Pages:
Author

Topic: Offline Transaction vs hardware wallet, which is safest? (Read 262 times)

legendary
Activity: 1134
Merit: 1597
It depends if privacy is part of your definition of security or not. Airgapped is good if you want to broadcast txs through an amnesic Tor-enabled system like Tails. Sign the transaction on your airgapped PC, put it on a stick (or even better: use a webcam and only scan the signed transaction QR code), broadcast it on Tails and shut it down. Done - everything is now erased as if your tx never happened.

Hardware wallets are just more convenient. Plug it in and it's ready to go.

For me, the reason I prefer airgapped is because you can use an airgapped PC without ever connecting it to the online one and safely broadcast txs without ever interacting with each other. If I use 3 devices (airgapped for signing, offline phone for QR code scanning and online for broadcasting) chances of infecting the airgapped PC are close to zero. And by using an offline phone to scan QR codes, what you're doing is making sure the code does not contain anything malicious.

Moreover, you can download, install and use on an airgapped PC only what you like and want. If you want a free as in freedom OS with fully open-source apps like Bitcoin Core, you can easily do that. With HWs, it's harder.

For example, Ledger requires Ledger Live (or ledgerctl, which I never got fully functional without proprietary stuff or exchange of information through various servers) to install and uninstall apps. That sucks for me because although I can use BTC with Wasabi for example, I first have to go through Ledger Live to install the BTC app on my hardware wallet. And Ledger Live communicates with various servers again.. and so on. Airgapped is 100% offline at all times. If you want to check the balance of an address, you can boot Tails on a separate online PC, open up Electrum and check the balance of a single address. Now the nodes don't know what other balances you possibly own.

Security flaws are present in all devices, be it airgapped PCs or hardware wallets. The only thing is, airgapped PCs are more obvious than hardware wallets are due to their sizes. It truly depends on what you're looking for.
HCP
legendary
Activity: 2086
Merit: 4314
... but would like to focus your attention on ransom a.ttack  that could be possible in the case your  PC (to which Trezor were connected ) were compromised.
Is this even still a thing? I thought that Trezor patched that vulnerability after it was initially announced? Huh

refer release notes from Sept 2020: https://blog.trezor.io/firmware-updates-for-trezor-model-t-version-2-3-3-and-trezor-model-one-version-1-9-3-c94f7a3b6fea
legendary
Activity: 2716
Merit: 7007
Farewell, Leo. You will be missed!
Hardware wallets are designed to be easy to use and safe. You won't make a mistake using a hardware wallet. You will be fine.
But OP should still be careful. A hardware wallet won't warn you when you are about to make a serious mistake like sending funds to the wrong address, if you have a clipboard malware, if you are overpaying on the network fees, or making a mistake on the amounts being transacted. Doublecheck and then triplecheck if you are not sure.

this is, in my opinion, the most proven method and the safest than all the others.
I am a hardware wallet user myself, but I wouldn't claim that a hardware wallet is safer or provides a higher level of security than a properly configured airgapped computer. it's certainly easier to use and more user-friendly. 

Hardware wallet is secure and easy too use, but has some vulnerability and database hack.
The database hack doesn't affect the security of your funds and private keys. It affects the privacy of those whose data got leaked though. In terms of vulnerabilities, what exactly do you mean? Trezor has an unfixable problem that could result in your seed being extracted. But that can be mitigated with a strong passphrase or a unique code saved on a SD card. Ledger has certain closed-source elements in its code related to the Secure Element. Although an issue, I wouldn't call it a vulnerability.   
legendary
Activity: 2898
Merit: 3937
May be one day i will become ''tech guy" and read the code myself and how trezor actually works. And i will get the answer that why inserting trezor on internet cafe is same as safe as signing an offline transaction on a clean always offline pc in an airgaped room.
It shouldn't be impossible to read the code; you only have to find out if Trezor, at any point will communicate the seed through the USB interface. If it doesn't, then you should be safe.

I don't think it is a problem with our current technology. HW wallets are designed to keep your seeds safe and the only reason why it would ever become unsafe is if the seed is revealed through a zero-day vulnerability; ie. design oversight. Obviously, airgaps can be compromised and it is also possible for zero day exploits to appear.
legendary
Activity: 2128
Merit: 6871
Lets say i want to transact a very important huge amount of btc transation of my life. Which one should i chose between Offline signing transaction via Electrum(gpgverified) or trezor bought from official site.
Using airgapped pc for sending transactions is fine if you are advanced crypto user with lot of coins and if you know what you are doing,
but if you are average crypto user without confirmed clean computer and linux operating system, than it is probably easier to use trezor hardware wallet with passphrase option.
Both devices are not connected to internet and there are pros and cons for both approaches, if you don't already have airgapped computer it would take time installing and setting everything up.
Ordering hardware wallet devices can also be problematic for privacy so I would suggest using PO boxes or alternative address and reading this [GUIDE] How to buy a Hardware Wallet the right way.

legendary
Activity: 2926
Merit: 2125
Both are highly secure from a point of view of average users. I would recommend hardware wallets to less experienced users and cold storage to more experienced users (though they already know what to do and don't need any advice). Hardware wallet is a bit simpler to use, while cold storage is a bit less likely to be targeted by hackers. In both cases, you still need to carefully verify that your addresses haven't been replaced before sending, that you're using clean systems, etc.
full member
Activity: 1260
Merit: 102
Hardware wallet is the safest in my opinion, if you are not used to sharing your secrets. But if that happens, then there is nothing safe. So if you can remember the storage place of your hardware wallet, then it is the safest.
full member
Activity: 1498
Merit: 146
Both are safe but in practical if you made single mistake while transacting the broadcasting message to the device which is connected online then your funds are at risk but with hardware wallets its more safe but nothing is completely safe until you know what you are doing and what are the results are going to be.
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
May be one day i will become ''tech guy" and read the code myself and how trezor actually works. And i will get the answer that why inserting trezor on internet cafe is same as safe as signing an offline transaction on a clean always offline pc in an airgaped room.
I bet you don't need to read source codes for them to call you a tech guy or in able to understand on why its still safe to use a HW on infected device/desktop. Enough knowledge on how it basically work is enough, and the idea that your HW's and the airgapped computer's private key never get in touch on computer's network is enough for your to say its much safer than using any mobile and desktop wallets or exchanges.
legendary
Activity: 2268
Merit: 18492
once trezor developers were in a ask me anything program on youtube and my question to them was "is it theoritical/technologically possible for a compromised pc to retrieve private keys from trezor while its connected" their answer was yes it possible but with current technology cannot do.
This is the correct and responsible answer. Anyone telling you their piece of technology, hardware, software, whatever, is completely immune to attack and could never possibly be compromised is lying to you at best, and at worst incompetent and doesn't understand security. There is no such thing as an impenetrable device. Perhaps it is incredibly secure, perhaps there are no known attack vectors against it, perhaps it has never been successfully attacked, perhaps it has been extensively audited and pen tested and remains secure, but for someone to say there is no possible scenario now or in the future where there exists at least a chance of compromise is just plain wrong.

All of the above can also be said for airgapped wallets. There are known attacks which can extract private keys from airgapped devices (however unlikely these attacks are, they do exist), and there are almost certainly other attacks which we don't know about yet. There are known attacks against hardware wallets (which are also incredibly unlikely), and there are almost certainly other attacks which we don't know about yet.

It all comes down to balance of risk. Both solutions, if used properly, are incredibly secure, and are far far more likely to be compromised by user error than by malware or physical attacks.
legendary
Activity: 1876
Merit: 1058
The OGz Club
Lets say i want to transact a very important huge amount of btc transation of my life. Which one should i chose between Offline signing transaction via Electrum(gpgverified) or trezor bought from official site. This is a hypothetical question. i want some expert opinion to confirm my bias that offline transaction on airgaped pc is more secure than a trezor.

Cold storage wallet means that your private key will never come in contact with online. Private keys will be in written form in a metal or something that is not easily damaged. Because online contact only has a chance to leak, Otherwise, it is protected.

Hardware wallet is also secured if you believe the provider, cause they said there is no feature in HW to reveal your private keys though it is stored your keys and you have to connect it online.
So, HW is less secured than cold storage.
newbie
Activity: 25
Merit: 5
Lets say i want to transact a very important huge amount of btc transation of my life. Which one should i chose between Offline signing transaction via Electrum(gpgverified) or trezor bought from official site.

This is a hypothetical question. i want some expert opinion to confirm my bias that offline transaction on airgaped pc is more secure than a trezor.

If you are making that question, it is because you are not comfortable with the technology


They are both safe as long you understand how to make an offline transaction safely.

As you don't look like a "tech guy", my suggestion is that you use a hardware wallet.

Hardware wallets are designed to be easy to use and safe. You won't make a mistake using a hardware wallet. You will be fine.
u can call me an advanced user. surely i do not understand code though. today i did the offline sign a transaction on an always offline pc which had a clean install of windows 10 with only two softwares installed electrum(gpg verified) and  deepfreeze installed. after doing the transaction i wiped the OS.
i want to tell u something and this is on record. once trezor developers were in a ask me anything program on youtube and my question to them was "is it theoritical/technologically possible for a compromised pc to retrieve private keys from trezor while its connected" their answer was yes it possible but with current technology cannot do.

May be one day i will become ''tech guy" and read the code myself and how trezor actually works. And i will get the answer that why inserting trezor on internet cafe is same as safe as signing an offline transaction on a clean always offline pc in an airgaped room.
member
Activity: 434
Merit: 11
Hardware wallet is safe. In hardware wallet there are many security terms if we follow these we never lost or be scammed and it is modern way to transfer money. It is huge benifit for business man and huge companies.
legendary
Activity: 2268
Merit: 18492
Lets say i want to transact a very important huge amount of btc transation of my life. Which one should i chose between Offline signing transaction via Electrum(gpgverified) or trezor bought from official site.
Where are the private keys for this huge amount of coins stored at present? What about the seed phrase? Depending on how and where the seed phrase was generated might dictate which method you have to use, or which method is best to use.

Completely hypothetically, I would probably recommend a hardware wallet. I use both hardware wallets and cold storage, I feel my cold storage is probably marginally safer than a hardware wallet, but I also appreciate my cold storage set up is significantly more complicated than setting up and using a hardware wallet, with far more possibilities for fatal errors. If you are not sure which one is right for you, then the answer is a hardware wallet.

If you are super paranoid, you can always use your hardware wallet via a clean airgapped computer. This doesn't mitigate any physical attacks on the hardware wallet, but it would help to mitigate against things like clipboard malware or any unknown vulnerabilities which could leak your private keys from your hardware wallet.
legendary
Activity: 2898
Merit: 3937
I would lean towards a Trezor, or hardware wallets in general. The main point of a hardware wallet (and also your air-gapped wallet) is to protect yourself against a malware attack. That is by far the greatest threat to Bitcoin users. Hardware wallets are specifically programmed to not reveal your seeds/private keys using the MCU and thus any communication should be sanitized and will make it difficult to compromise as compared to an air-gapped wallet.

Loads of users do not know how to properly setup an air-gapped wallet, comparatively, hardware wallets are more suitable for the general userbase as compared to an air-gapped wallet. If you'd like, HW wallets like ColdCard has an SD card feature which allows you essentially achieve an airgap as well.
legendary
Activity: 3108
Merit: 5364
Fortis Fortuna Adiuvat⚔️
This is a hypothetical question. i want some expert opinion to confirm my bias that offline transaction on airgaped pc is more secure than a trezor.

If you have a properly made air-gapped wallet and a secure way to broadcast a transaction, there is no doubt that it is a more secure way than any hardware wallet, whether it is open source or has/does not have a secure element.

What you should always look out for is clipboard malware if you use a hardware wallet, which is why such devices exist, among other things. I'm not sure if it's possible to compromise a transaction that was made offline, and if there is a danger of clipboard malware or some other way for the transaction parameters to change the moment they come in contact with the infected online device?
legendary
Activity: 1596
Merit: 1141
Hardware wallet is secure and easy too use, but has some vulnerability and database hack. Even though they vulnerability has been fixed, it's doesn't prevent from other undiscovered vulnerability.

Air gapped storage can be the most secure wallet (but it's not 100% safe since malware can still infect) if you know how to set up properly, using right tools and know various malicious attack that can steal your Bitcoin even using air gapped storage (e.g. malware).
member
Activity: 938
Merit: 13
Tontogether | Save Smart & Win Big
In any case, an hardware wallet would be better, if you mean a transaction, then in an hardware wallet, the blockchain sends a signal to your wallet in offline mode, this is, in my opinion, the most proven method and the safest than all the others. Yes, and all seasoned people always advise a hardware wallet in any case, under any circumstances.
legendary
Activity: 2212
Merit: 5622
Non-custodial BTC Wallet
Lets say i want to transact a very important huge amount of btc transation of my life. Which one should i chose between Offline signing transaction via Electrum(gpgverified) or trezor bought from official site.

This is a hypothetical question. i want some expert opinion to confirm my bias that offline transaction on airgaped pc is more secure than a trezor.

If you are making that question, it is because you are not comfortable with the technology


They are both safe as long you understand how to make an offline transaction safely.

As you don't look like a "tech guy", my suggestion is that you use a hardware wallet.

Hardware wallets are designed to be easy to use and safe. You won't make a mistake using a hardware wallet. You will be fine.
legendary
Activity: 2170
Merit: 3858
With hardware wallets, you don't leak your private key when you sign your transactions so you are safe.


Quote
Another common application of this solution is for cold-storage or hardware wallets. In that scenario, the extended private key can be stored on a paper wallet or hardware device (such as a Trezor hardware wallet), while the extended public key can be kept online. The user can create "receive" addresses at will, while the private keys are safely stored offline. To spend the funds, the user can use the extended private key on an offline signing bitcoin client or sign transactions on the hardware wallet device (e.g., Trezor).
Pages:
Jump to: