Pages:
Author

Topic: Trezor or Paper Wallet? - page 4. (Read 4639 times)

member
Activity: 74
Merit: 10
September 13, 2017, 06:43:12 AM
#27
You could also consider the Ledger Nano S. I believe that it will be supporting NEO in the near future.
newbie
Activity: 13
Merit: 0
September 11, 2017, 07:53:35 AM
#26
For long period of hodling, i think paper wallet is best, but trezor is better if you use your coins everyday.
sr. member
Activity: 404
Merit: 252
September 11, 2017, 07:45:55 AM
#25
I would go for an encrypted cloud storage and a written private keys on paper. Why don't I like a Trezor its electronics if it breaks everything is gone and paper wallet what if your house burns down you lose everything? There are ways to avoid it with a fire safe for example. Every has their personal choice. I am hoping that most wallets in the future will have f2a authentication added so you can't lose any crypto even if they can guess something. Yea it won't stop a private key hacker that's why I say write that on paper. If then your house burns you can still log in on new pc with 2fa and get the private key out again.
full member
Activity: 364
Merit: 117
September 10, 2017, 11:44:36 PM
#24
if you dont wanna spend extra money,  paper wallet is the best option.
HCP
legendary
Activity: 2086
Merit: 4361
September 10, 2017, 06:39:09 AM
#23
This implies that you have to trust that the manufacturer doesn't have any rogue employees.
Much like you have to trust your OS maker doesn't have any rogue employees... or Intel/AMD... or the hard drive manufacturer... or the USB manufacturer... or the WiFi chipset manufacturer... or the RAM manufacturer... or the Ethernet manufacturer... or the Router/Modem manufacturer... or the

Trezor do their best, and you can verify the publicly viewable code is the one on your device...: https://github.com/trezor/trezor-mcu/blob/master/README.md#how-to-get-fingerprint-of-firmware-signed-and-distributed-by-satoshilabs


With Electrum, you run it on an offline computer or bootable USB and you sign the transaction there.  Then you take the transaction to the online computer and broadcast the transaction.  The private key never leaves your offline computer.
And what makes you think that a rogue version of Electrum wouldn't encode your private key in the OP_RETURN section of your transaction prior to signing it? What guarantee do you have that the version of Electrum you downloaded is the same as the code on Github?


You'll NEVER find a 100% secure solution... there are ALWAYS attack vectors... especially when humans are involved.
hero member
Activity: 544
Merit: 507
September 09, 2017, 04:55:31 PM
#22
why would the TREZOR be so expensive?Huh it not like it has NASA level hardware (neither software)
sr. member
Activity: 322
Merit: 250
Make A Bet on WORKING SOFTWARE
September 09, 2017, 02:47:02 PM
#21
When it comes time to spend your paper wallet, you need to load that private key into some kind of device (eg. Computer, phone, table) and sign a transaction. At this stage, you have to worry about the security of that system. Is it compromised? Does it have a hacked/buggy RNG? Will it leak your keys through a side channel? The trezor does the signing securely on the device. The keys never leave it and never need to be loaded onto another device.

With Electrum, you run it on an offline computer or bootable USB and you sign the transaction there.  Then you take the transaction to the online computer and broadcast the transaction.  The private key never leaves your offline computer.
newbie
Activity: 42
Merit: 0
September 09, 2017, 01:57:23 PM
#20
When it comes time to spend your paper wallet, you need to load that private key into some kind of device (eg. Computer, phone, table) and sign a transaction. At this stage, you have to worry about the security of that system. Is it compromised? Does it have a hacked/buggy RNG? Will it leak your keys through a side channel? The trezor does the signing securely on the device. The keys never leave it and never need to be loaded onto another device.
sr. member
Activity: 322
Merit: 250
Make A Bet on WORKING SOFTWARE
September 09, 2017, 01:33:20 PM
#19
This already has been discussed before.

"You can read the trezor-mcu source code on github. Compile the code yourself using the docker build script and check that the hash matches. The bootloader also displays the hash on firmware update." - /u/-johoe

https://www.reddit.com/r/Bitcoin/comments/4u7y3j/is_trezor_really_that_secure/
https://bitcoin.stackexchange.com/questions/32544/how-can-trezor-update-firmware-but-never-receive-malware

From your first link:

Quote
AFAIK, there is no such thing as checking the signature or hash value of a piece of hardware.

From your second link:

Quote
Assuming all this is implemented correctly and has no bugs or defects, that leaves only the possibility of malicious firmware signed by the manufacturer so that it would be accepted by the security firmware without tripping the safeguards. So to some extent, you have to trust the manufacturer.

This implies that you have to trust that the manufacturer doesn't have any rogue employees.

legendary
Activity: 2758
Merit: 6830
September 09, 2017, 12:55:45 PM
#18
Can anyone explain how he knows for certain that a rogue employee at Trezor (or any hardware wallet manufacturer) have not and will not put in nefarious code into the firmware?
This already has been discussed before.

"You can read the trezor-mcu source code on github. Compile the code yourself using the docker build script and check that the hash matches. The bootloader also displays the hash on firmware update." - /u/-johoe

https://www.reddit.com/r/Bitcoin/comments/4u7y3j/is_trezor_really_that_secure/
https://bitcoin.stackexchange.com/questions/32544/how-can-trezor-update-firmware-but-never-receive-malware
sr. member
Activity: 322
Merit: 250
Make A Bet on WORKING SOFTWARE
September 09, 2017, 12:44:58 PM
#17
Can anyone explain how he knows for certain that a rogue employee at Trezor (or any hardware wallet manufacturer) have not and will not put in nefarious code into the firmware?

full member
Activity: 246
Merit: 100
September 08, 2017, 06:12:21 PM
#16
i prefer paper wallet. because trezor is hardware too and it can be hacked one day.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
September 08, 2017, 05:53:17 PM
#15
I just saw a very interesting video of John McAfee talking about safety concerns on Cryptowallets - pointing out that nearly everyone who visits some porn sites sometimes has a key- and/or screenlogger on their computers without knowing it. He says it's just a matter of time that hackers will implement observation for example if you download or open certain wallets to trigger an alert for them that you might typing in interesting data like your private wallet keys.

Kind of opend my mind a bit more and I will definitly try to switch as much as possible to hardware wallets.

See the full talk here: https://www.youtube.com/watch?v=syI9X_uKvUA

If you're going to attempt to use sites of that nature that put viruses or trojans onto your computer, I'd suggest you download Tor Browser to still view the sites but as a version that means things are more restricted such as downloads and cookie saving (from torproject.org).

I would prefer trezor because it is also safe, when it is stolen. The thief doesn't have access but you can recover your wallet with a seed. Paper Wallet shows all needed data for capering the wallet.

You do have to store the seed as a format similar to a paper wallet. You can store your paper wallet on a sandboxed computer just as you can store your seed. You can encrypt your paper wallet private key as mcuh as you want and using as many different techniques of encryption as possible (the same as you can do with your seed from a trrezor), though the trezor gives faster access to your coins.
sr. member
Activity: 462
Merit: 254
September 08, 2017, 04:36:51 PM
#14
I would prefer trezor because it is also safe, when it is stolen. The thief doesn't have access but you can recover your wallet with a seed. Paper Wallet shows all needed data for capering the wallet.
member
Activity: 91
Merit: 10
September 06, 2017, 06:46:52 AM
#13
I just saw a very interesting video of John McAfee talking about safety concerns on Cryptowallets - pointing out that nearly everyone who visits some porn sites sometimes has a key- and/or screenlogger on their computers without knowing it. He says it's just a matter of time that hackers will implement observation for example if you download or open certain wallets to trigger an alert for them that you might typing in interesting data like your private wallet keys.

Kind of opend my mind a bit more and I will definitly try to switch as much as possible to hardware wallets.

See the full talk here: https://www.youtube.com/watch?v=syI9X_uKvUA
legendary
Activity: 1059
Merit: 1020
September 04, 2017, 03:05:21 PM
#12
If you plan to hold it for years without touching the funds, use a paper wallet. Trezor is a cold storage wallet, where your bitcoins are stored in a safe & strong environment with the ability to send & receive, unlike a paper wallet that needs to be redeemed if you want these funds.
sr. member
Activity: 868
Merit: 259
September 04, 2017, 02:43:38 AM
#11
Honestly just go for the paper wallet. I own a Trezor and I still havent used it. I have an ordinary USB that I have encrypted and it contains all the wallet files and the private keys for my cold storage needs.

Backing up your private keys and storing them well is all you really need. I dont see the value of buying more than $100 for a hardware wallet.
newbie
Activity: 17
Merit: 0
September 02, 2017, 01:16:47 PM
#10
Great advice - I've been thinking about buying one of these too.
jr. member
Activity: 56
Merit: 10
September 02, 2017, 01:08:08 PM
#9
i would say paperwallet + Laminate or carve on steel + SafeBox , shock , fire , water proof
member
Activity: 91
Merit: 10
September 02, 2017, 12:15:18 PM
#8
Paper wallets are quite safe but there is always the risk for example that you will have a keylogger trojaner or something like that on your computer that steals your input once you type it in to get acces - where a hardware wallet stores the keys encrypted in an enviroment that will never be exposed to such a risk when you acces your wallets.
Pages:
Jump to: