Doubt about non air-gapped HW | Bitcointalksearch.org

Stalker22

legendary

Activity: 1484

Merit: 1355

Quote from: andnapu on November 24, 2023, 09:23:32 PM

Quote from: Stalker22 on November 24, 2023, 05:32:54 PM

...The big brands bring in security experts and use special hardware like secure elements to try and make sure nothing leaks out that shouldn't.

The security of hardware wallets mainly depends on the firmware.
~

While firmware plays a vital role in securing hardware wallets, it is not the only factor that matters. Physical security, side-channel attacks, and other vulnerabilities can also compromise these devices. Ultimately both hardware and software defenses are crucial - a flaw in either enables assets theft.
ographic operations can also unveil secrets and no one vulnerability rules them all.

Rather, hardware and firmware security intertwine inextricably. Though firmware drives functionality, physical tamper-resistance and side-channel protections remain critical. Perhaps firmware deserves more weighting given its flexibility in updating vulnerabilities. Yet a weak security modulus still renders firmware updates meaningless.

m2017

legendary

Activity: 1792

Merit: 1296

keep walking, Johnnie

Quote from: jtx71 on November 24, 2023, 03:33:14 PM

Hi!

I'd like to know something about some HW:

-How safe are these wallets that generate the seed while they are connected to the computer and online?

This is good when there are doubts, because it allows you not to blindly trust marketers and critically evaluate hardware wallets. In general, there are millions of users of non-air-gapped HW's in the world and so far no one has lost their savings from these devices (unless he himself did something stupid). Even from hardware wallets that are closed source, despite the community's reliability concerns about this type of devices. Therefore, we can say that HW devices are reliable and perform their functions at an acceptable level.

Quote from: jtx71 on November 24, 2023, 03:33:14 PM

-Which of these wallets would you recommend?

Thx!

I would definitely ~~recommend~~ Ledger with their brilliant safety, as they advertised. Grin

I couldn’t help but joke about this topic. This should not be taken as a recommendation to purchase this device.

Trezor products still remain reliable and they are one of the top and mass hardware wallet manufacturers, so, in principle, their devices can still be recommended. Moreover, they have a newwallet in the form of Trezor Safe 3 with Secure Element (improved) protection.

satscraper

hero member

Activity: 714

Merit: 1298

Cashback 15%

Quote from: andnapu on November 24, 2023, 09:23:32 PM

Quote from: Stalker22 on November 24, 2023, 05:32:54 PM

...The big brands bring in security experts and use special hardware like secure elements to try and make sure nothing leaks out that shouldn't.

The security of hardware wallets mainly depends on the firmware.

and hardware. If the latter (like MCU and/or SE) is compromised then your stash is in danger.

Quote from: andnapu on November 24, 2023, 09:23:32 PM

are there any mechanisms to ensure that these firmware absolutely do not have backdoors?

The only mechanism, I see, is the sustainability of the funds hold by HW run by those firmware.

andnapu

newbie

Activity: 5

Merit: 0

Quote from: Stalker22 on November 24, 2023, 05:32:54 PM

...The big brands bring in security experts and use special hardware like secure elements to try and make sure nothing leaks out that shouldn't.

The security of hardware wallets mainly depends on the firmware. In the face of great temptation, it is not enough to just talk about trust. So we don't use closed-source hardware wallets, like Ledger. It is not better than the Binance exchange.
Some wallet companies release many firmware updates every year, such as OneKey and Keystone. Especially for hardware wallets with a small user base (10k+), lack of supervision and attention, are there any mechanisms to ensure that these firmware absolutely do not have backdoors?

Stalker22

legendary

Activity: 1484

Merit: 1355

Quote from: jtx71 on November 24, 2023, 03:33:14 PM

-How safe are these wallets that generate the seed while they are connected to the computer and online?
-Which of these wallets would you recommend?

Hardware wallets tend to have some pretty hardcore security stuff built-in to keep your keys and seed phrases locked down tight. The big brands bring in security experts and use special hardware like secure elements to try and make sure nothing leaks out that shouldn't.

But you still gotta be real careful what wallet you get. There are some smart security experts out there trying to poke holes in these things and figure out if seeds can spill; if they found something like that about a wallet company people would know and nobody would buy them.

When deciding on a wallet, it really comes down to your specific needs and the features you're looking for. You can find a solid overview of pretty much all the hardware wallets out there on this site: https://thebitcoinhole.com/hardware-wallets

Meuserna

member

Activity: 99

Merit: 153

Quote from: Charles-Tim on November 24, 2023, 03:48:37 PM

Do you mean the seed phrase? It can not be read.

...unless you're using a Ledger, which has key extraction code on your hardware and Ledger holds the decryption key for ALL users:

Quote

"The bombshell here is the explicit confirmation that *Ledger themselves* hold the master decryption key for *all Ledger Recover users*.

Your seed is encrypted using their key and not your own, so they always hold the ability to decrypt your seed from shards."

@sethforprivacy

Whatever you do, don't buy a Ledger. As a company, they've gone evil.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

What is to be more careful to avoid while using hardware wallet, especially the non airgapped ones are clipboard malware. Always make sure that you are not sending to the wrong address. There seed phrase and keys do not leave the hardware wallet.

Quote from: jtx71 on November 24, 2023, 03:42:11 PM

Yes. I mean open source wallets. There are Bitcoin only and multi coin. I know that nothing can be written in the device, but can it be read in any way?

Do you mean the seed phrase? It can not be read.

But a physical attack on Trezor Model One and Trezor Model T can reveal its seed phrase to the attacker. That is the reason it is good to use passphrase with such wallet, to generate different keys and addresses. But if you lost your passphrase backup, just like seed phrase backup you will lose your coins.

jtx71

jr. member

Activity: 40

Merit: 4

Quote from: OmegaStarScream on November 24, 2023, 03:34:46 PM

1. Everything is done within the device. Your seed phrase and private keys never leave it, not without you authorizing it from the device anyway. Now obviously, not all hardware wallets are equal, and this is why it's a good idea to go with open-source ones.
2. Depends what you want. A multi-coin wallet? a bitcoin-only?

Yes. I mean open source wallets. There are Bitcoin only and multi coin. I know that nothing can be written in the device, but can it be read in any way?

OmegaStarScream

staff

Activity: 3402

Merit: 6065

1. Everything is done within the device. Your seed phrase and private keys never leave it, not without you authorizing it from the device anyway. Now obviously, not all hardware wallets are equal, and this is why it's a good idea to go with open-source ones.
2. Depends what you want. A multi-coin wallet? a bitcoin-only?

jtx71

jr. member

Activity: 40

Merit: 4

Hi!

I'd like to know something about some HW:

-How safe are these wallets that generate the seed while they are connected to the computer and online?
-Which of these wallets would you recommend?

Thx!

Topic: Doubt about non air-gapped HW (Read 100 times)