Pages:
Author

Topic: Do you REALLY trust hardware wallets? - page 2. (Read 864 times)

full member
Activity: 621
Merit: 108
April 17, 2018, 04:50:34 PM
#42
Can't see it posted here before, so read and think - https://krebsonsecurity.com/wp-content/uploads/2018/03/ledgerattack.pdf
There was a whole thread devoted to it here: https://bitcointalksearch.org/topic/breaking-the-ledger-security-model-3167854 (including a link to the original blog post by the original author Saleem Rashid)

In any case, the vulnerability has been patched according to Ledger as of the latest firmware. Again, it just highlights the fact that NO solution is 100% secure...

Thanks for pointing out the right thread to me. Time to do more reading on the subject Smiley
legendary
Activity: 1624
Merit: 2481
April 17, 2018, 12:54:58 PM
#41
MEW is not secured as you think every time you open your MEW wallet you need to copy paste your private key from time to time to open your wallet online. So if your computer is infected with malware and viruses any time soon thief can get your copy pasted private key history and stole all of your altcoins and ERC20 token.

MEW is just as secured as any other online wallet is (wether it is blockchain.info, coinbase, etc..  doesnt matter).
With an compromised PC the only (relatively) secure way of accessing coins is to use a hardware wallet.
I would never consider to use a web- or desktop wallet on an infected PC.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
April 17, 2018, 12:48:14 PM
#40
We don't have second option because its much secure than MEW or any other online wallet.
MEW is only for altcoin, unlike hardware wallets like ledger nano s and trezor wallets support almost all cryptocurrencies including bitcoin and ethereum.

MEW is not secured as you think every time you open your MEW wallet you need to copy paste your private key from time to time to open your wallet online. So if your computer is infected with malware and viruses any time soon thief can get your copy pasted private key history and stole all of your altcoins and ERC20 token.

Unlike hardware wallets that they can protect and hide your private keys and before they can transfer any coins from your hardware wallet, it will ask for a pin that you can only be the one can open your hardware wallet.
newbie
Activity: 155
Merit: 0
April 17, 2018, 07:06:14 AM
#39
We don't have second option because its much secure than MEW or any other online wallet.
HCP
legendary
Activity: 2086
Merit: 4363
April 17, 2018, 06:34:31 AM
#38
Can't see it posted here before, so read and think - https://krebsonsecurity.com/wp-content/uploads/2018/03/ledgerattack.pdf
There was a whole thread devoted to it here: https://bitcointalksearch.org/topic/breaking-the-ledger-security-model-3167854 (including a link to the original blog post by the original author Saleem Rashid)

In any case, the vulnerability has been patched according to Ledger as of the latest firmware. Again, it just highlights the fact that NO solution is 100% secure...
full member
Activity: 621
Merit: 108
April 17, 2018, 04:34:11 AM
#37
Can't see it posted here before, so read and think - https://krebsonsecurity.com/wp-content/uploads/2018/03/ledgerattack.pdf
newbie
Activity: 96
Merit: 0
April 15, 2018, 02:57:13 AM
#36
Not totally but it's more reliable than anything in the crypto space.
legendary
Activity: 2926
Merit: 1386
April 13, 2018, 11:25:05 PM
#35
I don't really trust hardware wallets, that's why I don't own one. My main reason is the lack of open-source for example, Ledger wallet is only partial open-source. That means that there is still some code running on the hardware that you can't verify. Besides that, they are quite expensive compared to air-gapped machines that only require an old PC. I have more fate in a computer, without internet capability running a wallet compiled from source (Armory) than pre-configured hardware. Armory allows you to sign transactions on your air-gapped machine and managing your wallet on an online PC without sign access (watching-only).
They certainly add a level of convenience, especially for all of the coins the support.
That's is certainly a benefit for people who store altcoins. But for my personal situation not, as I only store Bitcoin and some Litecoin.

Also, a ledger nano s for example is much cheaper than any laptop/very cheap desktop you'd find, I don't think it's fair to assume that everybody would have an old computer lying around.
Even the old computers that schools have, will run an offline version of Armory. I bet you can get these for less than 10 bucks on a flea market or elsewhere. Also Armory has support for single board computers like the Raspberry Pi, that can be bought for $25. It's a hardware wallet with even better security and validity, but at a fraction of the cost.
.....

Support for Armory has been weak for the OS X for some time, and future support for the MS version is not certain.

However, note that Armory supports regeneration using a keyword sequence. And that page you print out can have an encryption key.
So there is really no reason for the old PC, right?

Yesterday's computers likely will not work on tomorrow's database.

Armory requires a full copy of the CORE database, so the "old PC" will need something > 200 GB available. Since the CORE database is growing, any reasonable projection for the storage needs after say 5 years is what, maybe 500-800 GB?
HCP
legendary
Activity: 2086
Merit: 4363
April 13, 2018, 09:48:30 PM
#34
This thread gave me the willies a bit.

https://bitcointalksearch.org/topic/scammed-ledger-nano-s-3290558

Due to a technical problem with BCH Ledger rerouted this guy's tx and didn't tell him. He thought it was lost.
It is impossible for Ledger to "reroute" a transaction... once a transaction is signed, it cannot be modified without breaking the signature and rendering the transaction invalid. You can't change the destination. The real issue was the user simply not understanding what was happening and freaking out.

The actual cause of the problem was the new BCH node software released in preparation for the upcoming fork... it was incompatible with the Ledger wallet software and meant that the Ledger wallet software was simply not displaying transactions and balances correctly. Ledger had to re-index the entire BCH blockchain so that their system could find all the appropriate transactions when a users wallet would request the information via the API.

Note that no funds were in danger of being lost... they were just temporarily unable to be displayed.

It's like your email app being unable to connect and/or talk to the email server correctly... end result, your emails are still there... you just can't see them.
full member
Activity: 826
Merit: 111
April 12, 2018, 01:18:59 PM
#33


I dont have an experience in hardware wallets. But i will try to use but not now, but i heard that hardware wallets is very safe to use. Some people are told Ledger Nano wallet is good to use. This wallet is more secure and easy to use.Ledger Nano is adopted by all devices. The ledger has excellent support for many cryptocurrencies
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
April 12, 2018, 01:14:11 PM
#32
This thread gave me the willies a bit.

https://bitcointalksearch.org/topic/scammed-ledger-nano-s-3290558

Due to a technical problem with BCH Ledger rerouted this guy's tx and didn't tell him. He thought it was lost.
member
Activity: 420
Merit: 19
April 01, 2018, 09:12:26 AM
#31

Not yet have an experience with hardware wallet as i fine Nano has been the best hardware wallet amongst others. Its more secured and much friendly and adaptive to use from one place to other places and is adaptive to any device. Let me try it bit later as my earnings are much low
legendary
Activity: 2926
Merit: 1386
March 17, 2018, 11:01:10 PM
#30
Nothing is bulletproof. Especially centralization for ex. Ledger Nano S or Binance where there is mass adoption it's never good.
I believe you always find a good one that is not having too much attention. I mean eventually, hardware wallets are more secure than any other wallets I believe but everything is safe until hacked right? So I guess it can be all about time, either just spread it in a few wallets or choose always the second alternative or something like that. The best solution is: do not keep all your eggs in one basket, that's very simple and up to you.
Probably no strong hardware wallet such as Ledger Nano S will be hacked or somehow lose balance but even if there's a chance of 0.0000001% and you are very worried then that's your solution.

There are a number of ways to lose coins, not just hacking.

These have been detailed in help requests but briefly, wallet gets corrupted, passcode gets lost, hard drive problems, coming back to it after a couple years, nothing works, etc.

I have some difficulty in believing that a hardware wallet is any better than an encrypted wallet.dat file on a thumb drive or two, or somehow more reliable than a paper wallet.  One thing to keep in mind is to not mix complexity with long term storage.

What then is complexity? It could be Bitcoin core with a full database, it could be an encrypted wallet.dat on an encrypted thumb drive. It could be a Trezor with a secondary hidden file structure.

Could be a number of things, but simplicity is highly related to long term reliability.
HCP
legendary
Activity: 2086
Merit: 4363
March 14, 2018, 07:43:31 AM
#29
Exactly, if Bitcoin Core isn't setup with "listen=1" or the "allow incoming connections" GUI option, you're not really doing anything running a wallet and sponging data from actual full nodes...

If you want to support the Bitcoin network, you must allow inbound connections.

When Bitcoin Core starts, it establishes 8 outbound connections to other full nodes so it can download the latest blocks and transactions. If you just want to use your full node as a wallet, you don’t need more than these 8 connections—but if you want to support lightweight clients and other full nodes on the network, you must allow inbound connections.
legendary
Activity: 3472
Merit: 10611
March 14, 2018, 01:59:46 AM
#28
Most people will indeed experience 3+ days synchronization, for me I think it was less. But I don't use this setup because it's portable, but rather because it's reliability. Don't get my wrong, hardware wallet are a very good choice as a wallet, but I prefer to do it myself and also to contribute to decentralization.

I understand your point of view. I was also thinking of setting up a node which would run 24/7, but I'm still not sure whether do it at home or rent a dedicated server for it. Also, you can mix both full node and hardware wallet. TREZOR, for example, allows you to use Insight which you can setup on your own machine. The same thing goes for Electrum, it's great that we have so many options to choose from.
That's a nice feature, I personally feel that hosting your own node it worth it. You're not only helping to decentralization but you also have more independent security. In SPV mode you rely on being able to connect to at least one honest node and that's solved by running your own.

it is worth mentioning that just running a full node is not always equal to helping the network and decentralization. not exactly anyways.
you will help the network only if you are accepting connections, relaying blocks and transactions. but sometimes people who run a full node only sync with the network (download the blocks) and don't accept any connection and don't give anything.
sr. member
Activity: 1081
Merit: 309
I love technology.
March 13, 2018, 10:42:37 AM
#27
Most people will indeed experience 3+ days synchronization, for me I think it was less. But I don't use this setup because it's portable, but rather because it's reliability. Don't get my wrong, hardware wallet are a very good choice as a wallet, but I prefer to do it myself and also to contribute to decentralization.

I understand your point of view. I was also thinking of setting up a node which would run 24/7, but I'm still not sure whether do it at home or rent a dedicated server for it. Also, you can mix both full node and hardware wallet. TREZOR, for example, allows you to use Insight which you can setup on your own machine. The same thing goes for Electrum, it's great that we have so many options to choose from.
That's a nice feature, I personally feel that hosting your own node it worth it. You're not only helping to decentralization but you also have more independent security. In SPV mode you rely on being able to connect to at least one honest node and that's solved by running your own.

Agreed,

I am so torn when it comes to wallets and hardware wallets. I think there is going to a big wakeup call for many users when not using a hardware wallet. It's definitely the safest option right now for daily use.
sr. member
Activity: 518
Merit: 268
March 13, 2018, 09:53:03 AM
#26
Most people will indeed experience 3+ days synchronization, for me I think it was less. But I don't use this setup because it's portable, but rather because it's reliability. Don't get my wrong, hardware wallet are a very good choice as a wallet, but I prefer to do it myself and also to contribute to decentralization.

I understand your point of view. I was also thinking of setting up a node which would run 24/7, but I'm still not sure whether do it at home or rent a dedicated server for it. Also, you can mix both full node and hardware wallet. TREZOR, for example, allows you to use Insight which you can setup on your own machine. The same thing goes for Electrum, it's great that we have so many options to choose from.
That's a nice feature, I personally feel that hosting your own node it worth it. You're not only helping to decentralization but you also have more independent security. In SPV mode you rely on being able to connect to at least one honest node and that's solved by running your own.
legendary
Activity: 1876
Merit: 3139
March 12, 2018, 04:58:28 PM
#25
Most people will indeed experience 3+ days synchronization, for me I think it was less. But I don't use this setup because it's portable, but rather because it's reliability. Don't get my wrong, hardware wallet are a very good choice as a wallet, but I prefer to do it myself and also to contribute to decentralization.

I understand your point of view. I was also thinking of setting up a node which would run 24/7, but I'm still not sure whether do it at home or rent a dedicated server for it. Also, you can mix both full node and hardware wallet. TREZOR, for example, allows you to use Insight which you can setup on your own machine. The same thing goes for Electrum, it's great that we have so many options to choose from.
sr. member
Activity: 518
Merit: 268
March 12, 2018, 04:48:21 PM
#24
You're right, although HDD space has become relatively cheap lately. But I believe Electrum also offers the same functionality (offline signer) without the need for a full node, I just prefer Armory. I'm lucky to have my full node running at my parents home with 300Mbps internet. Maybe I'm just a little too paranoid.

Using HDD and a full node setup has also some disadvantages. Almost everyone here experienced the pain of 3 days long synchronization, hardware wallets are ready to go once you plug them into your computer. HDD setup is less portable, it takes some time for a full node to start and then check if there were any new block found. Usually, full nodes run 24/7 but my point is that you are not able to use them instantly on the go. There is nothing wrong with being too careful.
Most people will indeed experience 3+ days synchronization, for me I think it was less. But I don't use this setup because it's portable, but rather because it's reliability. Don't get my wrong, hardware wallet are a very good choice as a wallet, but I prefer to do it myself and also to contribute to decentralization.
legendary
Activity: 1876
Merit: 3139
March 12, 2018, 03:30:13 PM
#23
You're right, although HDD space has become relatively cheap lately. But I believe Electrum also offers the same functionality (offline signer) without the need for a full node, I just prefer Armory. I'm lucky to have my full node running at my parents home with 300Mbps internet. Maybe I'm just a little too paranoid.

Using HDD and a full node setup has also some disadvantages. Almost everyone here experienced the pain of 3 days long synchronization, hardware wallets are ready to go once you plug them into your computer. HDD setup is less portable, it takes some time for a full node to start and then check if there were any new block found. Usually, full nodes run 24/7 but my point is that you are not able to use them instantly on the go. There is nothing wrong with being too careful.
Pages:
Jump to: