AirGapped Hardware Wallets | Bitcointalksearch.org

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: dkbit98 on October 28, 2023, 03:51:34 AM

...and Bluewallet code can't be verified and reproduced, as far as I know.

True. The latest version that WalletScrutiny tested was 6.4.8, and they weren't able to build it from the provided source. Blue Wallet's latest app version is 6.4.10, released a few days ago. The latest versions that WalletScrutiny were able to reproduce from source were 6.4.5 and 6.4.4.
https://walletscrutiny.com/android/io.bluewallet.bluewallet/#resultsArchive

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Quote from: xrahitel on October 24, 2023, 08:05:01 PM

i do not care about cheap wallet or not.
i am looking for the best one for long term holding.

Passport is probably one of the best air gapped hardware wallet options right now.
It is better built quality than Keystone, you can easily remove battery and you have clean open source code that works only for Bitcoin.

Quote from: Meuserna on October 24, 2023, 08:23:32 PM

SeedSigner. Buy it fully assembled if you don't feel comfortable doing it yourself. Use it with BlueWallet. Both are 100% open source.

Seedsigner is not bad but I still consider it as experimental device, and Bluewallet code can't be verified and reproduced, as far as I know.
For any newbie or beginner I would not suggest seedsigner for various reasons, but it's nice to use it in some multisig setup.

Meuserna

member

Activity: 99

Merit: 153

Quote from: xrahitel on October 24, 2023, 08:05:01 PM

Time is running out i still not decide which one to get. Keystone 3 Pro/CoolWallet Pro/TANGEM and for BTC only Passport/SeedSigner.

SeedSigner. Buy it fully assembled if you don't feel comfortable doing it yourself. Use it with BlueWallet. Both are 100% open source. Why tie yourself to a company that you'll have to trust?

Best of all, if you someday change your mind, you can just buy a different wallet and import your seed. You won't need to make a new seed & move your coins again because, with SeedSigner and BlueWallet, your seed won't have been exposed to a company that went dirty like Ledger is doing.

If you're waiting for a reply everyone can agree on, you're never going to get one. Some people are followers and feel like they need to trust a company. To me, that's bizarre.

xrahitel

newbie

Activity: 4

Merit: 0

i do not care about cheap wallet or not.
i am looking for the best one for long term holding.

Time is running out i still not decide which one to get. Keystone 3 Pro/CoolWallet Pro/TANGEM and for BTC only Passport/SeedSigner.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: satscraper on October 20, 2023, 02:34:51 AM

You are completely right, man.

After thinking about it, I should clarify the previous post. It's actually not from the secure elements that the secrets get sent from. The code retrieves the keys, encrypts them, and divides them into shards. Those shards are then sent over the internet to 3 third-parties. Ultimately, it doesn't really matter to the end user. The point is that private data that was never supposed to be online now can.

satscraper

hero member

Activity: 714

Merit: 1298

Cashback 15%

Quote from: Pmalek on October 19, 2023, 11:50:26 AM

Regarding the secure elements. They have always been a black-box chip. It was never trustless, regardless if the HW was open or closed-source. The only thing that has changed now after Ledger's revelations is that we know that secure elements allow for remote sending of secrets.

You are completely right, man.That is why the multisig wallet which requires at least two cosigners from wallets which use those black-box chips produced by different makers is considered to be more safe haven for the stash in bitcoins than just, let's say, a single hardware wallet regardless the reputation of its manufacturer.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: Charles-Tim on October 16, 2023, 01:37:09 PM

For bitcoin-only wallet, I will recommend Passport.
For multicoins, go for Trezor. Not the new model with close source secure element. Also avoid Trezor coinjoin.

Judging by the type of hardware wallet xrahitel is considering, I believe he is on the hunt for something cheaper. And you are right, in that price range he is down to the Trezor One, Trezor Safe 3, or the Ledger Nano S Plus, which now has a 30% discount.

I would not recommend the Ledger though. There is no way of knowing what is the next self-destructive act that we will see from this company.
I have a Trezor One, and unless Trezor intends to remove support for this device soon, I wouldn't have issues recommending it.

Regarding the secure elements. They have always been a black-box chip. It was never trustless, regardless if the HW was open or closed-source. The only thing that has changed now after Ledger's revelations is that we know that secure elements allow for remote sending of secrets.

satscraper

hero member

Activity: 714

Merit: 1298

Cashback 15%

Quote from: Charles-Tim on October 17, 2023, 04:24:45 AM

I can also recommend wallet on an airgapped device. Example is https://electrum.readthedocs.io/en/latest/coldstorage.html

Airgapped machine is a good opt if you are sitting all the time at your desk in you home but it is not optimal in emergency cases which are not rear things in the current world. If you found themselves in such situation then, I think, the having in the emergency bag the lightweight and compact airgapped hardware wallet instead of a bulky and heavy airgapped machine would be preferable for you.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Quote from: ?? on ??

Can you recomend what you are using.
is Ngrave is good?
is Tangem is good?
is Keystone 3 Pro good?

I am not using an hardware wallet for now. If I should recommend what I am using, but which is bitcoin-only, it is multisig wallet which I have been able to setup on my three devices.

I can also recommend wallet on an airgapped device. Example is https://electrum.readthedocs.io/en/latest/coldstorage.html

Keystone 3 Pro is a good hardware wallet. I like the fact that it is airgapped, able to make use of QR code and you can use it with software wallet like Electrum.

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Quote from: xrahitel on October 16, 2023, 12:31:59 PM

Any one using Safepal X1.
I am still confused to choose right wallet.

I didn't see a single good review for Safepl X1 yet, so I am guessing it's not very popular, maybe due to fact that older version S1 was insecure closed source peace of shit with stolen modified code.
I wouldn't waste money for Safepal when new Trezor Safe 3 has similar price, and there are several other open source alternatives that are better.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Quote from: xrahitel on October 16, 2023, 12:31:59 PM

Any one using Safepal X1.
I am still confused to choose right wallet.

It is one of the hardware wallets that I can not recommend anyone to use because it is a close source wallet and because you can not be able to connect the wallet to other wallets like Electrum.

You can see lists of hardware wallets here: https://thebitcoinhole.com/

Choose the one that you think is better for you. Let it be open source and in a way you can use it with other software wallet.

For bitcoin-only wallet, I will recommend Passport.
For multicoins, go for Trezor. Not the new model with close source secure element. Also avoid Trezor coinjoin.

xrahitel

newbie

Activity: 4

Merit: 0

Any one using Safepal X1.
I am still confused to choose right wallet.

Meuserna

member

Activity: 99

Merit: 153

Quote from: tread93 on September 27, 2023, 02:27:18 PM

It almost seems like even more of a risk because of the malware that can hack in through the USB connectivity. There are so many different kinds of hardware / software/ airgapped wallets but almost all of them have some sort of security flaw it seems and that the only way to truly have the most secure form of storing your bitcoin is to run bitcoin node yourself. Hopefully this will change with time and there will be more secure ways of storing your coins without having the fear of losing them via a hack.

Some airgapped wallets don't even use USB. I'm a big fan of Krux, which runs on a Maix Amigo. The Amigo is a device with a 3.5 inch touchscreen and a camera. No bluetooth, no wifi. Once you load Krux software onto the device you never need the usb port again for anything but power, so you can plug it into an electric outlet instead of a desktop. And you only need to plug it in to charge the battery.

So, once the software is installed, you never need to connect a Krux device to anything. It's fully airgapped. And the large screen makes it easy to see full addresses and see exactly what you're confirming every step of the way.

I posted a full review of Krux here.

I haven't used SeedSigner, but I assume it works the same way, except for the large touchscreen which Krux has if running on a Maix Amigo (I mention this because you can also run Krux on a M5StickV, which is roughly the same size as a Blockstream Jade).

tread93

hero member

Activity: 1077

Merit: 534

It almost seems like even more of a risk because of the malware that can hack in through the USB connectivity. There are so many different kinds of hardware / software/ airgapped wallets but almost all of them have some sort of security flaw it seems and that the only way to truly have the most secure form of storing your bitcoin is to run bitcoin node yourself. Hopefully this will change with time and there will be more secure ways of storing your coins without having the fear of losing them via a hack.

taufik123

legendary

Activity: 2464

Merit: 1703

Blackjack.fun

Quote from: Charles-Tim on September 26, 2023, 04:44:47 PM

That means you have not read this topic that dkbit98 created a week and some days ago: NEW SafePal X1 hardware wallet

We do not know if it is truly or completely open source yet.

It is not making use of QR code which is most recommended way of signing unsigned transaction, but making use of Bluetooth which is not safe as QR code. QR code is still the safest way to sign unsigned transaction.

The wallet can not be connected with wallets like Electrum.

I missed that post, thanks for letting me know.

yups Open-Source is not completely, this is still untested and there is still no complete review for the use of Safepal X1.

I don't know why they have to sacrifice the QR code camera which is more secure and completely replace it with Bluetooth which is usually easier to hack even though it uses version 5.0, there will definitely be loopholes in the future.

and does not support third-party wallets, they only use their own Safepal wallet developed as a Browser Extension like Metamask.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Quote from: taufik123 on September 26, 2023, 04:34:31 PM

and eventually, Safepal moved to Open-Source to prove that Safepal is committed to transparency and innovation.

In addition to announcing it as Open-Source, Safepal also changed the overall design and shape.
Using the Monochrome LCD type, even though the Safepal S1 already uses a full-color LCD (I prefer full-color).
and the use of Monochrome LCD is also based on low power consumption and uses a battery capacity of 128mAh.

Does not support Air-Grapped, only uses Bluetooth 5.0 High Speed connection method.

That means you have not read this topic that dkbit98 created a week and some days ago: NEW SafePal X1 hardware wallet

We do not know if it is truly or completely open source yet.

It is not making use of QR code which is most recommended way of signing unsigned transaction, but making use of Bluetooth which is not safe as QR code. QR code is still the safest way to sign unsigned transaction.

The wallet can not be connected with wallets like Electrum.

taufik123

legendary

Activity: 2464

Merit: 1703

Blackjack.fun

Quote from: dkbit98 on September 23, 2023, 04:30:03 PM

-snip-
btw Safepal released new model X1 that should have open source firmware, but I would hold on until I see some reviews for that device.

and eventually, Safepal moved to Open-Source to prove that Safepal is committed to transparency and innovation.

In addition to announcing it as Open-Source, Safepal also changed the overall design and shape.
Using the Monochrome LCD type, even though the Safepal S1 already uses a full-color LCD (I prefer full-color).
and the use of Monochrome LCD is also based on low power consumption and uses a battery capacity of 128mAh.

Does not support Air-Grapped, only uses Bluetooth 5.0 High Speed connection method.

lyw123

jr. member

Activity: 57

Merit: 4

Quote

Who told you that Keystone have low sales? They are currently sold out everything and you can only pre-order from their website.
QR is not used only by Keystone, but by many other airgapped devices like Jade, Passport, etc.

I have reviewed the official website introduction of Keystone, and it looks good. I have already placed an order for a Keystone 3 Pro, priced at $103.2, no shipping free. It seems like there are no other options available in terms of open-source hardware wallets that support altcoins and QR codes. Jade and Passport do not support altcoins. All the hardware wallets are showed here. https://thebitcoinhole.com/

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Quote from: lyw123 on September 23, 2023, 04:19:57 AM

Dear Sir, I have a few questions. (1) Airgapped wallets that rely solely on QR code communication appear to be very secure. However, related hardware wallets, such as Keystone, have low sales. Why?

Who told you that Keystone have low sales? They are currently sold out everything and you can only pre-order from their website.
QR is not used only by Keystone, but by many other airgapped devices like Jade, Passport, etc.

Quote from: lyw123 on September 23, 2023, 06:16:43 AM

I have 2 safepal s1. After read a post by dkbit98, I do not dare to use them, again. Safepal is closed source, and others are open source, like keystone. However their sales are very low. I am concerned about the lack of supervision.

Do what you want with your devices.
dkbit98 is nobody, and he didn't command anyone what to do in their life.
btw Safepal released new model X1 that should have open source firmware, but I would hold on until I see some reviews for that device.

satscraper

hero member

Activity: 714

Merit: 1298

Cashback 15%

Quote from: Charles-Tim on September 23, 2023, 07:11:19 AM

Quote from: satscraper on September 23, 2023, 05:37:31 AM

Yeah, QR-code-based-communication is more secure, bu t it is also vulnerable and may result in the loss of fund in the case when relevant HW is paired with wallet on compromised computer that holds the malware code capable to change the receiving address in transaction that is granted for signing via jeopardized QR code .

One should always check what he is signing even with air-gapped wallet paired exclusively via QR over optical channel.

You mean that the Qr code can be compromised by clipboard malware? Clipboard malware works in a way that you will copy a bitcoin address, the address would be replaced by a hackers address on the clipboard, so that the hacker's address will be the one that will be pasted. If you make use of QR code, you do not copy anything to clipboard at all and no address will be replaced by the clipboard malware. Although, it is good to check and recheck what you paste, even from QR code.

Nope. I was talking about different kind of malware that has capability to compromise QR code that feeds HW with data over optical channel. Clipboard malware doesn't take any action in this. And unfortunately for user he has no prospect to learn whether QR compromised or not, looking at its patterns itself.

Topic: AirGapped Hardware Wallets (Read 1119 times)