Topic: Need Advice Securing Bitcoin Core Wallet Any Tips? (Read 348 times)

This isn't really the place to discuss hardware wallets or secure elements, but since you brought it up... A secure element is a safe enclosure for your private keys. They stay safely on the chip to prevent outside access. The data is encrypted and only decrypted when needed. Random number generators create the private keys in a fair and unbiased manner.

I am not sure if that answers your question. You can read Secure Elements in Hardware Wallets for more information.

I want to know details about the secure element chip. Can you please elaborate on the cryptographic protocols employed by the secure element chip within the hardware wallet to protect users' private keys and sensitive data?

Any hardware wallet that has a secure element chip, and most of them do, can't be called open-source hardware-wise. The proper term would be as open-source as possible, something that Trezor used in one of its public communications a long time ago when the info about them creating their own secure element was fresh. I think even Foundation describes their products as having fully open-source hardware and software.

It still comes down to trusting someone.

Just like with Open Source software, most people will rely on other people to do that. There's always some trust involved, and that's the part I dislike (but I can't avoid it either).

FWIW, some hardware wallet company create list of authorized reseller/distributor. Although i don't expect they're being monitored closely by HW company. And few hardware wallet is completely open (both hardware and software), where theoretically you could verify everything assuming you have time and skill to do that.

That's a tough one It's recommended to only buy hardware wallets directly from the manufacturer (and never from third parties). After that, you can follow the authentication process on their website. But indeed, it's one of the things I never feel 100.0000000% sure about. It's too much of a black box.

It depends on your usage, and skills. You could go extreme and setup an air gapped hardware wallet, with a seed created from dice rolls. But for the average user, usually a hardware wallet is the safest compromise. Unless they enter their seed words on a recovery phishing website, there's no protection against that.
A hardware wallet is a lot more convenient to use than an air gapped system. You don't have to limit yourself to just one wallet.

Everyone trusts hardware wallets to secure cryptocurrencies, but how can the authenticity of a hardware wallet be verified so that it has not been tampered with or compromised during production or distribution?
Which one do you recommend hardware wallet or air gapped wallet?

You are using your Bitcoin Core software where your private keys are on an internet-connected computer, so you are already much less secure than you could be if you took advantage of its airgapped capabilities.
Since it's a hot wallet, you can at least try to control what you do with that computer. If I were you, I would stop using it for any everyday activities online. Get a different laptop for that. For instance, I have a separate laptop I only use for my financials. I have never done anything else with it. It has never even had a USB connected to it that I use with my other computers. 

Update your Bitcoin Core to the newest v.27.0 that was released 12 hours ago. Among various improvements effecting RPC, P2P network and wallet itself  it has the noticeable  striking point which should positively influence the security - the issue which bothers your most.

You are right, I should have clarified it better but I'll try it now. When I speak about popular websites, I mean the fact that those websites won't inject malware and trojan on your website, so you won't become a victim of computer virus. I think we should take the security of hot wallet as well as we do on cold wallet (but cold should be another level). So, if I have a hot wallet on my computer, I would stick with FAANG websites because they won't inject my pc with malware. But I completely agree with you that these websites track us and trade with our data but if you want to communicate with people and have some fun online, you are almost forced to use them.

Don't click on ads, never click on ads when you have Bitcoin wallet in your computer. I prefer to have different computer for cold wallet, different for hot wallet and different for exploring the world wide web without restrictions.
By the way, no one should buy wallet from Amazon. To be honest, amazon sucks, I have heard that they put all the staff together and ship from them, so, even the shipped and sold by amazon doesn't guarantee you that you'll receive a genuine product.

Those popular website (especially Facebook) sometimes shows malicious ads and may be mistaken as regular content though. Some goods on Amazon (and other online shop) may be fake or malicious. Here's an example, Another crap Amazon wallet find: Material Bitcoin.

I'm glad you understood the importance of choosing a full node and not depending on third-party servers to validate your transactions. I've been using Bitcoin Core since 2017 and I think it's the ideal wallet for Bitcoin due to the multitude of features and control.

Your wallet is so secure as your computer, so take care of the security of your computer, it'd be ideal if you had a notebook just for this and/or a Linux partition just to manage the bitcoin core wallet, to protect the majority of your funds, you can use an air gapped offline computer where you use one to sign transactions (it would be in the offline machine) and the signed transaction would be broadcasted on the online machine, so if you don't know this yet, I recommend doing a lot of research on how to do this the way correct.

Encrypt your wallet with a strong password and make backups, bitcoin core allows you to export your wallet and it is encrypted with your password, therefore, I advise you to create a password between 16 - 20 characters and make sure you don't forget/lose this password. Use complex passwords containing letters, numbers and some characters, do not use well-known phrases or song lyrics as your password, as this is not recommended.

Never stop doing your research, you will find several good quality posts and learn a lot here.

You don't get the point. Anything online is prone to hacking, so the funds in your wallet is never safe if it is online, the most important step to ensure the security of your funds is to ensure that your keys are offline, and to do that you either have to use a hardware wallet or set up your own airgapped wallet. However, you can use an online wallet if it does not store a large amount of coins.

Whether it is hot or cold wallet, I think security is a top priority. I want to take necessary steps to safeguard my funds, whether they are stored in a hot or cold wallet,  I just want to ensure the security of my assets.

If it is easy for you to remember or commit to memory, then it is most likely weak and an attacker can brute force it. If you are going to extend your seed phrase with a passphrase, you should not try to create one you can remember, set a strong passphrase and back it up safely, just in a different location from your seed phrase.

Downloading wallet from a reliable source.

Choose passphrase that will be difficult for other people to guess to hack, but very easy for you to always remember.

This will give Op the impression that popular means safe. Those top websites track us and have far more data on their user than all the other loew reputable websites, we just trust them not to do anything with it (publicly) that will harm their reputation.

- Jay -

Even without a reason, it's good that he runs a Bitcoin Node.

---

By the way, I would suggest you to buy an air-gapped wallet like Passport and Coldcard or download an Electrum wallet on separate air-gapped computer and use that wallet as a cold wallet. I suggest this because if you are looking for maximum security, you need a computer that doesn't have access to the internet and if you run Bitcoin Node, you need to access internet, so this combo is not the safest option. But this doesn't mean either that you'll become hacked. If your computer is clean, you don't download pirated content, don't visit malicious website, i.e. stick with FAANG websites (Amazon, Netflix, Facebook, etc), then you'll be safe (but for maximum security you need an air-gapped computer).

I also want to give you this advice: The more you try to protect your safety, the more responsibilities you'll have to take on your shoulders. The more you'll secure and encrypt everything, the harder it gets to recover things and please keep this in mind. Adjust your wallet's security to how much responsibility you can handle well.

Be aware that while running a full node via Bitcoin Core is commendable, it might not give the kind of security you are looking for.

Running full nodes versus just using a SPV wallet like Electrum is important for network health and more secure in the sense that your own node verifies transactions rather than relying on a third party to do it for you.

However for most people that is not how you get your coins stolen. What you are looking for is a way to protect your private keys. And for that you either need to set up cold storage, as mentioned by LoyceV, or a hardware wallet. While for the latter there have been various concerning developments I'd argue that they are still preferable over just keeping your coins in a hot wallet like the standard Bitcoin core setup.

Note that simply encrypting your wallet as suggested by promise444c5 will not protect your coins in case of a compromised machine. Even something as simple as a keylogger will completely break this "security" model.

This is somewhat vague question, so i only could give vague answer such as,
1. Avoid using Windows OS if possible.
2. Verify the downloaded Bitcoin Core. https://bitcoincore.org/en/download/ shows how to do it.
3. Do not execute command on Bitcoin Core's console or RPC-JSON if you don't understand what it does.


He probably use term "lite" because Electrum doesn't download whole blockchain. It's definitely lighter than Bitcoin Core.