Hardware wallet vs software wallet for daily transaction - page 2.

n0nce

hero member

Activity: 882

Merit: 5834

not your keys, not your coins!

Quote from: LoyceV on March 25, 2022, 06:53:11 AM

Quote from: o_e_l_e_o on March 23, 2022, 09:19:09 AM

If I wanted to make a bigger purchase in person, then I'll take along a hardware wallet

Under what circumstances would this happen? I can imagine a P2P trade, but I use exchanges instead. I can imagine paying for a car, but car dealers are a long way from accepting Bitcoin (last time, I just raised the limit on my debit card and paid by entering my 4 digit PIN).
I hope that I'll some day need to think of a safe way to pay a large amount in Bitcoin in person though, but I don't expect it any time soon.

I once tried to pay in cash, but had to prove money origin because of AML (over $10k).. Shocked

Quote from: Pmalek on March 25, 2022, 04:10:23 AM

Crypto is getting more and more popular and people will start to recognize hardware wallets if they see them in the public. It draws unnecessary attention. You don't want to give anyone any ideas to think: is this guy worth robbing!? Let's see what he drives. Oh, nice car, let's follow him home. Sure, you can become a target for other reasons as well, but it's worth keeping that to a minimum if you can.

On the other hand, everyone is using phones and many use them for payments. Whether you paid with Bitcoin from a phone wallet or you used the phone to access your online banking or payment processor wont be known by those in your close proximity unless they overheard your conversation with the cashier.

Well, you could also argue if they get more popular and 'everyone has one', it will again get ambiguous as to who has more funds in crypto and who owns less. Kind of similar to increasing the size of an anonymity set.
As I stated in the past, you also shouldn't flash it around, just like you shouldn't probably run around with a cash wallet open and visible.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: o_e_l_e_o on March 23, 2022, 09:19:09 AM

If I wanted to make a bigger purchase in person, then I'll take along a hardware wallet

Under what circumstances would this happen? I can imagine a P2P trade, but I use exchanges instead. I can imagine paying for a car, but car dealers are a long way from accepting Bitcoin (last time, I just raised the limit on my debit card and paid by entering my 4 digit PIN).
I hope that I'll some day need to think of a safe way to pay a large amount in Bitcoin in person though, but I don't expect it any time soon.

Welsh

staff

Activity: 3304

Merit: 4115

Quote from: o_e_l_e_o on March 23, 2022, 09:19:09 AM

This is pretty much the set up I use. A hot wallet on my phone for daily spending. Yeah, it's not super secure, but I don't download any junk on to my phone and I only keep an amount I can afford to lose on there, and I've had no problems yet. If I wanted to make a bigger purchase in person, then I'll take along a hardware wallet, perhaps even with the funds secured by an additional passphrase and a decoy amount of coins in the base wallet.

While I probably wouldn't advice it, and its not something that I do myself, however it's definitely convenient. The thing is, if you haven't downloaded anything else without verifying the source, for example downloading applications from f-droid, that you've verified, and you don't allow installing from unknown sources, Android is fairly secure, because it has a decent permissions system. This could potentially be breached, but so can any operating system.

The only issue I see with phones is commonly your not always connected to your own network, and you use roaming or 3G/4G which can be attacked in certain ways depending on the implementation of it. Also, goes without saying, using Wifi on it while spending your Bitcoin probably isn't the best idea.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: n0nce on March 22, 2022, 08:31:22 AM

I'm wondering why you believe it's a bad idea, but if it's for security concerns: losing a HW wallet isn't a big risk if it has a secure element. You get home, restore from seed and send the funds to a new wallet. At that point the HW wallet becomes useless for any finder if he even understands what it is and attempts to crack its passcode.

Approach the problem from a different angle. If you lose your wallet or it gets stolen from you, the thief might not have enough time to breach its security before you can transfer your coins elsewhere. Maybe he doesn't even know what it is. But crypto is getting more and more popular and people will start to recognize hardware wallets if they see them in the public. It draws unnecessary attention. You don't want to give anyone any ideas to think: is this guy worth robbing!? Let's see what he drives. Oh, nice car, let's follow him home. Sure, you can become a target for other reasons as well, but it's worth keeping that to a minimum if you can.

On the other hand, everyone is using phones and many use them for payments. Whether you paid with Bitcoin from a phone wallet or you used the phone to access your online banking or payment processor wont be known by those in your close proximity unless they overheard your conversation with the cashier.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: n0nce on March 23, 2022, 06:52:56 AM

As for Lightning: yes, that's the only reason I'd use a hot wallet for daily transactions. If I want it to be the absolute fastest (in my humble opinion required for in-store purchases) and cheapest to send with the least amount of hassle, nothing beats it. It's not very secure if the device is compromised though (talking about security = software attacks / viruses).
So for any significant amount I'd just grab a hardware wallet that works with my phone.

This is pretty much the set up I use. A hot wallet on my phone for daily spending. Yeah, it's not super secure, but I don't download any junk on to my phone and I only keep an amount I can afford to lose on there, and I've had no problems yet. If I wanted to make a bigger purchase in person, then I'll take along a hardware wallet, perhaps even with the funds secured by an additional passphrase and a decoy amount of coins in the base wallet.

Quote from: dkbit98 on March 23, 2022, 07:54:20 AM

I didn't know about this, but can't you just use simple usb adapter and connected hardware wallet with your phone.

Not with iOS, since Apple locks down what hardware can utilize their ports. Neither Trezor device nor the Ledger Nano S can be used with an iPhone, for example, although all can be used with Android. The Nano X can only be used with iPhones because of its Bluetooth capabilities.

Quote from: dkbit98 on March 23, 2022, 07:54:20 AM

Quote from: witcher_sense on March 23, 2022, 01:05:08 AM

I consider PC even less secure than the mobile phone when it comes to keeping private keys securely.

I would not agree with that statement in general, computers can have much better encryption protection and they don't have backdoors like smartphones.

Depends on the context, I suppose. The average non-technical user with an outdated Windows PC but an up to date Android or iPhone is far more likely to end up with malware on their PC than on their phone. However, when considering airgapped wallets in the hands of someone who knows what they are doing, then computers are far more secure than phones.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: n0nce on March 22, 2022, 08:31:22 AM

No, not all can. Especially iOS supports only a very limited number of HW wallets since it doesn't allow to use the USB port.

I didn't know about this, but can't you just use simple usb adapter and connected hardware wallet with your phone.

Quote from: n0nce on March 22, 2022, 08:31:22 AM

Another option is to have a HW wallet for on-the-go with less funds on it and one for larger amounts in a more secure location like a safe at home.

You could, but I don't see any point in doing that for smaller transactions, and you will only increase transaction fees.
Maybe fees are not such a big issue now but I think we all remember the times when we had to wait for weekend to get lower fees.

Quote from: witcher_sense on March 23, 2022, 01:05:08 AM

I consider PC even less secure than the mobile phone when it comes to keeping private keys securely.

I would not agree with that statement in general, computers can have much better encryption protection and they don't have backdoors like smartphones.
Like it or not smartphones are always connected with network or internet, and it's really easy to get totally airgapped offline computer.
Is it easier to use smartphones than laptop computer for making secure transactions? Not for me for various reasons, but other may disagree with me.

n0nce

hero member

Activity: 882

Merit: 5834

not your keys, not your coins!

Quote from: witcher_sense on March 23, 2022, 01:05:08 AM

Quote from: n0nce on March 22, 2022, 08:31:22 AM

I'm wondering why you believe it's a bad idea, but if it's for security concerns: losing a HW wallet isn't a big risk if it has a secure element. You get home, restore from seed and send the funds to a new wallet. At that point the HW wallet becomes useless for any finder if he even understands what it is and attempts to crack its passcode.

A secure element hardly protects you from 26$ wrench attacks (inflation-adjusted). Hardware wallets are meant to protect considerable sums, people carrying around considerable sums are worth target to attack and rob. You are going to have a hard time convincing a robber that you use a hardware wallet just to make very small purchases.

Okay, but nothing protects you against that attack. Not a software wallet, not a hardware wallet, not a real wallet and neither does an offline wallet at home on airgapped laptop. If someone wants to mug you, they will. Doesn't make the wallet less suitable 'for daily transactions' (the topic we're discussing about here).

Quote from: witcher_sense on March 23, 2022, 01:05:08 AM

Quote from: n0nce on March 22, 2022, 08:31:22 AM

So you'd argue it's unnecessary if you mainly use a PC? Does this imply you believe it's a good, secure way to store your seed on a PC? I highly disagree. Or do you have a second, airgapped PC next to your main one and transfer UTXOs back and forth when doing daily payments (the topic of this thread)?

I consider PC even less secure than the mobile phone when it comes to keeping private keys securely.

Ok then we're on the same page on this one. Cheesy

As for Lightning: yes, that's the only reason I'd use a hot wallet for daily transactions. If I want it to be the absolute fastest (in my humble opinion required for in-store purchases) and cheapest to send with the least amount of hassle, nothing beats it. It's not very secure if the device is compromised though (talking about security = software attacks / viruses).
So for any significant amount I'd just grab a hardware wallet that works with my phone. Sure, not all do, but what kind of argument is that? Only because not all HW wallets work with phones, you should instead use an airgapped laptop to sign the transactions? Just get one that works with your phone... Wink

witcher_sense

legendary

Activity: 2450

Merit: 4415

🔐BitcoinMessage.Tools🔑

Quote from: o_e_l_e_o on March 23, 2022, 04:28:24 AM

But the discussion here is about daily spending - no one is going to carry a phone, a laptop, and a hardware wallet in to a shop and then set up the laptop on the cashier's desk so they can sign a transaction. Such a set up is suitable for cold storage you interact with at home, not for a daily spending wallet.

I was merely trying to make my point about hardware wallets being an inconvenient way to make small everyday purchases. The fact that not all hardware wallets can be directly paired with a mobile device only makes my point stronger. People making shopping in a grocery store want their payments to be fast, even instant, which a hardware wallet is not suitable for. I'd instead use a software wallet with lightning network support which allows for instant payments and requires no time-consuming interactions and manipulations to prepare your wallet for making these instant payments.

Quote from: o_e_l_e_o on March 23, 2022, 04:28:24 AM

spending bitcoin in public at all makes you a target.

Precisely, it does make you a target; the situation gets worse as bitcoin grows in value and recognizability. This is a downside of being your own bank.

Quote from: o_e_l_e_o on March 23, 2022, 04:28:24 AM

Whether your use a mobile wallet or a hardware wallet, someone can attack you and coerce you to reveal the locations of your seed back ups or how to access your other wallets. It all comes down to whether you think you can convince the attacker that what you have on your mobile wallet is all you own, versus the plausible deniability you might get with using passphrases on a hardware wallet.

True. It also comes down to how high or how low the time preference of the robber is. A robber that is more patient and persistent in his endeavor to find out where your funds are is going to be more successful and wealthier than his colleagues hunting for hardware wallets only.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: witcher_sense on March 23, 2022, 01:05:08 AM

For example, I have a software wallet installed on my iPhone, but it doesn't have private keys inside it and only creates unsigned transactions. I also have an offline laptop with Electrum installed, which I use as an interface for signing transactions with a hardware device. After my transaction is signed, I transfer it back to my mobile phone. It is also necessary to have an offline laptop because a hardware wallet can function in hostile environments. That is how a "pairing" may be defined.

But the discussion here is about daily spending - no one is going to carry a phone, a laptop, and a hardware wallet in to a shop and then set up the laptop on the cashier's desk so they can sign a transaction. Such a set up is suitable for cold storage you interact with at home, not for a daily spending wallet.

Quote from: witcher_sense on March 23, 2022, 01:05:08 AM

Hardware wallets are meant to protect considerable sums, people carrying around considerable sums are worth target to attack and rob. You are going to have a hard time convincing a robber that you use a hardware wallet just to make very small purchases.

I agree with you to an extent, but conversely, if a $5 wrench attack is in your threat model then spending bitcoin in public at all makes you a target. Whether your use a mobile wallet or a hardware wallet, someone can attack you and coerce you to reveal the locations of your seed back ups or how to access your other wallets. It all comes down to whether you think you can convince the attacker that what you have on your mobile wallet is all you own, versus the plausible deniability you might get with using passphrases on a hardware wallet.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: witcher_sense on March 23, 2022, 01:05:08 AM

I consider PC even less secure than the mobile phone when it comes to keeping private keys securely.

For Windows, you're probably right. But getting physical access to that PC is a lot more difficult than getting physical access to your phone. It got me curious how many phones get lost:

Quote

People aged between 25 and 34 have on average lost three smartphones in their lives up until now, which works out at losing one every three years if you happen to be 25 and received your first phone at the age of 16.

That's far more than I expected (and quite hard to believe).

I don't use strong security on my phone (because it's annoying), so my solution is avoid adding much value to it.

witcher_sense

legendary

Activity: 2450

Merit: 4415

🔐BitcoinMessage.Tools🔑

Quote from: n0nce on March 22, 2022, 08:31:22 AM

No, not all can. Especially iOS supports only a very limited number of HW wallets since it doesn't allow to use the USB port.

I think it mostly depends on what you mean by "pairing." If a hardware wallet can't be connected directly, an indirect connection might help, but it obviously will take additional steps to sign a message safely. For example, I have a software wallet installed on my iPhone, but it doesn't have private keys inside it and only creates unsigned transactions. I also have an offline laptop with Electrum installed, which I use as an interface for signing transactions with a hardware device. After my transaction is signed, I transfer it back to my mobile phone. It is also necessary to have an offline laptop because a hardware wallet can function in hostile environments. That is how a "pairing" may be defined.

Quote from: n0nce on March 22, 2022, 08:31:22 AM

I'm wondering why you believe it's a bad idea, but if it's for security concerns: losing a HW wallet isn't a big risk if it has a secure element. You get home, restore from seed and send the funds to a new wallet. At that point the HW wallet becomes useless for any finder if he even understands what it is and attempts to crack its passcode.

A secure element hardly protects you from 26$ wrench attacks (inflation-adjusted). Hardware wallets are meant to protect considerable sums, people carrying around considerable sums are worth target to attack and rob. You are going to have a hard time convincing a robber that you use a hardware wallet just to make very small purchases.

Quote from: n0nce on March 22, 2022, 08:31:22 AM

So you'd argue it's unnecessary if you mainly use a PC? Does this imply you believe it's a good, secure way to store your seed on a PC? I highly disagree. Or do you have a second, airgapped PC next to your main one and transfer UTXOs back and forth when doing daily payments (the topic of this thread)?

I consider PC even less secure than the mobile phone when it comes to keeping private keys securely.

n0nce

hero member

Activity: 882

Merit: 5834

not your keys, not your coins!

Quote from: witcher_sense on March 22, 2022, 12:30:26 AM

Basically, all hardware wallets can be paired with a mobile phone in one way or another, but that doesn't make them suitable for everyday shopping.

No, not all can. Especially iOS supports only a very limited number of HW wallets since it doesn't allow to use the USB port.

Quote from: witcher_sense on March 22, 2022, 12:30:26 AM

The only use case I can think of where hardware wallets may help is if you're using a mobile phone as your primary means of payment to search for and buy stuff online.

So you'd argue it's unnecessary if you mainly use a PC? Does this imply you believe it's a good, secure way to store your seed on a PC? I highly disagree. Or do you have a second, airgapped PC next to your main one and transfer UTXOs back and forth when doing daily payments (the topic of this thread)?

Quote from: dkbit98 on March 22, 2022, 07:27:37 AM

Nobody said you should carry around hardware wallet with you all the time.
Keep hardware wallet at home with majority of your coins, and when you need to make transaction transfer smaller amounts to software wallet.

Another option is to have a HW wallet for on-the-go with less funds on it and one for larger amounts in a more secure location like a safe at home.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: Kakmakr on March 21, 2022, 12:38:41 PM

I am not going to carry around my hardware wallet and then connect that to a notebook or tablet to do daily transactions, when I visit a shop that accepts Bitcoin payments. I will much rather have some online wallet that I can connect with via my phone ..so that I can scan a QR code if the price is displayed with a QR code.

Nobody said you should carry around hardware wallet with you all the time.
Keep hardware wallet at home with majority of your coins, and when you need to make transaction transfer smaller amounts to software wallet.
Otherwise, you are risking much more with everything being kept of mobile wallet, that can be stolen, lost and hacked much easier than hardware wallet.
There are great wallets that support QR codes (Keystone, Passport, etc), you don't need to connected them with any other devices, and they are much faster than ledger.

witcher_sense

legendary

Activity: 2450

Merit: 4415

🔐BitcoinMessage.Tools🔑

Quote from: n0nce on March 21, 2022, 05:08:34 PM

As I said, hardware wallets that are compatible with phones do exist. For instance, Foundation Passport, which uses QR codes is compatible with any smartphone that has a camera (so, all of them). Some others are usable through the USB port of an Android phone or by using NFC / Bluetooth, however that's less convenient (and way less secure!) in my opinion.

You forgot to mention SD cards, which is arguably the least convenient way of transferring transaction data when visiting a grocery store. As for security, I guess SD-cards are less secure than QR-codes but provide better protection than Bluetooth or NFC. Basically, all hardware wallets can be paired with a mobile phone in one way or another, but that doesn't make them suitable for everyday shopping. Carrying around your hardware wallet is still a bad idea. The only use case I can think of where hardware wallets may help is if you're using a mobile phone as your primary means of payment to search for and buy stuff online. When you're shopping online with your phone visiting many websites that can potentially be malicious, it is rational to not hold your keys on the same device you are surfing the Internet. Whenever you want to make a payment, you connect to your hardware and sign a transaction.

n0nce

hero member

Activity: 882

Merit: 5834

not your keys, not your coins!

Quote from: Kakmakr on March 21, 2022, 12:38:41 PM

I am not going to carry around my hardware wallet and then connect that to a notebook or tablet to do daily transactions, when I visit a shop that accepts Bitcoin payments. I will much rather have some online wallet that I can connect with via my phone ..so that I can scan a QR code if the price is displayed with a QR code. Wink

As I said, hardware wallets that are compatible with phones do exist. For instance, Foundation Passport, which uses QR codes is compatible with any smartphone that has a camera (so, all of them). Some others are usable through the USB port of an Android phone or by using NFC / Bluetooth, however that's less convenient (and way less secure!) in my opinion.

If you were to opt for a 'hot wallet' instead, I find your choice of 'online wallet that you connect to via your phone' extremely questionable. I don't think I've even come across an online wallet in.. years, honestly. Just use a hot wallet that stores the seed on-device, but please no online wallet. That's so 2010. Cheesy

PrivacyG

hero member

Activity: 882

Merit: 1873

Crypto Swap Exchange

Quote from: Pmalek on March 16, 2022, 05:21:36 AM

You can always create additional accounts in Ledger Live for different use cases. There are no limits to that as long as an address of 'account 1' was funded before you create 'account 2'.

There is a limit, it is called time! Adding a single new account takes little to no time but I have had a Ledger with at least 5 accounts before and the initial setup takes a LONG time to find and sync them all up. Coin Control with address labels is so much easier and does not need time to 'sync accounts'. It just syncs the balances of addresses of your 'account 1' derivation path.

-
Regards,
PrivacyG

Kakmakr

legendary

Activity: 3542

Merit: 1965

Leading Crypto Sports Betting & Casino Platform

I am not going to carry around my hardware wallet and then connect that to a notebook or tablet to do daily transactions, when I visit a shop that accepts Bitcoin payments. I will much rather have some online wallet that I can connect with via my phone ..so that I can scan a QR code if the price is displayed with a QR code. Wink

I see hardware wallets as a secure way to use as cold storage and not a wallet for daily usage. It is also good for online payments when you shop online.... but not really a option for mobility. Wink

n0nce

hero member

Activity: 882

Merit: 5834

not your keys, not your coins!

First, think about if you really need to keep $10k on you at all times and can't 'plan ahead' (e.g. transfer some coins from cold storage to hot storage before leaving the house if you anticipate needing more money than usual that day).
In case I needed to have $10k on me in BTC every day, I would use the Foundation Passport, since I can use it with my phone. I wouldn't store amounts of this magnitude in a software wallet.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: PrivacyG on March 14, 2022, 08:52:37 AM

...and not being able to label addresses makes Coin Control useless. When you have 30+ different addresses on the Coin Control list, it becomes annoying and very easy to mess up.

You can always create additional accounts in Ledger Live for different use cases. There are no limits to that as long as an address of 'account 1' was funded before you create 'account 2'. You can have an account just for your current signature campaign. If and when you switch to a new signature campaign, you can create a new account just for that one. You can make one for gambling, another one for trading. Or you can make one for each and every platform you use. Make one for family and friends independent from work and business activities. Mix it up every way you want. It's still not the same thing as labelling addresses, but is ok as a workaround.

bitmover

legendary

Activity: 2352

Merit: 6089

bitcoindata.science

Quote from: PrivacyG on March 14, 2022, 08:52:37 AM

I remember using their Coin Control feature early last year too, so it has been there for a while already. But to me, not being able to sign a message is a shame and not being able to label addresses makes Coin Control useless. When you have 30+ different addresses on the Coin Control list, it becomes annoying and very easy to mess up.

I don't think that coin control is useless because you can't label the address. You can control that in an excel sheet, for example, if you are confused about all your addresses. I am not confused about my addresses and I don't label them.

Quote from: PrivacyG on March 14, 2022, 08:52:37 AM

Had they added possibility of running a full node or your own server in combination with Ledger Live, next to features such as message signing and address labels, I could confirm and say it has every basic Bitcoin wallets functionalities. But with these features missing, no thank you.

Quote from: o_e_l_e_o on March 13, 2022, 03:13:48 PM

The upside to Electrum of course is that you can point it at your own server (or a specific server ran by someone you trust).

They added this possibility in "Experimental Features", I just found it out while exploring my software!

https://support.ledger.com/hc/en-us/articles/360017551659-Setting-up-your-Bitcoin-full-node?docs=true

Quote

To connect your Bitcoin full node to Ledger Live:

In Ledger Live, go to Settings > Experimental features tab.
Scroll down to find the Connect Bitcoin full node option and click on Connect.
Click on Continue once your full node is set up and fully synchronized.

Edit: Ofc we cant verify if we still have full privacy using this feature, as the software is not open source.

Topic: Hardware wallet vs software wallet for daily transaction - page 2. (Read 884 times)