Thanks guys,
Your insights are incredibly helpful. Great to see what goes through your minds wrt hardware wallets...
Have you seen BlackBird? - https://blackbirdwallet.io
What are your thoughts on it?
Not much details have been released yet, but first impressions?
Topic: Hardware Wallets & Security flaws - page 2. (Read 588 times)
That's the thing though, except for encrypted paper wallets all other cold storage solutions also break with physical access. Compared to dedicated mobile devices or airgapped PCs a hardware wallet arguably still offers a higher level of both physical and software security.
What about an air-gapped hardware wallet? Would you trust that?
Airgapping serves as a security measure to prevent unwanted online / network access by an adversary. That bit is covered by hardware wallets just as well as by airgapped mobile devices / PCs.
As mentioned by others, all security flaws that had to be fixed so far required physical access, something against which airgapping doesn't help. Point being, if your main fear is people gaining physical access to your cold storage device / hardware wallet, you're probably better off with a hardware wallet, since unlike regular hardware they are at least reasonably secured against physical attack vectors.
What about an air-gapped hardware wallet? Would you trust that?
I personally wouldn't if I cannot build the firmware myself and flash it (and test it)... who tells me that the random numbers it's generating are really random?
Well, in ledgers case with the nano s, the entropy comes from an AIS-31 certified TRNG.
Does it really? Where can I check it? (The FAQ section on a website does not give me enough confidence)
What about an air-gapped hardware wallet? Would you trust that?
I personally wouldn't if I cannot build the firmware myself and flash it (and test it)... who tells me that the random numbers it's generating are really random?
Well, in ledgers case with the nano s, the entropy comes from an AIS-31 certified TRNG.
At some point you have to trust someone. France and germany both have official documents which describe the methodology of TRNG certified under AIS-31.
Federal IT-related agencies trust that way to generate random numbers.
Even if you do not trust anyone, you are still free to create your own (mnemonic) seed and import it into your hardware wallet, but the chances are very high you end up with a lower entropy.
[1] https://www.ssi.gouv.fr/archive/site_documents/certification/NOTE-05_Evaluation_AIS31_en.pdf
[2] https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_31_Functionality_classes_for_random_number_generators_e.pdf?__blob=publicationFile
That's the thing though, except for encrypted paper wallets all other cold storage solutions also break with physical access. Compared to dedicated mobile devices or airgapped PCs a hardware wallet arguably still offers a higher level of both physical and software security.
What about an air-gapped hardware wallet? Would you trust that?
I personally wouldn't if I cannot build the firmware myself and flash it (and test it)... who tells me that the random numbers it's generating are really random?
That's the thing though, except for encrypted paper wallets all other cold storage solutions also break with physical access. Compared to dedicated mobile devices or airgapped PCs a hardware wallet arguably still offers a higher level of both physical and software security.
What about an air-gapped hardware wallet? Would you trust that?
But the Nano S sold about 1 mil units. I'm assuming anyone buying does hodl quite a bit and would therefore be quite clued up... so why trust in this?
Trezor have also suffered firmware hacks... KeepKey hasn't really had any major issues yet, but have a tiny market share.
Trezor have also suffered firmware hacks... KeepKey hasn't really had any major issues yet, but have a tiny market share.
Trezor has an excellent track record of fixing security flaws in a timely manner. I presume this is true for Ledger as well. KeepKey still has to prove itself in this regard.
Problem being -- just because no major flaws have been found with KeepKey wallets yet, doesn't mean there are none. Especially given the fact that they likely have far fewer watchful eyes on them than the Ledger or Trezor wallets, due to the significantly larger userbase of the latter -- including many inquisitive minds hacking and probing about just for the fun of it. In other words, smaller market share means fewer people looking for security issues leading to fewer security issues being found.
That being said, KeepKey could very well be more secure than Ledger or Trezor wallets. But we won't know until more people have given it a go.
Ledger is based on a Secure Element which at every boot checks if the device is compromised. That's why they don't use seals, there should be a leaflet in every package mentioning that. Some people prefer this solution over Trezor's open-source code and hardware.
It is worth noting that Trezors also ensure firmware integrity on the hardware level:
https://doc.satoshilabs.com/trezor-faq/threats.html#reflashing-the-trezor-with-evil-firmware
Every discovered security flaw in both Ledger and TREZOR needed a physical access to the device.
[...]
Cold storage might be a better solution for you. It's less convenient but you can also use, for example, Samourai on your Android device which offers high privacy and security. Cold storage for savings, Android wallet for shopping and F2F transactions.
[...]
Cold storage might be a better solution for you. It's less convenient but you can also use, for example, Samourai on your Android device which offers high privacy and security. Cold storage for savings, Android wallet for shopping and F2F transactions.
That's the thing though, except for encrypted paper wallets all other cold storage solutions also break with physical access. Compared to dedicated mobile devices or airgapped PCs a hardware wallet arguably still offers a higher level of both physical and software security.
I, personally, think that everything closed-source cannot be really trusted to be "secure". Just as my closed-source operating system is probably submitting my dick-picks to some coffee-sipping dude in a fancy suit on a regular basis, or just as my closed-source SmartTV is probably recording me watching movies in my undies so some CEO can take a break from his stressful Powerpoint work and - you know - enjoy his fetish, someone else probably also has access to my closed-source hardware wallet only waiting for me to deposit more than 10$.
I mean, why would you not release the code if you didn't want to hide something? Don't tell me, it's to "protect intellectual property"
I don't trust any "proprietary stuff" - Bluescreen of death or not.
But even more devastating is the fact, that (unlike open source projects) proprietary projects have hired people working for them - you know, these 9-to-5 jobbers that always find the perfect equilibrium between doing as little as possible, but just enough to not get fired lol
I mean, why would you not release the code if you didn't want to hide something? Don't tell me, it's to "protect intellectual property"
I don't trust any "proprietary stuff" - Bluescreen of death or not.
But even more devastating is the fact, that (unlike open source projects) proprietary projects have hired people working for them - you know, these 9-to-5 jobbers that always find the perfect equilibrium between doing as little as possible, but just enough to not get fired lol
There was a post before that provided a pdf file explaining while hardware wallets are not safe even the ones being sold by Ledger. I have read it carefully that buying 2nd hand hardware wallets and also the ones in retail stores are vulnerable to this Evil Maid Attack. Based on how I read it this attack remains to be undetected to the user and the wallet's system, you will just know that your hardware wallet is tampered when you don't have any holdings left in your wallet. Main solution is buying the hardware wallets directly to the manufacturers' stores. Maybe still providing some kind of tamper proof seal will give the buyers a peace of mind, there are a lot of counterfeits out there and this is just one of the necessary security to have.
Ledgers wallet (software) checks whether the firmware on your nano s is geniuine each time you connect and open it.
There is no need for a 'tamper-proof' seal. The best tamper-proof seal is not a small sticker on the package, but a proper genuine check of the firmware.
This schema is yet vulnerable to bootstrap attack and as I remember it has been already cracked as a proof of concept. Theoretically a secure device validating the unsecure rom of its firmware attached to probeable bus , ... not the most secure architecture ever. There is no need for a 'tamper-proof' seal. The best tamper-proof seal is not a small sticker on the package, but a proper genuine check of the firmware.
Note, that samourai is NOT more secure than any other mobile wallet (or desktop wallet).
I should have been more specific. Mobile wallets are not completely safe not only because of the software itself but also it's fairly easy to steal a phone (seed recovery helps a lot in such case). I completely agree with you and that's why I wrote at the end:
Cold storage for savings, Android wallet for shopping and F2F transactions.
They are great for fast and small payments, not for storing long-term investment.
Ledgers wallet (software) checks whether the firmware on your nano s is geniuine each time you connect and open it.
There is no need for a 'tamper-proof' seal. The best tamper-proof seal is not a small sticker on the package, but a proper genuine check of the firmware.
Note, that samourai is NOT more secure than any other mobile wallet (or desktop wallet).
Each desktop-/mobile- wallet has its vulnerabilities (not purely due to the wallet itself, but more because of the environment (e.g. OS, ..)).
Especially because quite a lot mobile manufacturer do skip android security updates (while displaying the latest patch has been installed), there are always vulnerabilities which can lead to a compromised mobile phone.
This does NOT directly mean that any mobile wallet on your android is compromised, but the possibility for a highly-techy person to gain access to your mobile phone does exist.
There is no need for a 'tamper-proof' seal. The best tamper-proof seal is not a small sticker on the package, but a proper genuine check of the firmware.
[...] but you can also use, for example, Samourai on your Android device which offers high privacy and security.
Note, that samourai is NOT more secure than any other mobile wallet (or desktop wallet).
Each desktop-/mobile- wallet has its vulnerabilities (not purely due to the wallet itself, but more because of the environment (e.g. OS, ..)).
Especially because quite a lot mobile manufacturer do skip android security updates (while displaying the latest patch has been installed), there are always vulnerabilities which can lead to a compromised mobile phone.
This does NOT directly mean that any mobile wallet on your android is compromised, but the possibility for a highly-techy person to gain access to your mobile phone does exist.
Ledger is based on a Secure Element which at every boot checks if the device is compromised. That's why they don't use seals, there should be a leaflet in every package mentioning that. Some people prefer this solution over Trezor's open-source code and hardware. Keep in mind that Secure Element has limited space which is why there is a limit of how many apps can be installed on the Ledger (it was improved in the recent update but it's still a problem if you use many different altcoins).
Hardware wallets are convenient because they can be used almost with every device (even infected ones). Every discovered security flaw in both Ledger and TREZOR needed a physical access to the device. It's not a problem as long as you keep it properly hidden (some people tend to attach their wallets to their keyring). There is nothing wrong in not trusting even the most popular hardware wallets. Cold storage might be a better solution for you. It's less convenient but you can also use, for example, Samourai on your Android device which offers high privacy and security. Cold storage for savings, Android wallet for shopping and F2F transactions.
You can find more detailed discussion here and here.
Hardware wallets are convenient because they can be used almost with every device (even infected ones). Every discovered security flaw in both Ledger and TREZOR needed a physical access to the device. It's not a problem as long as you keep it properly hidden (some people tend to attach their wallets to their keyring). There is nothing wrong in not trusting even the most popular hardware wallets. Cold storage might be a better solution for you. It's less convenient but you can also use, for example, Samourai on your Android device which offers high privacy and security. Cold storage for savings, Android wallet for shopping and F2F transactions.
You can find more detailed discussion here and here.
Hardware wallets are obviously NB for any holder with a fair amount of $ invested in whatever, but Ledger seems to be filled with flaws - what's up with their insistence not to use a tamper-proof seal?
But the Nano S sold about 1 mil units. I'm assuming anyone buying does hodl quite a bit and would therefore be quite clued up... so why trust in this?
Trezor have also suffered firmware hacks... KeepKey hasn't really had any major issues yet, but have a tiny market share. So what exactly are you looking for in a hardware wallet? Is it more of a status symbol?
Just interested to hear thoughts...
But the Nano S sold about 1 mil units. I'm assuming anyone buying does hodl quite a bit and would therefore be quite clued up... so why trust in this?
Trezor have also suffered firmware hacks... KeepKey hasn't really had any major issues yet, but have a tiny market share. So what exactly are you looking for in a hardware wallet? Is it more of a status symbol?
Just interested to hear thoughts...
Jump to: