Topic: Hardware wallet FUD (nonce attacks, unofficial firmware, etc) (Read 282 times)

True, but in the same time there is much less danger that some attacker would even try to attack relative unknown devices like this.
It's almost impossible for them to achieve anything because this devices are mostly air-gapped (seedsigner, krux), unless you download and install some malicious firmware update.

Just verify the QR codes. Generate a PSBT using the wallet application (in your example, BlueWallet), decode it and verify that it's just a PSBT.
Then take the signed PSBT QR code from the Passport and do the same.

I am repeating myself, but for maximum paranoia-security, you can read through Passport's firmware codebase, notice that it doesn't add any data except the signed PSBT to the QR code, then build it yourself, add your developer key into the Passport and flash it with your built binary.
This guarantees you that it's not doing anything dodgy.

Keep in mind, the application (BlueWallet) can't really 'leak' anything through the QR code anyway, as you only scan it with the hardware wallet. The hardware wallet always 'knows more' (the seed phrase) than the app, so there's nothing to be leaked in that direction.

Let's always remember though, that open-source and DIY does not guarantee security of the codebase. It's possible / plausible that especially a newer, smaller DIY project with few, non-monetarily-motivated developers has had less 'eyes on the code' and fewer professional penetration tests against it than a commercially developed and sold product.

I know for sure that Safepal hardware wallet has closed source this, so you can't verify anything coming from their QR code, and all other stuff they have is closed source.
I am not sure how this works for Passport hardware wallet, but they have almost everything open source like design and firmware, but you need to verify with them how QR codes work.
For DIY signing device SeedSigner QR code is simply a string of numbers representing each word on the BIP39 wordlist, and Krux signing device supports it:
https://github.com/SeedSigner/seedsigner/blob/main/tools/seed_phrase_to_qr.py

It's easy to make DIY hardware signing devices with raspberry pi zero, or with cheap M5StickV or Maix Amigo devices.
Nothing would connect you with Bitcoin and maybe you could purchase them in your local electronic shop.

It's similar to the situation with VPNs, where some people claim that they (depending on the VPN provider) actually reduce privacy, since they can identify you based on the size and type of the packets you send from one point to another.

All in all, their recommendation was to make your own VPN using something like WireGuard or OpenVPN. Something similar like a DIY hardware wallet would work too, provided that it's made easy for people to assemble pieces of hardware and firmware together.

How do we know the device (Blue Wallet, Passport.. etc.) wouldn't transfer the seed off itself using QR code?

Keystone:



Can this also be used for all other QR codes?


Source:

https://blog.keyst.one/ever-wondered-what-your-hardware-wallet-inputs-and-outputs-9b33b4cedafd

Eliminating EVERYTHING ELSE from the discussion, if you take a large enough group of people who are all passionate about something, there will always be groups within that group who are pro something or anti something.

Hardware wallets serve a purpose but they are not always the best answer for everything.
Someone holding $100 of BTC and using it to buy things and then getting more probably does not need a HW wallet.

Posted this close to 3 years ago, still true today: https://bitcointalksearch.org/topic/helping-usually-new-people-choose-their-wallets-5205304

-Dave

That is fine and it reminds me on something similar we can see on smartphones running grapheneos.
I am not sure how other hardware wallets are dealing with this because I never researched it deeply.

I don't know what to say about two year old article, nothing new is said there.
There are risks purchasing and using hardware wallets, but you can mitigate most of them if you are careful.
You can buy device locally in official reseller shop, use disposable email address and alternative delivery address for ordering and delivery, use PO or UPS boxes, etc.
Alternative way is to build your own DIY signing device or just use small old laptop as a cold storage.
There is no perfect universal solution for everyone, and I can find negative or positive for any options.

What are your thoughts on this article:

https://robertspigler.com/in-defense-of-my-attack

Don't get me wrong, I use hardware wallets, I generate my own seed, etc.

But lately I've come across some anti-HWW bitcoiners and I've been wondering if HWWs are as secure as they claim to be.

On Passport, by default you can only install a firmware image that is signed with Foundation's developer signing key.
However, you can add your own key and then it will let you install firmware signed by yourself and present you with a warning on each boot (so you'd notice if someone did it on your device).

There is not such a thing as a clean windows install, it's always dirty and complicated  
Installing Linux is now much more easier then it was few years ago, and you probably don't need to install any additional drivers for your hardware, so it's quicker process than for wiNd0ws.
Instead of Linux Mint I would choose Fedora Linux in 2022.

Back to hardware wallet topic, some of this devices are not allowing installation of unofficial firmware and they need to be signed, like in case with Keystone, and maybe Passport (not sure).
I think that for Trezor you can install any firmware you want, even create your device with custom firmware, but risk is that you can lose all your coins if you don't know what you are doing.

Learning how to install linux mint is not harder than learning how cook by watching youtube videos. Tbh you don't even need linux. A clean windows install would do.

All you need to do is clicking "next next next next" and everything will be there.

Generate seeds and write down them on a piece of paper and its done.

Easier than boiling an egg.

It basically boils down to trust in one way or the other. You can verify the installation binaries, signatures, and firmware, and that will tell you that they are signed by the right people and originate from the official teams behind those wallets. And then what? How many people actually know what the open-source code does and check to make sure the developers didn't insert something malicious or made an unintentional mistake? 1/10? More likely 1/100 do that.

The rest of us mere mortals are stuck trusting that nothing malicious has happened and that those 1/100 that know what they are doing have done their jobs properly. The system is generally working quite well for popular open-source projects with significant communities. But all it takes is one intentional/unintentional mistake for it all to crumble. Hopefully, that'll never happen. That's why most people can't do much then rely on trust despite the saying: "verify, don't trust."

Absolutely not. Most mobile wallets are either closed source or non reproducible, which is a complete non-starter. Even if you choose and open source one and verify it or even better build it yourself, you are still installing it and generating your seed phrase on an insecure device with internet access. Such a set up should be used for a few hundred bucks worth of bitcoin at most, and certainly not $25k.

This is a good option. You should ideally use an old computer or laptop for this that you can dedicate for this purpose only and never again use for anything else. It should remain permanently airgapped and should be completely formatted before you start.

1 - A good hardware wallet.
2 - A paper wallet, although you still need the same steps of a completely formatted and permanently airgapped device as above to generate the paper wallet safely.

I wrote a guide on how to verify Electrum, most hardware client-software such as Trezor Suite can be verified the same way.  As n0nce mentioned, the firmware for the Trezor (for example) is updated through the Trezor Suite client, which of course should be verified before it is used to update firmware.

Other vendors may do things a bit differently, for example the ColdCard hardware wallet verifies the firmware itself before installing it.  When upgrading the firmware on a ColdCard, you download it and store it on mSD card, and then load the mSD card into the hardware wallet.  Once you start the upgrade process the firmware is verified by the device before it's installed.

You do it yourself; how it's done depends on the wallet, but on the Passport you just put the file you've downloaded and verified, on a microSD and then insert it and start the update process on the wallet.

BitBox and Trezor are done through their software if I remember correctly.
But you're supposed to verify the wallet software, too, of course.

For you....For others it's a different story.

Hot wallet on my phone a few hundred dollars of crypto at most. Or, as I like to say, the phone is worth more then the crypto on it.
Warm wallet, under $2500 but that much would suck to loose so although it's on an internet connected PC it's needs a hardware wallet to sign / send.
Cold wallet. 2 of 3 mutisig in separate locations that all have live physical security and single pass-though man-traps.



Depends on the particular wallet. There is no 1 answer.

-Dave

Interesting.

Is this flashing you talk about done by the official hardware wallet app? (BitBox App, Trezor Suite, etc)

Or is this something I need to do separately myself?

That's wrong; you flash the device yourself using the firmware downloaded and verified from the website whenever you update it, actually. So every time you do, you re-verify that everything's fine.

There's one more step: verifying that the firmware actually comes from the source code in the repository.
That's something you can do yourself and any legit hardware wallet manufacturer should give instructions how to do so.
The fine people at https://walletscrutiny.com/ do this regularly for a whole bunch of wallets, in case you're uncomfortable doing it yourself.

The last step is verifying that the source code is good, this is extremely important as well. But that's the case for any wallet, software or hardware.

It depends on the wallet. Closed-source wallets and non-verifiable open-source wallets? Not unlikely. Open-source, verifiable wallets? Less so.
With everything else being fine, there remains the risk of a new codebase not having been analyzed and attacked enough yet to know that it's safe and secure.

Bitcoin doesn't care about a single hardware wallet manufacturer.

Again, depends on the device.
I wouldn't trust anything that's closed source firmware (like Ledger or Square's device), and I much prefer if the hardware is open-source and auditable, as well.

You are watching to much sci-fi movies and Coldcard has nothing to do with someone having hope for Bitcoin, it's just nonsense.

First, you have hardware wallets with open source firmware code so anyone can inspect and see what is happening, there are no hidden stuff for Trezor, Codlcard, Keystone, Passport, etc.
For Trezor you can even identify all hardware components and make your own DIY device, but they are also working on new prototype secure element chip, that should improve security a lot.
Coldcard is not exactly open source anymore, but you can still verify it's code and I don't think it's dangerous to use it, unless some major bug happens.
Closed source hardware wallets like Ledger, Safepal, etc are much more dangerous, and you could never know if they have some secret junk inside, so I would stay away from them.

Speaking about open source firmware, you should be aware that almost all laptops and computers have closed source bios, so it's much bigger chance of something leaking from there, unless you have coreboot or something like that.
Intel and AMD are constantly sending information and they have whole hidden mini operating system inside with Intel Management and AMD equivalent.
Now, keeping laptop offline can help, but it's not perfect protection at all.

Ok, let's say a non-technical person (like the vast majority of people) wants to buy $25k in Bitcoin and hold it for 5 years.

What would be your recommendation to this person?

1) Install a mobile app on his phone, generate a seed, back up the seed, receive the bitcoin and then uninstall the app.

2) Learn how to install Linux and a wallet like Electrum or Sparrow and use that to generate the seed and receiving address.

3) Other (specify)