Topic: Hardware wallets... - page 2. (Read 598 times)

So download a copy of Electrum and keep it on a spare thumb (or micro SD etc.) drive with nothing but, better safe than sorry lol

As for recovering from seed phrase, guessing that's the most unlikely scenario needed unless the wallet was, like you mentioned, damaged in some way. But that's I guess a bridge crossed if and when its approached since I assume, even if it's not too difficult, is a somewhat involved process.

The wallets don't actually store your coins. All they store is the seed phrase and private keys to the addresses your coins are located at. Your coins never leave the blockchain. Similarly, the software that Trezor and Ledger provide is simply an interface to interact with the private keys stored on the wallet.

In the event that the company ceased operating, and you no longer had a copy of their software or were able to download it from anywhere, then you would have two options to access your private keys. The first would be to use a different piece of software which supports your hardware wallet. The most popular example of this is the Electrum wallet (electrum.org). You can use Electrum with both Trezor and Ledger devices to access any wallets, accounts, and keys stored on them, view your addresses, sign transactions, etc.

The second method, which you could use if there was no software which would interact with your wallet, or if you lose or break your wallet altogether, would be to recover from your seed phrase. Given that BIP39 is used so widely at the moment, it is almost certain that in 15-20 years there will be software that supports it, even if we have moved on to something else and BIP39 is obsolete.

One thing I probably should have thought of asking before spending the money that I did for the Model T, as unlikely as it would be for one let alone both for this to happen to. At least for what I'm guessing would probably be 15 to 20 years if it all.

Just for shits and giggles, what would happen to the funds on the wallets if both sites (trezor/ledger) were to just completely disappear, servers and everything, and for whatever reason a user like me was not made aware until way after the fact or something.

Most people, unfortunately. There is no requirement to set up a passphrase to use a hardware wallet, most wallets deem it an "advanced feature" and so it is buried in the back of their user guides/set up guides, and so most users just don't know about it or don't care about it.

Ledger made a blog post about this here: https://www.ledger.com/ledger-nano-x-bluetooth-security-model-of-a-wireless-hardware-wallet/. Basically, the Bluetooth connection requires user approval to set up and pair, is encrypted, only ever transmits public information, your private keys never leave the secure element, and nothing can be signed without the user verifying it on the hardware wallet.

Having a passphrase doesn't actually make a difference to the vulnerability - if someone has access to your Trezor, they can still extract your seed in a matter of minutes. What a passphrase does is mean that once they have your seed, they do not have immediate access to your wallets and instead would have to combine your seed with brute forcing your passphrase. Provided your passphrase is long and random enough, this is unfeasible/impossible, and as you say, would give you plenty of time to recover from your back ups and transfer your coins to another wallet.

Attacks aside. Short of someone stealing it from me / breaking into my home. As you or someone else pointed out. They'd have to know what their doing and have the right equipment. Would hope by the time i know it's missing I could xfer anything on it.

Not to sound like a smartass, but who wouldnt setup a passphrase? Even if it came as an after thought. Or maybe it's just that no one considers it. I'm not much of a techie in terms of things like this. But if it's an option of added security, I'm going to use it.

As for my purchase, it was sort of an impulse buy. But that being said. I do love the larger screen. They also seem to have better support I'd rsther have when needed than need it and have Apu from quickemart. Or better yet. Tech support from the show IT Crowd.

I could have gotten the model one. But something kept nagging at me to get the T.

But ya, $162.46 USD (149 EUR) wasn't easy but felt kind of right besides hurting while doing it lmao

Also, as for remote attacks. Unless I'm overly tired and not on the same page as you. That only seems feasible with the Nano X and its BT... unless your also considering how someone may leave the wallet connected to a computer even if its not actively being used (the wallet).

Anyway, going back to the trezor vulnerability. Might sound stupid, but even with a passphrase. Isnt that attack still feasible but just taking longer ?

Let’s take a hypothetical situation of someone coming into the physical possession of your hardware wallet, and that this wallet has some kind of vulnerability that can be exploited with the help of cheap equipment and little technical knowledge. This currently exists with Trezor models which are extremely vulnerable in case the user has not set up passphrase, the seed can be extracted within minutes. The conclusion is that all those who are not aware of this vulnerability and do nothing to insure themselves, have at least one additional risk when it comes to protecting their assets.

For now, Ledger is definitely at an advantage because there is no such vulnerability - if there was one, Trezor would surely make it public. But what some people don't like about Ledger is the fact that it's not open source, for which Ledger again gives somewhat logical reasons.

Every device has its weak points, it's only a matter of time before someone discovers them. What plays the biggest role in the case of hardware wallets are possible remote attacks, which have not been recorded so far (or at least no one has made it public).


Congratulations on your purchase, although it didn't seem to me that you would choose the most expensive option at the moment. Just a week ago you could get Nano S for some 30+ EUR, and Trezor T is 180 EUR now (VAT included).

Broke down, bit the bullet and bought the Trezor Model T using some of the LTC I have.

Will post back after I get it in what I'm guessing will be about a week.

That was a good read but I'm still 50/50 with me leaning a tad more towards ledger. Either way they both for the most part seem like really great choices, did come across the model t for trezor. That's an interesting price tag. But really. For just btc and LTC. Either the trezor one or nano s seems like they would be the more than sufficient models. Setting aside what seems like possibly better security in the higher models which one might then argue. If you're going to get a hw wallet. Just go big or go home.

Def more research to do but of the what seems like 6 diff. companies. They're the two to really consider.

I'll read that later, but even if I personally had your drive. Unless I had whatever pass phrase is set up. I couldnt do anything with it. Unless I missed something, I would need your drive and the wallet / system its tied to, to steal your funds. But just the drive itself, last I knew, wasnt even close to enough.

Yes it is.

https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/

https://www.ledger.com/chaos-communication-congress-in-response-to-wallet-fails-presentation/

However the chances of someone breaking in, finding it, knowing what it is and knowing how to get at it are on the astronomical side. And it's also neutralised by having a 25th password. But who knows whether new angles will be found?

For me online security is obviously the big one and so far they're fine.

80% of what I have is secure even if my house burns down with the rest on coinbase pro. So ya. I stand to lose roughly a grand if shit hits the fan but like you pointed out. I trade actively all year, so theres an inherent risk.

Wo wether it is now or xmas time, it's still a gamble. But one in already in.

But fwiw, my main account is MoreBloodWine. So I'm not necessarily new to crypto. Just gotta finish up some stustufstustuff before using it again. I had lost it for a good long while and only started recently finishing some things up before I use it again.

even then, based on what I know. Wether its trezor or ledger, physical access on the drive is not enough in and of itself.

But I am 50/50 with a slight lean towards ledger.

I have a Trezor 1 and a Ledger Nano S.

The Ledger has been abandoned. There's something about the way they operate I dislike. In this game you should be humble and open and they certainly are not. Trezor's attitude is better and more communicative so they're the ones I stick with.

I am starting to wonder about the future of hardware wallets, more holes are found every day, but since all current ones need physical access to exploit I'm not going to sweat it until that changes.

If the value of the coins you own is a few hundred $, maybe you can live with the knowledge that you can lose them at any moment. But when it comes to a few thousand dollars, few can afford such a loss - and there are users on the forum who have lost very large sums of coins because a $50 hardware wallet was too expensive for them. It is your decision whether to invest in security or not, but anyone who understands what crypto is will tell you that it is not wise to keep such things online.

I see you're a trader so you can’t avoid having a certain amount of funds online, but in any case the correct option is to move them from the crypto exchange when you stop trading. Even a desktop wallet can be a safe option if you take all the precautions.

Oh, given the nature of the item(s) at hand. I'll most def do my due diligence as one may say. I'm probably not getting one, whichever one, until around xmas when I put some coins away for a while... at least 2 yrs... depends.

Ty.

Trezor supports LTC. You should read about the unfixable vulnerability found in Trezor devices and their response to the described attacks. They are very unlike to happen and require a physical access to the device, but everyone should be warned about it before making a purchase. Ledger is not vulnerable to any (publicly known) attack at the moment, but because of Secure Element, it is not fully open-source.

Well, as far as coins go, I still dabble in BTC once in a while but my main playground is with LTC. But ya, I do like the Ledger design better myself not that that means much.

But seems like it, Ledger, may be the way to go if and when I get a HW wallet just for the added security of even say storing a wallet file on a disk / thumb drive off line.

Would have to double check,  but as far as avoid issues goes. As long as trezor does LTC which I believe it does. It, may be the better option. Def more reading to do.
.

Ledger HW is expensive only if you buy the one with higher capacity, which may make sense if you handle more altcoins.
The simple Ledger Nano is as cheap as Trezor.

Whether you need it depends on what you want to do and what your tech skills are. If you 100% know how to safely generate paper wallet(s) for yourself and how to store them (offline) and only want to HODL, you don't need more. But usually it's not the case. Locally stored wallet file is not a safe way to keep big amount of money, since computers can be hacked if they get online (whether you keep them online 24/7, whether you go online for 5 minutes now and then only for a few transactions, the risk is still there).

That 59 EUR they cost worth it 100% imho, for both security and convenience.

You can buy a Ledger Nano S for the same price as a Trezor One (59€). Without considering Ledger has often discounts on their products, like -50% recently. (I don't know about Trezor). The Nano X costs less than the Model T.

I bought Ledger devices since I prefer its design and I believe more in its security. One of the reasons is also that it's a french start-up, I know it's a stupid reason but well patriotism you know.
If someone owns a lot of different altcoins Ledger supports more than Trezor. One of the negative points for Ledger is the Secure Element chip not open source, but that's doesn't really matter for the average Joe, and the cheap plastic used.

Have a look over in this section of the forum

https://bitcointalk.org/index.php?board=261.0

This should give you all the answers you need

So I'm familiar with Trezor, by name only, as I saw them advertised a lot before launch. Been seeing some other ads on Facebook as of late for a diff hardware wallet called Ledger, looks more fancy, not that that really means anything.

That being said. Of all the currently available HW wallets, what do you use if any, and why ?

I do know the trezor is ~$55 while Ledger which comes with a nano ver or some such shit is ~$150.

Been contemplating getting one vs a locally stored wallet file / paper wallet etc. for moving some coins off of CB after making a few more trades.

Ty.