Topic: Hardware wallets still aren't secure, and they never will be. Use paper wallets - page 3. (Read 1801 times)

Fair enough. Although I believe the possible attacks on what you describe would include the same attacks possible on a HW wallet such as trezor or ledger, and include additional attacks above that.
Yes, ideally you will have a house that allows you to be certain there are no cameras watching, but this is not always possible. You might live in an apartment that doesn't have any rooms without windows, or you might have roommates that live with you. If you have your blinds closed, the wind or a fan may cause your blinds to sway enough for someone with a camera to see your paper wallet. Or someone may not fully understand how to best secure their coins, and use a paper wallet in a library or coffee shop.

Not at all. You can generate a QR code on your internet connected watch only wallet, display it on screen, scan it in to your airgapped device, sign the transaction, generate the QR code, display it on the screen of your airgapped device, and scan it in to your live device. No printers required.

True, but you should never be copying information from a paper wallet in a public place. It should be done behind closed doors in your own house, where you should be able to be certain there are no cameras you are unaware of. The only risk then is a from a camera you are aware of, but you are unaware it has been compromised, probably a laptop webcam or your phone camera. The length of time you expose the information to the camera is irrelevant.

A QR reader would not keep you safe from printer attacks because you still need to print the QR code/image. I don’t think it is reasonable to expect to be able to not print a QR code, while you could hand write a private key/seed.

The advantage of using a QR code is it reduces the time your key is exposed to any potential cameras. Scanning a QR code will only take a few seconds, while the next best thing, a written seed will take probably close to a minute to enter and a private key will arguably take several minutes to type from a paper.

Whenever you are copying information on a paper wallet onto a computer to spend, you must expose it in a way that potentially someone will capture the information via a camera you are unaware of. The longer it takes to copy the information on your paper wallet, the longer it will be exposed.

There are also many places you can hide a mnemonic phrase that are just as us likely to be found as someone "cracking" a story or similar. You could take a door off its hinges and write it along the bottom before replacing it. You could hide a piece of paper inside an electrical socket or a light fighting. You could flip over your sofa, cut a small hall in the fabric on the underside, and hide the paper in there. There are endless places a burglar would never look.

You could pair a hardware wallet with an airgapped computer, and then airgapped computer doesn't know your seed/keys, and so couldn't leak them.

Sure, I appreciate that, but I would argue that the chance of someone figuring out what your story means is higher than the chance of a focused, targeted, and highly technical malware attack on an airgapped machine.

It is literally impossible to crack Truecrypt's (or currently, Veracrypt's) encryption, which you could use you for your airgap setup. If you were to be faced by a $5 wrench situation, you can even have a hidden OS and deliver an alternative password. You can use cascaded configurations for the encryption algo such as SHA256(Twofish(Serpent)) which means attacker would need to crack not only a SHA256 but the two other as well. In other words a waste of time. You could also use dm-crypt or LUKS if you know what you are doing.

The only realistic attack is an evil maid type, which you can mitigate by due diligence and generally not being an idiot.

The good old airgapped laptop remains the #1 proponent, coupled with the QR reader to broadcast your tx's. The only thing you need is to not be an idiot like me (I forgot the password to all of my encrypted HDDs) then you should be good. Certainly better than having an obvious device to be filled with coins.

I'm talking about hypothetical here and I know that this is all far fetched and very very unlikely to happen. However I don't like mnemonic seeds just because its easy to identify what these words are for on a piece of paper. A quick search and there is a lot of information on restoring funds with these mnemonic phrases. I will say that they are convenient and another way to restore your data however I still think having this done as plain text on a piece of paper is a flaw in the security plan. If you were a burglar that got into your safe and found this piece of paper with whatever many words a hardware wallet uses for its mnemonic phrase you would be very interested in what they meant. They would probably jump to this being related to banking but if they were to gain access to your computer or wherever you store your wallet files then they could put two and two together. This is assuming that they don't already know about Bitcoin. If they know about Bitcoin then they will probably be able to identify a mnemonic seed. Hiding this in plain sight might be even better option because at least then it looks like true gibberish but again not something I would be willing to risk. If you were to incorporate a mnemonic seed into a childrens book then the burglar would probably think its sentimental value and thats why its in the safe rather than something that opens up a Bitcoin wallet.

I have a sophisticated way of going about this. I haven't told anyone and if I were to suddenly die the Bitcoin community can consider it as a donation to the network that those coins have now been lost forever. In all seriousness this is something which is down to the persons discretion and could potentially become the biggest threat if they make a mistake in trusting others with this very sensitive information. I'm very paranoid by nature and haven't actually revealed to anyone close to me that I use Bitcoin.


We are coming to a bit of a stalemate here I will agree where I'm arguing that I can't safeguard about the brain failing and loss of memory considering dementia is incurable currently and we can only prevent to onset of the disease but even then any accident could lead to memory loss if the brain is damaged. I don't like introducing another thing which could go wrong and that is a airgapped computer. I think its ok to assume that the average Bitcoin user is slightly more technical than the average user of a computer and the elite of Bitcoin are some gifted people. IF and I will admit its a big if. IF the burglar had the technical capabilities of using the methods you have mentioned then that would be your coins gone. I guess what I'm trying to say is there are already known risks to air gapped computers but with my basic idea of creating a story that doesn't have any major risks other than the person catching on that this is an encrypted piece of text which could be made difficult depending on how much effort you put into it. I have given a very basis version of encrypting the private key in the story but you could make it a lot more sophisticated and I would encourage anyone using that method to do so.  

Good practice is to have your passphrase physically backed up on paper (as you would do with your mnemonic phrase), but obviously on a different piece of paper and stored separately from your mnemonic seed and from your hardware wallet.

It's true of all wallets, from forgetting your log in to a web wallet to forgetting where you have hidden your paper wallet. The only ways to completely safeguard against it are the same ways you would use to ensure your crypto passes on to others if you were to suddenly die. Leaving instructions on how to access your crypto, potentially linked to a dead-man's switch, or telling someone else you trust how to access the crypto in the event of your memory loss or death.

There have been examples of malware using the flashing LEDs on the side of your computer casing to transmit morse code or binary, or some altering fan speed to produce different pitches of noise to encode data. There was even one I read about of malware using a connected scanner to display flashes of light which were picked up by attackers, and attackers directing flashes of a laser at the scanner to send instructions to the malware (https://www.bleepingcomputer.com/news/security/flatbed-scanners-used-as-relay-point-for-controlling-malware-in-air-gapped-systems/). Utterly ridiculous. It is impossible to protect against every vector of attack, but when you get as far as thinking about this, the commonly posted XKCD comic about the $5 wrench attack comes in to play.

It is a security feature to prevent brute forcing. Your bitcoin is safe as long as you still have access to your backed up mnemonic phrase.

This is exactly how it should be! Nobody should know. Family and a few close friends you trust with anything are the only ones who should know. The people who would inherit your assets in case something happens to you and that's it.

A handful of friends know I have Bitcoin. Not a single one of them owns any on their own nor do they know how it works. My family knows I am kind of doing something online involving crypto but they don't care. I try to keep my online life and real life separate as much as possible. My real life acquaintances don't know Pmalek and yours shouldn't know The Pharmacist.

I have also never felt the need to discuss my assets in public, be it in bars, parks or anywhere else where a lot of people gather, nor do I do it over the phone or social media. 

It varies a lot between hardware wallets. Ledger wipes itself after 3 attempts while Trezor enforces a delay before you can enter the PIN again. The delay constantly increases until 16th attempt. The device is wiped after 16 unsuccessful unlock attempts. As for the KeepKey, it doesn't wipe itself. It also introduces a growing delay after the third failed attempt. If a hardware wallet is wiped then a recovery seed is needed to restore the wallet.

If you can't rely on your brain then you aren't going to remember your passphrase to get into the hardware wallet. Your brain in all of this is the only vital thing that if it goes wrong then you lost everything. There is no safe way of guarding against memory loss. However if you are talking about just forgetting the important words in the story then this could potentially be brute forced by yourself if you haven't lost your memory completely you are very likely to be able to fill in the gaps. Especially if you are very familiar with the story. Another solution would be misspelling the story on those words and maybe purposely putting a "1" instead of a "one" for digits which are in the private key. There are numerous ways to guard against it and making it look like a child has written the story and innocently misspelled the words and mixed up words by sometimes putting "one" and then other times putting "1". This is just an example and there is many other ways to make it stand out to someone who knows what this story is. If we are talking about total memory loss then this is also true to the hardware wallet.

Airgapped computers can be compromised and there are methods to getting into the coins. There was a interesting article a number of years ago where someone used radio waves on a raspberry pi to get into the wallet. However for that to happen the device has to be physically compromised but again if someone looks onto your computer and sees you have a wallet they will be very interested in that device. I understand that I'm talking about very technical stuff and the majority of people don't possess these skills but I like being paranoid when it comes to security.

Hardware wallets wipe themself after 3 attempts? That isn't a security feature at all. What if an attacker fails 3 times is your Bitcoin then wiped?

I find this thread really interesting and I learnt a lot.

If I may add a consideration: both solution, paper wallet and hardware wallet have pro and cons, you outlined in great details on the thread.
My humble addition is that too often the weak link in the bitcoin storing process often is the user herself.

Something like that:


https://www.xkcd.com/538/

When storing bitcoin you should care about your own OPsec first:
Don’t disclose you own bitcoin
Don’t disclose how many bitcoins you have
Be low profile
Play it safe.

Just remember information you give out today might be considered diff entry when/if bitcoin appreciates 100x.
I think this simple consideration, you might think is a prerequisite, when discussing which storage is better, might not be so obvious to the average users.
I was very surprised to see a few of very experienced people here on bitcointalk post very precise details of their BTC balance (not going to give you directions): I think it is way more dangerous than holding your private key in plain text on the HD.

You might be safe from physical theft, but you run a huge risk of losing access to your coins through brain failure. The brain is an incredibly delicate organ, and there are literally thousands of reasons for you to lose your memory. You could have an aneurysm which bursts with zero warning. You could get concussed from a relatively minor blow to the head. Even a bad infection elsewhere in your body, such as the flu or even food poisoning, can lead to delirium and long term memory problems. In a professional capacity I see patients - young and otherwise fit and healthy patients - who suffer from these kind of things every day. Relying on a brain as a single point of failure is a bad idea.

I'm not sure I follow what you mean here. A hardware wallet like Ledger or Trezor uses an 8 digit PIN to gain entry, and the device wipes itself after 3 failed attempts. That's 3 chances from 100 million possible combinations.

You are still relying on your memory to tell you what your story means and which words at the important ones to extract.

If you are concerned about hardware wallets, then I would encourage you to use an airgapped machine to store your coins rather than your brain.

Unless you have a randomly generated password which is long enough to not brute force and short enough to remember without writing it down or storing it anywhere it will still be the weak point of the hard wallet. I have discussed many times what I think is the best solution to storing your private keys. I think that the seed of a wallet is the weakest point and memorizing the private key is the only solution which is truly safe from physical theft. Hardware wallets can be and have been stolen and could eventually be cracked using the weak passwords everyone uses. Many people think that using a program such as lastpass or keepass is a safe solution but they are often using a easy password to get into these password managers which effectively makes your more secure passwords moot.

Trust me people will be more interested in a device such as a hardware wallet which looks interesting than words scribbled down on a piece of paper. imagine if you abbreviated your private key into words so 1 = one and N = Nigel. What if you were to compose a story and get that story printed into a book using a printer that you own and can wipe the memory and/or destroy. You could write a story like " One day Nigel went down the road to fetch a pale of water" Something as stupid as that could potentially prevent anyone seeing it realizing what it is but a hard ware wallet is much easier to identify. I understand that this suggestion or hypothetical situation is completely absurd but I can guarantee people are doing this around the world. lets just say I have a more sophisticated way of securing my Bitcoin but this is one of the solutions to the problem. Without even investment you could pull this off and is just as safe as a hardware wallet. The convenience is what you pay for because if you are regularly accessing your Bitcoin then doing this each time would be crazy but if you are a long term holder of Bitcoin then this is a very good solution to the problem at hand. Then there is things such as memory loss which we just can't combat unfortunately we can't cover all angles and people have different risk levels that they are willing to take. I for one won't use a hard ware wallet.

This is kind of how I relate to all of the things said here, and this is a very interesting debate BTW.  I'm pretty sure if I dropped dead today that at some point someone going through my belongings would figure out the significance of those words I have written down on paper, or the steel wallet I have, or what my Ledger is...but they'd have to know my password and such as well.

I may be naive, but I'm really not worried about getting robbed for my crypto (not that I have a whole lot anyway).  My best guess is that there may only be a handful of people in my entire town who own any bitcoin, and nobody around me knows I'm into it and thus they wouldn't know what they're looking for if they robbed my house.  I'm probably not paranoid enough.

Scenario, Paper wallet
.
Thief see's wallet your coin is gone. (Difficulty Level=Easy)



Scenario, Hardware wallet
.
Thief must have a very technical understanding to dump the prram.(Difficulty Level=Hard)

I dont know about you guys but the people in my life wouldnt even know what to do with the paper wallet.(people that would be in my house,or visiting)
And I dont really know anyone in crypto personally besides business associates ive met over the years. (not people that would be in my house)
I'm pretty certain this is just my paradigm.

You can use a QR code reader (which im shocked so few people use) in order to completely bypass any printer exploits. You can use Coreboot or Libreboot in order to not use a propietary BIOS. You can have more control over RNG than in a hardware wallet. You can have FDE with a couple of passwords for plausible deniability and so on.

Air-gap setup when executed by an expert beats both HW and paper wallets which scream of "hit me with a $5 wrench to get a lot of Bitcoin, and in case there isn't much hit me harder because that wasn't the real password".

Memorizing passwords will always be a problem. I've myself lost access to HDDs with FDE, but that's life, take your vitamins and pray that you don't develop early alzheimer.

Moving your paper wallet around, scanning it for payment purposes could put your funds at risk. No way should paper wallet be better than hardware wallets. You can't trust a newbie with paper wallet but you can with hardware wallet.

Regular user don't even know about entropy or entropy sources while most geeks/nerds only know entropy source which known to be secure (such as /dev/urandom & lots of mouse movement), but only know high level overview of the entropy source.


Don't forget :
1. Microcode & firmware which almost always closed-source which makes audit impossible
2. Manipulate k value of ECDSA (See https://aisel.aisnet.org/cgi/viewcontent.cgi?article=1035&context=mcis2015 & https://github.com/tintinweb/ecdsa-private-key-recovery for reference)


No, i think his problem are :
1. He have high standard or expectation of what regular user can do (set-up air-gapped device, etc.)
2. He have high standard or expectation of what regular user knowledge (choosing good/trusted entropy, one-time address, etc.)
3. Strongly prefer paper wallet to the point where he refuse to admit both HW & paper have vulnerability

Thank you for that perfect summary.

This Chris guy is crazy.

1 - he bashes HW because they are "expensive" and we all wasted 90 usd in security. However he spent much more to secure his "airgapped" computer. A machine with a keyboard, monitor, cpu, hd, etc etc, which are far more expensive than 90 usd. We are all idiots to spend 90usd in an "unsafe" device which is trusted by whole cryptocommunity for years, while he is a genious to spend 300-400 usd in a machine he build by himself which is supposedly safer, but nobody but him ever tested or inspected to look for vulnerabilities.

2 - He says that HW are unsafe because someone can find your device and hack your private key, and a paper wallet would be safer because there is no device to be found. But yes, there is a big machine with a monitor, keyboard, etc, which could be physically hacked when found as well. And even a crazy guy like him would have the private keys backed up in a paper (which he would have typed by hand and prayed to be corrected). Can't get how this is safer.

3 - Ignore all spending issues such as change addresses, inconveniences of using each private key once, risks involved when doing all this hard work etc...

Are you using that live USD in an online computer and inserting it again in your airgapped? I hope you are not doing that....



Yes. Maybe some crazy people who has nothing to do and like to take risks and like to play with those technical stuff it may be a good option. But for everyone else it is not.
Unless if you are a very advanced user, professional, developer or whatever... And I consider most of the users in this topic very advanced, and nobody is defending paper wallet against hw.

Also, I would recommend not putting all your funds in your paper wallet. You could make a mistake some day, as there are far too complex procedures for simple tasks such as spending, or consolidating, etc