Topic: OpenDime or Hardware Wallet? - page 2. (Read 934 times)

They might get lucky, and no one will have their coins stolen by this method before their next model is designed, released, and becomes widespread (I am assuming of course they will fix the issue in question when they inevitably do release a new model - it would be crazy not to). Having said that, however, they only need a single user to lose a significant amount of coins via this method for it to explode all over Twitter, Medium, Reddit, this forum, etc., and cause significant damage to their reputation and their profits. It's a very large risk they are taking, especially when it can be mitigated quite easily.

If it were me, I would send an email to all the customer addresses they have, explaining the vulnerability and stating how to protect against it. I would put an announcement on their social media channels, on their web page, and I would include a section in their set-up guide explaining that it is highly recommended for all users to use a (complex) passphrase. Anything short of that is highly irresponsible on their part.

That is exactly what they are doing. Hoping that with enough time people will simply forget about it. Until the Ledger team revealed the problem to them they either didnt know about it or didn't care to mention it to the public. New users probably don't know about the issues, unless they did extensive research on the product, and lets be honest, most probably they didn't. 

They haven't, unfortunately. There was a discussion about this on another thread while back. Essentially the attack is at a hardware level, so isn't fixable/patchable with a software update - it will take an entire redesign and new model being released to fix it. The attack is mitigated by using a long, random passphrase. Essentially, the seed is still at risk of being stolen, but if you are also using a passphrase then at least your coins won't be stolen. However, Trezor's response to the whole thing has been wholly unsatisfactory in my opinion. They have released a couple of blog posts which essentially say "Meh, use a passphrase", but do nothing to address the underlying concerns of their users. They don't mention the requirement to use a passphrase to new users in any of the documentation, they haven't made any attempt to contact existing users about the vulnerability, and there is no mention of it on their main website. They seem to be trying to just sweep it under the rug, and hoping nothing bad comes from it.

I stopped using my Trezor devices partly because of the vulnerability, but also partly because of their attitude to it. I no longer trust them.

Yes. I've figured that the real deal about the OpenDime or the Tangem Card is making a backup of their private keys. Considering the way they've been designed, it's practically impossible to do this without "breaking the seal". In this regard, paper wallets are a winner. By all means, I'd treat bearer instruments as they were physical cash. That's because if you lose them, there's no way to recover your funds unlike a hardware wallet. For different situations/scenarios, you'd choose one type of wallet from the other. As for me, I'd choose both a bearer instrument like the OpenDime and a hardware wallet like the Ledger Nano S for added convenience.



I wonder if Trezor managed to address those flaws already? If it wants to stay in the competition, I'd need to focus on securing its devices against external attacks. But if they haven't mitigated the issue yet, then I believe that the "Ledger" company will prevail in the long run. I believe that "Ledger" is the most trusted hardware wallet manufacturer in existence, with a proven track record of security and reliability. I like its hardware wallets the most as they're much more compact than the Trezor. Both are neck-and-neck in terms of providing a wide-array of cryptocurrencies to choose from. But the Ledger will always be a winner in my book.



I did not know about that earlier. Thanks for clarifying. If that's the case, then it would be worth doing the upgrade from the Nano S to the newly-released Nano X. After all, the new version has greater capacity for installing various crypto apps at the same time. As an avid crypto user, I often use more than one cryptocurrency for trading and long-term storage. The Nano S is very limited compared to the Nano X as you cannot install more than 3-4 apps at the same time because of its memory limitations.

Despite this, there's no denying that hardware wallets are better than bearer instruments like the ones mentioned previously. As it's said in the real world, "you get what you pay for". Bearer instruments like the OpenDime and the Tangem Card may be cheaper than hardware wallets like the Ledger or the Trezor but they're not "bulletproof". They're only great for sending small amounts of crypto to friends and family in a physical manner. Even though they're inferior than hardware wallets, I'd certainly love to own an OpenDime and Tangem Card as a sort of "souvenir" or "collector's item".

Yeah, although these devices are closer to a paper wallet in similarities than they are to classical hardware wallets, they still don't fulfill the same purpose. I have a couple of paper wallets I use for long-term cold storage, because they are very secure and easy to back up by creating multiple copies. This isn't possible with an OpenDime or Tangem card. Similarly, you can't really use paper wallets as cash, since the receiving party has absolutely no way to know whether you created the paper wallet securely, or whether you have another copy of the wallet which you can use to then rip them off.

That certainly used to be the case, but since the security flaws in the Trezor discovered by Ledger and Kraken, I have stopped using my Trezor devices. Ledger certainly has the lead with the current devices on the market.

It doesn't rely on Bluetooth, as you can disable it entirely and use a USB-C cable instead if you want. Only public data is transmitted via Bluetooth anyway - an unsigned transaction from phone to wallet, and a signed transaction back from wallet to phone - and even then it is encrypted. As far as I know, no one has demonstrated any potential security risk from using Bluetooth. There's more info here: https://www.ledger.com/ledger-nano-x-bluetooth-security-model-of-a-wireless-hardware-wallet/

Exactly. A hardware wallet can be re-used for as long as you like, while a bearer instrument like the Tangem Card or the OpenDime are one-time-use. They have their unique purposes for different situations in life. I already own a hardware wallet, but I'd love to get an OpenDime as a souvenir or collector's item. It's a great little device that I could use to send money to my friends personally if the need arises. Both the OpenDime and the Tangem Card are a great way to treat Bitcoin as "physical cash". I think they're much better than an ordinary paper wallet since the private keys are not exposed to prying eyes. Despite this, you're prone to losing your Bitcoin if the device gets lost/stolen while in a paper wallet it's much easier to make a backup of the keys.




Yes. It's only great for small amounts of Bitcoin than anything else. One would treat these devices as you would with physical cash. But the true winner is the hardware wallet because of its greater degree of security (not to mention that it's also reusable). I'd say that both the Trezor One and the Ledger Nano X are neck-and-neck when it comes to providing unparalleled security with a wide-array of cryptocurrencies to choose from. Still, I doubt how secure the Ledger Nano X would be considering that it relies on Bluetooth connection for interacting with it. It's the reason why I've kept my Ledger Nano S for a long time. Which is why, I'm not planning to switch to another hardware wallet until my good-old hardware wallet dies for good.

Totally, and I've actually been meaning to pick one up for a while just to play around with it. I've got no issue plugging a card reader in to my desktop at home, or even carrying one around in my laptop bag. I am not, however, going to carry one around in my pocket for transacting on the move. The whole point of a wallet shaped like a credit card, in my opinion, is that it can be carried around inside your fiat wallet like a credit card. If Satochip incorporated bluetooth, RFID, NFC, or some other secure wireless transmission capabilities, I would almost certainly use one for my day to day crypto spending rather than a mobile wallet or a different hardware wallet.

But it does look cool.
American Express tried something like this years ago when they launched the blue card.
Plug a usb reader into your computer to make online purchases. Was supposed to be more secure.
Don't know if it was or not, but it never was that popular.


https://web.archive.org/web/20081207004902/http://bits.blogs.nytimes.com/2008/12/05/a-credit-card-loses-its-high-tech-cred/

-Dave

The Satoship isn't a direct competitor to the OpenDime as it is not designed to be physically handed from one person to another. It is more of a competitor to the "standard" hardware wallets like Ledger or Trezor devices. Although inexpensive and sleek looking, the big downside is that you have to buy and carry around a bulky card reader as well, so it doesn't exactly fit in your wallet as you would expect.

Not really sure how you can market this as an alternative to OpenDime considering the OpenDime is $14 each and single use, whereas your wallet is $27 and multi-use?

They clearly serve two different audiences, one for absolute noobs whereas yours appears to be for intermediate users...

Maybe you could compete with OpenDime if you sold yours in packs of three for a slightly lower price, maybe $50 or so?

I use OpenDimes and I would not consider them a hardware wallet. More of a digital paper wallet.
Same with the Tangem cards.

Both are nice products for storing BTC and giving to people but there are not wallets.

But in the end are no different then a paper wallet with a sticker over the private key.
Once it's opened, it's out there in the open.

-Dave

Ahh good catch. I must have skimmed over that bit.

That would be difficult I think. It says on the website it uses near field communication, which generally has a transmission distance of around 2-3 inches. That's not the same as radio frequency identification which is used to skim credit cards, which can have a range of a couple of feet. Once you factor transmission through a closed wallet and clothing, an attacker would probably have to hold their phone up against the person in question for 30 seconds or so, which seems unlikely to go unnoticed. Still, if you were really concerned about that, then I suppose you could buy an RFID blocking wallet.

To be fair, it looks like you can enable a pin:

emphasis mine

It looks like you have to order the card with that option enabled, they say they say it's available on demand.  That seems like feature that should come as a default setting, and would be enabled or disabled using the app.

Otherwise, it takes holding the card against your phone for about 30 seconds or so.  It seems like someone could walk around in a crowd with the Tangem app running and scan people's pockets or purses for cards.  Once one is found, he could linger close enough to the card to extract the funds.

I wouldn't say so. If you are willing to pay $15 for an OpenDime which you can use once, then paying $40-$60 for a Ledger Nano S (depending on what deals they have on at the time) which you can use as many times as you want for years on years hardly seems expensive to me.

Absolutely not. Whoever has possession of the card has possession of the funds. There is no way to back up a seed phrase or private key, and there is no way to apply a password or PIN. It is definitely less secure than a password protected mobile wallet. It is essentially the same as carrying cash. I don't carry much cash around with me either, but I still think it would be cool to be able to be able to physically hand someone $20 worth of BTC, for example, rather than make an on-chain transaction.

The Tangem card seems legit, but to be honest, I'm not seeing the allure.  I don't necessarily see it as alternative to the Open Dime, other than off-chain hand off.  It seems like it's marketed more as "mobile hardware wallet" that can also be used for off-chain transactions.  So, if you buy one for the NFC to phone function, you should ask yourself; are your funds any more secure than a hot wallet in a mobile app?  I don't think so, quite the contrary, in fact.  They specify in their faqs that unlike a hardware or mobile wallet, if the card is lost, so are the funds.  And therefor, you shouldn't keep a lot of bitcoin on the card.  Well, I don't leave a lot of cash in physical wallet, and I don't keep much bitcoin in my hot wallet.

But, if I lose my phone or it gets stolen, I can brick it as soon as I can find another phone to use.  I have a very strong PIN set on my mobile wallet, and it's different from the strong PIN set to get into my phone.  If I'm able to brick the phone in time, and I don't lose the funds in my hot wallet I'll be able to recover them.  No BTC lost, just the phone itself.

With the Tengem card you need to have your phone available, and you need to have the card available.  If you lose your phone then your card is useless, and if you lose your card your bitcoin is gone.  If you're like me, you probably also lost your cash, because your card was in your leather wallet and you lost the whole god damn thing.  So, you're left with no funds, and phone that can't send bitcoin.  In other words if you lose one or the other, you're fucked.  However, if I lose my wallet I still have my bitcoin I can spend.  If I lose my phone, I probably still have cash or credit cards in my pocket. As long as I don't lose both, I'm not fucked.

Nice. This looks like a better alternative to the OpenDime because of its sleek design and cheaper price. Sometimes I wonder how could this be reusable without compromising the security of the Bitcoin contained inside the card? If it's as they claim it to be, it'll be a blast to use for day-to-day Bitcoin transactions in a truly P2P manner. At least, the Tangem card has other cryptocurency options like ETH and XLM. As far as I know, the OpenDime is only available for BTC and LTC which greatly limits one's options for paying crypto using it as a bearer instrument.

Considering that the OpenDime or the Tangem card are not suitable for storing large amounts of Bitcoin on it, a hardware wallet is still the best thing around when you want to combine the convenience of hot wallets with the security of a cold wallet. The only downside is that hardware wallets like the Ledger and Trezor are somewhat expensive to acquire.

Nonetheless, bearer instruments like the OpenDime and the Tangem Card are best thing there is when it comes to making quick payments in-person "off-the-grid". But I'd highly recommend a hardware wallet anytime as they have greater advantages than the previously mentioned devices. Just my opinion

There isn't much info about them.
The company is called Tangem AG. Their headquarters are in Switzerland.

You can find the addres on the official website, https://tangemcards.com/:
Global Headquarters, Tangem AG,
Baarerstrasse 10, 6300 Zug, Switzerland

It shows up on Google Maps as well.

You can find some more info about the company here:
https://www.uid.admin.ch/Detail.aspx?uid_id=CHE-390.112.525

It must. From the FAQ, each card indeed only holds a single private key:


I'm not a fan of the privacy implications of address reuse, but the idea of a bearer instrument that you can also spend from is pretty exciting. At $13, they are cheaper than OpenDimes (by a hair) but offer a much slicker look and better functionality.

Does anyone know about the company behind them? The site has only been up for a few months.

No, I don't own Tangem card. I think you're right, the change returns to the same address. But I can't say for sure.