What is missing in my opinion is the "Security" tab, because potential buyers should be aware that, for example, Trezor HW has an irreparable vulnerability that allows someone with physical access to the HW to extract the seed in a relatively easy way if it is not protected with a passphrase or the user uses an SD card for backup.
The key extraction isn't an easy thing. It's a relatively cheap thing and something you can do without too big of an investment. But it requires knowledge of what to do. If you are talking about laser fault injection for physical manipulation, it's not something that a person with no understanding of that can do based on a video released by Ledger's security team. And that video, like those similar to it, don't explain the step-by-step attack process, which is good. 
Topic: Recommended wallets on bitcoin.org (Read 76 times)
~snip~
But with a closed-source unit like a Ledger, you can't check anything related to its firmware, and yet it's there among the recommendations.
But with a closed-source unit like a Ledger, you can't check anything related to its firmware, and yet it's there among the recommendations.
However, if you look under "Transparency" you will notice that only Ledger is marked "Acceptable", and all other HW are marked "Good". Maybe it would be better if there was a "Caution" label, but obviously we don't all have the same attitude when it comes to things like leaking the complete database of their clients or the option of sharing seeds with third parties.
What is missing in my opinion is the "Security" tab, because potential buyers should be aware that, for example, Trezor HW has an irreparable vulnerability that allows someone with physical access to the HW to extract the seed in a relatively easy way if it is not protected with a passphrase or the user uses an SD card for backup.
It's an unusual choice of hardware wallets they have added on the site. Some point to specific models (Trezor Model T, Ledger Nano S, etc.), others don't specify the model and just mention the brand (Coldcard or Passport). Their criteria mentions many points related to security and how there must be proof of secure systems, libraries, etc. But with a closed-source unit like a Ledger, you can't check anything related to its firmware, and yet it's there among the recommendations.
Even if there are only 8 recommendations for HW, I think that is quite enough for someone to choose the device that suits them best. Someone will need HW that supports multiple cryptocurrencies, someone else will look for one that supports only Bitcoin, and then it's quite easy to decide (at least for me personally).
I don't want to say at all whether the recommendations on that site are good or bad, but anyone who wants to buy good (reliable&secure HW) should look for the experiences of other users, and I know that every good HW has its own topic on this forum.
I don't want to say at all whether the recommendations on that site are good or bad, but anyone who wants to buy good (reliable&secure HW) should look for the experiences of other users, and I know that every good HW has its own topic on this forum.
Yes bitcoin.org is legit.
BUT, and this is just me talking, I would not trust their recommendations for anything.
A while ago lukejr suffered a hacking event / hack: https://bitcointalksearch.org/topic/bitcoin-developer-lukedashjrs-wallet-was-hacked-5432665
On the bitcoinknots page that he maintains there WAS actually a warning that the downloads may be compromised. It's not there anymore but for a while it said
At NO TIME did the maintainer of the bitcoin.org site put up a warning.
1 line of text was all that was needed. But NOPE they didn't.
If they can't do that, then why trust them with other recommendations.
-Dave
BUT, and this is just me talking, I would not trust their recommendations for anything.
A while ago lukejr suffered a hacking event / hack: https://bitcointalksearch.org/topic/bitcoin-developer-lukedashjrs-wallet-was-hacked-5432665
On the bitcoinknots page that he maintains there WAS actually a warning that the downloads may be compromised. It's not there anymore but for a while it said
Quote
This server may be compromised at present. Do not blindly trust downloads - always verify both the SHA256 hash and the OpenPGP signatures match. Luke Dashjr's OpenPGP key is likely to be compromised, so his signatures have been removed and replaced with other developers' signatures. There is no evidence of a tampered download ever having been offered, but if you have downloaded Bitcoin Knots after 2022 December 1st, it is recommended you re-verify the files you previously downloaded to be sure.
At NO TIME did the maintainer of the bitcoin.org site put up a warning.
1 line of text was all that was needed. But NOPE they didn't.
If they can't do that, then why trust them with other recommendations.
-Dave
2- On what basis are the 8 hardware wallets recommended on this site?
Bitcoin. org has this process written out on GitHub for how they check out wallets before recommending them. You can view it here: https://github.com/bitcoin-dot-org/Bitcoin.org/blob/master/docs/managing-wallets.md
Basically, anyone can request that their hardware wallet be added. But even if you do there's no guarantee it will actually get the recommendation in the end.
Bitcoin.org is a legit site they have an open source code from this link below and the hardware wallets listed there are competitive units except for the ledger wallet.
- https://github.com/bitcoin-dot-org/Bitcoin.org
There's an alternative check this link below for a list of open-source hardware wallets.
- https://bitcointalksearch.org/topic/list-open-source-hardware-wallets-5288971
- https://github.com/bitcoin-dot-org/Bitcoin.org
There's an alternative check this link below for a list of open-source hardware wallets.
- https://bitcointalksearch.org/topic/list-open-source-hardware-wallets-5288971
Hello all friends 
I visited bitcoin.org and saw that it only recommended 8 hardware wallets.
I have two questions:
1- Is bitcoin.org a valid site?
2- On what basis are the 8 hardware wallets recommended on this site?
thank you very much
I visited bitcoin.org and saw that it only recommended 8 hardware wallets.
I have two questions:
1- Is bitcoin.org a valid site?
2- On what basis are the 8 hardware wallets recommended on this site?
thank you very much
Jump to: