Pages:
Author

Topic: Are Hardware Wallets to be trusted? - page 2. (Read 798 times)

newbie
Activity: 51
Merit: 0
December 08, 2017, 03:13:01 PM
#9
Trusting is the hardest thing in Cryptocurrency world. You can easily be scammed in no time.
I am also searching for a good hardware wallet, but could not find any yet!
hero member
Activity: 938
Merit: 559
Did you see that ludicrous display last night?
December 08, 2017, 03:07:27 PM
#8
But, can we really trust those behind the development? Can we trust that the government haven't got their hands in things?
You don't understand the importance of open source code.  Most major companies' code is closed source, so your average user can't just take a look and see whether the code that they produced is safe.

The hardware wallets require for you to consent to an update, so if an update contains malicious code, it's almost certain that several reputable users will have reviewed the code and publicised the problem.

Therefore, the reputation of the developers (while it is actually very good for TREZOR by the way - they own Slush Pool for example) is pretty much irrelevant in this case.
The more valuable Bitcoin becomes, the harder it is to blindly trust any method of coin storage.
That's why we have offline storage.
member
Activity: 210
Merit: 10
LibertyLance - Where Freelancing Meets Blockchain
December 08, 2017, 02:53:34 PM
#6
Hard wallets make it nearly impossible to hack
bitcoins and I have not heard of a single case
where a person's hard wallet was hacked unless
he forgot its private key.

Other than that hard wallets are the best and
secure medium for bitcoin storage.
sr. member
Activity: 490
Merit: 258
December 05, 2017, 09:08:37 PM
#5
I have read the OP and all I can say is - YES, hardware wallets are safe and could be trusted. I personally recommend Hardware Wallet HW. I've been using it for a year already, and so far I haven't gotten any issues at all. I have a hard plastic card that holds my private keys which makes it impossible for a hack.
newbie
Activity: 60
Merit: 0
December 05, 2017, 09:01:20 PM
#4
The more valuable Bitcoin becomes, the harder it is to blindly trust any method of coin storage.

At one point I'm sure Mt Gox customers trusted the exchange.

The Ledger Nano S plug in for Chrome (Mac) has some holes in it, which has put me on full alert.

FWIW, I spread my coins in many different places to mitigate the risk of any one of them falling over.
hero member
Activity: 1834
Merit: 759
December 05, 2017, 08:35:01 PM
#3
We all know the securityissues with Microsoft and specifically it's privacy concerns. But, I never seen anyone talking about the actual hardware you are using and trusting with your private keys. There's been evidence that previously reputable companies have been spying on it's customers via keyloggers. Just take dell for instance: http://www.zerohedge.com/news/2017-05-12/hp-laptops-discovered-be-spying-users-keylogger

Wow that's disturbing. I read about this a while ago but I thought it was just some statistics gathering software or something. I had no idea it was actually recording keystrokes on an unencrypted file, according to https://www.cnet.com/news/keylogger-discovered-on-some-hp-laptops-conexant/. Either way, this is why I support open-source software. Everything is up for review, so you know exactly what you're getting into. I have stopped trusting Windows for some time now, opting for Linux for more sensitive activites, and this just proves I'm right.

As for hardware wallets, I have to be honest that I have no idea how they work internally, but the fact that they have been completely safe thus far suggests that they're quite trustworthy. There are probably some out there that houses hundreds of thousands of coins. But then again, there are only no incidents until there has been an incident, so that could change in a hurry. I personally still trust them because it's not like they're running on some kind of freemium model, but that's just me.
member
Activity: 67
Merit: 10
December 05, 2017, 08:33:55 PM
#2
I’m probably not one who can answer the question about how safe the hardware wallets are, I don’t know programming or code etc. but the larger companies, Microsoft Apple Samsung, all had to start out as small companies no one knew about but have built trust in the products through time. Although I do agree vigilance is needed that’s why It’s good to have forums like this to bring possible issues to light.
newbie
Activity: 4
Merit: 0
December 05, 2017, 07:45:52 PM
#1
We all know the securityissues with Microsoft and specifically it's privacy concerns. But, I never seen anyone talking about the actual hardware you are using and trusting with your private keys. There's been evidence that previously reputable companies have been spying on it's customers via keyloggers. Just take dell for instance: http://www.zerohedge.com/news/2017-05-12/hp-laptops-discovered-be-spying-users-keylogger

Every time you are importing your private keys, or signing an address you are ultimately trusting the hardware which you are using. Even if you sign/import on a offline computer. You are still trusting the developers of the hardware which you are using. I don't think I'm completely crazy in thinking this is a genuine issue and should at least be discussed. There's been several companies which have spied on it's users through different means; Apple, dell and Microsoft are some of the biggest developers/manufacturers in the world and arguably the most 'trusted' in their field.

These hardware wallets which are very popular among the community today; Trezor and Ledger more specifically are seen as gods gift among the community and everyone believes they are 100% safe. But, can we really trust those behind the development? Can we trust that the government haven't got their hands in things? Please understand I'm not calling out the hardware wallets as scams or anything like that. I actually believe they are very user friendly and are a great storage option for a hot wallet which you need to access somewhat securely regularly.

But, these hardware wallets have been developed and manufactured by less renowned people than the companies mentioned above. Yet they were simply embraced by the community without any questions.

I'm just gong to quote some websites which I believe have concerns about this and hardware wallets too.
Quote from: bitslog
How much do you trust your hardware wallet?

When it comes down to how much you should trust your hardware, an issue that is becoming more popular nowadays, deterministic subliminal channel-free signature schemes seems to offer a great advantage. I’ve come to this conclusion while designing the Firmcoin and analyzing the possible adversaries for a hardware wallet.  Even if you trust your private keys to your hardware wallet, you generally don’t trust it as much as giving the hardware wallet full Internet access. not even wireless communication. You provide the hardware wallet with a transaction to sign, and you get it signed. In the case of a Bitcoin hardware wallet, which uses ECDSA, the best you can have is a subliminal-free but interactive signing protocol, that still poses some risks.

Read more here: https://bitslog.wordpress.com/2014/06/09/deterministic-signatures-subliminal-channels-and-hardware-wallets/

Ultimately, I would like some discussion on the safety of using hardware wallets specifically or generating/importing/exporting private keys on them.
Pages:
Jump to: