Pages:
Author

Topic: Do you REALLY trust hardware wallets? - page 3. (Read 864 times)

sr. member
Activity: 518
Merit: 268
March 11, 2018, 04:51:23 PM
#22
... Armory+cheapo computer...

It's a hardware wallet with even better security and validity, but at a fraction of the cost.
Until you factor in the need for a (non-pruned) full node required for the online portion of your Armory setup and the space/bandwidth requirements that involves.

As opposed to plugging a HW wallet into your cheapo computer (or even your mobile phone with a $2 OTG cable).

There are pros/cons to both setups... but honestly, I believe HW wallets made air-gapped offline/online two computer setups pretty much obsolete.
You're right, although HDD space has become relatively cheap lately. But I believe Electrum also offers the same functionality (offline signer) without the need for a full node, I just prefer Armory. I'm lucky to have my full node running at my parents home with 300Mbps internet. Maybe I'm just a little too paranoid.
member
Activity: 302
Merit: 15
March 11, 2018, 04:33:07 PM
#21
Nothing is bulletproof. Especially centralization for ex. Ledger Nano S or Binance where there is mass adoption it's never good.
I believe you always find a good one that is not having too much attention. I mean eventually, hardware wallets are more secure than any other wallets I believe but everything is safe until hacked right? So I guess it can be all about time, either just spread it in a few wallets or choose always the second alternative or something like that. The best solution is: do not keep all your eggs in one basket, that's very simple and up to you.
Probably no strong hardware wallet such as Ledger Nano S will be hacked or somehow lose balance but even if there's a chance of 0.0000001% and you are very worried then that's your solution.
HCP
legendary
Activity: 2086
Merit: 4363
March 11, 2018, 04:25:37 PM
#20
... Armory+cheapo computer...

It's a hardware wallet with even better security and validity, but at a fraction of the cost.
Until you factor in the need for a (non-pruned) full node required for the online portion of your Armory setup and the space/bandwidth requirements that involves.

As opposed to plugging a HW wallet into your cheapo computer (or even your mobile phone with a $2 OTG cable).

There are pros/cons to both setups... but honestly, I believe HW wallets made air-gapped offline/online two computer setups pretty much obsolete.
sr. member
Activity: 518
Merit: 268
March 11, 2018, 01:17:48 PM
#19
I don't really trust hardware wallets, that's why I don't own one. My main reason is the lack of open-source for example, Ledger wallet is only partial open-source. That means that there is still some code running on the hardware that you can't verify. Besides that, they are quite expensive compared to air-gapped machines that only require an old PC. I have more fate in a computer, without internet capability running a wallet compiled from source (Armory) than pre-configured hardware. Armory allows you to sign transactions on your air-gapped machine and managing your wallet on an online PC without sign access (watching-only).
They certainly add a level of convenience, especially for all of the coins the support.
That's is certainly a benefit for people who store altcoins. But for my personal situation not, as I only store Bitcoin and some Litecoin.

Also, a ledger nano s for example is much cheaper than any laptop/very cheap desktop you'd find, I don't think it's fair to assume that everybody would have an old computer lying around.
Even the old computers that schools have, will run an offline version of Armory. I bet you can get these for less than 10 bucks on a flea market or elsewhere. Also Armory has support for single board computers like the Raspberry Pi, that can be bought for $25. It's a hardware wallet with even better security and validity, but at a fraction of the cost.

Hardware wallets are somewhere between airgapped computers and encrypted wallet files.
It definitely is, but I don't trust it as much as a self-compiled software.


hero member
Activity: 761
Merit: 606
March 10, 2018, 02:52:18 PM
#18
For me a "no brainer" while we all have a watch and wait attitude on hardware wallets, to make sure and use BIP extensions/passwords on all your hardware wallets.  Remember that NO hardware wallet can store passphrases so even if they "fall" in the future your coins would still be safe.  I still trust my Trezors but have always decided to use long and strong passphrases on all my wallets in addition.  Recommend you all do the same!
hero member
Activity: 854
Merit: 658
rgbkey.github.io/pgp.txt
March 10, 2018, 02:41:20 PM
#17
I don't really trust hardware wallets, that's why I don't own one. My main reason is the lack of open-source for example, Ledger wallet is only partial open-source. That means that there is still some code running on the hardware that you can't verify. Besides that, they are quite expensive compared to air-gapped machines that only require an old PC. I have more fate in a computer, without internet capability running a wallet compiled from source (Armory) than pre-configured hardware. Armory allows you to sign transactions on your air-gapped machine and managing your wallet on an online PC without sign access (watching-only).

Hardware wallets are somewhere between airgapped computers and encrypted wallet files. They certainly add a level of convenience, especially for all of the coins the support.

Also, a ledger nano s for example is much cheaper than any laptop/very cheap desktop you'd find, I don't think it's fair to assume that everybody would have an old computer lying around.
sr. member
Activity: 518
Merit: 268
March 10, 2018, 01:35:08 PM
#16
I don't really trust hardware wallets, that's why I don't own one. My main reason is the lack of open-source for example, Ledger wallet is only partial open-source. That means that there is still some code running on the hardware that you can't verify. Besides that, they are quite expensive compared to air-gapped machines that only require an old PC. I have more fate in a computer, without internet capability running a wallet compiled from source (Armory) than pre-configured hardware. Armory allows you to sign transactions on your air-gapped machine and managing your wallet on an online PC without sign access (watching-only).
legendary
Activity: 3472
Merit: 10611
March 08, 2018, 11:17:16 PM
#15
~ Nothing is 100% and eternally foolproof. ~

you said it yourself Tongue
nothing, and that means literary nothing is 100% foolproof. even bitcoin isn't. maybe some day people could find a way to reverse ECDSA and when you put your public key on the blockchain inside of your transaction they could figure out your private key in reverse. (it is not possible and the math says it won't happen but you know...).

so in the end it all comes down to risk management in my opinion.
this, for me, means how much i am willing to risk in that particular thing. for example how much money i am willing to invest in bitcoin. then how much of that bitcoin i am willing to put in my hot wallet, in my hardware wallet, in a paper wallet, in my exchange account for trading, in an altcoin, ...
HCP
legendary
Activity: 2086
Merit: 4363
March 08, 2018, 06:37:12 PM
#14
There seems to have been quite a lot of "back and forth" between Saleem (@spudowiar) and Ledger...

Ledger claiming he has blown everything out of proportion... Saleem claiming Ledger didn't take things seriously enough... Ledger claim that a very particular set of circumstances needed to have occurred for the vulnerability to be exploited (physical access BEFORE seed generation, custom MCU, malware on PC etc)... Saleem seems to indicate otherwise but offers no details due to "responsible disclosure".

I guess we wait until March 20th for the full technical details to be released. Undecided

In the meantime, I guess the message is "update to firmware 1.4.1"
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
March 08, 2018, 05:53:33 AM
#13
So Ledger are releasing a soon to be mandatory update for the Nano S.

The reason is hinted at here - https://twitter.com/spudowiar/status/970977060134023168

I've read elsewhere that physical access is required for any issues so everyone should be fine.

However I can only imagine the amount of problems that pop up will increase as the amount of money lurking on hardware wallets accelerates. The incentives are just too enormous.

I'm nowhere near savvy enough to know whether something is coded well but I have faith in the creators and coders to do their best to stay on top of things, however there's no shortage of dodgy people with matching skills who'll go all out to beat them and it could a finely balanced race.

Will you choose to keep the faith no matter what happens or regress to things like paper wallets if more weirdness emerges?

As can be read in this tweet,spudowiar has been discovered a potential issues in Ledger which may couse "compromised recovery seed generation or private key extraction".He claim this is a serious issue and that he will reveal full technical data on 20 March in order ti give users time to update.

I think that he found something pretty seriously,and proof is that Ledger is released new firmware after that.So we need to wait till 20 March and hope to get full information about this safety problem.

When it comes to safety of my coins I can say I do not trust anyone or anything,nothing is 100% safe.But it is much easier to lose coins in online wallets/exchanges or even desktop wallet,so best way to keep them safe is hardware wallet or for long term holding paper wallet which must be made in 100% safe environment and stored in extra safe place.
newbie
Activity: 6
Merit: 0
March 08, 2018, 04:28:34 AM
#12
Hi there,

I am quite new to this forum and crypto world. I have so far invested a smaller amount of money but would like to go bit further. My big concern however is the security. After watching several videos on youtube of guys telling how their lost their money I am a bit petrified. I am not a geek so I am not sure what to do in order to protect my funds.

Are you guys saying Trezor is the best?

I'm certainly not qualified to say which is the best. I prefer using the Trezor. It seems a lot more user friendly to me. Others may disagree. Much may depend on which coins you want to store. Ledger currently stores plenty more.

Thanks gentlemand,

I have just found this, which seems a brilliant idea and good solution:

https://bitcointalksearch.org/topic/ico-hodler-hardware-wallet-payment-terminal-top100-coins-tokens-3070336

but this is in the ico stage now, so will have to wait for the product Sad


That looks like a terrible hardware wallet that is only in concept stage with many design flaws thought up only to find a bullshit reason to have an "ICO" and make money. I would not trust a cent with a "hardware wallet" that can connect to the internet and has a built-in GPS.
Agree. I read a little bit in that thread. I see how LoyceV and DarkStar_ point the flaws. I stopped reading since I think it is clear enough. Glad that we have these guys in the forum.

I also think that this is an ICO that wishes to gather a lot of money, launch it in an exchange. Until they dried it up, they will leave the project behind or if they really are serious then they are not knowledgeable enough to do this.

@CryptoKr You better rethink it, carefully.

Thanks gentlemand again. The guys you have mentioned just attacked me in the other topic, so it is good to know that not everyone is like them. I will get Trezor for now and hope that something better will show up on the market soon.
hero member
Activity: 994
Merit: 507
March 07, 2018, 10:44:27 PM
#11
Hi there,

I am quite new to this forum and crypto world. I have so far invested a smaller amount of money but would like to go bit further. My big concern however is the security. After watching several videos on youtube of guys telling how their lost their money I am a bit petrified. I am not a geek so I am not sure what to do in order to protect my funds.

Are you guys saying Trezor is the best?

I'm certainly not qualified to say which is the best. I prefer using the Trezor. It seems a lot more user friendly to me. Others may disagree. Much may depend on which coins you want to store. Ledger currently stores plenty more.

Thanks gentlemand,

I have just found this, which seems a brilliant idea and good solution:

https://bitcointalksearch.org/topic/ico-hodler-hardware-wallet-payment-terminal-top100-coins-tokens-3070336

but this is in the ico stage now, so will have to wait for the product Sad


That looks like a terrible hardware wallet that is only in concept stage with many design flaws thought up only to find a bullshit reason to have an "ICO" and make money. I would not trust a cent with a "hardware wallet" that can connect to the internet and has a built-in GPS.
Agree. I read a little bit in that thread. I see how LoyceV and DarkStar_ point the flaws. I stopped reading since I think it is clear enough. Glad that we have these guys in the forum.

I also think that this is an ICO that wishes to gather a lot of money, launch it in an exchange. Until they dried it up, they will leave the project behind or if they really are serious then they are not knowledgeable enough to do this.

@CryptoKr You better rethink it, carefully.
hero member
Activity: 854
Merit: 658
rgbkey.github.io/pgp.txt
March 07, 2018, 04:27:10 PM
#10
Hi there,

I am quite new to this forum and crypto world. I have so far invested a smaller amount of money but would like to go bit further. My big concern however is the security. After watching several videos on youtube of guys telling how their lost their money I am a bit petrified. I am not a geek so I am not sure what to do in order to protect my funds.

Are you guys saying Trezor is the best?

I'm certainly not qualified to say which is the best. I prefer using the Trezor. It seems a lot more user friendly to me. Others may disagree. Much may depend on which coins you want to store. Ledger currently stores plenty more.

Thanks gentlemand,

I have just found this, which seems a brilliant idea and good solution:

https://bitcointalksearch.org/topic/ico-hodler-hardware-wallet-payment-terminal-top100-coins-tokens-3070336

but this is in the ico stage now, so will have to wait for the product Sad


That looks like a terrible hardware wallet that is only in concept stage with many design flaws thought up only to find a bullshit reason to have an "ICO" and make money. I would not trust a cent with a "hardware wallet" that can connect to the internet and has a built-in GPS.
newbie
Activity: 6
Merit: 0
March 07, 2018, 04:22:26 PM
#9
Hi there,

I am quite new to this forum and crypto world. I have so far invested a smaller amount of money but would like to go bit further. My big concern however is the security. After watching several videos on youtube of guys telling how their lost their money I am a bit petrified. I am not a geek so I am not sure what to do in order to protect my funds.

Are you guys saying Trezor is the best?

I'm certainly not qualified to say which is the best. I prefer using the Trezor. It seems a lot more user friendly to me. Others may disagree. Much may depend on which coins you want to store. Ledger currently stores plenty more.

Thanks gentlemand,

I have just found this, which seems a brilliant idea and good solution:

https://bitcointalksearch.org/topic/ico-hodler-hardware-wallet-payment-terminal-top100-coins-tokens-3070336

but this is in the ico stage now, so will have to wait for the product Sad
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
March 07, 2018, 03:24:30 PM
#8
Hi there,

I am quite new to this forum and crypto world. I have so far invested a smaller amount of money but would like to go bit further. My big concern however is the security. After watching several videos on youtube of guys telling how their lost their money I am a bit petrified. I am not a geek so I am not sure what to do in order to protect my funds.

Are you guys saying Trezor is the best?

I'm certainly not qualified to say which is the best. I prefer using the Trezor. It seems a lot more user friendly to me. Others may disagree. Much may depend on which coins you want to store. Ledger currently stores plenty more.
newbie
Activity: 6
Merit: 0
March 07, 2018, 02:45:21 PM
#7
Hi there,

I am quite new to this forum and crypto world. I have so far invested a smaller amount of money but would like to go bit further. My big concern however is the security. After watching several videos on youtube of guys telling how their lost their money I am a bit petrified. I am not a geek so I am not sure what to do in order to protect my funds.

Are you guys saying Trezor is the best?
member
Activity: 340
Merit: 15
March 06, 2018, 03:28:09 PM
#6
I have used Ledger Nano S for quite a long time but I decided to sell due to some technical problems and their Secure Element started to bother me. Security by obscurity is not necessarily the best idea. Even though, I can't read most of TREZOR's firmware code, I trust people in the industry who had checked the code to see whether or not there are any backdoors or simple security holes.

And the thing that worries me a tad are all of the yet to be discovered issues waiting to be uncovered, not the existing integrity of their setups. Nothing is 100% and eternally foolproof. If there's some complexity it's likely there's something in there waiting to be exploited that hasn't been accounted for.

What do you think is better? Less chances for critical vulnerability to exist and nobody can check the code to detect it or being able to see the code and eventually discover the vulnerability after some time.
So you are essentially saying to put more trust into Trezor than this one from their issues with security audits in the past?
hero member
Activity: 3150
Merit: 636
DGbet.fun - Crypto Sportsbook
March 06, 2018, 03:03:58 PM
#5
Great! I've been looking for this type of thread as I've posted a thread about the update of firmware of nano s. ( Ledger Nano S firmware update 1.4.1 )

This guy gained a lot of attention and it made me paranoid after someone shared his tweet about nano s.

I'm not also savvy at all with these things but the Ledger's Ceo has spoken https://www.reddit.com/r/ledgerwallet/comments/82fndi/psa_dont_panic_but_assume_the_device_is/dv9wnlb/ this helped me and I can sleep well tonight.

We'll see where this goes.

Will you choose to keep the faith no matter what happens or regress to things like paper wallets if more weirdness emerges?
If something went wrong and there will be reports that their funds are stolen after this update, I'll jump to paper wallet or back to desktop wallet.
legendary
Activity: 1876
Merit: 3139
March 06, 2018, 02:44:45 PM
#4
I have used Ledger Nano S for quite a long time but I decided to sell due to some technical problems and their Secure Element started to bother me. Security by obscurity is not necessarily the best idea. Even though, I can't read most of TREZOR's firmware code, I trust people in the industry who had checked the code to see whether or not there are any backdoors or simple security holes.

And the thing that worries me a tad are all of the yet to be discovered issues waiting to be uncovered, not the existing integrity of their setups. Nothing is 100% and eternally foolproof. If there's some complexity it's likely there's something in there waiting to be exploited that hasn't been accounted for.

What do you think is better? Less chances for critical vulnerability to exist and nobody can check the code to detect it or being able to see the code and eventually discover the vulnerability after some time.
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
March 06, 2018, 02:38:37 PM
#3
You can check the source code of the hardware wallet applications for the Ledger, and inspect the firmware source code of the Trezor.
Also you are in possession of the hardware itself so you can break it down and tinker with it to your satisfaction to check if it's broken or not.

It's a wonderful idea but most people, including myself, are clueless about this stuff.

And the thing that worries me a tad are all of the yet to be discovered issues waiting to be uncovered, not the existing integrity of their setups. Nothing is 100% and eternally foolproof. If there's some complexity it's likely there's something in there waiting to be exploited that hasn't been accounted for.
Pages:
Jump to: