Topic: Hardware wallet FUD (nonce attacks, unofficial firmware, etc) (Read 282 times)

True, but in the same time there is much less danger that some attacker would even try to attack relative unknown devices like this.
It's almost impossible for them to achieve anything because this devices are mostly air-gapped (seedsigner, krux), unless you download and install some malicious firmware update.

Just verify the QR codes. Generate a PSBT using the wallet application (in your example, BlueWallet), decode it and verify that it's just a PSBT.
Then take the signed PSBT QR code from the Passport and do the same.

I am repeating myself, but for maximum paranoia-security, you can read through Passport's firmware codebase, notice that it doesn't add any data except the signed PSBT to the QR code, then build it yourself, add your developer key into the Passport and flash it with your built binary.
This guarantees you that it's not doing anything dodgy.

Keep in mind, the application (BlueWallet) can't really 'leak' anything through the QR code anyway, as you only scan it with the hardware wallet. The hardware wallet always 'knows more' (the seed phrase) than the app, so there's nothing to be leaked in that direction.

Let's always remember though, that open-source and DIY does not guarantee security of the codebase. It's possible / plausible that especially a newer, smaller DIY project with few, non-monetarily-motivated developers has had less 'eyes on the code' and fewer professional penetration tests against it than a commercially developed and sold product.

I know for sure that Safepal hardware wallet has closed source this, so you can't verify anything coming from their QR code, and all other stuff they have is closed source.
I am not sure how this works for Passport hardware wallet, but they have almost everything open source like design and firmware, but you need to verify with them how QR codes work.
For DIY signing device SeedSigner QR code is simply a string of numbers representing each word on the BIP39 wordlist, and Krux signing device supports it:
https://github.com/SeedSigner/seedsigner/blob/main/tools/seed_phrase_to_qr.py

It's easy to make DIY hardware signing devices with raspberry pi zero, or with cheap M5StickV or Maix Amigo devices.
Nothing would connect you with Bitcoin and maybe you could purchase them in your local electronic shop.

It's similar to the situation with VPNs, where some people claim that they (depending on the VPN provider) actually reduce privacy, since they can identify you based on the size and type of the packets you send from one point to another.

All in all, their recommendation was to make your own VPN using something like WireGuard or OpenVPN. Something similar like a DIY hardware wallet would work too, provided that it's made easy for people to assemble pieces of hardware and firmware together.

How do we know the device (Blue Wallet, Passport.. etc.) wouldn't transfer the seed off itself using QR code?

Keystone:



Can this also be used for all other QR codes?


Source:

https://blog.keyst.one/ever-wondered-what-your-hardware-wallet-inputs-and-outputs-9b33b4cedafd

Eliminating EVERYTHING ELSE from the discussion, if you take a large enough group of people who are all passionate about something, there will always be groups within that group who are pro something or anti something.

Hardware wallets serve a purpose but they are not always the best answer for everything.
Someone holding $100 of BTC and using it to buy things and then getting more probably does not need a HW wallet.

Posted this close to 3 years ago, still true today: https://bitcointalksearch.org/topic/helping-usually-new-people-choose-their-wallets-5205304

-Dave

That is fine and it reminds me on something similar we can see on smartphones running grapheneos.
I am not sure how other hardware wallets are dealing with this because I never researched it deeply.

I don't know what to say about two year old article, nothing new is said there.
There are risks purchasing and using hardware wallets, but you can mitigate most of them if you are careful.
You can buy device locally in official reseller shop, use disposable email address and alternative delivery address for ordering and delivery, use PO or UPS boxes, etc.
Alternative way is to build your own DIY signing device or just use small old laptop as a cold storage.
There is no perfect universal solution for everyone, and I can find negative or positive for any options.

What are your thoughts on this article:

https://robertspigler.com/in-defense-of-my-attack

Don't get me wrong, I use hardware wallets, I generate my own seed, etc.

But lately I've come across some anti-HWW bitcoiners and I've been wondering if HWWs are as secure as they claim to be.

On Passport, by default you can only install a firmware image that is signed with Foundation's developer signing key.
However, you can add your own key and then it will let you install firmware signed by yourself and present you with a warning on each boot (so you'd notice if someone did it on your device).

There is not such a thing as a clean windows install, it's always dirty and complicated  
Installing Linux is now much more easier then it was few years ago, and you probably don't need to install any additional drivers for your hardware, so it's quicker process than for wiNd0ws.
Instead of Linux Mint I would choose Fedora Linux in 2022.

Back to hardware wallet topic, some of this devices are not allowing installation of unofficial firmware and they need to be signed, like in case with Keystone, and maybe Passport (not sure).
I think that for Trezor you can install any firmware you want, even create your device with custom firmware, but risk is that you can lose all your coins if you don't know what you are doing.

Learning how to install linux mint is not harder than learning how cook by watching youtube videos. Tbh you don't even need linux. A clean windows install would do.

All you need to do is clicking "next next next next" and everything will be there.

Generate seeds and write down them on a piece of paper and its done.

Easier than boiling an egg.

It basically boils down to trust in one way or the other. You can verify the installation binaries, signatures, and firmware, and that will tell you that they are signed by the right people and originate from the official teams behind those wallets. And then what? How many people actually know what the open-source code does and check to make sure the developers didn't insert something malicious or made an unintentional mistake? 1/10? More likely 1/100 do that.

The rest of us mere mortals are stuck trusting that nothing malicious has happened and that those 1/100 that know what they are doing have done their jobs properly. The system is generally working quite well for popular open-source projects with significant communities. But all it takes is one intentional/unintentional mistake for it all to crumble. Hopefully, that'll never happen. That's why most people can't do much then rely on trust despite the saying: "verify, don't trust."

Absolutely not. Most mobile wallets are either closed source or non reproducible, which is a complete non-starter. Even if you choose and open source one and verify it or even better build it yourself, you are still installing it and generating your seed phrase on an insecure device with internet access. Such a set up should be used for a few hundred bucks worth of bitcoin at most, and certainly not $25k.

This is a good option. You should ideally use an old computer or laptop for this that you can dedicate for this purpose only and never again use for anything else. It should remain permanently airgapped and should be completely formatted before you start.

1 - A good hardware wallet.
2 - A paper wallet, although you still need the same steps of a completely formatted and permanently airgapped device as above to generate the paper wallet safely.

I wrote a guide on how to verify Electrum, most hardware client-software such as Trezor Suite can be verified the same way.  As n0nce mentioned, the firmware for the Trezor (for example) is updated through the Trezor Suite client, which of course should be verified before it is used to update firmware.

Other vendors may do things a bit differently, for example the ColdCard hardware wallet verifies the firmware itself before installing it.  When upgrading the firmware on a ColdCard, you download it and store it on mSD card, and then load the mSD card into the hardware wallet.  Once you start the upgrade process the firmware is verified by the device before it's installed.

You do it yourself; how it's done depends on the wallet, but on the Passport you just put the file you've downloaded and verified, on a microSD and then insert it and start the update process on the wallet.

BitBox and Trezor are done through their software if I remember correctly.
But you're supposed to verify the wallet software, too, of course.

For you....For others it's a different story.

Hot wallet on my phone a few hundred dollars of crypto at most. Or, as I like to say, the phone is worth more then the crypto on it.
Warm wallet, under $2500 but that much would suck to loose so although it's on an internet connected PC it's needs a hardware wallet to sign / send.
Cold wallet. 2 of 3 mutisig in separate locations that all have live physical security and single pass-though man-traps.



Depends on the particular wallet. There is no 1 answer.

-Dave

Interesting.

Is this flashing you talk about done by the official hardware wallet app? (BitBox App, Trezor Suite, etc)

Or is this something I need to do separately myself?

That's wrong; you flash the device yourself using the firmware downloaded and verified from the website whenever you update it, actually. So every time you do, you re-verify that everything's fine.

There's one more step: verifying that the firmware actually comes from the source code in the repository.
That's something you can do yourself and any legit hardware wallet manufacturer should give instructions how to do so.
The fine people at https://walletscrutiny.com/ do this regularly for a whole bunch of wallets, in case you're uncomfortable doing it yourself.

The last step is verifying that the source code is good, this is extremely important as well. But that's the case for any wallet, software or hardware.

It depends on the wallet. Closed-source wallets and non-verifiable open-source wallets? Not unlikely. Open-source, verifiable wallets? Less so.
With everything else being fine, there remains the risk of a new codebase not having been analyzed and attacked enough yet to know that it's safe and secure.

Bitcoin doesn't care about a single hardware wallet manufacturer.

Again, depends on the device.
I wouldn't trust anything that's closed source firmware (like Ledger or Square's device), and I much prefer if the hardware is open-source and auditable, as well.

You are watching to much sci-fi movies and Coldcard has nothing to do with someone having hope for Bitcoin, it's just nonsense.

First, you have hardware wallets with open source firmware code so anyone can inspect and see what is happening, there are no hidden stuff for Trezor, Codlcard, Keystone, Passport, etc.
For Trezor you can even identify all hardware components and make your own DIY device, but they are also working on new prototype secure element chip, that should improve security a lot.
Coldcard is not exactly open source anymore, but you can still verify it's code and I don't think it's dangerous to use it, unless some major bug happens.
Closed source hardware wallets like Ledger, Safepal, etc are much more dangerous, and you could never know if they have some secret junk inside, so I would stay away from them.

Speaking about open source firmware, you should be aware that almost all laptops and computers have closed source bios, so it's much bigger chance of something leaking from there, unless you have coreboot or something like that.
Intel and AMD are constantly sending information and they have whole hidden mini operating system inside with Intel Management and AMD equivalent.
Now, keeping laptop offline can help, but it's not perfect protection at all.

Ok, let's say a non-technical person (like the vast majority of people) wants to buy $25k in Bitcoin and hold it for 5 years.

What would be your recommendation to this person?

1) Install a mobile app on his phone, generate a seed, back up the seed, receive the bitcoin and then uninstall the app.

2) Learn how to install Linux and a wallet like Electrum or Sparrow and use that to generate the seed and receiving address.

3) Other (specify)

Nope. In my opinion hardware wallets make no sense to use. Completely unnecessary.

If you are going to hold, use a piece of paper.

If you are going to spend, use your phone.

If you are going to trade, well the exchange does the holding for you.

There isn't any need for a hw wallet in any of these situations.

So, in your opinion, an open source wallet on iphone/android is as safe (or safer) than a hardware wallet?

If we are security conscious, we are looking for something that would help our case with the problems that might occur when we are trying to use exchanges wallets or something. We all want to have that "our keys, our coins" mantra in our lives.

Providing air-gapped computers would be more expensive and a hassle than a hardware wallet. It would help if you made sure of the official site where you are getting your devices because this is where hackers can step in. I believe you need to be still careful every step because that's where they usually strike.

You know that the private keys won't leave your device, that's on HW, and that's the practice. It's a little secure device made for that specific purpose, and I think trusting the right companies that deliver exemplary service is crucial.

It's not overly paranoid, but it should still be investigated if there's something sketchy about it.

You can use electrum or a similar open source wallet on your iphone/android device too. It is not rocket science. They are pretty safe too. (not as safe as a linux pc but i would say pretty close)

If a person can't figure out how to use electrum, he shouldn't be using bitcoin anyway.

Bitcoin has an intelligence barrier. It is not for the absolute stupid.

The idea of a hardware wallet is to make it easier for non-technical people to use Bitcoin without exposing their private keys to the internet.

I have taught several friends how to use them and they learn quickly.

The same cannot be said with using Electrum or Bitcoin Core on an airgapped Linux computer. I can picture my wife's face while trying to learn this, she would be like "This is too much for me".

If you are going to just "hold", all you need is a piece of paper and a pen. Write down your keys/seed and here you have the most secure bitcoin wallet in the world.

If you are going to spend/send/receive coins every once in a while, then you need a linux PC with electrum (preferred) or bitcoin core. This route is also very safe.

I never get the idea of a hardware wallet. It is a business which solves a non-existing problem.

-Write down your name.
+But I don't have a pen.
-That's right mother fucker, I sell pens, now buy it.

^ Pretty much how it works with HW wallets.

A sensible person would have said:

"Why the fuck would I write down my name? Fuck off!"

*Btw you need a pen to write down your private keys.

In theory, indeed, there can be problems with HW - from things not implemented good enough to actual malicious intentions, especially in the case of closed source ones.
But in reality nothing has happened for so long, we can pretty much tell they've passed the test of time and, as you said, those calls are overly paranoid.

However, a new trend seems to be to be wary with the classical hardware wallets and go for devices like SeedSigner, where everything is open source (and you can even assemble it yourself). But this doesn't mean the HW are unsafe; as I said, they've passed the test of time and the companies seem to indeed care more to sell their hardware (and keep a good name) than stealing from people.

As I explain here, you only need to make sure the same nonce is not being reused and the nonce is not being generated deterministically - somebody might be able to crack open the ARM firmware of those hardware wallets and look for the relative lines to check - I'm an x86 buff and not an ARM one so I can't give advice on what specifically to look for, but if you don't see any syscalls to some random bytes function then that is a warning sign because that means the nonce isn't being generated from random bytes.

Hi everyone,

One of the main reasons I love Bitcoin is having peace of mind knowing that my money is safe.

Throughout the years, I have gone from using closed source hot wallets like Coinomi to using hardware wallets, running my own node and generating my own seed using dice.

Lately I've seen several users on Twitter that oppose hardware wallets heavily. They claim that the wallet manufacturers can eventually rugpull everyone and there's nothing we can do about it.

The argument is that there is no way for users to know that the firmware signed by the maker is the one that is actually running on the device (only that the device claims that its running that).

In addition to that, we might be leaking our private keys through our signatures because of malicious nonce generation. This means that everything appears to be fine to the user, but the attacker can scan the blockchain for signatures generated using these nonces and could potentially figure out our private keys. This is explained here: https://shiftcrypto.ch/blog/anti-klepto-explained-protection-against-leaking-private-keys/ and here: https://medium.com/blockstream/anti-exfil-stopping-key-exfiltration-589f02facc2e

I am no expert in these topics so this is why I came here.

Are these worries warranted? What are the chances of losing our bitcoin even if we do everything right: buying the wallet from official website, running our own node, generating our own seed, checking app signatures, etc.

If all of this is true and COLDCARD can suddenly rugpull everyone, what hope does Bitcoin have?

If using Bitcoin Core on an airgap device with Linux is what's needed to keep your money safe, how will this ever be adopted globally?

Are these FUDers being overly paranoid? Or are we all dumb for trusting hardware wallet companies?