They're currently trying to throw shade on me, claiming I'm out to get them due to some perceived personal slight.
This is false - I engaged on a very similar crusade when the now defunct ether.camp site was offering brain wallets without explaining what they were.
The siren call of brain wallets is strong, but we must fight back.
Topic: John Mcafee & Bitfi launch the first 'unhackable' hardware wallet - page 3. (Read 1379 times)
July 31, 2018, 04:18:12 PM
July 29, 2018, 06:29:41 PM
https://twitter.com/cybergibbons/status/1023667374153773057
The innards are basically a low end Android phone with plenty of parts missing and no important - ie secure - ones added.
Just... WOW. The innards are basically a low end Android phone with plenty of parts missing and no important - ie secure - ones added.
It essentially confirms ALL the worst assumptions made about this device... and then adds some more. The entire thing is a basically snake oil wrapped up with a nice $120.00 bow
Quote from: https://bitfi.com/
The Bitfi wallet is only $120 USD. As a computing device it is much more costly to
manufacture than ordinary hardware wallets, however, our mission is to make this
technology accessible to everyone and to keep it affordably priced as long as possible.
manufacture than ordinary hardware wallets, however, our mission is to make this
technology accessible to everyone and to keep it affordably priced as long as possible.
My condolences to anyone who bought one.
https://www.reddit.com/r/Bitcoin/comments/92dnf8/bitfis_hardware_wallet_is_terrible
https://rya.nc/bitfi-wallet.html
July 29, 2018, 05:58:11 PM
https://twitter.com/cybergibbons/status/1023667374153773057
More fun.
The innards are basically a low end Android phone with plenty of parts missing and no important - ie secure - ones added.
More fun.
The innards are basically a low end Android phone with plenty of parts missing and no important - ie secure - ones added.
July 29, 2018, 03:42:36 AM
Thank you for review...
I cancelled buy bitfi
I cancelled buy bitfi
July 28, 2018, 09:49:35 AM
I've notified Bitfi of these issues, however they showed no interest in fixing them.
Haha, wow. If anyone wasn't already convinced not to buy this wallet, then this surely has to be the nail in the coffin? Why would you trust a company behind any product that show no interest in closing security holes and flaws?
I dunno, ask Microsoft.
They'll just think it's, like, his opinion, man.
More gold - "Kerckhoffs's Principal in essence says that a properly designed system should still be secure even if the attacker knows everything except the key. Here, Bitfi engages in some misdirection, claiming to be "open source", however their "source code" is just a PDF largely made of formulas copy/pasted from the description of scrypt and BIP32. A number of people called them out on this, and in response a comment on reddit, a user going by Bitfi-Team replied:
We never said we were providing full open source code. We clearly state that our wallet is open source. Just check our website before you spew garbage. But if you want the code, do some math. Don't be lazy."
That is pure Gold, apparently the moron doesn't know what open sauce means.
July 28, 2018, 06:01:29 AM
Haha, wow. If anyone wasn't already convinced not to buy this wallet, then this surely has to be the nail in the coffin? Why would you trust a company behind any product that show no interest in closing security holes and flaws?
They'll just think it's, like, his opinion, man.
More gold - "Kerckhoffs's Principal in essence says that a properly designed system should still be secure even if the attacker knows everything except the key. Here, Bitfi engages in some misdirection, claiming to be "open source", however their "source code" is just a PDF largely made of formulas copy/pasted from the description of scrypt and BIP32. A number of people called them out on this, and in response a comment on reddit, a user going by Bitfi-Team replied:
We never said we were providing full open source code. We clearly state that our wallet is open source. Just check our website before you spew garbage. But if you want the code, do some math. Don't be lazy."
July 28, 2018, 05:58:04 AM
I've notified Bitfi of these issues, however they showed no interest in fixing them.
Haha, wow. If anyone wasn't already convinced not to buy this wallet, then this surely has to be the nail in the coffin? Why would you trust a company behind any product that show no interest in closing security holes and flaws?
July 28, 2018, 05:36:11 AM
A security researcher's review here - https://rya.nc/bitfi-wallet.html
Overall it doesn't seem as screamingly bad as it first appeared, but there are still plenty of holes and the developers appear to lack diligence in quite a few areas.
"I strongly advise against using one of these devices. While Bitfi is perhaps not an outright scam, the design is inferior to that of hardware wallets where the device really is needed (or the backup of the seed) along with the passphrase in order to spend the coins. The fact that they're using a lot of the same techniques to sell devices that have been used to sell snake oil so many times in the past makes me very concerned. I've notified Bitfi of these issues, however they showed no interest in fixing them."
Overall it doesn't seem as screamingly bad as it first appeared, but there are still plenty of holes and the developers appear to lack diligence in quite a few areas.
"I strongly advise against using one of these devices. While Bitfi is perhaps not an outright scam, the design is inferior to that of hardware wallets where the device really is needed (or the backup of the seed) along with the passphrase in order to spend the coins. The fact that they're using a lot of the same techniques to sell devices that have been used to sell snake oil so many times in the past makes me very concerned. I've notified Bitfi of these issues, however they showed no interest in fixing them."
July 25, 2018, 05:58:12 AM
- self update mechanism
That one is a little bit worrying.
It appears they're saying you can't turn down updates and indeed there is no such thing as an update, you get the latest and livest version every time you fire it up.
In that case that makes their servers a stunningly tempting target and you have no protection from a nefarious party feeding you something unhelpful.
I get the feel they're trying to invent the wheel while barrelling down the highway and at some point they're going to miss something extremely gaping and obvious.
July 25, 2018, 03:45:16 AM
* this device has three flaws in design:
- human factor
- weak algorithm
- self update mechanism
Please, do not use this wallet.
- human factor
- weak algorithm
- self update mechanism
Please, do not use this wallet.
July 24, 2018, 11:22:49 PM
wow this is interesting, Im going to keep an eye on this. I only have a ledger right now but am very interested in this "unhackable" wallet.
Did you even read the previous posts? Delete it from your "to buy" list.It's basically a brainwallet which has a horrible history in terms of security and compared to ledger, Mcafee's endorsed "unhackable" wallet is a joke.
Not sure if you are trolling, but the address that links to "god" had about $100 of Bitcoin transferred through it less than 12 hours ago.
I've seen that too.Actually, I have an Electrum Wallet named "Collision Tester" which contained the private keys of the most common brainwallet passphrases like Satoshi, free bitcoins, free bitcoin, etc.
But unluckily, I never got the chance to transfer the funds since it's impossible to monitor the wallet 24/7 manually.
July 24, 2018, 09:49:49 PM
wow this is interesting, Im going to keep an eye on this. I only have a ledger right now but am very interested in this "unhackable" wallet.
BUT the bigger question is: if one of these wallets does get hacked will mcafee eat his own penis???
BUT the bigger question is: if one of these wallets does get hacked will mcafee eat his own penis???
July 22, 2018, 08:28:13 PM
My passphase is just God now.
Not sure if you are trolling, but the address that links to "god" had about $100 of Bitcoin transferred through it less than 12 hours ago.
Hah, I was joking as "God" is/was the most common admin password ever.
July 22, 2018, 04:54:22 PM
My passphase is just God now.
Not sure if you are trolling, but the address that links to "god" had about $100 of Bitcoin transferred through it less than 12 hours ago.
July 22, 2018, 04:39:59 PM
-snip-
I checked that address - no funds! You liar!
The address that corresponds to "correct horse battery staple" (also from XKCD) has had almost 16 BTC in it over the years. All the most common passwords (123456, password, qwerty, monkey) have held varying amount of Bitcoin over the years, as have a bunch of obvious Bitcoin-related ones (satoshi, bitcoin, blockchain).
People are awful at security.
someone guessed and stole that years ago!
My passphase is just God now.
July 22, 2018, 04:05:50 PM
-snip-
I checked that address - no funds! You liar!
The address that corresponds to "correct horse battery staple" (also from XKCD) has had almost 16 BTC in it over the years. All the most common passwords (123456, password, qwerty, monkey) have held varying amount of Bitcoin over the years, as have a bunch of obvious Bitcoin-related ones (satoshi, bitcoin, blockchain).
People are awful at security.
July 21, 2018, 10:50:46 PM
Take any claims by McAfee with a pinch spoonful cupful bucketful of salt. He is a proven liar, scammer, con-artist and criminal, who charges $105,000 to pump-and-dump shitcoins.
This phrase in particular stood out to me: "The user-created phrase is impossible for others to guess but easy for the wallet holder to memorize." This doesn't mean your wallet isn't hackable.
Relevant XKCD:
This phrase in particular stood out to me: "The user-created phrase is impossible for others to guess but easy for the wallet holder to memorize." This doesn't mean your wallet isn't hackable.
Relevant XKCD:
QFT
My passphrase
July 21, 2018, 10:10:20 PM
Quote
What you should NOT do
If you will not use the Diceware method, you need to take some time and invest some effort into creating your secret phrase. This single phrase will control all your money and assets and will give you access into all blockchains that are supported by the Bitfi hardware wallet and ones that will be added to the wallet in the future. It is very important that you consider the information provided in this section.
If you will not use the Diceware method, you need to take some time and invest some effort into creating your secret phrase. This single phrase will control all your money and assets and will give you access into all blockchains that are supported by the Bitfi hardware wallet and ones that will be added to the wallet in the future. It is very important that you consider the information provided in this section.
- Do not use any common or popular phrases (for example, you should not use a phrase like “Oh the best part of waking up is Folgers in your cup” )
- Do not use any lyrics from songs
- Do not use any quotes from movie scripts or literature
- Do not use any common expressions or idioms
And when did people ever listen to good advice??!?
A brainwallet by any other name... is still a brainwallet!
July 21, 2018, 02:43:35 PM
Well yeah, that too. Also how many people do you think will be lazy enough to reuse a password or phrase that they also use elsewhere online? The whole thing is just ridiculous.
Most.
Because John Mcafee himself told them it was unhackable. He just forgot to add the wee caveat about that other gaping security hole.
I just noticed Bitfi have addressed this here - https://bitfi.com/guide.html but it still makes far more sense to force a seed on people instead. They can't be trusted to come up with anything themselves.
July 21, 2018, 07:58:47 AM
some brat who cracks your shitty entropy from thousands of miles away who you'll never know a single thing about?
Well yeah, that too. Also how many people do you think will be lazy enough to reuse a password or phrase that they also use elsewhere online? The whole thing is just ridiculous.
Jump to: