Explanation
Chartbuddy thanks talkimg.com
Topic: Wall Observer BTC/USD - Bitcoin price movement tracking & discussion - page 47. (Read 26709964 times)
December 28, 2024, 06:01:15 AM
December 28, 2024, 05:08:57 AM
4 is enough buddy.
you can have more when you go in the right direction
you can have more when you go in the right direction
December 28, 2024, 05:01:14 AM
December 28, 2024, 04:01:17 AM
December 28, 2024, 03:01:14 AM
December 28, 2024, 02:01:14 AM
December 28, 2024, 01:40:00 AM
Realistically, are people using 128 bit pins on their Trezors? That's half the length of a private key.
I wouldn't use a 128 Bit PIN on a wallet that needs to be accessed frequently. But for a bigger stash you don't touch maybe for years, why not.
For smaller amounts wallets with SE are totally fine imo
Many wallets are using several SEs from different manufacturers in one device, because it's unlikely that all SE secrets get compromised at the same time.
December 28, 2024, 01:35:49 AM
Realistically, are people using 128 bit pins on their Trezors? That's half the length of a private key.
December 28, 2024, 01:30:37 AM
Beware: A few important 'things' coming by Jan 1-Jan 13...relevant to US only, sorry.
1. New rules for bitcoin (and other tokens, unnamed) coming to US by Jan 1, 2025.
see:
https://gordonlaw.com/learn/new-crypto-cost-basis-rules/
https://www.eisneramper.com/insights/tax/safe-harbor-digital-asset-1224/
https://tax.thomsonreuters.com/news/advice-for-practitioners-on-unused-digital-asset-basis-safe-harbor/
Of course, nothing to worry about if you don't sell. Stable coin tx of less than 10K/year are excluded from reporting, interestingly. Not sure if per broker or total.
In short...there is a safe harbor for you to identify and record ALL your purchase cost basis, so you can later identify what exactly you are selling (if using coinbase). No need to do it, obviously, for something you bought on a CEX and kept there. This needs to be done BEFORE you sell as Coinbase/Gemini/Kraken (just a few examples) would not do it for you (your cost basis) if you did not buy bitcoin there.
1. New rules for bitcoin (and other tokens, unnamed) coming to US by Jan 1, 2025.
see:
https://gordonlaw.com/learn/new-crypto-cost-basis-rules/
https://www.eisneramper.com/insights/tax/safe-harbor-digital-asset-1224/
https://tax.thomsonreuters.com/news/advice-for-practitioners-on-unused-digital-asset-basis-safe-harbor/
Of course, nothing to worry about if you don't sell. Stable coin tx of less than 10K/year are excluded from reporting, interestingly. Not sure if per broker or total.
In short...there is a safe harbor for you to identify and record ALL your purchase cost basis, so you can later identify what exactly you are selling (if using coinbase). No need to do it, obviously, for something you bought on a CEX and kept there. This needs to be done BEFORE you sell as Coinbase/Gemini/Kraken (just a few examples) would not do it for you (your cost basis) if you did not buy bitcoin there.
Given how wallets actually work under the covers, particularly the old pre-HD Core wallets, this sounds just ridiculous. Should be fun.
December 28, 2024, 01:29:30 AM
The Trezor with a sophisticated pin is even more secure than the Trezor with a secure element! Because it doesn't use these closed source Secure Elements, that can probably be readout by the companies that produces them, or by people who get their hands on the companies secret.
With a good PIN you can go open source and and also eradicate the risk that physical access brings, at the same time!
I would feel more safe loosing a Trezor secured with a 128 Bit PIN than one with a SE.
I agree about the PIN.
I use so small pin in my ledger. I will probably change that soon, as I am a bit worried about it recently.
I created those pin almost 10 y ago. I use 2 pin (as I have one hidden wallet with passphrase).
The ledger has a secure element, so afaik the PIN isn't the sole thing (if at all) used to encrypt the seed.
Means you should be safe from physical access to the chip anyways, even with a short PIN. (safe as far the secret of the SE company isn't used)
December 28, 2024, 01:24:16 AM
Surely some of us may have had relatives who pass and we try to figure out what accounts they have, and i even had some relatives tell me that they want me to know their passwords in case something happens to them, and my most common response is that they need to keep their passwords in a safe place that would be accessible upon their passing, which surely is easier said than done... and most likely value ends up getting lost when persons pass and so many passwords that they are not even able to keep track of.
Encryption can help with that kind of thing. Ideally they would hand off to you an encrypted file to you with a password that you would be unable to access (easily) until after their passing. That can be a bit tricky and depend a lot on the level of trust between you so would have to be decided on a case-by-case basis. Also make sure that the password could not be accidentally lost.
December 28, 2024, 01:23:09 AM
....At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has physical access to the device with a non-secure element.
....
no no JJG .... The PIN is used to encrypt the seed on your device. A strong (long) PIN cannot be cracked via brute force, so it's not possible to decrypt your seed when someone gets hold of your device.....
That's why Trezor enabled PINs with 50 digit length (maybe longer), when they fixed the vulnerability of physical access a few years ago.
Means, if your PIN is long enough (has enough entropy) nobody can get the seed out of your device.
No (un)secure element needed !
Until I see something more clear, I will have to take what you are saying about the creation of a more robust pin (as the solution to the problem) with a grain of salt.
Quote
We then crack the encrypted seed, which is protected by a 1-9 digit PIN, but is trivial to brute force.
https://blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-walletsAgain, that's why Trezor upped the possible PIN length to 50 digits (166 Bits), so there is no possibility to brute force anymore.
Maybe there is a newer article going into such details that describe how making a more sophisticated pin code helps? or prevents hack-ability, as you seem to want to proclaim.
c'mon JJG it can't be that hard to understand!
You think I am playing with you?
I am not. I am giving my own understanding of the matter, and I don't claim to be a technical genius, yet I have been pointing out some technical pieces to support the assertions that I have been making...and to show my understanding of the matter. I doubt that what I have been saying is outside of the sphere of what some other guys might think about various Trezor weaknesses, and/or vulnerabilities. And, by the way, I find Trezor's usability to be quite friendly and easy.
From my understanding, frequently Trezor is still being criticized because of its physical access vulnerability, and sure that could merely be competitors who are making those kinds of proclamations, yet Trezor does not seem to be countering those claims.
If the longer pin were to be removing such physical access vulnerabilities (or greatly diminishing such vulnerabilities) then I would have had thought that there would be some kind of a counter-marketing campaign coming out of Trezor's camp and/or one of their supporting camps rather than their seeming to want to cave in and to move over towards providing secure elements in their newer products, which yeah so far many of us recognize that the secure element is not completely open sourced, so the Trezor with the secure element remains problematic.
Are you trying to suggest that the Trezor with a sophisticated pin is nearly as secure as the trezor with a secure element? or you would not go that far in your seeming proclamation that more sophisticated pins are going to save us from hackers if we do not end up locking ourselves out of the device with such sophisticated pins.. yet with Trezor we don't need to worry if we lock ourselves out of the device anyhow since we can still use the device and we can reload our back up seed words back onto the device. As far as I know, so far, the trezor does not brick itself after unsuccessful attempts with the pin as some other hardware wallet devices do.
I wonder where are JJG's Gay Christmas cards ??
As a matter of fact, I find it less than appealing to be looking at pics of men (whether well-endowed or not), as compared with gawking at the attributes of the more fair sex.
That's part of the reason why I keep my Grinder settings aimed at having preferences for females.
Perhaps I never bought into the gay christmas cards angle, even though surely I have been participating in the all-seasons daily pushups angle...even though I don't really like doing pushups every day.
the pushup thing seems to be more widespread than I thought!
thanks for bringing us to 100k, then!
could I ask you to pls do it again?
December 28, 2024, 01:20:56 AM
The Trezor with a sophisticated pin is even more secure than the Trezor with a secure element! Because it doesn't use these closed source Secure Elements, that can probably be readout by the companies that produces them, or by people who get their hands on the companies secret.
With a good PIN you can go open source and and also eradicate the risk that physical access brings, at the same time!
I would feel more safe loosing a Trezor secured with a 128 Bit PIN than one with a SE.
I agree about the PIN.
I use so small pin in my ledger. I will probably change that soon, as I am a bit worried about it recently.
I created those pin almost 10 y ago. I use 2 pin (as I have one hidden wallet with passphrase).
December 28, 2024, 01:16:00 AM
....At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has physical access to the device with a non-secure element.
....
no no JJG .... The PIN is used to encrypt the seed on your device. A strong (long) PIN cannot be cracked via brute force, so it's not possible to decrypt your seed when someone gets hold of your device.....
That's why Trezor enabled PINs with 50 digit length (maybe longer), when they fixed the vulnerability of physical access a few years ago.
Means, if your PIN is long enough (has enough entropy) nobody can get the seed out of your device.
No (un)secure element needed !
Until I see something more clear, I will have to take what you are saying about the creation of a more robust pin (as the solution to the problem) with a grain of salt.
Quote
We then crack the encrypted seed, which is protected by a 1-9 digit PIN, but is trivial to brute force.
https://blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-walletsAgain, that's why Trezor upped the possible PIN length to 50 digits (166 Bits), so there is no possibility to brute force anymore.
Maybe there is a newer article going into such details that describe how making a more sophisticated pin code helps? or prevents hack-ability, as you seem to want to proclaim.
c'mon JJG it can't be that hard to understand!
....
Are you trying to suggest that the Trezor with a sophisticated pin is nearly as secure as the trezor with a secure element? or you would not go that far in your seeming proclamation that more sophisticated pins are going to save us from hackers if we do not end up locking ourselves out of the device with such sophisticated pins.. yet with Trezor we don't need to worry if we lock ourselves out of the device anyhow since we can still use the device and we can reload our back up seed words back onto the device. As far as I know, so far, the trezor does not brick itself after unsuccessful attempts with the pin as some other hardware wallet devices do.
The Trezor with a sophisticated pin is even more secure than the Trezor with a secure element! Because it doesn't use these closed source Secure Elements, that can probably be readout by the companies that produces them, or by people who get their hands on the companies secret.
With a good PIN you can go open source and and also eradicate the risk that physical access brings, at the same time!
I would feel more safe loosing a Trezor secured with a 128 Bit PIN than one with a SE.
December 28, 2024, 01:01:17 AM
December 28, 2024, 12:25:17 AM
....At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has physical access to the device with a non-secure element.
....
no no JJG .... The PIN is used to encrypt the seed on your device. A strong (long) PIN cannot be cracked via brute force, so it's not possible to decrypt your seed when someone gets hold of your device.....
That's why Trezor enabled PINs with 50 digit length (maybe longer), when they fixed the vulnerability of physical access a few years ago.
Means, if your PIN is long enough (has enough entropy) nobody can get the seed out of your device.
No (un)secure element needed !
Until I see something more clear, I will have to take what you are saying about the creation of a more robust pin (as the solution to the problem) with a grain of salt.
Quote
We then crack the encrypted seed, which is protected by a 1-9 digit PIN, but is trivial to brute force.
https://blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-walletsAgain, that's why Trezor upped the possible PIN length to 50 digits (166 Bits), so there is no possibility to brute force anymore.
Maybe there is a newer article going into such details that describe how making a more sophisticated pin code helps? or prevents hack-ability, as you seem to want to proclaim.
c'mon JJG it can't be that hard to understand!
You think I am playing with you?
I am not. I am giving my own understanding of the matter, and I don't claim to be a technical genius, yet I have been pointing out some technical pieces to support the assertions that I have been making...and to show my understanding of the matter. I doubt that what I have been saying is outside of the sphere of what some other guys might think about various Trezor weaknesses, and/or vulnerabilities. And, by the way, I find Trezor's usability to be quite friendly and easy.
From my understanding, frequently Trezor is still being criticized because of its physical access vulnerability, and sure that could merely be competitors who are making those kinds of proclamations, yet Trezor does not seem to be countering those claims.
If the longer pin were to be removing such physical access vulnerabilities (or greatly diminishing such vulnerabilities) then I would have had thought that there would be some kind of a counter-marketing campaign coming out of Trezor's camp and/or one of their supporting camps rather than their seeming to want to cave in and to move over towards providing secure elements in their newer products, which yeah so far many of us recognize that the secure element is not completely open sourced, so the Trezor with the secure element remains problematic.
No, I absolutely don't think you are playing me! I just thought the issue must be quite easy to understand for an AI
Joke aside, I thought with the quote of the article it should be obvious, as everything is in that short sentence. But maybe I'm just a bit too used to the topic as I once researched the shit out of it, after they changed the PIN length.
Indeed, Trezor really lacked an adequate counter-campaign. I remember some article(s) on the PIN (don't make me search...).
But Trezor surely fell short of educating their users. At least they should have more on their website...
I guess since they went the SE route it's not so important for them anymore..
December 28, 2024, 12:01:15 AM
December 27, 2024, 11:01:15 PM
December 27, 2024, 10:17:56 PM
....At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has physical access to the device with a non-secure element.
....
no no JJG .... The PIN is used to encrypt the seed on your device. A strong (long) PIN cannot be cracked via brute force, so it's not possible to decrypt your seed when someone gets hold of your device.....
That's why Trezor enabled PINs with 50 digit length (maybe longer), when they fixed the vulnerability of physical access a few years ago.
Means, if your PIN is long enough (has enough entropy) nobody can get the seed out of your device.
No (un)secure element needed !
Until I see something more clear, I will have to take what you are saying about the creation of a more robust pin (as the solution to the problem) with a grain of salt.
Quote
We then crack the encrypted seed, which is protected by a 1-9 digit PIN, but is trivial to brute force.
https://blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-walletsAgain, that's why Trezor upped the possible PIN length to 50 digits (166 Bits), so there is no possibility to brute force anymore.
Maybe there is a newer article going into such details that describe how making a more sophisticated pin code helps? or prevents hack-ability, as you seem to want to proclaim.
c'mon JJG it can't be that hard to understand!
You think I am playing with you?
I am not. I am giving my own understanding of the matter, and I don't claim to be a technical genius, yet I have been pointing out some technical pieces to support the assertions that I have been making...and to show my understanding of the matter. I doubt that what I have been saying is outside of the sphere of what some other guys might think about various Trezor weaknesses, and/or vulnerabilities. And, by the way, I find Trezor's usability to be quite friendly and easy.
From my understanding, frequently Trezor is still being criticized because of its physical access vulnerability, and sure that could merely be competitors who are making those kinds of proclamations, yet Trezor does not seem to be countering those claims.
If the longer pin were to be removing such physical access vulnerabilities (or greatly diminishing such vulnerabilities) then I would have had thought that there would be some kind of a counter-marketing campaign coming out of Trezor's camp and/or one of their supporting camps rather than their seeming to want to cave in and to move over towards providing secure elements in their newer products, which yeah so far many of us recognize that the secure element is not completely open sourced, so the Trezor with the secure element remains problematic.
Are you trying to suggest that the Trezor with a sophisticated pin is nearly as secure as the trezor with a secure element? or you would not go that far in your seeming proclamation that more sophisticated pins are going to save us from hackers if we do not end up locking ourselves out of the device with such sophisticated pins.. yet with Trezor we don't need to worry if we lock ourselves out of the device anyhow since we can still use the device and we can reload our back up seed words back onto the device. As far as I know, so far, the trezor does not brick itself after unsuccessful attempts with the pin as some other hardware wallet devices do.
I wonder where are JJG's Gay Christmas cards ??
As a matter of fact, I find it less than appealing to be looking at pics of men (whether well-endowed or not), as compared with gawking at the attributes of the more fair sex.
That's part of the reason why I keep my Grinder settings aimed at having preferences for females.
Perhaps I never bought into the gay christmas cards angle, even though surely I have been participating in the all-seasons daily pushups angle...even though I don't really like doing pushups every day.
December 27, 2024, 10:01:18 PM
Jump to: