Pages:
Author

Topic: Trezor One vs Ledger Nano S-which one is safer? (Read 483 times)

legendary
Activity: 2268
Merit: 18711
Hey guys,I heard that cryptocurrency aren't actually stored on hardware wallets at all.
Ledger have written a couple of good blog posts for beginners, and one of them covers this topic. You can read it here: https://www.ledger.com/back-to-basics-part-1where-are-my-coins

So,I guess Trezor have a secure element as well,just like Ledger?
Once I get Trezor,I won't have to worry about that someone can hack into my Coinbase account whether I'm offline or online and steal anything?
Correct. Like others have said before me, the Trezor itself doesn't hold any bitcoin/crypto.
Not quite correct. Trezor does not use a secure element like Ledger does, which is part of the reason why Trezor devices are vulnerable to seed extraction method Lucius has mentioned above. That's not to say that Trezor devices are worse than Ledger devices though, and both provide similar levels of protection when an attacker does not have physical access to your device or when using a long and complex passphrase.

legendary
Activity: 2383
Merit: 1551
dogs are cute.
Hey guys,I heard that cryptocurrency aren't actually stored on hardware wallets at all.
They just make some kind of barrier between online wallet and hackers.
Is that true,because I felt really safe knowing that they'll be stored on device itself and cutoff from internet and PC,although I'm aware I'll had to go online to make a transaction.
That's correct. The coins are not stored in any type of wallets. They are always on the blockchain. Your hardware wallet stores the private keys that allows you to spend and control those coins. Ledger, for example, has a secure element. The private keys are stored in the secure element and kept offline even when you are connected to the Internet. If your device is malware infected, a virus still wouldn't be able to get to your keys. When you make a transaction, you give the wallet permission to sign for it by pressing the buttons on your hardware device.     

So,I guess Trezor have a secure element as well,just like Ledger?
Once I get Trezor,I won't have to worry about that someone can hack into my Coinbase account whether I'm offline or online and steal anything?
So even if coins aren't actually stored on device itself,nobody can ever hack my wallet,if I keep seed words written on paper and device stored on secure place?
Pretty much you wont need to use coinbase if you have a ledger or trezor. Make sure your seed is safe and secure!!!!!

If you're buying a ledger, I would suggest you to buy a Ledger nano X instead of Ledger Nano S. Personally, if you ask me, I would prefer a ledger over a trezor(mainly cause of the UI and personal preference and I like ledger live).

Ask us any other questions you have!
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
You can also even add a password to your Trezor (if you end up buying the Model T) that even if you loose the device, nobody can access the interface because it's password protected.

When you talk about a password, you are referring to the PIN needed to unlock the hardware wallet, but that password is not a guarantee that your device will be protected in case it falls into the wrong hands. Furthermore, if you have not set the paraphrase, an experienced attacker who comes into physical possession of such a device will extract the seed from it within 5 minutes.

If someone can find that piece of paper they can indeed access to your coins, so you better keep that paper in a high secured place...

A seed that is additionally protected with a sufficiently strong paraphrase (brute force resistant) will not allow anyone to steal anything - in other words the seed and paraphrase should be stored separately.
legendary
Activity: 1148
Merit: 3117
So,I guess Trezor have a secure element as well,just like Ledger?
Once I get Trezor,I won't have to worry about that someone can hack into my Coinbase account whether I'm offline or online and steal anything?
Correct. Like others have said before me, the Trezor itself doesn't hold any bitcoin/crypto. Look at Trezor as a Key to open your house where you have all your belongings... you will only be able to access the funds associated with your Trezor if you use it to unlock the access to them. Even if you loose the device, provided that you still have your seed phrases, you can re-gain access to your funds by simply restoring the wallet.dat file in Electrum, for example.

The benefit of Trezor is that the keys are generated in a total different device other than your PC, to increase safety. You can also even add a password to your Trezor (if you end up buying the Model T) that even if you loose the device, nobody can access the interface because it's password protected.

Trezor also implements the so called passphrase, which further increases the safety of your funds. You can learn more about it here - Passphrase on Trezor

Quote
So even if coins aren't actually stored on device itself,nobody can ever hack my wallet,if I keep seed words written on paper and device stored on secure place?
If someone can find that piece of paper they can indeed access to your coins, so you better keep that paper in a high secured place...
newbie
Activity: 26
Merit: 4
Hey guys,I heard that cryptocurrency aren't actually stored on hardware wallets at all.
They just make some kind of barrier between online wallet and hackers.
Is that true,because I felt really safe knowing that they'll be stored on device itself and cutoff from internet and PC,although I'm aware I'll had to go online to make a transaction.
That's correct. The coins are not stored in any type of wallets. They are always on the blockchain. Your hardware wallet stores the private keys that allows you to spend and control those coins. Ledger, for example, has a secure element. The private keys are stored in the secure element and kept offline even when you are connected to the Internet. If your device is malware infected, a virus still wouldn't be able to get to your keys. When you make a transaction, you give the wallet permission to sign for it by pressing the buttons on your hardware device.     

So,I guess Trezor have a secure element as well,just like Ledger?
Once I get Trezor,I won't have to worry about that someone can hack into my Coinbase account whether I'm offline or online and steal anything?
So even if coins aren't actually stored on device itself,nobody can ever hack my wallet,if I keep seed words written on paper and device stored on secure place?
legendary
Activity: 2730
Merit: 7065
Hey guys,I heard that cryptocurrency aren't actually stored on hardware wallets at all.
They just make some kind of barrier between online wallet and hackers.
Is that true,because I felt really safe knowing that they'll be stored on device itself and cutoff from internet and PC,although I'm aware I'll had to go online to make a transaction.
That's correct. The coins are not stored in any type of wallets. They are always on the blockchain. Your hardware wallet stores the private keys that allows you to spend and control those coins. Ledger, for example, has a secure element. The private keys are stored in the secure element and kept offline even when you are connected to the Internet. If your device is malware infected, a virus still wouldn't be able to get to your keys. When you make a transaction, you give the wallet permission to sign for it by pressing the buttons on your hardware device.     
newbie
Activity: 26
Merit: 4
Hey guys,I heard that cryptocurrency aren't actually stored on hardware wallets at all.
They just make some kind of barrier between online wallet and hackers.
Is that true,because I felt really safe knowing that they'll be stored on device itself and cutoff from internet and PC,although I'm aware I'll had to go online to make a transaction.
HCP
legendary
Activity: 2086
Merit: 4361
If you are interested in hodling and operations with 1-4 coins, then you can buy the Nano S. If there are more coins, then you will have to uninstall applications, because the memory of the Nano S is very small. This is the disadvantage of the Nano S.
That's definitely true, although it's more of an inconvenience than a real problem.  You can still hold tons of coins on the Nano S, but you just can't display them all at once.
That's not exactly true... you can technically display all your holdings at once (Ledger Live does not remove the account displayed if you uninstall the coin app on the device)... so you'll still be able to see all your balances and transactions within Ledger Live.

What you won't be able to do is interact with all of those coins at once... that is to say, you won't be able to confirm receive addresses or sign transactions etc unless you have the specific coin app loaded on the device. You would still be able to generate a receive address in Ledger Live, you just won't be able to connect the device and have it shown the confirmation on the device screen and you won't be able to create and send a transaction unless you have the correct coin app loaded on the device to allow you to sign the transaction.

However, all it takes is to uninstall a coin app or 2 to free up space and then reinstall the specific coin app that you want to work with. The entire process takes maybe a minute or 2 at the most... so unless you're constantly dealing with 10+ different coin types, multiple times a day... it really isn't a huge deal.
legendary
Activity: 2212
Merit: 7064
There are some great posts and comments noted above in this thread.  I didn't see anyone mention a particular item that Trezor offers for those that are BTC only hodlers.  Trezor ALWAYS issues a btc-only firmware with every new release version.  The firmware is pure BTC minimizing any attack vectors that writing software to support many coin types may introduce.  For those that are pure BTC hodlers, this may be a significant security improvement.  Something for the purist to consider!

Bitbox02 hardware wallet is doing something similar and you can buy separate versions on their website, Bitcoin-only or Multi edition with other coins and features like FIDO U2F included.
This is good especially if you are not using any other coins and if you want to improve security and reduce possibility for bugs in firmware.
There is also Coldcard hardware wallet dedicated only for Bitcoin.
legendary
Activity: 2730
Merit: 7065
I don't understand why anyone would take the risk of using a "USB hardware wallet", when it is not firesafe, and has the possibility of a software problem.     I lean towards a "metal hardware wallet" like the ELLIPAL Mnemonic Metal  OR  Cobo Tablet .

Can anyone convince me that a USB wallet would be as safe?
Your metal hardware wallet still can't help you if you lose your recovery phrase, if you wrote it down wrong, or if the RNG the company uses is weak. Essentially, it doesn't matter. The brand you suggested is worse than the ones this discussion is about. You can purchase one made of titanium and it would still be weak.

On the other hand, if you take proper care of your seed, you can use a hardware wallet made of jelly and always recover everything from seed when your device melts.   
hero member
Activity: 761
Merit: 606
There are some great posts and comments noted above in this thread.  I didn't see anyone mention a particular item that Trezor offers for those that are BTC only hodlers.  Trezor ALWAYS issues a btc-only firmware with every new release version.  The firmware is pure BTC minimizing any attack vectors that writing software to support many coin types may introduce.  For those that are pure BTC hodlers, this may be a significant security improvement.  Something for the purist to consider!
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
Thank you!
This stuff is confusing.. so much to learn.
Easy, there's time to learn all of it. Try to read the reply of o_e_l_e_o to your post/questions.

What you should do when transferring your coin, is to check that the address in the hardware wallet's screen is the same on the software wallet you're using(coinbase).

Get a backup copy of your 24 word seed of your trezor, in case that the hardware is stolen or broken you can recover your funds by importing that 24 word seed to compatible wallets.
jr. member
Activity: 58
Merit: 13
Should I go "offline" on the internet when doing the transfer?
you won't be offline to transfer from exchange to Trezor.  you need an internet connection.

Before I transfer anything to my new Trezor, should I do a deep virus scan to my computer?
Trezor design to protect private keys, signing the transaction only on the device. I can't say anything If the virus can mutate from pc to USB cable.

https://en.bitcoin.it/wiki/Trezor

Quote
In layman's terms, you can connect Trezor to an infected computer and still be able to have 100% control over the funds in your device.

but, to be sure to keep cleaning up your pc.

Thank you!
This stuff is confusing.. so much to learn.
legendary
Activity: 3500
Merit: 6981
Top Crypto Casino
If you are interested in hodling and operations with 1-4 coins, then you can buy the Nano S. If there are more coins, then you will have to uninstall applications, because the memory of the Nano S is very small. This is the disadvantage of the Nano S.
That's definitely true, although it's more of an inconvenience than a real problem.  You can still hold tons of coins on the Nano S, but you just can't display them all at once. 

OP, NeuroticFish gave some good answers to your questions and there's nothing I could add to them.  I'm not sure about the Trezor security issue zasad mentioned, and I've never owned a Trezor (I just don't like the aesthetics).  However, both have been on the market for a long time and there haven't been any major issues as far as security goes and personally I'd trust both the Ledger models and the Trezor ones.  And as long as you have the seed phrase backed up, you don't even need the physical device to have control of your coins.
legendary
Activity: 2282
Merit: 3014
I would absolutely recommend a Trezor over a Ledger any day, and would recommend the Trezor T over the original Trezor if you can afford the upgrade.  Another good option is the Coinkite Coldcard's.. bit less expensive than Trezor T, and arguably a more secure wallet than both Ledger and Trezor.  https://store.coinkite.com/store
legendary
Activity: 2268
Merit: 18711
Before I transfer anything to my new Trezor, should I do a deep virus scan to my computer?
The whole point of a good hardware wallet like a Trezor is that your keys and coins are safely stored on it and protected from any malware on the computer you are connected to. However, it never hurts to do a deep virus/malware scan.

Should I go "offline" on the internet when doing the transfer?
You won't be able to do this when transferring from Coinbase, since you will need to log in to your Coinbase account to create the transfer request. Although you can use hardware wallets in an airgapped set up by only connecting them to a computer without internet access, most people do not do this, and it is fine for your hardware wallet to be connected to an internet enabled computer (in fact, the entire point of a hardware wallet is to remove the necessity of airgapping your computer).

What exactly is stored on the new Trezor?
Is it just that private key with a readout that says something like 1.5 bitcoins?
The seed phrase it will create for you when you first set it up, and the private keys derived from that seed phrase. Your coins are not actually stored on your Trezor, and indeed, never leave the blockchain. When you transfer coins from your Coinbase wallet to your Trezor wallet, what you are actually doing is telling the network that some of the coins which are accessed by one of Coinbase's private keys are being moved to a new address which can only be accessed by a private key from your Trezor device.
legendary
Activity: 2212
Merit: 7064
I don't understand why anyone would take the risk of using a "USB hardware wallet", when it is not firesafe, and has the possibility of a software problem.     I lean towards a "metal hardware wallet" like the ELLIPAL Mnemonic Metal  OR  Cobo Tablet .

Ellipal is closed source chinese made product with modified android os and nothing more than overpriced cheap mobile phone device.
Having no usb connection does not mean that some wallet is better or safer, vulnerabilities have been discovered in Ellipal several times and with each new firmware there are new bug risks.
Vulnerability have been discovered by ledger donjon team that was later fixed, and here are 10 new security vulnerabilities discovered by Towo Labs team in 2020:
https://coil.com/p/RareData/Responsible-Disclosure-Blind-Signing-Vulnerabilities-in-Ellipal/nG_tOlNr_

I would never recommend anyone to use Ellipal wallet and with current price of $139 it is more expensive than both Trezor or Ledger so it's not hard not to buy it.

Before I transfer anything to my new Trezor, should I do a deep virus scan to my computer?

It's best if you can use separate laptop just for crypto related stuff and not your everyday computer, and yes you should clean your computer from all malware and keyloggers.
legendary
Activity: 2268
Merit: 18711
I don't understand why anyone would take the risk of using a "USB hardware wallet", when it is not firesafe, and has the possibility of a software problem.     I lean towards a "metal hardware wallet" like the ELLIPAL Mnemonic Metal  OR  Cobo Tablet .

Or would I really want is a bundled "cold wallet" + mnemonics container like in this bundle?  https://www.ellipal.com/collections/sale/products/bundle?variant=33170514772067
Hardware wallets and steel mnemonic back ups serve different purposes. No hardware wallet is going to be a physically resistant as a good steel product, but a steel product does not let you sign transactions without importing your seed phrase to a computer (and all the inherent risks that come with doing that). They are complementary devices, not mutually exclusive ones. A hardware wallet is used for interacting with you private keys in a secure environment, keeping them offline, but still allowing you to generate new addresses and create and sign transactions. A steel back up is used for long term back up of your seed phrase. It is entirely sensible to use both.

Note that both the Ellipal Mnemonic Metal and the Cobo Tablet performed very poorly on stress testing, with both resulting in complete loss of data - https://jlopp.github.io/metal-bitcoin-storage-reviews/

Also note that the Ellipal hardware wallet had a vulnerability which allowed the seed phrase to be extracted - https://donjon.ledger.com/Ellipal-Security/.
legendary
Activity: 2366
Merit: 2054
Should I go "offline" on the internet when doing the transfer?
you won't be offline to transfer from exchange to Trezor.  you need an internet connection.

Before I transfer anything to my new Trezor, should I do a deep virus scan to my computer?
Trezor design to protect private keys, signing the transaction only on the device. I can't say anything If the virus can mutate from pc to USB cable.

https://en.bitcoin.it/wiki/Trezor

Quote
In layman's terms, you can connect Trezor to an infected computer and still be able to have 100% control over the funds in your device.

but, to be sure to keep cleaning up your pc.
jr. member
Activity: 58
Merit: 13
Hey Gang,
Noob here.
I just ordered a Trezor One to store all of my BTC and ETH long term.
Sorry to say, but this is all kinda confusing.

Currently I have an account with Coinbase that is in a 2 step verification process for access to my wallet
For simple sakes, let's say I have 1.5 bitcoins in that wallet.

Before I transfer anything to my new Trezor, should I do a deep virus scan to my computer?
Should I go "offline" on the internet when doing the transfer?
What exactly is stored on the new Trezor?
Is it just that private key with a readout that says something like 1.5 bitcoins?

Sorry guys...
Now I know how my Mom feels when she goes on the internet for the first time!, Hahaha..
Pages:
Jump to: