Topic: Hardware wallets still aren't secure, and they never will be. Use paper wallets - page 4. (Read 1801 times)

Have you reviewed every line of code in your live USB OS? Have you reviewed every line of code in the software which is converting your entropy to a private key? Have you reviewed the individual hardware components in your computer and USB stick? The microcontrollers? Hell, even BIOS malware exists. You are trusting third parties just as much as hardware wallet users are. Fair enough, your set up sounds like you aren't going to leak your keys after they have been created, but there are still several ways which an attacker could generate pre-determined keys for you.

As HCP says, your analogy is an argument against using a paper wallet. You are saying that there are so many things that could go wrong, only people with years of education and training should be attempting these procedures. If we want bitcoin adoption to spread, it has to be as easy as using a credit card for your average, non-technical, Joe. Paper wallets are not. I'm not arguing they can not be a good option for people like yourself who understand the inherent risks and have taken steps to prevent them, but they are not a good option for the majority of users.

You are being ambiguous as to what you are specifically meaning when you refer to a "paper wallet", maybe intentionally for security purposes, but this makes it difficult to address the shortcommings of what you describe as a "paper wallet". Dito for the machine you will use to sign transactions and generate the private key.

In the above post, you strongly imply you will use each paper wallet for exactly one transaction that you spend.  In the same post, you also say your air gaped machine does not have any kind of HDD. In this post you say you have not used a printer for creating paper wallet for a year.

This creates a number of issues, some of which do not exist for HW wallets:

Change addresses:
Every time you spend a transaction, you will need to either generate a new paper wallet, or access a previously generated paper wallet. If you are doing the former, you are consistently not having backups of your paper wallet immediately after you spend each transaction, and if it is the later, you are at risk that I describe in what you quoted. If you are not using a printer, you will have to write down the address, and manually type the address when you create a transaction, both of which are very prone to error; there are checks in place to prevent you from sending coin to an incorrect address due to a typo, but you may find yourself unable to send coin to a change address. If you have change addresses stored with your paper wallet, you are also at risk that someone will tamper with the change address listed, tricking you into sending coin to the address of an attacker.

Getting the private keys on paper:
If you are not reusing a paper wallet, you are strongly implying you are generating a single private key verses a seed. If you are hand writing the private key onto paper, you are at risk of transposing digits, which would lead to a near certain loss of funds. It would be possible that you use a seed a single time, but this would be strange IMO. 

Actually it is... because it applies to all wallets. Sure, it's easy to say "Don't trust crappy sources of entropy"... but then, how is your average user meant to know what is and what isn't a crappy source of entropy?


I'm not sure what you're trying to prove with that scenario? My take away from that is that only experienced users (doctors) should be using paper wallets (performing heart surgery) due to the risks involved.

So, I think you've missed what PrimeNumber7 seemed to be getting at... The fact that a given procedure is complex is a "risk" and needs to be mitigated. You mitigate the risks in heart surgery by having experience surgeons perform the procedure. In the case of paper wallets, advising the average joe on the street that paper wallets are "fine" for the average joe on the street is ignoring all of the "risks" inherent with using them... "crappy entropy", issues with change, issues with spending, lack of understanding of what air-gapped really means etc.

One only needs to view the Bitcoin Tech Support, "Wallet" support and B&H subforums here to see all the weird and wonderful ways that "the average joe on the street" finds to dig themselves into a hole when using Bitcoin (and cryptocurrency in general).

It's great that you feel confident enough to safely create and use paper wallets... I would be confident in saying that a vast majority of people on these forums are not.


So you hand coded all the software necessary in the generation of your private keys? or did you check every single line of code of the software? or did you "blindly trust" the software developer(s) who developed the code you no doubt used to convert your "non-crappy" entropy into private keys?

Pretty much all bitcoin users, myself included, are blindly trusting something at some point... I doubt there are many that have the time nor inclincation to attempt a couple of manual SHA-256 rounds to convert entropy to a private key... (Not sure there are that many who would be keen on attempting a manual RIPEMD-160 either. )

Simply because one set of users is trusting a hardware wallet manufacturer and another set are trusting a software developer doesn't make one group more or less their own bank.

Are there shortcomings in Hardware wallets? Yes
Are there shortcomings in Paper wallets? Yes
Are there shortcomings in ? Yes

There isn't a "perfect" wallet that covers all use-cases. Find what suits your use-case and figure out how to use it "properly".

Covered already. Don't trust crappy sources of entropy. Again, not a paper wallet vulnerability.


I know. The idea was that somehow wifi would unwittingly be connected on an air-gapped computer. If I don't have a wifi card and I don't have an ethernet cable the chance of any of my info leaking onto the web is zero unless someone is extremely close by, looking over my shoulder or picking up radio waves etc.


What do you mean by that? The only real vulnerabilities that I'm aware of would be radio waves, someone filming me/shoulder surfing and a cold boot attack. A farady tent and some hot ram would solve all of these issues. Is there anything else that I'm missing?


Air... Wait for it... Gapped. There is no "while online" on my air-gapped machine. It simply does not have the capability to connect to the internet. I also use a fresh live usb for each boot. Please read through my posts instead of clinging onto what you misunderstood in one of my posts.


They're in your RAM for a few minutes tops just FYI. Less if you apply heat. See https://www.semanticscholar.org/paper/On-the-Practicability-of-Cold-Boot-Attacks-Gruhn-M%C3%BCller/b02403d3239a6d6e78911192f4f82ce987a78944

If you cool your ram down (cold boot attack) you can hang onto this info longer. It's difficult to pull off in the best situation, and you have a very short window of opportunity. Take a hairdryer to your ram after you do a shutdown and you're good to go.

My air-gapped machine doesn't have a HDD. There's no reason to have internal storage.


This should never ever ever be done. Sweep everything. Newbs do this and their change is sent to a change address that they don't have private keys to. Yet another way user error is going to screw you over if you don't know what you're doing.  



FYFY.

Sorry, you're right. Not user error. "User mistake". You're totally right.

If I take 4 random chemicals in a janitor's closet, mix them together and make mustard gas is that:

A. User "mistake"
Or
B. A vulnerability and these chemicals should never be used by anyone ever again?

Wait, an even better scenerio:

A doctor goes into a complicated heart surgery. They screw up, cut through an artery and the patient dies.

Do they:

A. Go to court because of user error/gross negligence

Or

B. That surgery is never performed again because it's "too dangerous for normal people to do".?


I 100% disagree. All I see is a ton of misinformation and FUD (mainly user error = vulnerability).

You're telling my that I'm on wifi, the private keys are stored in my RAM, HDD etc. You don't even know what an air-gapped system is so what exactly am I supposed to be learning from you?

So far I've learned that you blindly trust a hardware wallet manufacturer instead yourself to generate your own private keys. That's not a lesson in my books. That's a step backwards from being your own bank.

---

Updated OP and moved the topic for less biased exposure.

Not necessarily... there are use cases that I've seen where users claim they either have more than one HW and then store them in various remote locations (safety deposit, "trusted" family/friend, hidden location etc).

If you have something stored in a remote location, it may be some time before you're aware of a theft.

Sensation at its best - the subject line says it all.

But besides the sensation, I'm probably missing something, but does it not make sense to just transfer your Bitcoin to a new wallet if you find that your HW wallet has been stolen?
Would you not do the same if your air-gapped home made system is stolen?
One of the best things about HW wallets is that you are bound to notice when its stolen and it will give you time to respond appropriately - not so with your software wallet.

My opinion is that you sound very arrogant, and are unwilling to admit that you are wrong, or that you can even learn something. This is a very dangerious way to handle the security of your coin. 
Your private keys will be in your RAM, and may be on your HDD, depending on your specific method of generating your private keys.

Even if you are using an air-gapped computer, someone with physical access to the computer may be able to obtain any remnants of your private key that remain. This is the same threat model as what is being described with HW wallets, however a HW wallet is easier to secure/hide than a computer. 


I am comparing the threat model of a paper wallet to that of a HW wallet.

If you take a paper wallet out of your safe to spend some of your coin, someone could take a picture of your paper wallet to compromise the seed, minus your passphrase. If you are using a HW wallet, an attacker taking a picture of your HW wallet would provide nothing to the attacker. The attacker would need physical access to the HW wallet for an extended period of time to compromise the seed in a similar way. 

Again, I am comparing the threat model of a HW wallet to that of a paper wallet. See my above response.


I am going to disagree with this statement. If a process is so complex that the average user is going to make a mistake, this is a vulnerability. [/list]

Exactly.

The computer could get infected while online.

So much misinformation. A guy simple turn off the wifi an think this is better than a hw... This is why so many people lost BTC and get hacked. It is not easy to be responsible for your own money . You need to read and get informed

A permanently offline computer is certainly more expensive than 90usd hw and probably less safe (unless you have far more knowledge than an "average tech guy" and lots of time and are willing to work)

What is being described here it not an airgapped device. An airgapped device doesn't not have access to the internet, and will never have access to the internet again. Unplugging the ethernet cable doesn't allow you to airgap the device "again", it simply disconnects the device. If you are ever going to plug that ethernet cable back in, then it's not an airgapped device.

Disconnecting a computer in this way, even if booting from a live USB/CD, does not guarantee safety by any means.

Chris, stop being so aggressive and childish. You could learn a lot from this conversation. Generating a paper wallet is much more complex to be safer, it will require a lot more work.
As an "average tech guy" (as you said) there are a lot of small risks and vulnerabilities that you are ignoring or you don't understand at all. Printers, spending..., Some people even consider using one computer/printer only for that, which is more expensive than a HW.


It is also less practical to spend funds. You would eventually have to air gap the computer again to generate more keys or make a transaction  and even a one small mistake could compromise its security. Using a hardware wallet is much easier and you never expose your keys, even to spend.

Well, if you'd bothered to read it, then you would know that it didn't have anything to do with change addresses, paper burning or water damage or other "blah blah blah".

It was a very real "bug" that was discovered in a relatively popular Paper Wallet Generator that seemed to result in the same keys being generated for "different" users etc. I believe that there have also been issues in the past with vulnerabilities in libraries used by paper (and desktop) wallet software that has caused "weak" keys etc. There was even an issue with a particular browser that resulted in BIP38 Paper Wallets that couldn't be decrypted by other browsers.


Like I said earlier, every system has it's particular pros and cons... as long as you are aware of these, you can take the necessary steps to mitigate them. Simply claiming that "A > B" is a bit close minded and ignorant of the fact that "everybody is not you".

There are people in this world for whom blockchain.com is the "perfect" wallet... and there are others who wouldn't even type blockchain.com into a browser. So, if paper wallets fit your use case, well that's awesome.

I agree. Idk why people still trust these manufacturers when they're clearly incompetent.

Please tell me what part of the computer these "portions of private keys" remain on. Is it the CPU? The mobo? Oh it's the BIOS isn't it.

I'm not turning my wifi off on windows 10 and hoping for the best. I'm using an air-gapped system.


Really? I haven't used a printer for paper wallets in about a year now. You do know that "paper wallet" is just a loose term people use, right? Imagine anything more durable than paper. Use that instead of paper.


Again, sounds like you don't understand what an air-gapped system is. Also, who the hell is generating private keys in a public park where a stranger can take a picture of their screen? Wtf? Go in the corner of your house if you're really paranoid (which of course I am).


How did said attacker guess my BIP38 passphrase so quickly? They must have seen when I typed it out at the public park I generated my keys at I guess.


Better yet, set a great passphrase on everything and don't worry about it. Add a watch-only address to whatever wallet you choose and get on with your life knowing you're actually secure. No need to look out for the next vulnerability from your hardware wallet manufacturer.

---

Guys, I know it sucks that you wasted $100 on a glorified USB but there's no reason to start making up BS and FUD about paper wallets. I'm just trying to teach you how to secure your funds better - without relying on a third party.

Again, user error is not a vulnerability. If you shut your wifi off and think you have an air-gapped system you're going to have a bad time.[/list]

This is insane. Paper wallets have additional security vulnerabilities that HW wallets do not have.

When using a paper wallet:

• You must use a(n) (offline) computer to generate the private key to a paper wallet, and the portions of the private key may remain on the computer long after the fact. This is not a risk with HW wallets
• You must use a printer to print the private key for a paper wallet, and portions of this image may remain on the printer long after the fact. This is not a risk with HW wallets
• You must transfer the private key of your paper wallet onto a(n) (offline) computer to spend any of your coin, risking the private key remains on your computer long after the fact, and risking that someone will take a picture of your private key/paper wallet. Neither of these are a risk with a HW wallet
• An attacker may be able to compromise your paper wallet by being in possession of it temporarily for only a few seconds via taking a picture of your paper wallet. For a HW wallet to be compromised, the attacker must be in continuous possession of your HW wallet for a longer time, and must be in proximity of special electronic equipment. An attacker could stumble across a paper wallet, and compromise it without your knowledge, while a HW wallet being compromised without your knowledge would require a more targeted attack.

---

With a HW wallet, you can use multiple passphrases, including a passphrase that is easy to crack with nominal amounts of coin. You can monitor the coin in the easy to crack passphrase, and if coins are moved from addresses associated with that passphrase, you will know you need to quickly move the coin in addresses associated with a more complex passphrase. An attacker will also not know how much coin you have secured by your HW wallet, so if they find a single passphrase that can be used to generate private keys to spend coin, it may not be a good use of resources to look for additional passphrases that can be used to spend additional coin.

I consider myself pretty average with tech and I managed to figure it out over time. It's all about the effort you're willing to out into it I guess.


That's not necessarily true. The only thing I really need to trust is the RAM on my laptop or desktop when I boot up a live USB. If I have no Wifi card in the computer and no ethernet cable plugged in then I've removed the internet attack vector entirely. A cold boot attack is probably my biggest concern, unless I'm told otherwise.


I don't agree with that logic at all. Let's test this out in a real world scenerio:

The safest car in the world and the least safe car in he world are driven off a 200ft cliff. User error was to blame. Everyone inside both cars dies instantly. Should both cars be considered just as safe now?


I watched it. He basically said you have to have some level of trust, meaning I won't bother with one. I just have to trust my RAM manufacturer not to add something onto it that could send off something remotely.

One car is safer than the other when both are used properly.

I'm tired of people saying paper wallets aren't secure or hardware wallets are just as secure. The only issue with them is user error. That's clearly not a paper wallet issue. It's user error.

Sure, but the fact we are even discussing this means your technical knowledge is more advanced than probably 99% of crypto users. Most users would not be able to generate a paper wallet in a secure manner.

There is always trust involved somewhere. Unless you built it yourself, you are trusting the manufacturers of your computer hardware, and the shippers who delivered it to you. Unless you designed it yourself, you are trusting the people who wrote your OS and software. It's probably also worth mentioning that Trezor device is fully open source, and hardware wallets in general are subjected to far more independent auditing and attempted hacking than the vast majority of other hardware or software.

True, but the majority of issues are from people using them incorrectly. There have also been plenty of issues with paper (or otherwise self-generated) wallets, again, usually from people using them incorrectly. Any method is only as good as the person using it.

I agree with you, but the vast majority of users do not have the ability to do it right. I'm also not claiming hardware wallets are infallible, but they can be just as good as paper wallets if also used correctly.

There's a great answer to this question from Andreas Antonopoulos which I think pretty much summarizes my argument: https://www.youtube.com/watch?v=4fsL5XWsTJ4&t=402

FTFY


My main argument is that trusting a hardware wallet with my funds, and paying them $100 for me to trust them is very similar to trusting a bank and paying them for a safety deposit box. I much prefer trusting no one and not having a bill to go along with it.


Personally, I've seen many issues come up with hardware wallets over the years and I still can't wrap my head around why people use them. I guess it's the same reason people keep funds on an exchange or hot wallet. Ease of use trumps security for the vast majority of users (until they get hacked of course). I'd rather have people learn to store their funds in the most secure manner.

I was a newbie before. I know exactly what newbies go through. I wish someone told me how I really shouldn't be using X or Y service because they aren't secure. Hardware wallets are probably 99% secure, although no normal person could actually confirm that. Paper wallets can be extremely secure if you do it right. I suppose I can make a guide so it doesn't look like I'm just bashing hardware wallets. Actually, I think I made one before. I'll have to find and bump that thread.

Being blissfully ignorant actually works in the fiat system. You can always get your money back if it's stolen, assuming it wasn't cash. It doesn't in crypto, so take every single precaution possible. Don't. Trust. Anyone. That includes hardware wallet manufactures.

That's not accurate though. Some paper wallets will be more secure than some hardware wallets, sure, but the reverse is also true. Given how I use and store my hardware wallet, the only vector of attack which I am susceptible to is a physical one, which sounds like it is the same case for you and your paper wallets. I'd wager that if an attacker gets his hands on either one of our wallets, it is significantly easier to clear out a paper wallet than it is to build the board to extract the seed from a hardware wallet. In addition to that, since I use multiple long passphrases, this attack wouldn't even work against me.

Your main argument seems to be that it is easier to hide a paper wallet than it is to hide a hardware wallet. A hardware wallet is small enough that I can hide it inside a light fitting, in an electrical socket, under the floorboards, bore a hole in a door/shelf/table/furniture/etc and hide it inside, and so forth. There is a close to zero chance a random attacker would find my hardware wallet without also burning down my house.

How is this different to having an unsecured paper wallet which is written down?

I'm not trying to be deliberately antagonistic here. This finding regarding the Trezor is important, and it should be discussed, but saying that all hardware wallets are useless is wrong.

It's much easier to hide something if the thief doesn't know what to look for. I'm not going to get into it, but taking off a piece of something and etched the inside, then adding it back on is a hell of a lot less obvious than a usb in a safe or in your sock drawer. Hiding a hardware wallet or usb just makes it all that more obvious when the thief finds it. If they stumble across your private key but have no idea they've even found it, that's when you've done things properly.


You seem to be taking this very personally. I'm starting to wonder why that is. I'm simply educating users of this forum on a free way to be their own bank. That's why we're all here actually. Is something wrong with that? I don't need a device that i didn't create in my house to hold my cryptocurrency and neither do you. You can create something of your own for free (or I suppose one could argue that it costs time and some paper/ink/materials).

Anyway, paper wallets cannot have issues if you use your own entropy and proper security. They're only as good as the person setting them up, which you can say about literally anything. If I owned a hardware wallet and a paper wallet, I would put all of my funds in the paper wallet unless I needed to spend them. I'm not looking into your link because it's just going to be the same bullshit FUD that's on the bitcoin wiki. Some crap about idiots setting up change addresses wrong, other crap about paper burning or water damage blah blah blah.. again, if you aren't going to bother to learn how to properly secure your funds then you will eventually lose them. I'm fully aware of the attacks that could take place on paper wallets. I'm not too worried about my dice being rigged, someone busting in and performing a cold boot attack or certain radio waves that my laptop may or may not give off. It's never going to be a zero chance that your funds are hacked, but paper wallets are substantially more secure than hardware wallets. The way I generate them anyway. If you go and generate a paper wallet online with bitaddress then you're better off just using a hot wallet or hardware wallet.


Everybody knows that the people setting these passwords will use the tried and true dog name and year of birth or their favourite grandchild or whatever other crap people use now. If you're protecting your hardware wallet with a password that wasn't randomly generated (good luck typing that 37 character randomly generated string of nonsense btw) then you're completely screwing yourself out of the somewhat half decent security that these overpriced USBs offered in the first place.

I'll give you a god password to memorize. Don't worry, it's safe because I don't know where you live. Go ahead. It's super easy to memorize. Just read it over 10x and I'm sure you'll have it. Either that or you could... Write it down. Oh or better yet, you could add it to your password manager. But then you're relying on your master password, which again wouldn't make sense to use a randomly generated password and you're back at square one. You have an unsecure hardware wallet with the password writen down. Or you memorized Molly1989AuntieSueLovesToBake (congrats) and it'll be so easy to crack your password. Not brute force. Who needs brute force when there are so many better/easier ways to crack it.


Good luck and be your own bank.


Well lucky for those thieves they know what to look for when they break in now don't they? Binance was also safe for newbies. So was blockchain.info/com. Being idiot proof is the opposite of safe. If I wanted your version of safe I'd use my debit card through PayPal because that way if I'm watching an infomercial and buy some $99 knives that can cut through a tin roof at least I can get my money back.


Complex = not safe. Got it.

I bet I can teach even you how to properly air-gap a computer. It'll take 10 mins out of your day and you'll have a very useful tool for lots of other things in life.

The risks of making a mistake are the same (don't lose your private keys). What is higher risk with paper wallets? I'm not hashing out my pubkey by hand here. It's the exact same process anyone would use to generate a private key but it's air gapped. Okay, that and I use my own entropy source, but again, super easy to learn.


100% agree.

Saying that "Hardware wallets still aren't secure, and they never will be." because a physical stolen device can be hacked is a bit sensationalist, isnt it?

What are the chances that a hacker come into my house, search and find my ledger and steal it? This is highly unlikely to happen, especially if you are a discrete person about your btc holdings.

Hardware wallets are still safe enough, especially for newbies.


LOL

Paper wallet are much more complex to be really safe. Not everyone is able to properly airgap a computer , and the risks involved in case of a mistake are very high.

There can be nothing as secure as cold storage/offline wallets and this was something I was worried about since if the device gets stolen, it's still possible that the money can be hacked. Is it the case with only trezor or ledger nano as well?