Topic: VERITASEUM DISCUSSION THREAD - page 119. (Read 251040 times)

No worries. Given the information available and what was stated, I simply don't agree with your conclusions. You have clearly shown that you have zero love for hardware wallets of any kind (e.g. "I dislike (and never recommend) using hardware wallet") - yet, claim to be impartially objective. Before coming here, I did my own due diligence and thoroughly scrutinized Trezor. I've learned that while it is  not completely bullet proof, especially under certain circumstances - just like with your method, it is certainly counts among the best means to secure one's private keys from a cost, convenience and security perspective.

I am confident others will see what I see.

My method is...
1. Less bulky.
2. Far cheaper.
3. More convenient.
4. More secure.
5. More control.
6. Brand-independent.
7. Trustless.

Here's the thing.
If you trust Trezor too much, there is nothing further I can say, or need to say.

We will have to agree to disagree here. 

I simply cannot see how your method offers a less bulky, a cheaper, more convenient and more secure means of storing one's private keys than Trezor. However, as the saying goes: To each his own. No harm, no foul. 

Sorry I almost screwed my posting just now.

Please do NOT be blinded off the limitations of Trezor, or any hardware wallet.
Be impartially objective as you would trying to find the best way to secure your hard-earned money.
And you will learn my method is the best method.
I sell no hardware. I sell no service. I give only free advice that I sincerely believe is the best.

1. The keyword is to use a formatted and forever-offline computer.

2. Any decent computer that is installed to be able to run the offline address generator (like offline MEW), the latest WinRar, and a good DVD burner will do fine. Of course, you need some good DVDs too. I personally recommend Verbatim's AZO DVDs because their product is more stable (quality does not deteriorate, based on the type of chemical they used even under sunlight for hours; refer AZO; I believe they offer lifetime warranty too, how about that). And probably some wallet to double confirm your addresses and private keys generated are valid. No, you don't need expensive, high-powered computer for this simple task.

3. Offline means you are doing it offline AND in private (as reasonably expected). A formatted computer (as mentioned) is a virus/keylogger/malware-free computer.

4. Cloud computing is just one example of the myriads of locations you can store your digital backups. If you want free online backup, you can send yourself an email with the backup attached.

5. My method is simplified (as stated) and does not need any Linux or blockchain download to do the job.

6. Like I said, no different OS than you are already using is needed.

7. I don't agree to the recommended backup (send to friends).

You can be ultimately critical on my method, but let me request the same level of "criticality" on Trezor, objectively.

Software companies make money by creating, developing and selling software and/or access to that software. The more paying users make use of it, especially ones with big pockets (such as institutions, exchanges and sovereigns), the better, right? Now imagine a world in which software piracy will have little to zero effect in terms of the accessibility to a given piece of software and/or system.

@Dorky I see you edited your post. I only responded to what you originally posted.

In any case, I've posted what I wanted to post. I stand by it.

Thank you. Let me scrutinize it a bit to the benefit of all. So that we can make informed decisions.

1. "Hardware wallet is not fully controlled by the user" - A hardware wallet such as Trezor is issued by a 3rd party, but not 3rd party dependent in terms of recovery (https://news.bitcoin.com/trezor-moves-closed-source-backend-server-open-source-using-bitcore/ + https://doc.satoshilabs.com/trezor-faq/threats.html). Even the "clean air-gapped computer" you use was manufactured and provided by a 3rd party (as well as the software).

2. What do you use as a "clean air-gapped computer"? How big is it and how much does it cost?

3. "And yet it achieves similar, if not higher, level of security, as well as much higher control" - How come? "Used correctly, an air-gapped wallet is safe from all online threats, such as viruses and hackers. It is however still exposed to offline threats, such as hardware keyloggers, extortion, or people looking over your shoulder" (https://en.bitcoin.it/wiki/How_to_set_up_a_secure_offline_savings_wallet). This while Trezor eliminates more than one of these risks, including the threat posed by hardware keyloggers.

4. "Sign up for a few different cloud drive accounts such as Dropbox or Google drive" - How are "cloud drive accounts" cheaper and safer than what Trezor provides?

5. "Download Bitcoin-Core Linux binary and save it on a USB drive" - The Bitcoin-Core Linux binary is over 145 GB large. Many parts of the world don't have access to cheap internet access and bandwidth. How do the cost of downloading 145 GB+ (and growing!) plus the cost of an USB device work out cheaper than €89?

6. "Shut down your computer, and boot Ubuntu (or Linux distribution of you choice) from a liveCD" - In other words, you make use of software provided by a 3rd party? How is this better and more secure than what Trezor offers?

7. "Backup encrypted wallet.dat file in several places:

Send it to your 5 best friends by email attachment and ask them to save it for you.

Save it on your cloud drive accounts created in step 1.

Save it on several USB drives and CDs and store them in different geographic locations"

How is this not exposed to lost and/or theft as you claim?

I could continue, but the above should suffice for now. Thanks.

If you understand my method, you would realize my method is very closely similar to having a hardware wallet. In fact, my method is also very closely similar to a paper wallet. The only difference is it is in digital format and fully controlled by the user. Paper wallet is not digital. Hardware wallet is not fully controlled by the user. In fact, I derived my method from https://en.bitcoin.it/wiki/How_to_set_up_a_secure_offline_savings_wallet, but simplified.

My method does not need different OS like Ubuntu. It also doesn't depend on 3rd-party hardware wallet. And yet it achieves similar, if not higher, level of security, as well as much higher control.

A Trezor-dependent user may think he can't secure his funds without Trezor/Ledger/etc. But as I am not dependent on hardware wallet, I can achieve the same, if not higher, level of security with just an offline address generator, WinRar, an offline computer, and several DVDs as backup copies. Troublesome? Not at all.

Risk of getting lost? As the backup is digital, it can be duplicated into multiple copies and be stored in everywhere you can name.
Risk of getting stolen? As the .rar file is encrypted with strong password, the thief will get nothing out of it.
Risk of getting both lost and stolen? When the user has multiple copies of the .rar file (in DVDs, in email, in cloud computing, etc), it doesn't matter if one of them got lost and stolen.

Note: Full control also means the user of my method does not depend on any brand name product for his security. If you use a 3rd-party wallet, there is a big chance each wallet will use different encryption method and thus there may be incompatibility between different wallets when you want to import backup files, like importing a backup file exported from Multibit into Electrum. However, if you have the private key, you control everything and your backup is unrestrained by what/which wallet you use.

1. Now, can Trezor/Ledger/Keepkey provides you your private key?
2. Secondly, can you import backup file from Trezor into Ledger/Keepkey (no issue of compatibility)?
3. Can your passphrase generated by Trezor be used on Ledger/Keepkey for recovery (I am not sure of this)?

I forgot to add this 3rd advantage of using my method, beside max security and control: brand-independence, i.e. you don't depend on any brand/type of wallet for security.

And when you have 1) max security, 2) max control, and 3) max brand-independence freedom, you don't need to trust any 3rd-party that they may/may not do their job (like trusting Trezor will not install malware into the hardware and that they will audit their codes well), thus you get the 4th benefit of max trustlessness.  

Kindly explain. Thanks.

Yes.

Note: If you lose both the Trezor wallet and the passphrase, then you lose everything.

Reading between the lines...

"The reason is to have 100% control (you aren't relying on any 3rd-party for salvation)" - "users do not have to depend on SatoshiLabs’ servers availability anymore": https://news.bitcoin.com/trezor-moves-closed-source-backend-server-open-source-using-bitcore/

Even if SatoshiLabs shuts down, one will still be able to use Trezor and/or recover one's private keys: https://doc.satoshilabs.com/trezor-faq/threats.html

"Even then using hardware wallet does not spare the user the trouble of securing the mnemonic phrases" - It is not difficult to store a printable Trezor recovery seed separate from the wallet in a secure place. When the wallet gets lost/stolen, the recovery seed can be used to recover the private keys.

"In fact, I dislike (and never recommend) using hardware wallet also because if something screws up (such as the mnemonic phrases got lost or stolen), the whole savings is at stake" - You meant to say when "someone" screws up. Now when someone screws up, it is certainly not Trezor's fault. That being said, Trezor gives one the option to protect against recovery seed theft with a passphrase. Thus, one can completely eliminate risks attached to recovery seed theft. Is your method fully secure against lost and/or theft?

"With my method, savings can be segregated into multiple addresses and compartmentalized in varying level of security as the user prefers, and any address at stake will not jeopardize the others" - Trezor allows one to create multiple accounts and within each of those accounts one can generate an endless number of key pairs.

Don't get me wrong. I am open to multiple methods of security, including yours. However, not all methods are as secure and convenient as a hardware wallet such as Trezor.

Thanks. I am glad you like it.

My gut feeling tells me VERI might pass the ETH price before or by Friday the 14th, but who knows for sure. 

This is from Reggie (in slack) giving an explanation to someone questioning the current utility to someone (an ico investor/ forum lurker - like many of us).

This is not the full quote

"If Veritaseum has not had utility value to you, it's because you are probably not the target audience. The JSE (Jamaica Stock Exchange) gets value out of it, here and now. Other, much larger exchanges get utility value out of it - now.
Utility software actually gets MORE valuable the more it is used (network effect), You are approaching this situation as if the tokens are equities and there is some sort of dilutive effect to earnings. That is not the case, and that is an absolutely incorrect method of viewing and valuing Veritas. I'm not declaring Veritas is software just to get out of SEC registration, it really is software."

The reason is to have 100% control (you aren't relying on any 3rd-party for salvation).
The method I suggested is not less secure and is not troublesome for the sake of 100% control, max security, and cost far less.
But then, to each his own (for those who seek the easiest way out for max convenience regardless of less control may get the hardware wallet).
Even then using hardware wallet does not spare the user the trouble of securing the mnemonic phrases.
However, I dislike the video implying .rar file is insecure, that everyone needs to have Trezor, and that to me is false information.
Mike B could have educated the viewers on how to make a very secure cold storage in .rar with strong encryption instead, but he didn't.
In fact, I dislike (and never recommend) using hardware wallet also because if something screws up (such as the mnemonic phrases got lost or stolen), the whole savings is at stake.
With my method, savings can be segregated into multiple addresses and compartmentalized in varying level of security as the user prefers, and any address at stake will not jeopardize the others.
Nevertheless, to each his own.
I do not wish to impair nor harm anyone with my suggestion nor wish to be penalized for making a good suggestion.

source?

I was a little surprise how market reacted to this project. Well it might as be on the radar for me because it is quite intriguing to be honest.

I'm with you man, everybody has different needs.  Just trying to express the opinion that people might be well served if they think of spending other sources of $ before hanging the For Sale sign on their VERI.  Owned a ton of mining stocks and didn't have any hesitation to flip and dump those.  After all they sell stocks in bulk under market (options) and print more at will.  Can't win much there, really is a greater fool contest.  Gotta be on the inside to win.

Figured that winning in stocks, the reward you make in $ buys less every time you head to the grocery store. So why play?  That's why I quit that game and went "all in" cryptos.  Cryptos don't tend to depreciate like fiat.  And they appreciate like crazy.

Cheers