Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software
Pages:
Author

Topic: [REDACTED] - page 2. (Read 713 times)

hZti
hero member
Activity: 1022
Merit: 642
Magic
Re: [REDACTED]
May 05, 2023, 05:50:47 PM
#28
Quote from: Z-tight on May 04, 2023, 06:28:59 PM
. Your air-gapped device should never be connected to the internet, the risk of losing your funds when you connect it to the internet is surely always there.

Well yes obviously this is the correct answer if you want to know what would be the textbook solution to this question. If you however store such low amounts of bitcoin that it is not an option to buy a hardware wallet then this is still a good working solution. Remember that bitcoin was designed without hardware wallets in mind and has worked flawlessly for many years before hardware wallets.
Z-tight
hero member
Activity: 994
Merit: 1089
Re: [REDACTED]
May 04, 2023, 06:28:59 PM
#27
Quote from: hZti on May 04, 2023, 05:18:15 PM
Old smartphone is usually free but a hardware wallet will cost you at least 50 usd. So I can see why people would consider a smartphone.
Using an air-gapped phone for cold storage is a good option, but only if you can set it up and use it in a safe environent, if you cannot, then buy a hardware wallet, $100 for a hardware wallet should not be a problem if you are storing anything from $1000 upwards.
Quote from: hZti on May 04, 2023, 05:18:15 PM
I think it is still pretty safe if you connect it every few months to quickly send some coins. But that is just my personal opinion.
This is the worry when people use air-gapped devices, they can lose their funds with one mistake or just bad operational security. Your air-gapped device should never be connected to the internet, the risk of losing your funds when you connect it to the internet is surely always there. It is very easy to send funds out of your air-gapped wallet without internet connection, all you need is another online watching-only device, this device would created the transaction, which your would import into your offline device through scanning the transaction QR code, then you use your offline device to sign the transaction and export it back into your watch-only device, and then you broadcast. Read the links below for more understanding on how to do it.

https://electrum.readthedocs.io/en/latest/coldstorage.html
https://bitcointalksearch.org/topic/m.54149363
hZti
hero member
Activity: 1022
Merit: 642
Magic
Re: [REDACTED]
May 04, 2023, 05:18:15 PM
#26
Quote from: Z-tight on May 04, 2023, 08:35:40 AM
. It is easier to use a hardware wallet than this method, only use it if you cannot get a hardware wallet.

Old smartphone is usually free but a hardware wallet will cost you at least 50 usd. So I can see why people would consider a smartphone.


Even if a iPhone can be kept offline easily (just reset it and not safe any Wi-Fi passwords on it) I think it is still pretty safe if you connect it every few months to quickly send some coins. But that is just my personal opinion.
Z-tight
hero member
Activity: 994
Merit: 1089
Re: [REDACTED]
May 04, 2023, 08:35:40 AM
#25
Quote from: hZti on May 03, 2023, 03:52:11 PM
An old iPhone can also be „airgapped“/kept offline if you don’t need to spend coins easily.
Yes a phone can be turned into an airgapped device and used to store BTC, but it has to be done correctly, in a very safe enviroment. I recommend that one should just buy a good hardware wallet if they do not know how to securely set up an air-gapped device, some people set up this cold storage device and still connect it to the internet, that is a terrible decision, it should be totally disconnected from the internet, with airplane mode turned on and Wifi disconnected. It is easier to use a hardware wallet than this method, only use it if you cannot get a hardware wallet.
NotATether
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Re: [REDACTED]
May 04, 2023, 02:19:56 AM
#24
There's no reason to attempt something like this, because a phone just runs an OS like a desktop does, and needs companion software to interact with the wallet anyway. In other words, it would not be a real hardware wallet, because it is connected to the internet, Bluetooth, NFC, and everything you would not want cold storage to be touching.

It's better to just stick with old-fashioned and stand-alone hardware wallets that have worked so well for us up to now.
Becassine
hero member
Activity: 1820
Merit: 775
Re: [REDACTED]
May 03, 2023, 04:38:22 PM
#23
Quote from: SeeBiscuit on January 07, 2023, 07:32:01 AM

Is there a way to add hardware into a phone that is separate from the phone itself but can still interact with it from the inside to sign transactions and truly keep your bitcoins in your phone?



Quote
The BitBoxApp is available on Android so you can manage your crypto on the go. Simply download the Android app and connect your BitBox02 using the convenience of USB-C.

I don't know if you were thinking of something like that, but maybe it looks like it.

In this case you have indeed two devices : smartphone and cold wallet, but if you don't have a pc, it's still very practical and above all very secure.


https://shiftcrypto.ch/app/
dkbit98
legendary
Activity: 2212
Merit: 7064
Re: [REDACTED]
May 03, 2023, 04:35:45 PM
#22
Quote from: Edwardard on February 27, 2023, 10:56:41 PM
Correct. I think mobile phones cant replace hardware wallet features. Btw, still Im interested in knowing about this saga phone's price since it claims to be a blockchain based device (I know even HTC tried this before and failed) , where can one buy it ? Is there a thread about it in the forum? Specs ? Anyone? If someone got any legit source, you may post it here.
I don't know where you can buy that crap and I don't know any spec, research it yourself.
This is just shitcoin junk device that will certainly die soon enough after they collect more money from people.
If you want to waste your money go for it, but don't expect to receive any security of device updates from Saga ponzi scheme.

Quote from: hZti on May 03, 2023, 03:52:11 PM
An old iPhone can also be „airgapped“/kept offline if you don’t need to spend coins easily.
Not really.
You can only be sure something is really airgapped if you remove parts that communicate with cell towers and internet.
I do however agree that old phones can be useful for bitcoin.
hZti
hero member
Activity: 1022
Merit: 642
Magic
Re: [REDACTED]
May 03, 2023, 03:52:11 PM
#21
I would prefer an iPhone about basically any computer wallet, simply because there are way less attack vectors. This does not mean that an iPhone can replace hardware wallets or that I would be comfortable to store large amounts, but still it is an option if you are just beginning with bitcoin and don’t want to invest to much money.

An old iPhone can also be „airgapped“/kept offline if you don’t need to spend coins easily.
goatpig
legendary
Activity: 3766
Merit: 1364
Armory Developer
Re: [REDACTED]
March 01, 2023, 04:10:55 AM
#20
Quote from: Edwardard on February 27, 2023, 10:56:41 PM
Correct. I think mobile phones cant replace hardware wallet features.

Phones TPM speak PKCS11. As long as you're willing write in the native language (Kotlin or Objective-C), and the TPM lists EC as a supported feature (they all do RSA but EC is present maybe 50% of the time?), then you can do hardware exponentiation and signing. Vaults on phones are "fairly" well implemented from my experience, the material is correctly enclaved to the binary that created the entry, and with the proper options at creation, it will never reveal the private data.

Phones as a primary hardware wallet are useless, but as a secondary signer in a multisig scheme, why not?
Edwardard
hero member
Activity: 1050
Merit: 681
Re: [REDACTED]
February 27, 2023, 10:56:41 PM
#19
Quote from: dkbit98 on February 27, 2023, 01:11:09 PM
Quote from: ?? on ??
The Saga Phone is a android phone with an airgapped wallet INSIDE of it. (seedvault)

Is this correct or are we missing something?
I didn't research this Saga Phone deeper, and I didn't test it myself, but I don't consider this shitcoin wallet to be airgapped since it functions similar like regular smartphoens.
When we know how many times Solana shitchain stopped working for various reasons, makes me trust even less their magical Saga wallet.
Any device that have bluetooth, wifi, nfc, phone aim tower connection, and internet connection, can't be considered airgapped device.
I don't know how their seed vault works (could be similar like Samsung and Google phones), but I wouldn't waste a single sat on this presale (scam).
Correct. I think mobile phones cant replace hardware wallet features. Btw, still Im interested in knowing about this saga phone's price since it claims to be a blockchain based device (I know even HTC tried this before and failed) , where can one buy it ? Is there a thread about it in the forum? Specs ? Anyone? If someone got any legit source, you may post it here.
Quote from: ?? on ??
account for sale
Wait. Now what?!!
dkbit98
legendary
Activity: 2212
Merit: 7064
Re: [REDACTED]
February 27, 2023, 01:11:09 PM
#18
Quote from: ?? on ??
The Saga Phone is a android phone with an airgapped wallet INSIDE of it. (seedvault)

Is this correct or are we missing something?
I didn't research this Saga Phone deeper, and I didn't test it myself, but I don't consider this shitcoin wallet to be airgapped since it functions similar like regular smartphoens.
When we know how many times Solana shitchain stopped working for various reasons, makes me trust even less their magical Saga wallet.
Any device that have bluetooth, wifi, nfc, phone aim tower connection, and internet connection, can't be considered airgapped device.
I don't know how their seed vault works (could be similar like Samsung and Google phones), but I wouldn't waste a single sat on this presale (scam).
NotATether
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Re: [REDACTED]
January 12, 2023, 02:11:51 PM
#17
Quote from: erep on January 12, 2023, 02:01:34 PM
If sensitive data from phrase can be backed up to cloud samsung without notification to user then it will be dangerous, but so far the backup to cloud samsung feature is not available and user can only backup recovery phrase for manual save for personal, but I also can't trust that app is open source. But regarding security, in October a vulnerability was detected in the application with the description "Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attackers to execute privileged actions." but the information has been added to samsung security website, maybe they have fixed the problem.

Well, that's not good enough. Most people do not update their apps, so are still running a vulnerable version that is easily exploited using a few pieces of Android malware.

It goes on to underscore why you should not store large stashes on mobile wallets.
erep
hero member
Activity: 2282
Merit: 589
Re: [REDACTED]
January 12, 2023, 02:01:34 PM
#16
Quote from: Pmalek on January 12, 2023, 03:18:49 AM
You are probably talking about the Samsung Blockchain Wallet, although I have never heard talks about it being a full node. I doubt it is to tell you the truth. This solution of theirs was first announced back in 2019. I don't know how popular it has become in the meantime. I don't remember reading any complaints or praises on Bitcointalk. It's both a wallet and a key manager. It's supposedly non-custodial, but who knows?!
I didn't even know that the Samsung Blockchain Wallet has been launched since 2019, I didn't find a review from the forum regarding that information or maybe I have missed it. I've accessed the Galaxy store at https://galaxystore.samsung.com/prepost/000006169962 and found that the app has 0 user reviews and even though I don't get any information on installed apps.

Quote
There was some talk a long time ago that sensitive data gets backed up on Samsung's cloud and that's not something you want. But even if it's an opt in/opt out feature by Samsung, would you trust them not to back anything up even if they say they won't? It's surely not an open-source solution, so you can't verify anything on your own and you are stuck trusting a company whose main business is not crypto or the security of other peoples' funds. 
If sensitive data from phrase can be backed up to cloud samsung without notification to user then it will be dangerous, but so far the backup to cloud samsung feature is not available and user can only backup recovery phrase for manual save for personal, but I also can't trust that app is open source. But regarding security, in October a vulnerability was detected in the application with the description "Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attackers to execute privileged actions." but the information has been added to samsung security website, maybe they have fixed the problem.
Pmalek
legendary
Activity: 2730
Merit: 7065
Re: [REDACTED]
January 12, 2023, 03:18:49 AM
#15
Quote from: Husires on January 11, 2023, 10:10:15 AM
Do you mean that inside your phone there is a "cold storage build-in wallet" or just a wallet that connects to hardware wallets?
I think Galaxy S10 can do that and I read somewhere that they have a phone that works as a full node, syncs, and you can run it as cold storage but I don't remember the exact name.
You are probably talking about the Samsung Blockchain Wallet, although I have never heard talks about it being a full node. I doubt it is to tell you the truth. This solution of theirs was first announced back in 2019. I don't know how popular it has become in the meantime. I don't remember reading any complaints or praises on Bitcointalk. It's both a wallet and a key manager. It's supposedly non-custodial, but who knows?!

There was some talk a long time ago that sensitive data gets backed up on Samsung's cloud and that's not something you want. But even if it's an opt in/opt out feature by Samsung, would you trust them not to back anything up even if they say they won't? It's surely not an open-source solution, so you can't verify anything on your own and you are stuck trusting a company whose main business is not crypto or the security of other peoples' funds. 
Husires
legendary
Activity: 1596
Merit: 1288
Re: [REDACTED]
January 11, 2023, 10:10:15 AM
#14
Do you mean that inside your phone there is a "cold storage build-in wallet" or just a wallet that connects to hardware wallets?
I think Galaxy S10 can do that and I read somewhere that they have a phone that works as a full node, syncs, and you can run it as cold storage but I don't remember the exact name.
Pmalek
legendary
Activity: 2730
Merit: 7065
Re: [REDACTED]
January 09, 2023, 01:28:50 PM
#13
Quote from: dkbit98 on January 09, 2023, 01:02:47 PM
When Passport foundation hardware wallet was released they initially used original ColdCard code that was modified, after that NVK from ColdCard decided to change code from open source to common clause.
So the main reason for ColdCard changing their license is because they don't want people using any of their code  Tongue
OK, I get it now. I have already known about ColdCard's use of Trezor's open-source code to build their own product, but I thought they started off with a Common Clause license despite of that. Seems like they don't want to give their competitors a helping hand in any way, even by providing open-source code. It's cold blooded business but also scumbag behavior.   
dkbit98
legendary
Activity: 2212
Merit: 7064
Re: [REDACTED]
January 09, 2023, 01:02:47 PM
#12
Quote from: Pmalek on January 09, 2023, 03:43:13 AM
I thought they were a fork of Trezor's codebase. Doesn't ColdCard work with a license that doesn't allow anyone to redistribute, use, or modify their code for their own purposes? Or maybe that wasn't the case when Passport forked it...
ColdCard used some parts of Trezor code few years ago, and even if NVK keeps making excuses about it I posted proof of Trezor developer confirming this.
When Passport foundation hardware wallet was released they initially used original ColdCard code that was modified, after that NVK from ColdCard decided to change code from open source to common clause.
So the main reason for ColdCard changing their license is because they don't want people using any of their code  Tongue
pat1900
full member
Activity: 154
Merit: 100
Re: [REDACTED]
January 09, 2023, 03:44:12 AM
#11
Quote from: joniboini on January 09, 2023, 01:57:08 AM
... on a secure chip.
I wonder why HTC abandoned the HTC Exodus 1 and Exodus 1s product line around 2 years ago, which included another hardware-based wallet solution, see https://www.htcexodus.com/

IIRC it wasn't intended to be a cold wallet, but it was more secure than a piece of software while easier to handle than a hardware wallet, I guess.
Pmalek
legendary
Activity: 2730
Merit: 7065
Re: [REDACTED]
January 09, 2023, 03:43:13 AM
#10
Quote from: SeeBiscuit on January 07, 2023, 07:32:01 AM
Or is this impossible and we will always need dedicated hardware that is separate from devices like phones and computers for security reasons when it comes to large amounts of coin?
Even if there was something like that, why would you opt to use that instead of a standalone device that you only connect to when you need it to sign transactions and move your crypto? A phone that you use for all kinds of activities shouldn't be used as a storage for your private keys and seeds. Too many things could go wrong despite what the manufacturers say. Many people simply use their phones as a testing ground for games and dubious apps. They allow permissions and give apps rights without considering what it means. That's not an environment for your digital assets and their signing keys.

Quote from: Charles-Tim on January 07, 2023, 09:21:38 AM
To discourage that kind of habit, it is best to remove the WiFi, Bluetooth, NFC and other components that can be used to connect to other devices and to the internet.
I doubt you will have much success trying that. Those components are surely all soldered to the main board, and unless you know what you are doing and have an engineering background, you are more than likely to destroy your phone. All the antennas and chips can be disabled on the software side, but who knows who and what can turn them on again if required to. 

Quote from: dkbit98 on January 07, 2023, 05:32:33 PM
Passport started as ColdCard fork but with open source software and hardware, with added improvements and much better look.
I thought they were a fork of Trezor's codebase. Doesn't ColdCard work with a license that doesn't allow anyone to redistribute, use, or modify their code for their own purposes? Or maybe that wasn't the case when Passport forked it...
joniboini
legendary
Activity: 2170
Merit: 1789
Re: [REDACTED]
January 09, 2023, 01:57:08 AM
#9
Quote from: ?? on ??
I've read into the Saga phone the other post mentioned, and it does seem to service the market of people who want all four of security reliability convenience and mobility when it comes to hotwallets.
It looks like the phone uses Qualcomm's latest technology on a secure chip. If I read it correctly, this won't be an exclusive technology for some manufacturers, so I won't be surprised if there will be more apps that support it in the future. The point is, it is not gonna be hardware or software exclusive, so I'd rather wait and just use any Android phone with open-source apps to manage my crypto right now if necessary.

Most of these hacks are done via phishing or social engineering anyway. A secure device won't help you at all if you just give your password to whoever asks you. CMIIW.

Quote from: ?? on ??
Also, the question "why cram so much into the phone", has been asked so many times for the last 20 years. Humanity doesn't seem to care, and seems to constantly deviate towards innovation when it comes to smartphones.
You can certainly add more features, but it also adds more attack vectors. It might work, but it will always be riskier to use compared to a dedicated device that is designed to cater to specific needs IMO. Don't know how balanced it will be but I personally don't want to risk security for extra mobility. I never bring my HW outside of my house or when I travel anyway. If I lose it that will be a disaster.
Pages:
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software
Jump to: