our email? No freaking email service is too secure to handle ongoing hacks (not even Gmail, in fact I see Gmail to be worst hit among others) and they didn't find any other way except email to send it to us? That's shit!
Quote
Biometrics are very poorly secure, and shouldn't be used.
Outdated you mean?
Quote
The Yubikey is simply the decryption key. The encrypted and decrypted private keys are still stored on the mobile device, and so are accessible by malware, as opposed to a hardware wallet where the keys never leave the secure element.
Mobility isn't an issue that needed solved like they have made it out to be, since most hardware wallets are mobile compatible.
Mobility isn't an issue that needed solved like they have made it out to be, since most hardware wallets are mobile compatible.
I believe they are trying to make it look like an issue which isn't the issue at all. They've focused on smartphones but forgot that such things are prone to hacks and malicious softwares take place every now and then considering a long list of highly secured apps (previously considered) which are now removed from Google play store. They want to use the security features given in a smartphone; well, where the hell can I find a smartphone without any problems?
Quote
It says the wallet is linked to an exchange. Do you have to undergo KYC to use it? Massive privacy invasion if you do, and the risk of funds being locked by unannounced KYC requirements if you don't.
Just like you, I'm also not interested in using their exchange because if they are to keep one part of my private key and then just shut down their services, will I ever be able to find my coins if they decide to scam? I don't think they, or anyone here has the right to keep or know even 1/10th of how my address' private key looks.
There are a lot of things on that blog post which they are painting as an advantage to their wallet which I see as distinct disadvantages. I don't want my seed stored online, even if it is split in to "shards", and I definitely don't want it stored by a third party on my behalf and sent over a likely unencrypted email. This is less secure, not more, as they seem to be suggesting.
Biometrics are very poorly secure, and shouldn't be used.
The Yubikey is simply the decryption key. The encrypted and decrypted private keys are still stored on the mobile device, and so are accessible by malware, as opposed to a hardware wallet where the keys never leave the secure element.
Mobility isn't an issue that needed solved like they have made it out to be, since most hardware wallets are mobile compatible.
It says the wallet is linked to an exchange. Do you have to undergo KYC to use it? Massive privacy invasion if you do, and the risk of funds being locked by unannounced KYC requirements if you don't.
As we commonly see, they have tried to solve problems which don't exist and made their wallet less secure/private in the process.
Biometrics are very poorly secure, and shouldn't be used.
The Yubikey is simply the decryption key. The encrypted and decrypted private keys are still stored on the mobile device, and so are accessible by malware, as opposed to a hardware wallet where the keys never leave the secure element.
Mobility isn't an issue that needed solved like they have made it out to be, since most hardware wallets are mobile compatible.
It says the wallet is linked to an exchange. Do you have to undergo KYC to use it? Massive privacy invasion if you do, and the risk of funds being locked by unannounced KYC requirements if you don't.
As we commonly see, they have tried to solve problems which don't exist and made their wallet less secure/private in the process.
Great article TBH, but one thing is for sure that these guys were endorsing Yubikey more over Evercoin and it means that we surely need Yubikey's hardware in order to keep our funds safe in that wallet.
The website says the Yubikey is actually "optional"... so it seems it is just "added" security on top of whatever the app itself provides? 
Quote from: https://evercoin.com/home
Hardware Security by YubiKey (optional)
Even if it is optional, don't you think that at core level, their wallet app is truly dependent on Yubikey to be called as one of the safest wallets? Tell me, would you use it without that Yubikey when they're themselves asking us to buy a Yubikey hardware and attach it in their wallet for safety purposes?
Having no passphrase or seed at all doesn't really makes sense IMHO because that's what we can even keep stored in an offline PC, a piece of paper, can even dig it into a metal and store it somewhere
They do... it's just that "shard" thing... It sounds like it is essentially a 2of2 "Shamir Secret Sharing" type scheme... you get 1 shard, they store the 2nd shard... you need both to be able to restore your wallet.Gotcha. But is that passphrase just a normal one or a BIP39 security lock? Well, to me, it sounded more to me like multisig or something but it has its own limitations and so I didn't describe that already.
Great article TBH, but one thing is for sure that these guys were endorsing Yubikey more over Evercoin and it means that we surely need Yubikey's hardware in order to keep our funds safe in that wallet.
The website says the Yubikey is actually "optional"... so it seems it is just "added" security on top of whatever the app itself provides? Having no passphrase or seed at all doesn't really makes sense IMHO because that's what we can even keep stored in an offline PC, a piece of paper, can even dig it into a metal and store it somewhere
They do... it's just that "shard" thing... It sounds like it is essentially a 2of2 "Shamir Secret Sharing" type scheme... you get 1 shard, they store the 2nd shard... you need both to be able to restore your wallet.Quote
... but this Yubikey thing, if stolen, how will they deal with providing us to enter our wallet ever again? Is there any resolution provided to this already?
According to Yubico:If you are using your YubiKey with a service or application, the policy for lost or stolen YubiKeys depends on how that service or application deals with the situation.
So you'd need to query the Evercoin peeps and find out from them... I couldn't find any support docs etc on the website to explain what the resolution is should you lose the yubikey.
Great article TBH, but one thing is for sure that these guys were endorsing Yubikey more over Evercoin and it means that we surely need Yubikey's hardware in order to keep our funds safe in that wallet.
What I wish to know is:
- What would happen if Yubikey is stolen?
They have described the fact that it won't catch any attention from anybody sitting near us when we dig in the Yubikey into our mobile as it may look like a USB being used there. But what if someone tries to steal it and becomes successful? What if both the smartphone and Yubikey gets stolen?
- Is it really good to go for face ID detection with these wallets?
What would happen if you don't really have a very good camera or you may get your face highly bearded? Your camera may not recognize your face and you may get stuck in opening and using your own wallet maybe. I've got OnePlus 7T and this is what I've experienced - high heard and it was not even unlocking the phone after seeing my face. Sounds shit but true.
Having no passphrase or seed at all doesn't really makes sense IMHO because that's what we can even keep stored in an offline PC, a piece of paper, can even dig it into a metal and store it somewhere but this Yubikey thing, if stolen, how will they deal with providing us to enter our wallet ever again? Is there any resolution provided to this already?
What I wish to know is:
- What would happen if Yubikey is stolen?
They have described the fact that it won't catch any attention from anybody sitting near us when we dig in the Yubikey into our mobile as it may look like a USB being used there. But what if someone tries to steal it and becomes successful? What if both the smartphone and Yubikey gets stolen?
- Is it really good to go for face ID detection with these wallets?
What would happen if you don't really have a very good camera or you may get your face highly bearded? Your camera may not recognize your face and you may get stuck in opening and using your own wallet maybe. I've got OnePlus 7T and this is what I've experienced - high heard and it was not even unlocking the phone after seeing my face. Sounds shit but true.
Having no passphrase or seed at all doesn't really makes sense IMHO because that's what we can even keep stored in an offline PC, a piece of paper, can even dig it into a metal and store it somewhere but this Yubikey thing, if stolen, how will they deal with providing us to enter our wallet ever again? Is there any resolution provided to this already?
Surely they'll be hosting the url for the second shard so they'll have access to it?
Storing both parts of the seed in an online format surely makes this much less secure than a desktop wallet?
Edit: after reading the article to the end I doesn't look like they have everything going yet and are also using biometrics which was discussed as being insecure on here recently.
Storing both parts of the seed in an online format surely makes this much less secure than a desktop wallet?
Edit: after reading the article to the end I doesn't look like they have everything going yet and are also using biometrics which was discussed as being insecure on here recently.
From my understanding, this is not what you would call a "traditional" hardware wallet... but more of a mobile wallet (iOS and Android) that is secured using a hardware device (Yubikey).
https://blog.evercoin.com/evercoin-is-now-the-safest-wallet-exchange-f3c3eeb07d54
Seems they are attempting to make crypto/hardware wallets a bit more mainstream by aiming at the "mobile" market. I'm not sure about the backup methodology involving "shards" tho... one of which is emailed to the user!!?!
https://blog.evercoin.com/evercoin-is-now-the-safest-wallet-exchange-f3c3eeb07d54
Seems they are attempting to make crypto/hardware wallets a bit more mainstream by aiming at the "mobile" market. I'm not sure about the backup methodology involving "shards" tho... one of which is emailed to the user!!?!
Quote
In this case, this is achieved by splitting the key into two shards — neither of which on their own can restore the private key. One of the shards is stored in a special URL that is generated by the user’s device and sent directly to the user’s email (so Evercoin never sees this shard). The other shard is held by Evercoin. Because of this patent-pending approach, whenever the user loses their phone, their yubikey, their pin, their password they can be helped and they can recover their assets.
Jump to: