Topic: 🔔【ICO】 HODLER HARDWARE WALLET, PAYMENT TERMINAL, TOP100 COINS + TOKENS - page 15. (Read 12300 times)

And how exactly do you have protection against clipboard jacking with addresses sent through email, or a program that detects addresses in QR codes and replaces those? I don't see how requiring the user to double check is bad. I'm sorry if Marketing is getting in your way, but please do not use words like "Impossible", "Cannot at all", etc.


You contradict yourself in that sentence.


How do you plan on allowing the user to verify that it is indeed encrypted properly? With such a complex system, it would be trivial to put a backdoor.


Congrats, assuming you aren't making up numbers.



Ledger + cell phone? The "most advanced levels of security" should not have wallet data touching the cloud at all. I need to state once again:

Dividend form will be available to all investors entitled, so they can select their preference regarding dividend payments. They can be paid in additional HDL tokens, BTC, BCH, LTC or DASH. Entitled investors will also submit their address to which payment will be made. More details regarding dividend can be found in Investment Contract: https://hodler.tech/docs/Investment_AgreementF.pdf

+45% Tokens in March if the signature is on?

**

In 2020 when dividend payment start. How do we get dividends? To the hardware wallet or how to get it?

Thank you for wearing our signature. We promise 5% additional bonus to all investors who do the same:)
By supporting our project, you contribute to your own success.

I will keep an eye on this hardware wallet 

HODLER is designed to allow secure transactions anytime anywhere. Comparing to traditional solutions using hardwallets is like caring your safe and opening it each time you buy something. You can not pay for your everyday shopping using hardwallets, unless you carry your laptop with you. Having just a little bit of money on your mobile wallet is limiting in terms of what you can buy, and also insecure.

HODLER can be offline 100% of time, like Trezor or Ledger, the connection is only needed for couple of seconds when sending money. All connections are encrypted, data is secured, Cloud Backup is not necessary, users can decide if they want to use it or not to i.e allow fork claim. Data is doubly encrypted so data leakage of just one element will not allow hackers to get access to your key and funds. This is the main concept, and understanding this functionality is crucial to see the need for product like HODLER. Luckily, there are many investors seeing the potential and supporting our product. We are happy to say that almost 1mln of HDL tokens has now been sold.

Currently on the market you haven't got a wallet that allows taking and making payments anywhere, supports many coins and provides the most advanced levels of security. I need to state once again: the most important factors for us are security in connection with everyday functionality.

Well is not a lie, not every hardware is vulnerable but check this
http://lmgtfy.com/?q=ledger+trezor+vulnerability
So you can agree with me that address can be hijacked with Trezor, otherwise why it would display adress again? Eg. Legder Nano S is displaying few letters from address, it can be tricked by vanity address in similar letters.  My point here is that the connection with PC is the weakest link, we do not have this link. Addresses cannot be hijacked at all. Using competitors device connected with PC requiring user to take special attention.

That's why Trezor shows the address on it's display for confirmation. If you need to make up lies about competitors and market leaders, you don't have a strong product.

Hello I'm Daniel and I am an the man who stay behind a HODLER security model.


Hardwarewallets that require computer connection are subjected to attacks that can take over clipboard of the infected computer. Our wallet in completely independent. Clipboard hijack attacks are happening more often than breaking of the double encrypted connections and archives. For readers not familar with this technique: http://whatis.techtarget.com/definition/clipboard-hijack-attack

Cloud is dedicated for storing encrypted blobs of IMPORTED wallets. These wallets can not be generated once again from seed while recovering backup, so we storing it safetly in cold storage. Blobs are generated in that way:

And this blob is sent to cloud with point-to-point encryption.
With this storage, when you can recover imported wallets when eg. you lost your device.

At least you stand out from your competition.

> highest security levels
> backs up private keys to the cloud

Yeah, no. I also took a look at the security document you linked and it barely explains anything or gives me confidence that my coins are secure. And again, claiming that it is impossible for certain exploits is extremely misleading, unless of course, you have a time machine, or are space aliens. Trezor has had security instances in the past, as not everything can be prevented. The Trezor doesn't even have Internet access, making it hard to inject malicious code, yet it has had 4 vulnerabilities.

---

Okay, to start, care to elaborate on "the computer being the weakest link?" As a Trezor owner, I'm genuinely curious on how my virus infected computer could steal my coins.

You can say this as often as you want, it's not going to change the fundamental security flaws in your design of a hot wallet with cloud backups.

I went through your questions and I think I have addressed all your concerns. If I missed something please let me know what do you mean by "more details".
Some of the security details and explanation are available in our Whitepaper pdf. Soon we will provide more comprehensive document for the advanced users where we will deal with HODLER's security in-depth. HODLER is an unique wallet as it combines functionality of mobile crypto wallets with the highest level of security available.
https://hodler.tech/docs/SecurityDescription.pdf
Of course, I can inform you personally about about future document updates if you wish.

Ledger Blue cannot be used in shops, it doesn't have a scanner to read QR, no OCR for address recognition, so in fact Ledger Blue is just a version of Ledger Nano S with a bigger screen and some coins added.

HODLER is way much more secure than any mobile device wallet (Android + app), but still gives you a comfort of walking into shops and paying for your shopping. Besides there are no reasons really why number of coins are limited on any crypto wallet. We want to be able to use any of the top cryptocurrencies and/or tokens, and exchange them wherever we are.

No one can proof that Ledger is safer than HODLER and vice versa at this early stage, so there is no point of taking this conversation any further in my opinion.

The general concept of HODLER is to give the highest level of  security and allow everyday transactions regardless of where you are. Solution that is not available on the market.

I'd much rather you address my points, and describe your security features in more detail. Notice how none of your competitors claim to be unhackable?

Also, I'd take a look at the Ledger Blue and add it to your comparisons, as I think that's a much more secure version of what you are trying to do.

About the proof, we going to make public challenge with HODLER.TECH, loaded with, let's say 3 BTC, publish IP where this device will be connected while sending tx and regular work,even give area where it may connect to GSM Network, If it will remain unspent, would it be proof enough for you?


PS. I understand where you coming from, but security is the most important factor for us. HODLER is more than just a cold storage you have mentioned, it is a portable tool, that you can take shopping and use without a need for laptop or a computer.

You create the transaction, sign it and give it to a device that is internet connected. Please address my other points, and not just the "quick buck" part.

Provide proof that your tech is unhackable, preferably in the form of a time machine so that it's time tested.

How would you send coins being offline? HODLER.TECH will sign transaction in sterill offline environment,where seed remains in memory only for signing time (few ms), only transaction will be broadcasted in online mode. About the malware - we can prevent against dedicated malware, by hiring specialist, making own firmware etc.

I have edited my post, sent too quickly.


Well is not cellphone nor smartphone, is not the phone at all. SIM Card is only for GSM internet connection, of course with our baseband processor/firmware

We do not making it all for quick bucks as you are saying. We will finish this project even if ICO will fail. We not point at 200 mil, 2.5 milions is quite enough to start production in near future.

People today using infected/vulnerable phones with wallets, our point is to make crypto wallet handy and secure.

It was a rhetorical question. My point is: you should not have email, Wifi and SIM cards in a hardware wallet!
Being online for 5 seconds is enough for dedicated malware to do it's job. Being online 0.01% of the time is by definition a hot wallet, not cold storage.

The marketing bs makes it look like the typical ICO, designed to make quick money. The entire design is flawed, and the answers above don't change that.

I'm not against a multi coin "cellphone" that connects to a hardware wallet, that would actually be a really good idea, but the hardware that signs transactions should always be offline, just like Ledger and Trezor do this.

People have been given DT2 red for much less.

Thanks for great questions. We are always looking forward to hearing feedback, and hopefully explain all the details that may concern potential investors and future users.

1. HODLER wallet will only use email (ascii 7bit plaintext supported) for sending and receiving payment addresses via encrypted connection. Wallet is 99.99% time in offline mode, connecting to network ONLY when user sends payment (5 sec only). Downloading and installing third-party software will be blocked so even though HODLER software will be installed on dedicated handset, you won't be able to change/add to its functionality or install new apps  etc.
2. Private key cloud storage  ( designed for imported wallets only, nonspawnable by determistic algorithm from seed) encrypted point-to-point and archive with backup secured with password ((can be decrypted only by result of hash function from seed, in HODLER.TECH Wallet only and only with valid seed). Even the cloud hacking does not give access to the keys, because these data for attacker would have same value as output form /dev/random


That's why we have moved all security descriptions into another paper, accessible from website too. Whitepaper will remain clear and for everyone, even without enough IT knowlegde.

3. We plan to support all top 100 coins, ie. ETH, NEO, Cardano and other tokens. Can't list them right now because in 6 months time the crypto market may look quite different and we will adjust accordingly.

If anything above is not clear please let me know. I will be happy to answer any further questions.

Our point is to make possible for hardware wallets to be useful and secure, not just secure.
Thanks again for writing to us,

Being "Controled by Linux OS" provides no security. Please go into the more technical details of your security process (assuming you have one)

My bet: This is going to be some Android phone (Linux) with as many Wallet apps from Google Play installed as possible.

---

Their whitepaper is full of marketing bs, or they are just very uninformed.

Let's begin:


Both the Ledger and Trezor are safe with infected computers, due to their design. Provide some info about why the computer is the weak link, and tell me why no viruses have been written to steal coins from my Trezor so far (minus phishing). Why are the only vulnerabilities (now patched) require physical address to the device, doing things such as freezing it, or opening it up? Why are people bothering with hacking the hardware using somewhat extreme cases instead of just making a program?


With time, and a Wifi accessible device, surely a bypass could be found? Nintendo Switch was designed to not allow 3rd party applications, yet people have had success getting Linux working on it.


something something Bitfinex hack something something shapeshift hack something something coincheck hack something something etc
Claiming something in the cloud isn't hackable is wrong.


Point to point encryption has been cracked in the past. What future knowledge do you have to know that your encryption is safe from everything, even quantum computing and space aliens?


Surprised you didn't call this one impossible. Care to elaborate on the security measures used?

(archive of thread, as I left negative trust feedback)

I consider this extremely shady, or intentionally misleading investors and customers at the very least.