Topic: Wallets and Cold Storage. - page 2. (Read 1803 times)

Actually you are the one who needs to do more research. Yes you are right the software that runs on it is mostly open source (no hardware wallet released so far is actually 100% open source, some have 99% of the code open source like the trezor but most don't have any part of the hardware open sourced, none of the ones you have linked are 100% code and hardware open source), however there are still many other worries. One thing that scares me a lot is that trezor hard an onboard RNG chip that is not open source and was completely designed and manufactured by a third party vendor, however it doesn't use this chip exclusively it combines it with random data from your PC so unless both are colluding you are safe. First of all unless you actually build the software from source and load it onto the device yourself how can you know what is running on it. How do you know that the device hasn't got some extra code that generates non random seed words, or even more hard to detect - non random R values, similar to the bug in blockchain.info before, or even code that transmits the seed words hidden in inside the tx data allowing the attacker to retrieve them from the blockchain after you push a tx. Even if you do load the code yourself it is still possible that some chip on the device is the thing that is backdoored and able to execute these kinds of attacks, this is called "hardware hacking". This is near impossible to detect. The US military has invested billions into trying to solve this problem and are able to detect backdoored chips by destructive testing by means that are not yet public however we do know that the chip is useless afterwards, so when they need to source chips from China or such they buy lots of chips and destroy 80% of them and if they find no backdoors they decide the remaining 20% are safe enough and those are the ones that end up in black hawk helicopters and other important things. So tl;dr; It is really hard to be sure your hardware wallet isn't backdoored. Unless you build it from bare silicon yourself there is trust involved.

This is some great information. Thank you for taking the time do such great reviews.

I like the idea of a hardware wallet, but here's something that concerns me, and maybe I'm wrong but follow me for a second here.

Like I said before I plan to buy some btc and sit on it for years. Let's say I get a TREZOR and I put a nice little bit of btc on it. So I take my TREZOR and toss it into a safe and let it sit there. 10 to 15 years go by and btc is through the roof. It's all our dreams come true and I'm ready to sell and take my money and retire early and live the good life. Then disaster happens. I plug my TREZOR into my computer and it's deader than dead. I try a few things and nothing still happens. So I try and contact TREZOR to only find out they closed doors three years ago. In this scenario I would be screwed out of all my btc, correct?

i think paper wallet is the best for cold storage as its pretty unbreakable if hidden in a good place

I also support paper aswell. It does serve a purpose when done right.    If your going to store something cold for years and do not plan to access it, paper is going to make a lot of sense.

It is for those who need access to the coin's hardware wallets do great.  It does not let the key on the computer the hardware wallet actually signs transactions where the computer never see's the key.  So even if compromised computer it cant send Bitcoin.  That is why I like them for people who need to use/access coins.

But there is nothing wrong with paper when done right.   I think the person's usage is best to determine what should be used.

That was actually one of my concerns as well with buying hardware wallets of ebay, i thought perhaps someone had opened them and taken the codes then sealed them again. Since i was previously corrected on paper vs hardware i never brought it up though =p glad i never

you are a true hardware wallet supporter, youve convinced me anyway, im just too cheap to buy one.

You need to read a little more before giving advice.  TREZOR is opensource so you can read the code if you like, to see no back door.   The code is so good at least another wallet uses TREZOR's code.

And yes it is tamper proof on TREZOR's case.  The big thing though which stops your idea on employee or someone getting wallet, is it's shipped as empty it's not till you actually go through install it has a wallet.  You get 24 seed words that only you know during install.  So until you install it literally contains no wallet.  

Have you used a hardware wallet?

Here is some real hands on with some hardware wallets:
Trezor: https://bitcointalksearch.org/topic/hands-on-trezor-hardware-wallet-notlist3d-1298917
KeepKey: https://bitcointalksearch.org/topic/hands-on-keepkey-hardware-wallet-notlist3d-1283805
Ledger Nano: https://bitcointalksearch.org/topic/hands-on-ledger-nano-hardware-wallet-notlist3d-1305888

I would be tempted just to transfer them straight to a paper wallet, What i always do is send a small amount first just to check that you have the correct address and all is working as should and then once thats confirmed you can send in the mother load. paper wallets are your cheapest option, just stuff them away in a safe place and forget about them. come back in a few years and be richer than your wildest dreams.

One potential issue is you have to trust that the trezor itself doesn't have some kind of backdoor built into it. Even though the device is mostly open source it is still very easy to hide hard-to-detect backdoors in it. I believe trezor's ship with some kind of tamper proofing so that you can tell if it has been tampered with during shipping, but maybe a rogue employee worked on your trezor and hid a backdoor which he could use to steal your Bitcoins sometime in the future, or maybe even a hacker has compromised some computer involved in the manufacturing process and used it to backdoor your trezor. It all comes down to trust really, if you trust the trezor guys to do their job right then you don't have to worry about this, but that's kind of difficult to do isn't it.

So far not any problem with trezor but i would suggest reading more about it in this thread How much would you trust trezor?
Also if you like watching videos you can check a good overview here: https://www.youtube.com/watch?v=YL6o6WLGM58

Thanks for the replies.

I have been looking into hardware wallets also. I like a lot of things about the Trezor wallet. It looks like it never exposes your private key to your computer. I think I read also that even if you were to lose the device you can still recover your btc as long as you have your encryption information.

Has anyone used a TREZOR? Any know issues with them?

Thanks.

I also suggest to use hardware wallets, the cheapest one seems to be ledger wallet hw1.
It looks cheap but it does the job, then another one is ledger nano, unpluged, trezor, etc.

Also you might look into hardware wallets.  They are something I have been testing lately.  I like being able to use the device and key is never on computer.  The hardware wallet sign's the transaction on it.  So computer never even get's key.   

But paper wallets are not bad if done right.  If done wrong you are going to be in trouble.

Good research before asking here.

If you have a lot of bitcoin, hardware wallet is the best choice for cold storage.

For daily use, you can use electrum wallet.

And do not store your bitcoin in the exchange, unless it was for trading.

The whole point is to generate the private key offline (computer that isn't connected to the internet and never will be) and send the funds to the public address.

If not done like this, safety wise, it will be the same as using a standard wallet.
Some would argue even less since you generated the private key on a site that could also access it.

You should store them on paper wallets, so do it with bitaddress.org. As long as you have somewhere with the private keys to your Bitcoin address, the Bitcoin is safe. It doesn't matter whether it is in a wallet (really just a collection of private keys) or on a piece of paper.

After studying bitcoin for the past few months and collecting Lealana and Casascius coins I'm ready to buy some actual bitcoins. I've been looking into exchanges and made a thread about it.

Next is wallet and cold storage. My goals for bitcoin is to buy some and store it and forget about it. Ideally, cold storage looks to be the best method. So, my question is, do I really need to get a wallet like, Electrum, or can I skip getting a wallet and just transferring my coins from the exchange to a bit address from bitaddress.org and storing the information in a safe place?

Sorry for the newb level question, but I want to do this right and not have to worry about my btc being stolen or lost because of a careless error.

Thanks.