Topic: OpenDime or Hardware Wallet? (Read 934 times)

That's a huge concern for those looking to use Tangem cards as a long-term storage for crypto. Since you don't control the private key, you don't truly own the funds. This bearer instrument is only useful for small amounts of crypto or doing quick transactions between peers. If you're looking to store large amounts of crypto, then hardware wallets are your best option.

What I like most about the Tangem cards is their cheap price (and design) compared to other crypto wallets. They make great souvenirs or collectibles that might be worth a ton of money in the future (if they become extremely rare). The Tangem team should've made the app open source so that people who kept their cards for safekeeping, could use them in the future even if the company ceases operations in the long term.

As for the OpenDime, I don't think this will be a concern since data is stored locally on the device without the need to interact with a separate app to read the private key. You could hold your OpenDime for years without worries. The OpenDime could be a true winner in this regard, unless the Tangem team decides to provide an "exit route" to users if they decide to disappear in the middle of the night.



Yeah. I wouldn't use Tangem cards for serious long-term storage of crypto, except for performing quick transactions with it. Different types of wallets have their unique purposes in real life. Those looking for a reliable long-term cold storage for their crypto will simply use a paper wallet or a hardware wallet, while those who want to send crypto offline quickly will use an OpenDime or Tangem card.

Nonetheless, hardware wallets are ten times better than the OpenDime but they're relatively expensive. People who cannot afford a hardware wallet could simply use an OpenDime over a software wallet for added security without breaking the bank. At least, we have many options to choose from.

we have to trust their closed source firmware for that to be true, the risk mitigation being that it was audited by a third party company:


that's enough to make me cautious. i would also be slightly worried about physical integrity. i really don't like the idea of having zero back-ups. it has a sweet design though, very slick looking.

That's a good point actually... it really is borderline "not your keys", almost to the point of "custodial" except, theoretically, no-one has access to the keys...

Having said that, I guess the point of these cards isn't really to be a long term HODL type device... more a way you can load up some coins and pass them onto someone in a relatively secure (offline) way.

In that way they are closer to the opendime then a true hardware wallet.
A better way of thinking about it is a rfid security device that you must have to send bitcoin.
What I did not know (because I did not read they do not hide it) is that you can never get the private key.

Need to sign a message. Nope, not from what I can see in the app.
Another shitfork comes out, can't claim it.
etc.

-Dave

I'm not sure about this part:

So, it appears that the Tangem card cannot be "reset" to regenerate a new key... instead it just arrives "as-is" with a preloaded key? That seems... "problematic".

Still, they look nice

According to the FAQ on Tangem:


So you can have some protection. The issue I see is that you NEED the Tangem app to unload that card. They disappear in the middle of the night that could be an issue.
You can't even get your private key from the card.
Once again from their FAQ:


But yeah, they are nice looking. Part of why I bought them. Never going to store any crypto on them. It's not 100% not your keys not your coins but it's close.

-Dave

Thanks. It seems that the battery of the Nano X lasts for a very long time. As long I'm able to use the device for a couple of years, nothing else matters. My Ledger Nano S is dying (screen very dim) so upgrading to the new version would be ideal. A great thing about hardware wallets (especially the ones offered by Ledger) is that they're durable, reliable, and extremely secure to use. They may be expensive than other solutions (paper wallets, bearer instruments like the OpenDime or Tangem Card, software wallets, etc.), but I'd say they're worth every penny.

I've been looking into other hardware wallets for Bitcoin, and I've found one called the "ColdCard" by Coinkite. It looks like a little calculator, yet it seems to do its job well for securing Bitcoin transactions on the go. What I like most about this device is that you can make offline transactions with it. It works on its own (standalone) without the need of a computer or mobile device. The only thing is the price, but if it works as intended, it's a great alternative to the Ledger, Trezor, or other hardware wallets on the market today.




The cards looks great. I'd personally buy it as a souvenir or collectible, than using it seriously for crypto payments. The RFID chip may be weak, but at least the phone is able to recognize the card. What I like most about the Tangem Card is its variety of crypto offerings including (but not limited to) Bitcoin, Ethereum, XRP, and more. The OpenDime is only limited to Bitcoin and Litecoin, so the Tangem Card has an advantage here.

I wonder if the Tangem Card's level of security has been put up to the test? I've seen that it's possible to steal information from RFID chips using a RFID scanner. Just like anyone with an RFID scanner is able to steal your credit card information (if it has an RFID chip), the same could be done with the Tangem Card. Unless the card itself has some level of encryption, I don't see it as a viable solution for storing crypto in the long term. It's always recommended to store small amounts of crypto on bearer instruments like the OpenDime or Tangem Card just to be safe. For serious crypto use, hardware wallets are unmatched for now.

So because of this thread I ordered some Tangem cards



Look nice. The RFID is a bit weak IMO. My phone reads a lot of other RFID cards easier then this.
With that being said I do not know if it's something in the app that they use doing something odd with the read that is causing it to ask to scan multiple times.
Other (non crypto) apps reading other cards just tap and it's there.

The app is nice, and I can see this as a nice way to pass someone a known amount of BTC (or ETH since I got one of those cards too) without worry.

Stay safe.

-Dave

It often takes a long time for a device's battery to completely crap itself out, usually it just loses its capacity, and since these wallets last a long time on a single charge, even losing 80% of the battery's capacity won't make using it too inconvenient.

Good to know. As long as people use strong passphrases for Trezor devices, nothing can go wrong. It's yet the time where no one has experienced issues with them (like the loss of funds), so the company would have no reason fix the aforementioned vulnerabilities on new devices. But I'm better off using tried-and-tested Ledger devices since the company focuses heavily on security than anything else.

I've been considering other hardware wallet options like the CoolWallet S and the FuzeW Wallet. They have a "credit card" form factor, which means that they easily fit on your everyday wallet. I'm not sure how secure these wallets are, but they're a convenient way to carry crypto with you on the go. The only downside is that they're powered by an internal battery, when that's not the case with the Ledger Nano S or the Nano X. My concern is that once the battery dies, you'll have to dispose the device as it becomes useless. Even if my Ledger Nano S' screen is fading, it'll still be usable without it by using the internal buttons. I'm often looking for durability and security, so I'm wondering how these credit card sized hardware wallets will perform over time.

Anyhow, I'll stick with my Ledger Nano S until it dies completely. The OpenDime could be a great addition to my arsenal in case I want to send Bitcoin to another person in a physical manner. With a cost of only $35 per "stick", I'd say the OpenDime doesn't break the bank.

Not to bash your opinion, but I think your post really should say "Satoshi Labs should have done SOMETHING to inform their customers about the security of their Trezors"

I think that is what is the more serious issue.

They have known about it for months, but you go and but a new one from them the need for a complex password is STILL not mentioned anyplace obvious it the docs.

That is where the issue is.

Keep safe out there.

-Dave

Hasn't happened so far so I doubt we will be seeing 'many' users losing their money due to this. Not a single person has shown up to say they lost anything because someone stole their Trezor and they had no passphrase or too weak a passphrase. I'm sure most people who keep a large amount of money on their Trezor use a secure passphrase anyway.

Satoshi Labs should have done more to inform their customers about the security of their Trezors but the risk is overstated.

Designing a new hardware device with the purpose of addressing certain vulnerabilities may not be cost-effective for the company. But if it wants to stay in business, this is the way to go. I'm admired by how Ledger quickly addresses issues within its devices. It's no wonder why it's trusted by many people worldwide. While the Trezor One has all the bells and whistles (like a Touchscreen), it's not as popular as the Ledger Nano S or the Nano X. I'd definitely upgrade my Nano S to the newest version once it dies. For a couple of years since I've bought it, I'd say that it's a long-lasting device that's worth every penny.

The Nano S has been reduced in price over time as a result of the Nano X's release on the market. For only $40, you can safely and securely store your crypto for piece of mind. It's better than a paper wallet, and much more versatile than a bearer instrument like the OpenDime or the Tangem Card. Still, each device has its own use cases for the mainstream world. At least, prices are affordable which allows the "unbanked" to get access to the world of crypto in an easy way.



I was not aware about that. Thanks for letting me know. For some time, I was considering to buy this device for a friend. I've thought that it was battle-tested like the Ledger, but now you've proved me wrong. I have to say that no other hardware wallet out there on the market matches the Ledger. Its unmatched security and durability, its what has kept it on the top for so many years. I wouldn't be surprised to see its competitors losing ground in the future as a result of Ledger's success.




It's a good thing to have more than one Ledger device that would serve as a backup in times of need. You can still get access to your crypto even if your Ledger dies if you've preserved your recovery seed/mnemonic. Even though my Ledger Nano S' LCD screen is fading, I can still see the on-screen text by putting it on the light. It's somewhat inconvenient, but at least the device is usable. If the screen fades completely, I'll be sure to grab a new Ledger Nano S as replacement. I'm tempted to get the Nano X, but it's somewhat expensive right now. It'll continue to use the Nano S model until the Nano X gets reduced in price over time.

I've been considering buying both an OpenDime and a Tangem Card for safekeeping. I'll fill them up with small amounts of Bitcoin to use them for paying in a P2P manner when there's no Internet connection. They make a great collector's item or souvenir for any crypto enthusiast. I personally like the Tangem Card as it has a wide-variety of cryptos to choose from. There's a card for Ethereum, and Bitcoin which are my most favorite cryptocurrencies right now. They'll go great with my ever-growing collection of crypto items.

Well, that's the issue. It's a hardware fault, not a software one, so there is no way to patch or fix it. They will have to design and release a whole new device.

Be aware that since KeepKey is based upon the Trezor, they also suffer from the same vulnerability.

I've seen a couple of users on here saying the same thing. I've also had my original Ledger device for years and not noticed any fade, but I've since added to my collection with several more as back ups, so if it does eventually fail then no harm done. As you say, $40 for several years of use is not unreasonable by any means.

If they don't care about fixing the issue, then they don't care about their customers at all. I detest businesses with such malpractices. That's why I'm better off using Ledger's hardware wallets since they're tried-and-tested over the years. Not to mention, Ledger is very trusted in crypto land. Trezor could lose its business if sometime in the future, someone gets its funds hacked from the hardware wallet itself. The customer could sue the Trezor company by not taking due responsibility in patching/fixing the device's vulnerabilities. Then, it'll be the end of the road for Trezor as we know it. As long as no one has experienced an undesired situation with Trezor's hardware wallets, the company will not care about fixing the situation beforehand.

Besides, there are many other hardware wallet manufacturers out there in the crypto/Blockchain industry. Apart from Ledger, other companies like KeepKey, and ColdWallet provide hardware wallet solutions for crypto users. The more hardware wallet manufacturers there are, the greater the competition (which tends to be good news for the end user).

I'll stick with my Ledger Nano S hardware wallet until it dies. I've noticed that the screen is becoming dimmer (or fading) over time. This might be an indication that the device needs to be replaced soon. It has lasted for quite a few years now, so I'd say it's worth every penny.




The real problem will be newcomers into cryptocurrency as they're not aware of how everything works in the space. They'd simply use the Trezor normally without doing their own research. Rest assured that if any of these noobs lose their funds because of Trezor's negligence, things will start taking up heat. I wouldn't be surprise to see a class-action lawsuit sometime in the future, if many people start losing their hard-earned crypto funds as a result of company mismanagement. As long as nobody loses their coins, the company won't care about mitigating said vulnerabilities on its devices. Luckily, there are many other alternatives out there on the market which gives us peace of mind.

So far, Ledger hardware wallets are #1 in terms of security and reliability. It's the best thing around when you want to enjoy the convenience of a hot wallet and a cold wallet. I'd highly recommend it over bearer instruments like the OpenDime or the Tangem Card for large amounts of crypto. If you just want to send crypto to another person in a physical manner, then these bearer instruments are an affordable way to do it. I'd personally use both a hardware wallet and a bearer instrument for added convenience.

An attacker must have physical access to the wallet, yes. However, in the attack as detailed by the Ledger Donjon team here (https://donjon.ledger.com/Unfixable-Key-Extraction-Attack-on-Trezor/), the PIN is bruteforced at a hardware level, meaning the security features of a prolonged delay between attempts or locking the device if too many wrong attempts are made are bypassed. The PIN is brute forcible in a matter of minutes.

There has been no similar attack demonstrated on a Ledger device in which the 3-strikes-and-you're-out PIN protection system has been able to be bypassed.

I've never used the "attach to secondary PIN" feature, but it would still be secure unless a similar attack was demonstrated as above.

Of course the longer and more complex of a pass phrase you use the harder it is to crack, but even an eight-character pass phrase with unusual characters, numbers, upper, and lower case letters would take many years to crack. 

But that's not addressing my other concern about the Ledger and the use of a secondary PIN.  Regardless of how stupid-long your pass phrase is, hiding it behind a 9-digit numeric PIN would defeat the purpose, no?

No you need a stupid long passphrase.

Take a look at this discussion:

https://bitcointalk.org/index.php?topic=5222188.0;all

-Dave

I'm no expert, but I think that the security issues with Trezor (and similar wallets like KeepKey) are over-hyped.  It's my opinion that no hardware wallet should be used without a Bip39 pass phrase, and that includes the Ledger.  By simply using a Bip39 pass phrase, your seed alone becomes worthless.  Unless the hacker knows your pass phrase your bitcoin is safe, at least for a brief period of time, depending on the complexity of the pass phrase.  Hopefully this will provide you enough time to notice your wallet has been lost or stolen.

It's my understanding that in order to hack the Trezor to obtain the seed-phrase the hacker needs to have the wallet in hand (i.e. physical attack,) and he must know the PIN.  Even the strongest PINs are vulnerable to brute force, being composed of numbers only.  Like Ledger models, both Trezor wallets have a security feature that wipes the device if the wrong PIN is entered three times.

According to the Kraken Labs article:

So, one can reason that if the PIN on a Trezor is trivial to brute-force, then why would the PIN on a Ledger be any more secure?  In fact, I would suggest that if one can brute-force your Ledger PINs then your coins are more at risk.  I'm assuming that anyone who has set up a Bip39 pass phrase on their Ledger has also attached it to a secondary PIN (which should also be "trivial" to brute force.)  The secondary PIN is a pretty cool feature that the Ledger offers, and helps to save time when accessing your wallet, but wouldn't that compromise the added security of having a strong pass phrase?

Again, I'm only hypothesizing about something of which I have limited understanding.

I have said it in other posts here but since it came up I will say it again.
It's the attitude in general of Slush.
Problems with the pool back in the day, sweep it under the rug and ignore it.
More issues with payouts from the pool and other things, ignore it.
Trezor security issues, ignore it.

It's just the way they do things.

-Dave