Ledger HW1 - Low Cost for High Security
http://bravenewcoin.com/news/ledger-hw1-low-cost-for-high-security/
Topic: OVERVIEW: BITCOIN HARDWARE WALLETS █████████████████ Secure your Coins - page 23. (Read 122206 times)
May 11, 2015, 11:54:24 AM
May 07, 2015, 03:12:30 PM
But why don't you pick both and leave your customers a choice to decide what they'll trust most?
We'll do that in due time - our next product will have both a secure element and a regular microcontroller. In the meantime we decided to focus on the best (security and cost wise) solution first.
May 07, 2015, 03:03:08 PM
I can pick 2 chips.
One is a smartcard. Its specifications are only available through an NDA with the vendor. It has been used in several industries to hold critical secrets since the early 1980s. Considering we haven't seen major repeated breaches of credit cards, pay TV, passports and others I think we can safely assume that their protections hold.
The other one is a generic purpose chip. It's fully documented, nobody ever used it to store valuable secrets. It has not been designed to withstand physical attacks in the first place, so we can also safely assume that it won't.
Both can be backdoored, as I have no way to check that.
Which one do I pick to protect Bitcoin private keys ?
I'd pick the second one for a number of reasons.One is a smartcard. Its specifications are only available through an NDA with the vendor. It has been used in several industries to hold critical secrets since the early 1980s. Considering we haven't seen major repeated breaches of credit cards, pay TV, passports and others I think we can safely assume that their protections hold.
The other one is a generic purpose chip. It's fully documented, nobody ever used it to store valuable secrets. It has not been designed to withstand physical attacks in the first place, so we can also safely assume that it won't.
Both can be backdoored, as I have no way to check that.
Which one do I pick to protect Bitcoin private keys ?
But why don't you pick both and leave your customers a choice to decide what they'll trust most?
hero member
Activity: 560
Merit: 506
I prefer Zakir over Muhammed when mentioning me!
May 07, 2015, 11:15:46 AM
I'm perfectly aware of the values of Open Source (and doing my best to contribute whenever it's possible), but in the end pragmatism rules.
Open source is the pragmatism! Bitcoin won't settle for anything less. You'll see it when 100% open hardware hits market for hardware wallets. If a chip manufacturer doesn't want to change any of their practices just pick another one that will. Bitmain would have lost in the long run if that is true.
I can pick 2 chips.
One is a smartcard. Its specifications are only available through an NDA with the vendor. It has been used in several industries to hold critical secrets since the early 1980s. Considering we haven't seen major repeated breaches of credit cards, pay TV, passports and others I think we can safely assume that their protections hold.
The other one is a generic purpose chip. It's fully documented, nobody ever used it to store valuable secrets. It has not been designed to withstand physical attacks in the first place, so we can also safely assume that it won't.
Both can be backdoored, as I have no way to check that.
Which one do I pick to protect Bitcoin private keys ?
One is a smartcard. Its specifications are only available through an NDA with the vendor. It has been used in several industries to hold critical secrets since the early 1980s. Considering we haven't seen major repeated breaches of credit cards, pay TV, passports and others I think we can safely assume that their protections hold.
The other one is a generic purpose chip. It's fully documented, nobody ever used it to store valuable secrets. It has not been designed to withstand physical attacks in the first place, so we can also safely assume that it won't.
Both can be backdoored, as I have no way to check that.
Which one do I pick to protect Bitcoin private keys ?
First.
May 07, 2015, 10:27:07 AM
I can pick 2 chips.
One is a smartcard. Its specifications are only available through an NDA with the vendor. It has been used in several industries to hold critical secrets since the early 1980s. Considering we haven't seen major repeated breaches of credit cards, pay TV, passports and others I think we can safely assume that their protections hold.
The other one is a generic purpose chip. It's fully documented, nobody ever used it to store valuable secrets. It has not been designed to withstand physical attacks in the first place, so we can also safely assume that it won't.
Both can be backdoored, as I have no way to check that.
Which one do I pick to protect Bitcoin private keys ?
One is a smartcard. Its specifications are only available through an NDA with the vendor. It has been used in several industries to hold critical secrets since the early 1980s. Considering we haven't seen major repeated breaches of credit cards, pay TV, passports and others I think we can safely assume that their protections hold.
The other one is a generic purpose chip. It's fully documented, nobody ever used it to store valuable secrets. It has not been designed to withstand physical attacks in the first place, so we can also safely assume that it won't.
Both can be backdoored, as I have no way to check that.
Which one do I pick to protect Bitcoin private keys ?
May 07, 2015, 09:58:07 AM
I'm perfectly aware of the values of Open Source (and doing my best to contribute whenever it's possible), but in the end pragmatism rules.
Open source is the pragmatism! Bitcoin won't settle for anything less. You'll see it when 100% open hardware hits market for hardware wallets. If a chip manufacturer doesn't want to change any of their practices just pick another one that will. May 07, 2015, 08:40:01 AM
It doesn't prove you that you're using what you see. You don't get to see the microcode running into your chip either.
I'm perfectly aware of the values of Open Source (and doing my best to contribute whenever it's possible), but in the end pragmatism rules.
I'm perfectly aware of the values of Open Source (and doing my best to contribute whenever it's possible), but in the end pragmatism rules.
May 07, 2015, 08:33:44 AM
Open source hardware doesn't solve it either. As soon as you use hardware that you didn't build yourself (and obviously nobody can do that at the chip level) you're trusting someone.
Having the CAD files gives me the choice to pick up a trustworthy party and increases competition between chip manufacturers to win this trust. May 07, 2015, 08:21:48 AM
Open source hardware doesn't solve it either. As soon as you use hardware that you didn't build yourself (and obviously nobody can do that at the chip level) you're trusting someone.
May 07, 2015, 08:20:20 AM
exactly the same way that you can't audit the silicium of another chip available without NDA 
- i.e. they don't.
If they don't what is the point of seeking alternative to banks? Which is better option for your money? Trust a bank that is specifically regulated to guarantee your savings or trust a chip manufacturer that is not regulated and doesn't guarantee anything? Hardware wallets with closed source hardware kind of defeat the entire concept of trust-less money. - i.e. they don't. May 07, 2015, 07:52:30 AM
Open source hardware is essential for all hardware wallets.
Not really. It's a design choice. Using this chip allows us to be cheaper and more secure than with any other chip available today in the industry. We plan to open source as many things as possible always, and will do so for the next versions.
If it is a closed source how will your chip manufacturer guarantee that there is no secret registry built in the chip to extract data from through unlisted API function?
exactly the same way that you can't audit the silicium of another chip available without NDA
- i.e. they don't. May 07, 2015, 06:58:23 AM
The HW.1 sales page will soon be closed to offer it (for the same price) on the Ledger website, so that should clear things up. It'll be an alternative option for people that don't care about packaging or the form factor and don't mind printing stuff themselves.
Thanks for this. Will be useful.On HW1 page I'm reading this and same applies to Ledger :
Quote
It is unfortunately not possible to release HW-1 with a useful open source firmware due to NDA restrictions with our chip manufacturer, however you can verify with the specification that all commands do what they are supposed to do, and that clients are only sending documented commands.
Open source hardware is essential for all hardware wallets. If it is a closed source how will your chip manufacturer guarantee that there is no secret registry built in the chip to extract data from through unlisted API function?
May 07, 2015, 04:33:11 AM
another hardware wallet on the market : http://www.coindesk.com/case-bitcoin-wallet-pre-order/?utm_source=CoinDesk+subscribers&utm_campaign=b96fc1fcc0-EMAIL_RSS_CAMPAIGN&utm_medium=email&utm_term=0_74abb9e6ab-b96fc1fcc0-72116193 
it look impressive !
it look impressive !"Only 1,000 Case wallets will be available for pre-order, with each entry in the initial batch bearing a unique identifier" Impressive, but quite expensive.
this is a joke. preorders? really? XD
May 07, 2015, 04:27:12 AM
another hardware wallet on the market : http://www.coindesk.com/case-bitcoin-wallet-pre-order/?utm_source=CoinDesk+subscribers&utm_campaign=b96fc1fcc0-EMAIL_RSS_CAMPAIGN&utm_medium=email&utm_term=0_74abb9e6ab-b96fc1fcc0-72116193 it look impressive !
it look impressive !"Only 1,000 Case wallets will be available for pre-order, with each entry in the initial batch bearing a unique identifier" Impressive, but quite expensive.
this is a joke. preorders? really? XD
May 07, 2015, 04:25:58 AM
another hardware wallet on the market : http://www.coindesk.com/case-bitcoin-wallet-pre-order/?utm_source=CoinDesk+subscribers&utm_campaign=b96fc1fcc0-EMAIL_RSS_CAMPAIGN&utm_medium=email&utm_term=0_74abb9e6ab-b96fc1fcc0-72116193 it look impressive !
it look impressive !"Only 1,000 Case wallets will be available for pre-order, with each entry in the initial batch bearing a unique identifier" Impressive, but quite expensive.
May 06, 2015, 05:24:59 PM
Ledger is proud to announce the immediate availability of a low cost version of its Ledger Nano hardware wallet: the Ledger HW1. It is fully compatible and interchangeable with the Ledger Nano, but with a cheaper (and less elegant) plastic form factor.
Cost is 15 EUR, including free worldwide shipping.
(+ VAT for European countries)
https://www.ledgerwallet.com/shop
When you receive a Ledger HW1, this is what you get:
* the Ledger HW1 USB key, on a plastic form factor
* a security card
* instructions
* a recovery sheet
You will *NOT* get the following:
* the white box packaging
* the metal key engraved with "vires in numeris" and Ledger logo
* the leather pouch of the security card
* the lanyard and rings for the key
The key form factor is the main difference between the two products. It is very strong and reliable, but it definitely looks "cheaper" than the Ledger Nano metal counterpart. Also, you'll get the HW1 brand, the plastic key doesn't have any mention of the Ledger brand.
Image gallery: http://imgur.com/a/pa2r0
Cost is 15 EUR, including free worldwide shipping.
(+ VAT for European countries)
https://www.ledgerwallet.com/shop
When you receive a Ledger HW1, this is what you get:
* the Ledger HW1 USB key, on a plastic form factor
* a security card
* instructions
* a recovery sheet
You will *NOT* get the following:
* the white box packaging
* the metal key engraved with "vires in numeris" and Ledger logo
* the leather pouch of the security card
* the lanyard and rings for the key
The key form factor is the main difference between the two products. It is very strong and reliable, but it definitely looks "cheaper" than the Ledger Nano metal counterpart. Also, you'll get the HW1 brand, the plastic key doesn't have any mention of the Ledger brand.
Image gallery: http://imgur.com/a/pa2r0
May 06, 2015, 02:54:56 AM
another hardware wallet on the market : http://www.coindesk.com/case-bitcoin-wallet-pre-order/?utm_source=CoinDesk+subscribers&utm_campaign=b96fc1fcc0-EMAIL_RSS_CAMPAIGN&utm_medium=email&utm_term=0_74abb9e6ab-b96fc1fcc0-72116193 it look impressive !
it look impressive ! May 05, 2015, 03:30:48 PM
Still on the fence about the case wallet. I do want one but not sure if I can justify the price compared to how often I'd use it
May 05, 2015, 03:26:27 PM
added: ewallet.
You should probably mention what kind of a reputation black arrow has...https://bitcointalksearch.org/topic/guide-dogies-comprehensive-manufacturer-trustworthiness-guide-1st-feb-2016-456691
And it's not open source. It claims it is, but I don't see a link to the source anywhere.
+1
This company is run by known scammers that reportedly ran a credit card skimming op, and before that ran from Romania to avoid a bust for a credit card fraud operation.
https://bitcointalksearch.org/topic/m.8093443
Their last project, which was miners, was a total bust. they made a series of promises to get people's money and subsequently broke pretty much all of them.
Bottom line, their ethics are nonexistent from anything I can tell. Trusting them with a device that stores your BTC and interfaces with your computer is bordering on insane, IMO. They've stolen before, screwed countless people, and I don't see any reason to think they wouldn't do it again.
May 05, 2015, 03:12:09 PM
Actually, GSM modems and phones are very easy to attack with cheap open-source techniques (like OpenBTS), and from there it is direct path to the crypto controller and stealing our money.
It is essentially another cloud wallet, that stores all data needed to spend the money (and private biometric identifiers) on servers. They ask us to trust multiple third parties to say they can be trusted. The hardware is just another mobile phone from 20 years ago reinvented: modem+small screen+keyboard+sensors. It is only a front for the cloud access. Much cheaper to buy an old nokia and dial-up to their servers with the same kind of security.
Jump to: