Author

Topic: Do you REALLY trust hardware wallets? (Read 864 times)

HCP
legendary
Activity: 2086
Merit: 4363
May 08, 2018, 04:45:15 AM
#62
So as a regular user, are you able to confirm if the transaction history "limit" is still there? Huh

If so, it seems like a strange limit to have... Maybe they should have added pagination to the transaction list if they didn't want to have a super long scrolling list...

Maybe it was to reduce the load on the servers? Not have to worry about retrieving "hundreds" of transactions etc.. Huh
hero member
Activity: 854
Merit: 658
rgbkey.github.io/pgp.txt
Does it still have a limitation on the number of transactions displayed in the transaction history?

Last time I checked, it only displays the 25 most recent transactions and there didn't seem to be a way to either increase this number or show earlier transactions Huh

Not sure. It's clever. I still wouldn't really call it all that user friendly.

I downloaded and fiddled with it and it didn't feel all that welcoming to me. It's for the crypto warriors. I like cheerful colours and dancing hamsters, me.

I definitely am a fan of Samourai Wallet, but I agree that there are many more user-friendly wallets out there. However, I am a huge fan of the extra features and the design philosophy of Samourai, so I'm going to stick with it. Maybe it will become more user-friendly in the future.
legendary
Activity: 2604
Merit: 3056
Welt Am Draht
Does it still have a limitation on the number of transactions displayed in the transaction history?

Last time I checked, it only displays the 25 most recent transactions and there didn't seem to be a way to either increase this number or show earlier transactions Huh

Not sure. It's clever. I still wouldn't really call it all that user friendly.

I downloaded and fiddled with it and it didn't feel all that welcoming to me. It's for the crypto warriors. I like cheerful colours and dancing hamsters, me.
HCP
legendary
Activity: 2086
Merit: 4363
Samourai wallet does seem to be getting cleverer by the day.
Does it still have a limitation on the number of transactions displayed in the transaction history?

Last time I checked, it only displays the 25 most recent transactions and there didn't seem to be a way to either increase this number or show earlier transactions Huh
legendary
Activity: 2604
Merit: 3056
Welt Am Draht
Times are changing and I think trust in third party programs and software is at an all time low. I would like to see more open sourced projects and Samourai Bitcoin Wallet expand into other areas.

Lots of people like the idea of open source but really don't walk the walk. They expect others to do the heavy lifting of checking things and them informing them on their behalf. And I am one of them cos I'm clueless.

Samourai wallet does seem to be getting cleverer by the day.
sr. member
Activity: 1081
Merit: 309
I love technology.
Times are changing and I think trust in third party programs and software is at an all time low. I would like to see more open sourced projects and Samourai Bitcoin Wallet expand into other areas.
newbie
Activity: 80
Merit: 0
So Ledger are releasing a soon to be mandatory update for the Nano S.

The reason is hinted at here - https://twitter.com/spudowiar/status/970977060134023168

I've read elsewhere that physical access is required for any issues so everyone should be fine.

However I can only imagine the amount of problems that pop up will increase as the amount of money lurking on hardware wallets accelerates. The incentives are just too enormous.

I'm nowhere near savvy enough to know whether something is coded well but I have faith in the creators and coders to do their best to stay on top of things, however there's no shortage of dodgy people with matching skills who'll go all out to beat them and it could a finely balanced race.

Will you choose to keep the faith no matter what happens or regress to things like paper wallets if more weirdness emerges?

I am not trust in it, maybe i must create my own wallet, and going to ICO after that ))
sr. member
Activity: 518
Merit: 268
I don't really trust hardware wallets, that's why I don't own one. My main reason is the lack of open-source for example, Ledger wallet is only partial open-source. That means that there is still some code running on the hardware that you can't verify. Besides that, they are quite expensive compared to air-gapped machines that only require an old PC. I have more fate in a computer, without internet capability running a wallet compiled from source (Armory) than pre-configured hardware. Armory allows you to sign transactions on your air-gapped machine and managing your wallet on an online PC without sign access (watching-only).
They certainly add a level of convenience, especially for all of the coins the support.
That's is certainly a benefit for people who store altcoins. But for my personal situation not, as I only store Bitcoin and some Litecoin.

Also, a ledger nano s for example is much cheaper than any laptop/very cheap desktop you'd find, I don't think it's fair to assume that everybody would have an old computer lying around.
Even the old computers that schools have, will run an offline version of Armory. I bet you can get these for less than 10 bucks on a flea market or elsewhere. Also Armory has support for single board computers like the Raspberry Pi, that can be bought for $25. It's a hardware wallet with even better security and validity, but at a fraction of the cost.
.....

Support for Armory has been weak for the OS X for some time, and future support for the MS version is not certain.

However, note that Armory supports regeneration using a keyword sequence. And that page you print out can have an encryption key.
So there is really no reason for the old PC, right?

Yesterday's computers likely will not work on tomorrow's database.

Armory requires a full copy of the CORE database, so the "old PC" will need something > 200 GB available. Since the CORE database is growing, any reasonable projection for the storage needs after say 5 years is what, maybe 500-800 GB?

I was talking about the offline version.
Windows and OSX still have full support for Armory, so I don't get what you're talking about.
Storage for the full blockchain is not that expensive, one terabyte harddrives go for less than $40.
Last I heard Goatpig had a buddy who now and then would answer questions or do tech support for OS X ,and he did not have a test machine on which the OS X version of Armory could even be compiled. So as a long time Armory user I can't share your optimism on this eg. "full support."

Now if we can buy 1tb drives for <$40 what does this mean? That the $10 PC no longer does the job....which is what I said...

Regardless, you are still doing it wrong "According to Armory." You print out a paper wallet with their word list and store that.

In five or ten years time there may be expected many changes in wallets and PC operating systems.
There is full support as long as there is someone in the community that can test it, which I'm sure of. You don't have to own a machine with the target OS to compile an executable.

That's right, to have Armory fully up and running you also will need an online machine with quite some disk space. Meaning that the total costs won't be $10, however I was not talking about the full set-up for Armory but just the offline machine only.

I like Armory for it's offline signing feature, which is easy and fast to use and that does not apply for a paper with the word list on it.

I'm not here to argue. See bolded above those are easily verified facts.
Right.
Armory is in my circumstances the best software wallet available, because I only use Windows and Unix distributions. 
sr. member
Activity: 2296
Merit: 360
April 29, 2018, 05:47:39 PM
#54
You cannot anything to an infected PC, even if you connect through hardware wallet and if the system you are using is infected, you will loose your coins, first and foremost learning how to secure your connection is the first job before handling crypto currencies, i do trust hardware wallets than any other form of storage and make sure you connect only to secure system.

Incorrect. That's the whole point of a hardware wallet. Private keys are never exposed to the internet no matter how rancid the machine you connect it to is.

But while connected anything you do on the computer could be compromised. You have to use the hardware wallet's screen to confirm addresses as the computer's wallet app could be showing you false addresses.
You are correct.If the address being shown isnt the one which is on hardware wallet then better not to proceed.Its always been good to make any transfer with a clean pc than on risking making any transaction with an infected one.Since the key isnt exposed on the hardware wallet itself but im not really too confident because risk will always be there.
legendary
Activity: 2926
Merit: 1386
April 28, 2018, 09:11:31 PM
#53
I don't really trust hardware wallets, that's why I don't own one. My main reason is the lack of open-source for example, Ledger wallet is only partial open-source. That means that there is still some code running on the hardware that you can't verify. Besides that, they are quite expensive compared to air-gapped machines that only require an old PC. I have more fate in a computer, without internet capability running a wallet compiled from source (Armory) than pre-configured hardware. Armory allows you to sign transactions on your air-gapped machine and managing your wallet on an online PC without sign access (watching-only).
They certainly add a level of convenience, especially for all of the coins the support.
That's is certainly a benefit for people who store altcoins. But for my personal situation not, as I only store Bitcoin and some Litecoin.

Also, a ledger nano s for example is much cheaper than any laptop/very cheap desktop you'd find, I don't think it's fair to assume that everybody would have an old computer lying around.
Even the old computers that schools have, will run an offline version of Armory. I bet you can get these for less than 10 bucks on a flea market or elsewhere. Also Armory has support for single board computers like the Raspberry Pi, that can be bought for $25. It's a hardware wallet with even better security and validity, but at a fraction of the cost.
.....

Support for Armory has been weak for the OS X for some time, and future support for the MS version is not certain.

However, note that Armory supports regeneration using a keyword sequence. And that page you print out can have an encryption key.
So there is really no reason for the old PC, right?

Yesterday's computers likely will not work on tomorrow's database.

Armory requires a full copy of the CORE database, so the "old PC" will need something > 200 GB available. Since the CORE database is growing, any reasonable projection for the storage needs after say 5 years is what, maybe 500-800 GB?

I was talking about the offline version.
Windows and OSX still have full support for Armory, so I don't get what you're talking about.
Storage for the full blockchain is not that expensive, one terabyte harddrives go for less than $40.
Last I heard Goatpig had a buddy who now and then would answer questions or do tech support for OS X ,and he did not have a test machine on which the OS X version of Armory could even be compiled. So as a long time Armory user I can't share your optimism on this eg. "full support."

Now if we can buy 1tb drives for <$40 what does this mean? That the $10 PC no longer does the job....which is what I said...

Regardless, you are still doing it wrong "According to Armory." You print out a paper wallet with their word list and store that.

In five or ten years time there may be expected many changes in wallets and PC operating systems.
There is full support as long as there is someone in the community that can test it, which I'm sure of. You don't have to own a machine with the target OS to compile an executable.

That's right, to have Armory fully up and running you also will need an online machine with quite some disk space. Meaning that the total costs won't be $10, however I was not talking about the full set-up for Armory but just the offline machine only.

I like Armory for it's offline signing feature, which is easy and fast to use and that does not apply for a paper with the word list on it.

I'm not here to argue. See bolded above those are easily verified facts.
sr. member
Activity: 518
Merit: 268
April 28, 2018, 03:15:52 PM
#52
I don't really trust hardware wallets, that's why I don't own one. My main reason is the lack of open-source for example, Ledger wallet is only partial open-source. That means that there is still some code running on the hardware that you can't verify. Besides that, they are quite expensive compared to air-gapped machines that only require an old PC. I have more fate in a computer, without internet capability running a wallet compiled from source (Armory) than pre-configured hardware. Armory allows you to sign transactions on your air-gapped machine and managing your wallet on an online PC without sign access (watching-only).
They certainly add a level of convenience, especially for all of the coins the support.
That's is certainly a benefit for people who store altcoins. But for my personal situation not, as I only store Bitcoin and some Litecoin.

Also, a ledger nano s for example is much cheaper than any laptop/very cheap desktop you'd find, I don't think it's fair to assume that everybody would have an old computer lying around.
Even the old computers that schools have, will run an offline version of Armory. I bet you can get these for less than 10 bucks on a flea market or elsewhere. Also Armory has support for single board computers like the Raspberry Pi, that can be bought for $25. It's a hardware wallet with even better security and validity, but at a fraction of the cost.
.....

Support for Armory has been weak for the OS X for some time, and future support for the MS version is not certain.

However, note that Armory supports regeneration using a keyword sequence. And that page you print out can have an encryption key.
So there is really no reason for the old PC, right?

Yesterday's computers likely will not work on tomorrow's database.

Armory requires a full copy of the CORE database, so the "old PC" will need something > 200 GB available. Since the CORE database is growing, any reasonable projection for the storage needs after say 5 years is what, maybe 500-800 GB?

I was talking about the offline version.
Windows and OSX still have full support for Armory, so I don't get what you're talking about.
Storage for the full blockchain is not that expensive, one terabyte harddrives go for less than $40.
Last I heard Goatpig had a buddy who now and then would answer questions or do tech support for OS X ,and he did not have a test machine on which the OS X version of Armory could even be compiled. So as a long time Armory user I can't share your optimism on this eg. "full support."

Now if we can buy 1tb drives for <$40 what does this mean? That the $10 PC no longer does the job....which is what I said...

Regardless, you are still doing it wrong "According to Armory." You print out a paper wallet with their word list and store that.

In five or ten years time there may be expected many changes in wallets and PC operating systems.
There is full support as long as there is someone in the community that can test it, which I'm sure of. You don't have to own a machine with the target OS to compile an executable.

That's right, to have Armory fully up and running you also will need an online machine with quite some disk space. Meaning that the total costs won't be $10, however I was not talking about the full set-up for Armory but just the offline machine only.

I like Armory for it's offline signing feature, which is easy and fast to use and that does not apply for a paper with the word list on it.
legendary
Activity: 2604
Merit: 3056
Welt Am Draht
April 28, 2018, 02:16:17 PM
#51
You cannot anything to an infected PC, even if you connect through hardware wallet and if the system you are using is infected, you will loose your coins, first and foremost learning how to secure your connection is the first job before handling crypto currencies, i do trust hardware wallets than any other form of storage and make sure you connect only to secure system.

Incorrect. That's the whole point of a hardware wallet. Private keys are never exposed to the internet no matter how rancid the machine you connect it to is.

But while connected anything you do on the computer could be compromised. You have to use the hardware wallet's screen to confirm addresses as the computer's wallet app could be showing you false addresses.
sr. member
Activity: 448
Merit: 250
April 28, 2018, 01:57:31 PM
#50
MEW is just as secured as any other online wallet is (wether it is blockchain.info, coinbase, etc..  doesnt matter).
With an compromised PC the only (relatively) secure way of accessing coins is to use a hardware wallet.
I would never consider to use a web- or desktop wallet on an infected PC.
You cannot anything to an infected PC, even if you connect through hardware wallet and if the system you are using is infected, you will loose your coins, first and foremost learning how to secure your connection is the first job before handling crypto currencies, i do trust hardware wallets than any other form of storage and make sure you connect only to secure system.
legendary
Activity: 2926
Merit: 1386
April 25, 2018, 04:20:41 PM
#49
I don't really trust hardware wallets, that's why I don't own one. My main reason is the lack of open-source for example, Ledger wallet is only partial open-source. That means that there is still some code running on the hardware that you can't verify. Besides that, they are quite expensive compared to air-gapped machines that only require an old PC. I have more fate in a computer, without internet capability running a wallet compiled from source (Armory) than pre-configured hardware. Armory allows you to sign transactions on your air-gapped machine and managing your wallet on an online PC without sign access (watching-only).
They certainly add a level of convenience, especially for all of the coins the support.
That's is certainly a benefit for people who store altcoins. But for my personal situation not, as I only store Bitcoin and some Litecoin.

Also, a ledger nano s for example is much cheaper than any laptop/very cheap desktop you'd find, I don't think it's fair to assume that everybody would have an old computer lying around.
Even the old computers that schools have, will run an offline version of Armory. I bet you can get these for less than 10 bucks on a flea market or elsewhere. Also Armory has support for single board computers like the Raspberry Pi, that can be bought for $25. It's a hardware wallet with even better security and validity, but at a fraction of the cost.
.....

Support for Armory has been weak for the OS X for some time, and future support for the MS version is not certain.

However, note that Armory supports regeneration using a keyword sequence. And that page you print out can have an encryption key.
So there is really no reason for the old PC, right?

Yesterday's computers likely will not work on tomorrow's database.

Armory requires a full copy of the CORE database, so the "old PC" will need something > 200 GB available. Since the CORE database is growing, any reasonable projection for the storage needs after say 5 years is what, maybe 500-800 GB?

I was talking about the offline version.
Windows and OSX still have full support for Armory, so I don't get what you're talking about.
Storage for the full blockchain is not that expensive, one terabyte harddrives go for less than $40.
Last I heard Goatpig had a buddy who now and then would answer questions or do tech support for OS X ,and he did not have a test machine on which the OS X version of Armory could even be compiled. So as a long time Armory user I can't share your optimism on this eg. "full support."

Now if we can buy 1tb drives for <$40 what does this mean? That the $10 PC no longer does the job....which is what I said...

Regardless, you are still doing it wrong "According to Armory." You print out a paper wallet with their word list and store that.

In five or ten years time there may be expected many changes in wallets and PC operating systems.
sr. member
Activity: 518
Merit: 268
April 22, 2018, 12:58:04 PM
#48
I don't really trust hardware wallets, that's why I don't own one. My main reason is the lack of open-source for example, Ledger wallet is only partial open-source. That means that there is still some code running on the hardware that you can't verify. Besides that, they are quite expensive compared to air-gapped machines that only require an old PC. I have more fate in a computer, without internet capability running a wallet compiled from source (Armory) than pre-configured hardware. Armory allows you to sign transactions on your air-gapped machine and managing your wallet on an online PC without sign access (watching-only).
They certainly add a level of convenience, especially for all of the coins the support.
That's is certainly a benefit for people who store altcoins. But for my personal situation not, as I only store Bitcoin and some Litecoin.

Also, a ledger nano s for example is much cheaper than any laptop/very cheap desktop you'd find, I don't think it's fair to assume that everybody would have an old computer lying around.
Even the old computers that schools have, will run an offline version of Armory. I bet you can get these for less than 10 bucks on a flea market or elsewhere. Also Armory has support for single board computers like the Raspberry Pi, that can be bought for $25. It's a hardware wallet with even better security and validity, but at a fraction of the cost.
.....

Support for Armory has been weak for the OS X for some time, and future support for the MS version is not certain.

However, note that Armory supports regeneration using a keyword sequence. And that page you print out can have an encryption key.
So there is really no reason for the old PC, right?

Yesterday's computers likely will not work on tomorrow's database.

Armory requires a full copy of the CORE database, so the "old PC" will need something > 200 GB available. Since the CORE database is growing, any reasonable projection for the storage needs after say 5 years is what, maybe 500-800 GB?

I was talking about the offline version.
Windows and OSX still have full support for Armory, so I don't get what you're talking about.
Storage for the full blockchain is not that expensive, one terabyte harddrives go for less than $40.
legendary
Activity: 2604
Merit: 3056
Welt Am Draht
April 22, 2018, 06:01:35 AM
#47
Wrong.

A pc without browser or email could have private keys stored in 500 locations in a variety of ways. On internal HD, internal SSD, etc.

Clearly it is cold storage.

An "online pc someone wants to use" is exactly what you don't want it to be.

If there's the tiniest hint of online accessibility then surely it's not cold.

Ccleaner was recently compromised. As far as I know they couldn't do much, but even with email and browser removed, there are still hundreds to thousands of programs and processes talking via the internet that someone may find a back door into.

We never find out until after the act.
legendary
Activity: 2926
Merit: 1386
April 21, 2018, 10:32:30 PM
#46
Much easier is to simply take the PC and delete email and web browsers.
That will leave the machine capable of operating system and AV updates, but will eliminate most routes of infection.

Or (to get back to topic): Just use a hardware wallet.
This does not require to remove the most used (and probably most needed) software on a pc.

A pc without browser/email/etc..  is a neither a cold storage nor an online pc someone wants to use.

Wrong.

A pc without browser or email could have private keys stored in 500 locations in a variety of ways. On internal HD, internal SSD, etc.

Clearly it is cold storage.

An "online pc someone wants to use" is exactly what you don't want it to be.
legendary
Activity: 1624
Merit: 2481
April 18, 2018, 03:54:59 AM
#45
Much easier is to simply take the PC and delete email and web browsers.
That will leave the machine capable of operating system and AV updates, but will eliminate most routes of infection.

Or (to get back to topic): Just use a hardware wallet.
This does not require to remove the most used (and probably most needed) software on a pc.

A pc without browser/email/etc..  is a neither a cold storage nor an online pc someone wants to use.
legendary
Activity: 2926
Merit: 1386
April 17, 2018, 11:10:19 PM
#44
.....To avoid such malware risk,Install anti virus, don't download random things on the net, active updates both OS and AV itself then just sit and relax.You would be confident on making any transactions if you do know that you are not prone on such risk.

Much easier is to simply take the PC and delete email and web browsers.

That will leave the machine capable of operating system and AV updates, but will eliminate most routes of infection.
hero member
Activity: 2926
Merit: 722
DGbet.fun - Crypto Sportsbook
April 17, 2018, 05:40:55 PM
#43
MEW is not secured as you think every time you open your MEW wallet you need to copy paste your private key from time to time to open your wallet online. So if your computer is infected with malware and viruses any time soon thief can get your copy pasted private key history and stole all of your altcoins and ERC20 token.

MEW is just as secured as any other online wallet is (wether it is blockchain.info, coinbase, etc..  doesnt matter).
With an compromised PC the only (relatively) secure way of accessing coins is to use a hardware wallet.
I would never consider to use a web- or desktop wallet on an infected PC.
This is why having a clean PC will always be the main priority.Even I is really careful when it comes to security and cleanliness/malware-free of my own computer yet informations is store mostly in here.Files and other documentations. To avoid such malware risk,Install anti virus, don't download random things on the net, active updates both OS and AV itself then just sit and relax.You would be confident on making any transactions if you do know that you are not prone on such risk.
full member
Activity: 621
Merit: 108
April 17, 2018, 04:50:34 PM
#42
Can't see it posted here before, so read and think - https://krebsonsecurity.com/wp-content/uploads/2018/03/ledgerattack.pdf
There was a whole thread devoted to it here: https://bitcointalksearch.org/topic/breaking-the-ledger-security-model-3167854 (including a link to the original blog post by the original author Saleem Rashid)

In any case, the vulnerability has been patched according to Ledger as of the latest firmware. Again, it just highlights the fact that NO solution is 100% secure...

Thanks for pointing out the right thread to me. Time to do more reading on the subject Smiley
legendary
Activity: 1624
Merit: 2481
April 17, 2018, 12:54:58 PM
#41
MEW is not secured as you think every time you open your MEW wallet you need to copy paste your private key from time to time to open your wallet online. So if your computer is infected with malware and viruses any time soon thief can get your copy pasted private key history and stole all of your altcoins and ERC20 token.

MEW is just as secured as any other online wallet is (wether it is blockchain.info, coinbase, etc..  doesnt matter).
With an compromised PC the only (relatively) secure way of accessing coins is to use a hardware wallet.
I would never consider to use a web- or desktop wallet on an infected PC.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
April 17, 2018, 12:48:14 PM
#40
We don't have second option because its much secure than MEW or any other online wallet.
MEW is only for altcoin, unlike hardware wallets like ledger nano s and trezor wallets support almost all cryptocurrencies including bitcoin and ethereum.

MEW is not secured as you think every time you open your MEW wallet you need to copy paste your private key from time to time to open your wallet online. So if your computer is infected with malware and viruses any time soon thief can get your copy pasted private key history and stole all of your altcoins and ERC20 token.

Unlike hardware wallets that they can protect and hide your private keys and before they can transfer any coins from your hardware wallet, it will ask for a pin that you can only be the one can open your hardware wallet.
newbie
Activity: 155
Merit: 0
April 17, 2018, 07:06:14 AM
#39
We don't have second option because its much secure than MEW or any other online wallet.
HCP
legendary
Activity: 2086
Merit: 4363
April 17, 2018, 06:34:31 AM
#38
Can't see it posted here before, so read and think - https://krebsonsecurity.com/wp-content/uploads/2018/03/ledgerattack.pdf
There was a whole thread devoted to it here: https://bitcointalksearch.org/topic/breaking-the-ledger-security-model-3167854 (including a link to the original blog post by the original author Saleem Rashid)

In any case, the vulnerability has been patched according to Ledger as of the latest firmware. Again, it just highlights the fact that NO solution is 100% secure...
full member
Activity: 621
Merit: 108
April 17, 2018, 04:34:11 AM
#37
Can't see it posted here before, so read and think - https://krebsonsecurity.com/wp-content/uploads/2018/03/ledgerattack.pdf
newbie
Activity: 96
Merit: 0
April 15, 2018, 02:57:13 AM
#36
Not totally but it's more reliable than anything in the crypto space.
legendary
Activity: 2926
Merit: 1386
April 13, 2018, 11:25:05 PM
#35
I don't really trust hardware wallets, that's why I don't own one. My main reason is the lack of open-source for example, Ledger wallet is only partial open-source. That means that there is still some code running on the hardware that you can't verify. Besides that, they are quite expensive compared to air-gapped machines that only require an old PC. I have more fate in a computer, without internet capability running a wallet compiled from source (Armory) than pre-configured hardware. Armory allows you to sign transactions on your air-gapped machine and managing your wallet on an online PC without sign access (watching-only).
They certainly add a level of convenience, especially for all of the coins the support.
That's is certainly a benefit for people who store altcoins. But for my personal situation not, as I only store Bitcoin and some Litecoin.

Also, a ledger nano s for example is much cheaper than any laptop/very cheap desktop you'd find, I don't think it's fair to assume that everybody would have an old computer lying around.
Even the old computers that schools have, will run an offline version of Armory. I bet you can get these for less than 10 bucks on a flea market or elsewhere. Also Armory has support for single board computers like the Raspberry Pi, that can be bought for $25. It's a hardware wallet with even better security and validity, but at a fraction of the cost.
.....

Support for Armory has been weak for the OS X for some time, and future support for the MS version is not certain.

However, note that Armory supports regeneration using a keyword sequence. And that page you print out can have an encryption key.
So there is really no reason for the old PC, right?

Yesterday's computers likely will not work on tomorrow's database.

Armory requires a full copy of the CORE database, so the "old PC" will need something > 200 GB available. Since the CORE database is growing, any reasonable projection for the storage needs after say 5 years is what, maybe 500-800 GB?
HCP
legendary
Activity: 2086
Merit: 4363
April 13, 2018, 09:48:30 PM
#34
This thread gave me the willies a bit.

https://bitcointalksearch.org/topic/scammed-ledger-nano-s-3290558

Due to a technical problem with BCH Ledger rerouted this guy's tx and didn't tell him. He thought it was lost.
It is impossible for Ledger to "reroute" a transaction... once a transaction is signed, it cannot be modified without breaking the signature and rendering the transaction invalid. You can't change the destination. The real issue was the user simply not understanding what was happening and freaking out.

The actual cause of the problem was the new BCH node software released in preparation for the upcoming fork... it was incompatible with the Ledger wallet software and meant that the Ledger wallet software was simply not displaying transactions and balances correctly. Ledger had to re-index the entire BCH blockchain so that their system could find all the appropriate transactions when a users wallet would request the information via the API.

Note that no funds were in danger of being lost... they were just temporarily unable to be displayed.

It's like your email app being unable to connect and/or talk to the email server correctly... end result, your emails are still there... you just can't see them.
full member
Activity: 826
Merit: 111
April 12, 2018, 01:18:59 PM
#33


I dont have an experience in hardware wallets. But i will try to use but not now, but i heard that hardware wallets is very safe to use. Some people are told Ledger Nano wallet is good to use. This wallet is more secure and easy to use.Ledger Nano is adopted by all devices. The ledger has excellent support for many cryptocurrencies
legendary
Activity: 2604
Merit: 3056
Welt Am Draht
April 12, 2018, 01:14:11 PM
#32
This thread gave me the willies a bit.

https://bitcointalksearch.org/topic/scammed-ledger-nano-s-3290558

Due to a technical problem with BCH Ledger rerouted this guy's tx and didn't tell him. He thought it was lost.
member
Activity: 420
Merit: 19
April 01, 2018, 09:12:26 AM
#31

Not yet have an experience with hardware wallet as i fine Nano has been the best hardware wallet amongst others. Its more secured and much friendly and adaptive to use from one place to other places and is adaptive to any device. Let me try it bit later as my earnings are much low
legendary
Activity: 2926
Merit: 1386
March 17, 2018, 11:01:10 PM
#30
Nothing is bulletproof. Especially centralization for ex. Ledger Nano S or Binance where there is mass adoption it's never good.
I believe you always find a good one that is not having too much attention. I mean eventually, hardware wallets are more secure than any other wallets I believe but everything is safe until hacked right? So I guess it can be all about time, either just spread it in a few wallets or choose always the second alternative or something like that. The best solution is: do not keep all your eggs in one basket, that's very simple and up to you.
Probably no strong hardware wallet such as Ledger Nano S will be hacked or somehow lose balance but even if there's a chance of 0.0000001% and you are very worried then that's your solution.

There are a number of ways to lose coins, not just hacking.

These have been detailed in help requests but briefly, wallet gets corrupted, passcode gets lost, hard drive problems, coming back to it after a couple years, nothing works, etc.

I have some difficulty in believing that a hardware wallet is any better than an encrypted wallet.dat file on a thumb drive or two, or somehow more reliable than a paper wallet.  One thing to keep in mind is to not mix complexity with long term storage.

What then is complexity? It could be Bitcoin core with a full database, it could be an encrypted wallet.dat on an encrypted thumb drive. It could be a Trezor with a secondary hidden file structure.

Could be a number of things, but simplicity is highly related to long term reliability.
HCP
legendary
Activity: 2086
Merit: 4363
March 14, 2018, 07:43:31 AM
#29
Exactly, if Bitcoin Core isn't setup with "listen=1" or the "allow incoming connections" GUI option, you're not really doing anything running a wallet and sponging data from actual full nodes...

If you want to support the Bitcoin network, you must allow inbound connections.

When Bitcoin Core starts, it establishes 8 outbound connections to other full nodes so it can download the latest blocks and transactions. If you just want to use your full node as a wallet, you don’t need more than these 8 connections—but if you want to support lightweight clients and other full nodes on the network, you must allow inbound connections.
legendary
Activity: 3472
Merit: 10611
March 14, 2018, 01:59:46 AM
#28
Most people will indeed experience 3+ days synchronization, for me I think it was less. But I don't use this setup because it's portable, but rather because it's reliability. Don't get my wrong, hardware wallet are a very good choice as a wallet, but I prefer to do it myself and also to contribute to decentralization.

I understand your point of view. I was also thinking of setting up a node which would run 24/7, but I'm still not sure whether do it at home or rent a dedicated server for it. Also, you can mix both full node and hardware wallet. TREZOR, for example, allows you to use Insight which you can setup on your own machine. The same thing goes for Electrum, it's great that we have so many options to choose from.
That's a nice feature, I personally feel that hosting your own node it worth it. You're not only helping to decentralization but you also have more independent security. In SPV mode you rely on being able to connect to at least one honest node and that's solved by running your own.

it is worth mentioning that just running a full node is not always equal to helping the network and decentralization. not exactly anyways.
you will help the network only if you are accepting connections, relaying blocks and transactions. but sometimes people who run a full node only sync with the network (download the blocks) and don't accept any connection and don't give anything.
sr. member
Activity: 1081
Merit: 309
I love technology.
March 13, 2018, 10:42:37 AM
#27
Most people will indeed experience 3+ days synchronization, for me I think it was less. But I don't use this setup because it's portable, but rather because it's reliability. Don't get my wrong, hardware wallet are a very good choice as a wallet, but I prefer to do it myself and also to contribute to decentralization.

I understand your point of view. I was also thinking of setting up a node which would run 24/7, but I'm still not sure whether do it at home or rent a dedicated server for it. Also, you can mix both full node and hardware wallet. TREZOR, for example, allows you to use Insight which you can setup on your own machine. The same thing goes for Electrum, it's great that we have so many options to choose from.
That's a nice feature, I personally feel that hosting your own node it worth it. You're not only helping to decentralization but you also have more independent security. In SPV mode you rely on being able to connect to at least one honest node and that's solved by running your own.

Agreed,

I am so torn when it comes to wallets and hardware wallets. I think there is going to a big wakeup call for many users when not using a hardware wallet. It's definitely the safest option right now for daily use.
sr. member
Activity: 518
Merit: 268
March 13, 2018, 09:53:03 AM
#26
Most people will indeed experience 3+ days synchronization, for me I think it was less. But I don't use this setup because it's portable, but rather because it's reliability. Don't get my wrong, hardware wallet are a very good choice as a wallet, but I prefer to do it myself and also to contribute to decentralization.

I understand your point of view. I was also thinking of setting up a node which would run 24/7, but I'm still not sure whether do it at home or rent a dedicated server for it. Also, you can mix both full node and hardware wallet. TREZOR, for example, allows you to use Insight which you can setup on your own machine. The same thing goes for Electrum, it's great that we have so many options to choose from.
That's a nice feature, I personally feel that hosting your own node it worth it. You're not only helping to decentralization but you also have more independent security. In SPV mode you rely on being able to connect to at least one honest node and that's solved by running your own.
legendary
Activity: 1876
Merit: 3139
March 12, 2018, 04:58:28 PM
#25
Most people will indeed experience 3+ days synchronization, for me I think it was less. But I don't use this setup because it's portable, but rather because it's reliability. Don't get my wrong, hardware wallet are a very good choice as a wallet, but I prefer to do it myself and also to contribute to decentralization.

I understand your point of view. I was also thinking of setting up a node which would run 24/7, but I'm still not sure whether do it at home or rent a dedicated server for it. Also, you can mix both full node and hardware wallet. TREZOR, for example, allows you to use Insight which you can setup on your own machine. The same thing goes for Electrum, it's great that we have so many options to choose from.
sr. member
Activity: 518
Merit: 268
March 12, 2018, 04:48:21 PM
#24
You're right, although HDD space has become relatively cheap lately. But I believe Electrum also offers the same functionality (offline signer) without the need for a full node, I just prefer Armory. I'm lucky to have my full node running at my parents home with 300Mbps internet. Maybe I'm just a little too paranoid.

Using HDD and a full node setup has also some disadvantages. Almost everyone here experienced the pain of 3 days long synchronization, hardware wallets are ready to go once you plug them into your computer. HDD setup is less portable, it takes some time for a full node to start and then check if there were any new block found. Usually, full nodes run 24/7 but my point is that you are not able to use them instantly on the go. There is nothing wrong with being too careful.
Most people will indeed experience 3+ days synchronization, for me I think it was less. But I don't use this setup because it's portable, but rather because it's reliability. Don't get my wrong, hardware wallet are a very good choice as a wallet, but I prefer to do it myself and also to contribute to decentralization.
legendary
Activity: 1876
Merit: 3139
March 12, 2018, 03:30:13 PM
#23
You're right, although HDD space has become relatively cheap lately. But I believe Electrum also offers the same functionality (offline signer) without the need for a full node, I just prefer Armory. I'm lucky to have my full node running at my parents home with 300Mbps internet. Maybe I'm just a little too paranoid.

Using HDD and a full node setup has also some disadvantages. Almost everyone here experienced the pain of 3 days long synchronization, hardware wallets are ready to go once you plug them into your computer. HDD setup is less portable, it takes some time for a full node to start and then check if there were any new block found. Usually, full nodes run 24/7 but my point is that you are not able to use them instantly on the go. There is nothing wrong with being too careful.
sr. member
Activity: 518
Merit: 268
March 11, 2018, 04:51:23 PM
#22
... Armory+cheapo computer...

It's a hardware wallet with even better security and validity, but at a fraction of the cost.
Until you factor in the need for a (non-pruned) full node required for the online portion of your Armory setup and the space/bandwidth requirements that involves.

As opposed to plugging a HW wallet into your cheapo computer (or even your mobile phone with a $2 OTG cable).

There are pros/cons to both setups... but honestly, I believe HW wallets made air-gapped offline/online two computer setups pretty much obsolete.
You're right, although HDD space has become relatively cheap lately. But I believe Electrum also offers the same functionality (offline signer) without the need for a full node, I just prefer Armory. I'm lucky to have my full node running at my parents home with 300Mbps internet. Maybe I'm just a little too paranoid.
member
Activity: 302
Merit: 15
March 11, 2018, 04:33:07 PM
#21
Nothing is bulletproof. Especially centralization for ex. Ledger Nano S or Binance where there is mass adoption it's never good.
I believe you always find a good one that is not having too much attention. I mean eventually, hardware wallets are more secure than any other wallets I believe but everything is safe until hacked right? So I guess it can be all about time, either just spread it in a few wallets or choose always the second alternative or something like that. The best solution is: do not keep all your eggs in one basket, that's very simple and up to you.
Probably no strong hardware wallet such as Ledger Nano S will be hacked or somehow lose balance but even if there's a chance of 0.0000001% and you are very worried then that's your solution.
HCP
legendary
Activity: 2086
Merit: 4363
March 11, 2018, 04:25:37 PM
#20
... Armory+cheapo computer...

It's a hardware wallet with even better security and validity, but at a fraction of the cost.
Until you factor in the need for a (non-pruned) full node required for the online portion of your Armory setup and the space/bandwidth requirements that involves.

As opposed to plugging a HW wallet into your cheapo computer (or even your mobile phone with a $2 OTG cable).

There are pros/cons to both setups... but honestly, I believe HW wallets made air-gapped offline/online two computer setups pretty much obsolete.
sr. member
Activity: 518
Merit: 268
March 11, 2018, 01:17:48 PM
#19
I don't really trust hardware wallets, that's why I don't own one. My main reason is the lack of open-source for example, Ledger wallet is only partial open-source. That means that there is still some code running on the hardware that you can't verify. Besides that, they are quite expensive compared to air-gapped machines that only require an old PC. I have more fate in a computer, without internet capability running a wallet compiled from source (Armory) than pre-configured hardware. Armory allows you to sign transactions on your air-gapped machine and managing your wallet on an online PC without sign access (watching-only).
They certainly add a level of convenience, especially for all of the coins the support.
That's is certainly a benefit for people who store altcoins. But for my personal situation not, as I only store Bitcoin and some Litecoin.

Also, a ledger nano s for example is much cheaper than any laptop/very cheap desktop you'd find, I don't think it's fair to assume that everybody would have an old computer lying around.
Even the old computers that schools have, will run an offline version of Armory. I bet you can get these for less than 10 bucks on a flea market or elsewhere. Also Armory has support for single board computers like the Raspberry Pi, that can be bought for $25. It's a hardware wallet with even better security and validity, but at a fraction of the cost.

Hardware wallets are somewhere between airgapped computers and encrypted wallet files.
It definitely is, but I don't trust it as much as a self-compiled software.


hero member
Activity: 761
Merit: 606
March 10, 2018, 02:52:18 PM
#18
For me a "no brainer" while we all have a watch and wait attitude on hardware wallets, to make sure and use BIP extensions/passwords on all your hardware wallets.  Remember that NO hardware wallet can store passphrases so even if they "fall" in the future your coins would still be safe.  I still trust my Trezors but have always decided to use long and strong passphrases on all my wallets in addition.  Recommend you all do the same!
hero member
Activity: 854
Merit: 658
rgbkey.github.io/pgp.txt
March 10, 2018, 02:41:20 PM
#17
I don't really trust hardware wallets, that's why I don't own one. My main reason is the lack of open-source for example, Ledger wallet is only partial open-source. That means that there is still some code running on the hardware that you can't verify. Besides that, they are quite expensive compared to air-gapped machines that only require an old PC. I have more fate in a computer, without internet capability running a wallet compiled from source (Armory) than pre-configured hardware. Armory allows you to sign transactions on your air-gapped machine and managing your wallet on an online PC without sign access (watching-only).

Hardware wallets are somewhere between airgapped computers and encrypted wallet files. They certainly add a level of convenience, especially for all of the coins the support.

Also, a ledger nano s for example is much cheaper than any laptop/very cheap desktop you'd find, I don't think it's fair to assume that everybody would have an old computer lying around.
sr. member
Activity: 518
Merit: 268
March 10, 2018, 01:35:08 PM
#16
I don't really trust hardware wallets, that's why I don't own one. My main reason is the lack of open-source for example, Ledger wallet is only partial open-source. That means that there is still some code running on the hardware that you can't verify. Besides that, they are quite expensive compared to air-gapped machines that only require an old PC. I have more fate in a computer, without internet capability running a wallet compiled from source (Armory) than pre-configured hardware. Armory allows you to sign transactions on your air-gapped machine and managing your wallet on an online PC without sign access (watching-only).
legendary
Activity: 3472
Merit: 10611
March 08, 2018, 11:17:16 PM
#15
~ Nothing is 100% and eternally foolproof. ~

you said it yourself Tongue
nothing, and that means literary nothing is 100% foolproof. even bitcoin isn't. maybe some day people could find a way to reverse ECDSA and when you put your public key on the blockchain inside of your transaction they could figure out your private key in reverse. (it is not possible and the math says it won't happen but you know...).

so in the end it all comes down to risk management in my opinion.
this, for me, means how much i am willing to risk in that particular thing. for example how much money i am willing to invest in bitcoin. then how much of that bitcoin i am willing to put in my hot wallet, in my hardware wallet, in a paper wallet, in my exchange account for trading, in an altcoin, ...
HCP
legendary
Activity: 2086
Merit: 4363
March 08, 2018, 06:37:12 PM
#14
There seems to have been quite a lot of "back and forth" between Saleem (@spudowiar) and Ledger...

Ledger claiming he has blown everything out of proportion... Saleem claiming Ledger didn't take things seriously enough... Ledger claim that a very particular set of circumstances needed to have occurred for the vulnerability to be exploited (physical access BEFORE seed generation, custom MCU, malware on PC etc)... Saleem seems to indicate otherwise but offers no details due to "responsible disclosure".

I guess we wait until March 20th for the full technical details to be released. Undecided

In the meantime, I guess the message is "update to firmware 1.4.1"
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
March 08, 2018, 05:53:33 AM
#13
So Ledger are releasing a soon to be mandatory update for the Nano S.

The reason is hinted at here - https://twitter.com/spudowiar/status/970977060134023168

I've read elsewhere that physical access is required for any issues so everyone should be fine.

However I can only imagine the amount of problems that pop up will increase as the amount of money lurking on hardware wallets accelerates. The incentives are just too enormous.

I'm nowhere near savvy enough to know whether something is coded well but I have faith in the creators and coders to do their best to stay on top of things, however there's no shortage of dodgy people with matching skills who'll go all out to beat them and it could a finely balanced race.

Will you choose to keep the faith no matter what happens or regress to things like paper wallets if more weirdness emerges?

As can be read in this tweet,spudowiar has been discovered a potential issues in Ledger which may couse "compromised recovery seed generation or private key extraction".He claim this is a serious issue and that he will reveal full technical data on 20 March in order ti give users time to update.

I think that he found something pretty seriously,and proof is that Ledger is released new firmware after that.So we need to wait till 20 March and hope to get full information about this safety problem.

When it comes to safety of my coins I can say I do not trust anyone or anything,nothing is 100% safe.But it is much easier to lose coins in online wallets/exchanges or even desktop wallet,so best way to keep them safe is hardware wallet or for long term holding paper wallet which must be made in 100% safe environment and stored in extra safe place.
newbie
Activity: 6
Merit: 0
March 08, 2018, 04:28:34 AM
#12
Hi there,

I am quite new to this forum and crypto world. I have so far invested a smaller amount of money but would like to go bit further. My big concern however is the security. After watching several videos on youtube of guys telling how their lost their money I am a bit petrified. I am not a geek so I am not sure what to do in order to protect my funds.

Are you guys saying Trezor is the best?

I'm certainly not qualified to say which is the best. I prefer using the Trezor. It seems a lot more user friendly to me. Others may disagree. Much may depend on which coins you want to store. Ledger currently stores plenty more.

Thanks gentlemand,

I have just found this, which seems a brilliant idea and good solution:

https://bitcointalksearch.org/topic/ico-hodler-hardware-wallet-payment-terminal-top100-coins-tokens-3070336

but this is in the ico stage now, so will have to wait for the product Sad


That looks like a terrible hardware wallet that is only in concept stage with many design flaws thought up only to find a bullshit reason to have an "ICO" and make money. I would not trust a cent with a "hardware wallet" that can connect to the internet and has a built-in GPS.
Agree. I read a little bit in that thread. I see how LoyceV and DarkStar_ point the flaws. I stopped reading since I think it is clear enough. Glad that we have these guys in the forum.

I also think that this is an ICO that wishes to gather a lot of money, launch it in an exchange. Until they dried it up, they will leave the project behind or if they really are serious then they are not knowledgeable enough to do this.

@CryptoKr You better rethink it, carefully.

Thanks gentlemand again. The guys you have mentioned just attacked me in the other topic, so it is good to know that not everyone is like them. I will get Trezor for now and hope that something better will show up on the market soon.
hero member
Activity: 994
Merit: 507
March 07, 2018, 10:44:27 PM
#11
Hi there,

I am quite new to this forum and crypto world. I have so far invested a smaller amount of money but would like to go bit further. My big concern however is the security. After watching several videos on youtube of guys telling how their lost their money I am a bit petrified. I am not a geek so I am not sure what to do in order to protect my funds.

Are you guys saying Trezor is the best?

I'm certainly not qualified to say which is the best. I prefer using the Trezor. It seems a lot more user friendly to me. Others may disagree. Much may depend on which coins you want to store. Ledger currently stores plenty more.

Thanks gentlemand,

I have just found this, which seems a brilliant idea and good solution:

https://bitcointalksearch.org/topic/ico-hodler-hardware-wallet-payment-terminal-top100-coins-tokens-3070336

but this is in the ico stage now, so will have to wait for the product Sad


That looks like a terrible hardware wallet that is only in concept stage with many design flaws thought up only to find a bullshit reason to have an "ICO" and make money. I would not trust a cent with a "hardware wallet" that can connect to the internet and has a built-in GPS.
Agree. I read a little bit in that thread. I see how LoyceV and DarkStar_ point the flaws. I stopped reading since I think it is clear enough. Glad that we have these guys in the forum.

I also think that this is an ICO that wishes to gather a lot of money, launch it in an exchange. Until they dried it up, they will leave the project behind or if they really are serious then they are not knowledgeable enough to do this.

@CryptoKr You better rethink it, carefully.
hero member
Activity: 854
Merit: 658
rgbkey.github.io/pgp.txt
March 07, 2018, 04:27:10 PM
#10
Hi there,

I am quite new to this forum and crypto world. I have so far invested a smaller amount of money but would like to go bit further. My big concern however is the security. After watching several videos on youtube of guys telling how their lost their money I am a bit petrified. I am not a geek so I am not sure what to do in order to protect my funds.

Are you guys saying Trezor is the best?

I'm certainly not qualified to say which is the best. I prefer using the Trezor. It seems a lot more user friendly to me. Others may disagree. Much may depend on which coins you want to store. Ledger currently stores plenty more.

Thanks gentlemand,

I have just found this, which seems a brilliant idea and good solution:

https://bitcointalksearch.org/topic/ico-hodler-hardware-wallet-payment-terminal-top100-coins-tokens-3070336

but this is in the ico stage now, so will have to wait for the product Sad


That looks like a terrible hardware wallet that is only in concept stage with many design flaws thought up only to find a bullshit reason to have an "ICO" and make money. I would not trust a cent with a "hardware wallet" that can connect to the internet and has a built-in GPS.
newbie
Activity: 6
Merit: 0
March 07, 2018, 04:22:26 PM
#9
Hi there,

I am quite new to this forum and crypto world. I have so far invested a smaller amount of money but would like to go bit further. My big concern however is the security. After watching several videos on youtube of guys telling how their lost their money I am a bit petrified. I am not a geek so I am not sure what to do in order to protect my funds.

Are you guys saying Trezor is the best?

I'm certainly not qualified to say which is the best. I prefer using the Trezor. It seems a lot more user friendly to me. Others may disagree. Much may depend on which coins you want to store. Ledger currently stores plenty more.

Thanks gentlemand,

I have just found this, which seems a brilliant idea and good solution:

https://bitcointalksearch.org/topic/ico-hodler-hardware-wallet-payment-terminal-top100-coins-tokens-3070336

but this is in the ico stage now, so will have to wait for the product Sad
legendary
Activity: 2604
Merit: 3056
Welt Am Draht
March 07, 2018, 03:24:30 PM
#8
Hi there,

I am quite new to this forum and crypto world. I have so far invested a smaller amount of money but would like to go bit further. My big concern however is the security. After watching several videos on youtube of guys telling how their lost their money I am a bit petrified. I am not a geek so I am not sure what to do in order to protect my funds.

Are you guys saying Trezor is the best?

I'm certainly not qualified to say which is the best. I prefer using the Trezor. It seems a lot more user friendly to me. Others may disagree. Much may depend on which coins you want to store. Ledger currently stores plenty more.
newbie
Activity: 6
Merit: 0
March 07, 2018, 02:45:21 PM
#7
Hi there,

I am quite new to this forum and crypto world. I have so far invested a smaller amount of money but would like to go bit further. My big concern however is the security. After watching several videos on youtube of guys telling how their lost their money I am a bit petrified. I am not a geek so I am not sure what to do in order to protect my funds.

Are you guys saying Trezor is the best?
member
Activity: 340
Merit: 15
March 06, 2018, 03:28:09 PM
#6
I have used Ledger Nano S for quite a long time but I decided to sell due to some technical problems and their Secure Element started to bother me. Security by obscurity is not necessarily the best idea. Even though, I can't read most of TREZOR's firmware code, I trust people in the industry who had checked the code to see whether or not there are any backdoors or simple security holes.

And the thing that worries me a tad are all of the yet to be discovered issues waiting to be uncovered, not the existing integrity of their setups. Nothing is 100% and eternally foolproof. If there's some complexity it's likely there's something in there waiting to be exploited that hasn't been accounted for.

What do you think is better? Less chances for critical vulnerability to exist and nobody can check the code to detect it or being able to see the code and eventually discover the vulnerability after some time.
So you are essentially saying to put more trust into Trezor than this one from their issues with security audits in the past?
hero member
Activity: 3220
Merit: 636
DGbet.fun - Crypto Sportsbook
March 06, 2018, 03:03:58 PM
#5
Great! I've been looking for this type of thread as I've posted a thread about the update of firmware of nano s. ( Ledger Nano S firmware update 1.4.1 )

This guy gained a lot of attention and it made me paranoid after someone shared his tweet about nano s.

I'm not also savvy at all with these things but the Ledger's Ceo has spoken https://www.reddit.com/r/ledgerwallet/comments/82fndi/psa_dont_panic_but_assume_the_device_is/dv9wnlb/ this helped me and I can sleep well tonight.

We'll see where this goes.

Will you choose to keep the faith no matter what happens or regress to things like paper wallets if more weirdness emerges?
If something went wrong and there will be reports that their funds are stolen after this update, I'll jump to paper wallet or back to desktop wallet.
legendary
Activity: 1876
Merit: 3139
March 06, 2018, 02:44:45 PM
#4
I have used Ledger Nano S for quite a long time but I decided to sell due to some technical problems and their Secure Element started to bother me. Security by obscurity is not necessarily the best idea. Even though, I can't read most of TREZOR's firmware code, I trust people in the industry who had checked the code to see whether or not there are any backdoors or simple security holes.

And the thing that worries me a tad are all of the yet to be discovered issues waiting to be uncovered, not the existing integrity of their setups. Nothing is 100% and eternally foolproof. If there's some complexity it's likely there's something in there waiting to be exploited that hasn't been accounted for.

What do you think is better? Less chances for critical vulnerability to exist and nobody can check the code to detect it or being able to see the code and eventually discover the vulnerability after some time.
legendary
Activity: 2604
Merit: 3056
Welt Am Draht
March 06, 2018, 02:38:37 PM
#3
You can check the source code of the hardware wallet applications for the Ledger, and inspect the firmware source code of the Trezor.
Also you are in possession of the hardware itself so you can break it down and tinker with it to your satisfaction to check if it's broken or not.

It's a wonderful idea but most people, including myself, are clueless about this stuff.

And the thing that worries me a tad are all of the yet to be discovered issues waiting to be uncovered, not the existing integrity of their setups. Nothing is 100% and eternally foolproof. If there's some complexity it's likely there's something in there waiting to be exploited that hasn't been accounted for.
sr. member
Activity: 322
Merit: 363
39twH4PSYgDSzU7sLnRoDfthR6gWYrrPoD
March 06, 2018, 02:33:35 PM
#2
You can check the source code of the hardware wallet applications for the Ledger, and inspect the firmware source code of the Trezor.
Also you are in possession of the hardware itself so you can break it down and tinker with it to your satisfaction to check if it's broken or not.
legendary
Activity: 2604
Merit: 3056
Welt Am Draht
March 06, 2018, 11:04:45 AM
#1
So Ledger are releasing a soon to be mandatory update for the Nano S.

The reason is hinted at here - https://twitter.com/spudowiar/status/970977060134023168

I've read elsewhere that physical access is required for any issues so everyone should be fine.

However I can only imagine the amount of problems that pop up will increase as the amount of money lurking on hardware wallets accelerates. The incentives are just too enormous.

I'm nowhere near savvy enough to know whether something is coded well but I have faith in the creators and coders to do their best to stay on top of things, however there's no shortage of dodgy people with matching skills who'll go all out to beat them and it could a finely balanced race.

Will you choose to keep the faith no matter what happens or regress to things like paper wallets if more weirdness emerges?
Jump to: