Pages:
Author

Topic: Are Hardware Wallets to be trusted? (Read 796 times)

member
Activity: 93
Merit: 39
December 16, 2017, 10:40:16 PM
#29
Are the keys checksumed, though? This would mean that not every combination automatically works…

It doesn't look like it to me. It seems the whole phrase is just hashed together with some salt (the string "mnemonic" plus your passphrase, if you have one), which means there's no checksum. You should be able to use dice to generate a valid BIP39 phrase by using the wordlist. Source.

There is a check value. Look further up in BIP39 in the "Generating the mnemonic" section. The dictionary of 2048 words results in a bit sequence 33/32nds of the needed length(s). The extra bits are the check value.
hero member
Activity: 854
Merit: 658
rgbkey.github.io/pgp.txt
December 16, 2017, 08:25:31 PM
#28
Addendum: I haven't found the word list yet, but I assume it is not divisible by 10 or 100. With that in mind: to keep the chances of hitting a word as even as possible, it may be prudent to use different dice (Your local D&D dealer can help you out).
You mean the BIP39 wordlist? https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

Woohoo, yes, thanks Smiley

Ok, looks like the magic number 8 is the way to go. There are 8-sided dice, so that shouldn't be a problem… oh, and a 4-sided die at the end.

Alternatively, 16-sided die, leaves a rest of 8, so a 8-sided die for the finish. Saves one round, too.
16 pages with 128 words per page, 16 lines with 8 words per line. First, roll the page, then the line, then the word. Repeat 23 times.


Are the keys checksumed, though? This would mean that not every combination automatically works…

It doesn't look like it to me. It seems the whole phrase is just hashed together with some salt (the string "mnemonic" plus your passphrase, if you have one), which means there's no checksum. You should be able to use dice to generate a valid BIP39 phrase by using the wordlist. Source.
hero member
Activity: 994
Merit: 513
December 15, 2017, 10:54:07 PM
#27
Addendum: I haven't found the word list yet, but I assume it is not divisible by 10 or 100. With that in mind: to keep the chances of hitting a word as even as possible, it may be prudent to use different dice (Your local D&D dealer can help you out).
You mean the BIP39 wordlist? https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

Woohoo, yes, thanks Smiley

Ok, looks like the magic number 8 is the way to go. There are 8-sided dice, so that shouldn't be a problem… oh, and a 4-sided die at the end.

Alternatively, 16-sided die, leaves a rest of 8, so a 8-sided die for the finish. Saves one round, too.
16 pages with 128 words per page, 16 lines with 8 words per line. First, roll the page, then the line, then the word. Repeat 23 times.


Are the keys checksumed, though? This would mean that not every combination automatically works…
HCP
legendary
Activity: 2086
Merit: 4361
December 15, 2017, 10:48:42 PM
#26
Addendum: I haven't found the word list yet, but I assume it is not divisible by 10 or 100. With that in mind: to keep the chances of hitting a word as even as possible, it may be prudent to use different dice (Your local D&D dealer can help you out).
You mean the BIP39 wordlist? https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt
hero member
Activity: 994
Merit: 513
December 15, 2017, 10:43:20 PM
#25
This is a question I asked myself recently as well. And refering to open source code doesn't completely solve the question, because the main attack vector I see, if a hardware wallet manufacturer would want to access customers funds, would be a bad random number generator.

I don't know how trezor and ledger generate their privkeys, though. Does anybody have any insight in that?

What we really need is open source hardware. Devices that people can assemble themselves. Unfortunately the skill required to do something like this would be much higher than the average cryptocurrency enthusiast.

I was actually just yesterday thinking about a different approach: roll the dice.

Make a spreadsheet with all the words used for the seed. Align them in a way that you can divide them in a way that makes sense (see below).

Get some dice, for example two W10 dice (two w10 dice can be used to roll numbers between 00-99), then create your seed by rolling the dice until you have 24 words. Put them into your hardware wallet --> totally trustless, ultra paranoid DIY random number generator. Now, at least the seed is generated safely.

Addendum: I haven't found the word list yet, but I assume it is not divisible by 10 or 100. With that in mind: to keep the chances of hitting a word as even as possible, it may be prudent to use different dice (Your local D&D dealer can help you out).


Speaking of assembling themselves: I recently thought about getting an old smartphone, physically disconnect anything that can broadcast and flash a custom ROM on it, which functions as a wallet. Input and output will be handled via camera and QR-Codes (Seed creation, see above Wink ).
hero member
Activity: 854
Merit: 658
rgbkey.github.io/pgp.txt
December 14, 2017, 08:34:11 PM
#24
This is a question I asked myself recently as well. And refering to open source code doesn't completely solve the question, because the main attack vector I see, if a hardware wallet manufacturer would want to access customers funds, would be a bad random number generator.

I don't know how trezor and ledger generate their privkeys, though. Does anybody have any insight in that?

What we really need is open source hardware. Devices that people can assemble themselves. Unfortunately the skill required to do something like this would be much higher than the average cryptocurrency enthusiast.
legendary
Activity: 1624
Merit: 2481
December 14, 2017, 01:47:15 PM
#23
I've been using armory and my own brain key. (I'll let all of you decide if I'm a fool or not). But as the password has over 100 characters I'm fairly confident that,at over 10^130, that it's safe.

Your 'brain key' contains 'over 100 characters' and its at about 10^130, interesting.
It seems like you are using a set of 10 characters and a set of 130. Thats pretty unefficient..
Why not using a set of 62 character (a-z,A-Z,0-9) and only a length of 72 with the same entropy?

Oh.. and did you already know that bitcoin private keys are taken out of a 2^160 pool ? Thats about 10^48.
Compared to your 10^130 thats pretty weak Sad  You can be proud to have a password which is massively stronger than the thing it protects.
Since in this scenario it is easier to crack btc and as we all know bitcoin can't be broken, such a long password may be a bit (?) paranoid, but i'll let you decide.
newbie
Activity: 10
Merit: 0
December 14, 2017, 12:38:00 PM
#22
Hardware wallets are the most trustworthy among all types of bitcoin wallets. However, a large amount of bitcoin is always unsafe. So be careful.
hero member
Activity: 994
Merit: 513
December 13, 2017, 07:07:39 PM
#21
This is a question I asked myself recently as well. And refering to open source code doesn't completely solve the question, because the main attack vector I see, if a hardware wallet manufacturer would want to access customers funds, would be a bad random number generator.

I don't know how trezor and ledger generate their privkeys, though. Does anybody have any insight in that?
member
Activity: 325
Merit: 26
December 12, 2017, 04:14:43 PM
#20
Seems most of the people responding here didn't bother to read about subliminal channels before giving their 2c of wisdom.  

It looks like covert messages can be embedded in the signature itself.  This would be bad. Real bad.  

My simpleton solution would be to use paper wallets and sign transactions offline with a vetted copy of something like coinb.in where you can review the code line by line to verify that "k" is not being gamed.

Thoughts, smart people?



If there is a keylogger installed by the manufacturer in your brand-new desktop then you're SOL using any computer. I suppose there needs to be trust somewhere. But thanks for coinb.in - it looks very interesting. I've been using armory and my own brain key. (I'll let all of you decide if I'm a fool or not). But as the password has over 100 characters I'm fairly confident that,at over 10^130, that it's safe.

And, continuing down the paranoid road - I'm using a raspberry pi. Hmmm maybe I ought to worry about a keylogger there as well.

newbie
Activity: 4
Merit: 0
December 11, 2017, 11:38:25 AM
#19
Quote
These hardware wallets which are very popular among the community today; Trezor and Ledger more specifically are seen as gods gift among the community and everyone believes they are 100% safe. But, can we really trust those behind the development?

That is why I decided to replace my Ledger Nano S with the latest Trezor T. Trezor software is open-source so everyone can check if the code is bug-free or if there are any backdoors. Ledger devices are based on secure elements which have limited space and capabilities and most importantly, we can't see what happens inside it. Also, Ledger has started working with Intel which is known for problems with Intel Management Engine. I don't trust developers, I trust community that checks the code provided by them.

I'm not really taking about the code which is being used. Although, the code is open source and I do support open source software I'm more concerned about the hardware which is almost undetectable by the average user of Bitcoin.

Code can be checked because it's extracting information which uses CPU and you can monitor via your computer. But hardware isn't that straight forward.
newbie
Activity: 21
Merit: 2
December 10, 2017, 11:56:46 AM
#18
Seems most of the people responding here didn't bother to read about subliminal channels before giving their 2c of wisdom. 

It looks like covert messages can be embedded in the signature itself.  This would be bad. Real bad. 

My simpleton solution would be to use paper wallets and sign transactions offline with a vetted copy of something like coinb.in where you can review the code line by line to verify that "k" is not being gamed.

Thoughts, smart people?

legendary
Activity: 1624
Merit: 2481
December 09, 2017, 03:24:01 AM
#17
These hardware wallets which are very popular among the community today; Trezor and Ledger more specifically are seen as gods gift among the community and everyone believes they are 100% safe. But, can we really trust those behind the development? Can we trust that the government haven't got their hands in things?

You don't really have to trust someone. You can verify everything by yourself because the 'important' parts of the wallets are open source
and therefore accessable by everyone who has access to the internet. To verify the hardware isn't as easy as verifying the software, but you can
still compare which chips are built-in and (theoretically) 'reproduce' it on an emulator? I mean, this second step is only for extremely paranoid people.
But this still could be an exaggerated option. 

Ultimately, I would like some discussion on the safety of using hardware wallets specifically or generating/importing/exporting private keys on them.

Hardware wallets are kinda made for generating private keys (randomly).
But you shouldn't be able to import/export private keys into/from a hardware wallet. Such a private key should be looked at as compromised.
Therefore, to guarantee the integrity and confidentality of your keys they only can (and should) be generated on your HW device.
full member
Activity: 378
Merit: 197
December 08, 2017, 05:55:24 PM
#16
according to https://www.cnet.com/news/keylogger-discovered-on-some-hp-laptops-conexant/. Either way, this is why I support open-source software. Everything is up for review, so you know exactly what you're getting into. I have stopped trusting Windows for some time now, opting for Linux for more sensitive activites, and this just proves I'm right.
Have you ever tried to read the source code of Linux? There is so much code that it is pretty impossible to go through that. I would not be surprised if there were some surprises hidden in there too. NSA could have some programmers "contributing" to developing Linux, who could know. A well designed "bug" could be all that they want.

But I too trust Linux much more than windows, which really is spying its users.

Quote from: jseverson
As for hardware wallets, I have to be honest that I have no idea how they work internally, but the fact that they have been completely safe thus far suggests that they're quite trustworthy. There are probably some out there that houses hundreds of thousands of coins. But then again, there are only no incidents until there has been an incident, so that could change in a hurry. I personally still trust them because it's not like they're running on some kind of freemium model, but that's just me.
I trust hw-wallets too, but there could always be a bug in them too. Paper wallets are safer, if the key has been made with a good RNG.
full member
Activity: 238
Merit: 108
December 08, 2017, 04:41:20 PM
#15
Hard wallets so far are good way to kep your bitcoins unlike online wallets it can't be hack or stolen the only problem maybe is how you will keep it in a place that no one can steal it. But one issue you must take in is that regardless of what wallet you are goin to take crypto currency as its nature is too risky so whether you have better wallets if the price of cryptos suddenly fall back chances are you can still lose everything in an instant
full member
Activity: 896
Merit: 108
December 08, 2017, 04:28:38 PM
#14
I think these hardware wallets are trusted because I haven't heard any complaint from a person who owns it that they've had problems or were ever hacked when they stored their coins, so most probably they are very reliable.

besides, wallet hardware can hardly be hacked because your private key is stored offline.
so this wallet is safe enough to be used to store digital coins. however, the price is rather expensive.
full member
Activity: 406
Merit: 109
December 08, 2017, 04:20:19 PM
#13
any word on keeper's key or the third popular one after nano and trezor ?
sr. member
Activity: 700
Merit: 250
December 08, 2017, 04:10:11 PM
#12
I think these hardware wallets are trusted because I haven't heard any complaint from a person who owns it that they've had problems or were ever hacked when they stored their coins, so most probably they are very reliable.
hero member
Activity: 812
Merit: 500
December 08, 2017, 04:08:06 PM
#11
Hard wallets make it nearly impossible to hack
bitcoins and I have not heard of a single case
where a person's hard wallet was hacked unless
he forgot its private key.

Other than that hard wallets are the best and
secure medium for bitcoin storage.
You are somewhat correct. If there were any hacks involving a Hardware wallet then it would most likely be an inside job from the company that built that wallet.
sr. member
Activity: 756
Merit: 253
December 08, 2017, 04:02:02 PM
#10
Quote
These hardware wallets which are very popular among the community today; Trezor and Ledger more specifically are seen as gods gift among the community and everyone believes they are 100% safe. But, can we really trust those behind the development?

That is why I decided to replace my Ledger Nano S with the latest Trezor T. Trezor software is open-source so everyone can check if the code is bug-free or if there are any backdoors. Ledger devices are based on secure elements which have limited space and capabilities and most importantly, we can't see what happens inside it. Also, Ledger has started working with Intel which is known for problems with Intel Management Engine. I don't trust developers, I trust community that checks the code provided by them.

Exactly, Trezor is very reliable and open source, it makes it have more room for development and improvements. I recently forked out 150$ for one and i think it's worth my investment because i've started taking my bitcoin saving seriously due to the astronomical rate at which it is rising in value.
Pages:
Jump to: