Pages:
Author

Topic: Hardware wallets still aren't secure, and they never will be. Use paper wallets - page 2. (Read 1881 times)

legendary
Activity: 3052
Merit: 1273
Good point. For an example of this if you were to get robbed on the street of your cash you would likely be willing to give up some pocket change to prevent any harm being done, but you're not exactly giving away your whole bank account. This is why I truly believe in having multiple wallets to store your funds. Everyone has their own tolerance of risk, and I don't really keep anything more than a few Bitcoin in my wallets at a time, and this will likely evolve as the Bitcoin price changes.

Yeah, great thought actually. Some people (including me) put a blind trust on few of the reputed exchanges as well to store their extremely valuable coins there without even thinking once about the risks it pertains. I've had a very brief discussion over these things and I've also learnt that distribution of wealth is one major factor we need to understand very carefully and apply too after being known to it. The hackers won't ask us whether they should take partial money out of our pockets or full, it's the same as those criminals who put gun over your head asking you to give whatever you've got, but even they won't wait for you to transfer money from your bank to theirs due to the fear of getting traced down. After this article read, I will not be able to believe even hardware wallets which many users were praising about.

For my convenience, I've just created some offline paper wallets that I'll be storing in very small steel boxes each and be kept at a safe place as well as I also keep a check every now and then, just to make sure I don't lose anything.

A question here:

If I've kept my coins in a hardware and that hardware either blasts off or gets destroyed anyhow (talking about these Ledger and Trezor thing), will I be able to ever regain them?
hero member
Activity: 680
Merit: 500
Paper wallets aren't secure either
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Speaking about Vulnerabilities found in hardware wallets:

Trezor found this one:
Details of the OLED Vulnerability and its Mitigation

Quote
This article describes an information leak discovered in the OLED display used by hardware wallets, including Trezor One. We want to explain how this side-channel attack works and what measurements we took to mitigate the threat. This attack affects only the Trezor One; Trezor Model T is immune to this attack thanks to its entirely different display.

Quote
The attack requires device owners to use USB equipment that has been physically manipulated by an attacker. In other situations, users are not impacted.
There is no evidence that any malicious actors ever exploited this vulnerability.
The latest firmware v1.8.2, now available for Trezor One, mitigates the issue.

What we learnt from this story?
  • Hardware wallets aren't magical items granting eternal security
  • (Gullible)Users are the weakest links in the security mechanism
  • You can patch (some) hardware defect or weak spots with software
  • White hats are here to help


Not to dis trezor but they did not discover it. Christian Reitter did he disclosed it to them and other people who used oled also..

https://blog.coinkite.com/noise-troll/

And so far it's not proven and just about impossible to exploit. And lets be serious. If someone can compromise your USB port or cable on the PC you are using for your BTC you're screwed anyway.

Hmmmm, I have access to your usb. Let's do this incredibly complicated almost impossible hack...or just emulate a keyboard and type whatever the hell I want.....

-Dave
legendary
Activity: 2268
Merit: 18771
This is why I truly believe in having multiple wallets to store your funds.
Agreed. I use a mobile wallet for a few hundred dollars worth of bitcoin, which I carry around daily. I know it is far from being secure, but it's an amount I can easily afford to lose and an amount I would happily give to an attacker to prevent any physical harm to myself. The amount in that wallet is in no way linked to my main cold storage via blockchain analysis. My various cold storage wallets are also in no way linked, are of various types (hardware, paper, old laptop which has been airgapped), and are all stored separately.
staff
Activity: 3304
Merit: 4115
Obviously the best way to mitigate a wrench attack is to maintain your privacy wo you don't become a target, but I've often wondered what the best way to survive it would be provided the attacker has already overcome that first step.

Unless they know for a fact your wallet set up (which is incredibly unlikely), then there is no real difference in using multi-sig and just telling them you are using multi-sig. However, if they are willing to physically attack you for money, is having everything you own locked away in multi-sig wallets really the best way to go? Perhaps you actually want to have some bitcoin available you can hand over for your own sake. Also, there's nothing really stopping them from forcing you to tell them where you've stored all your multi-sig keys instead of the keys themselves.
Good point. For an example of this if you were to get robbed on the street of your cash you would likely be willing to give up some pocket change to prevent any harm being done, but you're not exactly giving away your whole bank account. This is why I truly believe in having multiple wallets to store your funds. Everyone has their own tolerance of risk, and I don't really keep anything more than a few Bitcoin in my wallets at a time, and this will likely evolve as the Bitcoin price changes.
legendary
Activity: 2268
Merit: 18771
It looks like the $5 wrench attack came up a few times as well. Easiest way to avoid that would be multisig. Spread those keys across the land. If someone holds you up until you give up your private keys, you can't.
Obviously the best way to mitigate a wrench attack is to maintain your privacy wo you don't become a target, but I've often wondered what the best way to survive it would be provided the attacker has already overcome that first step.

Unless they know for a fact your wallet set up (which is incredibly unlikely), then there is no real difference in using multi-sig and just telling them you are using multi-sig. However, if they are willing to physically attack you for money, is having everything you own locked away in multi-sig wallets really the best way to go? Perhaps you actually want to have some bitcoin available you can hand over for your own sake. Also, there's nothing really stopping them from forcing you to tell them where you've stored all your multi-sig keys instead of the keys themselves.
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
Speaking about Vulnerabilities found in hardware wallets:

Trezor found this one:
Details of the OLED Vulnerability and its Mitigation

I think this is an edge case. For this attack to be successful, an attacker will need to compromise the computer you use with your trezor one ahead of time in a very specific way involving having physical access to your computer.

Someone who is able to execute this attack on a (non-upgraded) trezor one would also be able to learn of the private key associated with a paper wallet by compromising other computer components that would most probably be easier to compromise.
Totally agree,
my point were in fact you cannot blindly trust your Hardware wallet and a stupid user (the one using suspicious  hardware) can ruin every secure procedure or security practice.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
What you can do is avoid the "wrench attack" by avoiding being the target of a wrench attack. You can do this by obscuring how much coin you have via things like coin control,  not reusing addresses, and minimizing the number of transactions that can be publicly attributed to you.
And not actively participating on online, public forums related to cryptocurrency... oh... wait. Tongue
Not everyone participating in these forums has substantial amounts of coin, or any coin at all. You can also keep your forum identity separate from your IRL identity to mitigate your risk that you will be targeted by a wrench attack.

Speaking about Vulnerabilities found in hardware wallets:

Trezor found this one:
Details of the OLED Vulnerability and its Mitigation

I think this is an edge case. For this attack to be successful, an attacker will need to compromise the computer you use with your trezor one ahead of time in a very specific way involving having physical access to your computer.

Someone who is able to execute this attack on a (non-upgraded) trezor one would also be able to learn of the private key associated with a paper wallet by compromising other computer components that would most probably be easier to compromise.
legendary
Activity: 1382
Merit: 1122
It looks like the $5 wrench attack came up a few times as well. Easiest way to avoid that would be multisig. Spread those keys across the land. If someone holds you up until you give up your private keys, you can't.


We do need them for mass adoption however. Paper wallets can't take us the whole way.

100% disagree. Unless they're 100% open source you're trusting them, which means you are potentially leaking keys, meaning you're not the only one holding your private keys, meaning you might as well have stuck with legacy banking since you obviously can't be your own bank.
legendary
Activity: 1176
Merit: 1015
Stop trusting hardware wallet manufactures to protect your money.

We do need them for mass adoption however. Paper wallets can't take us the whole way.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Everyone should definitely have a listen through Michael Flaxman's podcast at https://stephanlivera.com/episode/97/

Thanks for sharing the podcast & i agree everyone should listen to the podcast/read the transcript, but which parts do you want to emphasize?

1. The fact hardware wallet is recommended for non-expert?

Michael Flaxman: Yeah, yeah. Before we get into this whole episode bashing hardware wallets, which I enthusiastically stand behind, for most people, they are the best choice. If you’re owning Bitcoin, I strongly advocate holding your own keys, and unless you’re an expert, you should use a hardware wallet. If you are an expert, you should build your own hardware wallet with open-source software that’s free and equipment that you source yourself, but that’s way outside the scope of this. For most people, hardware wallets still are the best choice as far as usability and security, and they’re reasonably priced.

2. The importance of good RNG for both HW wallet & software to make paper wallet?

Michael Flaxman: In terms of the things that you have to get right, because that was really your question, is this code doing what I think it’s doing, and am I running the code that I think I’m running? Both of those are incredibly hard things to verify. There are just so many famous examples of hacks and bugs, that it’s hard to point to all of them. There’s lots of other talks that’ll give examples of those, the idea is just that you should be cautious and paranoid, because it is really hard. One of my favorite examples is, there was a bug in 2013 in Android’s implementation of SecureRandom in Java. SecureRandom, as the name suggests, is a function that securely gets you some random bits of data. In a Bitcoin signature, you need a random component.

Michael Flaxman: It’s part of the proof in the ECDSA signature. If that bit is random, then it doesn’t matter. It’s not something that you ever would look at again. You can think of it as like nonce, a number used only once. It just is used to prove your ownership of that private key, but if that secure random data is actually not random, then somebody could intuit your private key instantly. This is not a difficult attack to do by any measure. There’s plenty of open source code that will do it from your signature. As soon as they see a signature broadcast, they know your private key, and that is terrifying. A lot of people lost money in wallets that were Android wallets in 2013. That’s the type of thing that nobody could possibly have been aware of.

Michael Flaxman: Yeah. That’s terrifying, because there’s a lot of copy-paste of code. Crypto is just really, really hard. If you have a library that does something in your language, you’re likely to borrow from it heavily. Unfortunately, almost all the hardware wallets are written in Python and MicroPython. That is not ideal, but I think that’s a more minor thing. Again, we’re talking like, you can chase the perfect secure system that was written in three different languages.

3. The risks of supply chain of HW wallet?

Michael Flaxman: The supply chain risk is absolutely terrifying, because it’s completely outside your control. You could do things to minimize it. You say, “Well, I’m only going to buy my hardware wallet direct from the company at an event where they’re there.” If I get my device from a person who works at the company, then that’s probably better odds than, absolutely, do not buy it secondhand on eBay. That’s one way to minimize the supply chain risk, but you can’t know about upstream supply chain risk.

4. Difficulty of full transaction verification on HW wallet?

Michael Flaxman: The point being that, hardware wallets, you want them to verify everything they can, and the screen helps you with some of that, but a lot of it’s buried in implementation details. It doesn’t matter how big your screen is, if you don’t verify what change address is yours versus an attacker’s, then you really don’t know what’s going on. If you don’t verify the inputs and the outputs, then you don’t know the fee. This is where there’s just so much devil in the details that, honestly, no one wallet does perfectly. Two wallets is your answer, because then you got to trick both of them. Even if one doesn’t do it perfectly, the other, hopefully, won’t have that exact same vulnerability.

On a side note, the idea of using testnet to test HW wallet and check whether your system is compromised is clever idea.
legendary
Activity: 1382
Merit: 1122
Everyone should definitely have a listen through Michael Flaxman's podcast at https://stephanlivera.com/episode/97/
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
Speaking about Vulnerabilities found in hardware wallets:

Trezor found this one:
Details of the OLED Vulnerability and its Mitigation

Quote
This article describes an information leak discovered in the OLED display used by hardware wallets, including Trezor One. We want to explain how this side-channel attack works and what measurements we took to mitigate the threat. This attack affects only the Trezor One; Trezor Model T is immune to this attack thanks to its entirely different display.

Quote
The attack requires device owners to use USB equipment that has been physically manipulated by an attacker. In other situations, users are not impacted.
There is no evidence that any malicious actors ever exploited this vulnerability.
The latest firmware v1.8.2, now available for Trezor One, mitigates the issue.

What we learnt from this story?
  • Hardware wallets aren't magical items granting eternal security
  • (Gullible)Users are the weakest links in the security mechanism
  • You can patch (some) hardware defect or weak spots with software
  • White hats are here to help
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
My strategy with Paper wallets has been very effective over the last couple of years. I bought a small second hand computer and printer and I printed 1000's of paper wallets and then I destroyed it. I picked a few "good" looking ones with familiar numbers and the rest are stored all over the place. Some are loaded with very small amounts of Satoshi to serve as a "honey trap" - I check these once in a while to see if they were accessed, as a early warning system to see if someone is looking for Bitcoin at my house.  Roll Eyes

The Paper wallets with more coins are laminated and also duplicated and stored at different geographical locations. Some of the private keys are stored in plain sight, but nobody would know, because I used a method that would only be recognized by myself.

I must admit that I use hardware wallets too, because it is more convenient when you want to use coins more frequently. The seed is never stored on site and I protect it with a passphrase.

So the strategy is to use more than one method, because each method have Pro's and Con's and also to split the coins.  Wink

 
HCP
legendary
Activity: 2086
Merit: 4363
What you can do is avoid the "wrench attack" by avoiding being the target of a wrench attack. You can do this by obscuring how much coin you have via things like coin control,  not reusing addresses, and minimizing the number of transactions that can be publicly attributed to you.
And not actively participating on online, public forums related to cryptocurrency... oh... wait. Tongue

Seriously tho, a lot of these arguments always descend into what I like to call the "What if? Game"™... where the participants start inventing more and more unlikely scenarios to attempt to justify their position and/or denigrate the oppositions position.

The truth is that there really is no "one size fits all" approach to cryptocurrency, how it should be "stored" or how it should be "used"... for some people, web wallets are perfect... for others they need cryptosteel, locked in a fire proof safe, in a drybag, buried in the woods... and then everything else inbetween.

As long as your solution fits your requirements and satisfies your personal level of risk... then you are "Being your own bank" Wink
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7

There is nothing you can do about the wrench attack.
What you can do is avoid the "wrench attack" by avoiding being the target of a wrench attack. You can do this by obscuring how much coin you have via things like coin control,  not reusing addresses, and minimizing the number of transactions that can be publicly attributed to you.

legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
Let's come back to ultimate steps to secure our wallets. Which ones do we have to secure? Private keys, that's all we need to secure. So, it is definitely true that if someone can keep their private keys in secret, and safely, and away from potential damaging threats, like water, fire, etc. There is no need to use hardware wallets to secure your funds. Backing up private keys on paper (writing them down, or printing them with high quality ink); for bunches of paper (to get more safety from potential damages); then put them in your vault. I do think that it is safe enough, and don't need hardware wallets.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange

And if somebody knows IRL that you have big amounts of Bitcoin and could come after you, the combination of multi-sig & obfuscation will not help, since there's a good chance he's do the 5$ wrench attack.

Edit: I think that the easiest combo is BIP39 seed hidden in plain sight and keeping your mouth shut.

There is nothing you can do about the wrench attack. ( Unless you are Chuck Norris http://www.icndb.com/the-jokes-2/ )
However, the more difficult you make it for other forms of theft the better.

Remember, we are talking about edge cases here. You can beat somone with a wrench all you want, if their keys are in a vault in a bank, walking in covered in blood asking to get into the vault might raise a few alarms.

-Dave
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
I did not see it in the thread but, "X" of "N" paper keys are very useful
And then you can use misdirection.
You can make a 4 of 6 wallet
Label each piece 1 of 2 or 2 of 2
Someone gets 2 of them they then generate a private key for an address that has....nothing in it. Only you know that you really need 4 out of 6 pieces of paper that all say 1 of 2 or 2 of 2.

Combination of multi-sig & obfuscation is good idea, but it sounds overkill IMO unless you're targeted or people who know you IRL know you have lots of bitcoin.

And if somebody knows IRL that you have big amounts of Bitcoin and could come after you, the combination of multi-sig & obfuscation will not help, since there's a good chance he's do the 5$ wrench attack.


Edit: I think that the easiest combo is BIP39 seed hidden in plain sight and keeping your mouth shut.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
I did not see it in the thread but, "X" of "N" paper keys are very useful
And then you can use misdirection.
You can make a 4 of 6 wallet
Label each piece 1 of 2 or 2 of 2
Someone gets 2 of them they then generate a private key for an address that has....nothing in it. Only you know that you really need 4 out of 6 pieces of paper that all say 1 of 2 or 2 of 2.

Or get a cold card  https://coldcardwallet.com/

-Dave
Pages:
Jump to: