Topic: Why all this hype with Hardware Wallets when Bitcoin Core is all you need? (Read 624 times)

I believe because the main argument was that an airgapped Bitcoin Core install should be all you need. I am pretty sure most would agree here that a hot wallet is always less secure than a semi-hot / cold wallet such as in a hardware wallet. Even if the PC is airgapped, not only is it much more hassle to use in everyday scenarios, also it's simply less secure to physical attacks as described above.

This is exactly right. As so often, the answer seems to be again 'it depends'. The best solution varies from person to person, based on circumstances, preferences, technical abilities and threat model.

I'm kinda missing in this thread the benefit of a hardware wallet to secure the wallet seed and transaction signing from a possibly malicious computer. And I see this as the main benefit of those devices. Topics like how you secure your mnemonic seed words and other mandatory wallet secrets apply to all sort of wallets and are not valid to distinguish them from each other.

Software wallets like Bitcoin Core or others are basically unprotected if the computer used to run them got compromised. A keylogger can grab your wallet securing passphrase, active malware can exfiltrate your wallet and/or steal/transfer your funds away. Active malware should be able to steal any main secret of your software wallet on a compromised device.

As far as I'm aware of a hardware wallet should protect you from losing your wallet seed and/or funds by malicious transaction(s) if you're careful to always check your transaction details before you get them signed by your hardware wallet. AFAIK no malware can manipulate your hardware wallet unnoticed by a careful user.

An air-gapped (encrypted) computer should provide similar security with far less convenience as already discussed here. Taking into account physical access, breaking into your space, physical threats and whatnot is another thing I won't go into detail. From my view it all depends on which usage scenarios you have and what kind of threats you want or need to be protected from.

Electrum isn't nearly as "bad" as the others, it's only 2FA. And although they show a Disclaimer ("a small fee will be charged on each transaction"), I've seen many topics from users who are surprised they suddenly have to pay $20 or more on their first transaction.

Now that you mention the conundrum where OEM push their services thought their mobile platforms, I've got something to add to this discussion that (many) are not aware - Xiaomi, a company that is mostly know to the public by selling smartphone devices (up until 2020 Xiaomi smartphones accounted for around 11.4 percent of the global smartphone market[1]), air purifiers, earphones, portable battery chargers and robot vacuum cleaners, define themselves as an "internet company" straight into their IPO documents[2] (page 6) instead of a company focused on producing hardware products for the overall public (as opposed to Apple definition on their 1980 IPO documents[3] for example).

The profit that they have per (smarthphone) unit sold is also very low - according to Investopedia we are talking about $2 per smarpthone sold (which still encompasses 65% of their total revenue). Why so low? Because they aim to have a lot of users using their smarthphones and don't mind even doing it at a loss because - despise the low profit generated - they will have a huge audience that will allow them to sell their services that they offer in their pre-installed apps (Music, Data, Photo Storage for example). According to Investopedia[4]:
I'm aware that Mycelium and Coinomi do sell other services within their "main" one, but I wasn't aware that Electrum does it as well. What kind of "crap" are we talking about?

---

[1]https://www.statista.com/topics/5136/xiaomi/#dossierKeyfigures
[2]https://www1.hkexnews.hk/listedco/listconews/sehk/2018/0625/ltn20180625033.pdf
[3]https://www.sec.gov/files/18-02062-FOIA.pdf
[4]https://www.investopedia.com/news/how-xiaomi-makes-money/
[5]https://www.youtube.com/watch?v=esUOQpKNLsE

Now that you mention it: it is indeed amazing how a problem that started on Microsoft Windows has now reached Android phones. And even hardware wallets are doing that shit nowadays, spamming all kinds of "services" within their software.
I especially dislike that you can't buy a product and be done with it. They use the product you paid for to try and earn more from you. That's one of the reasons I try to stay away from IoT-devices. And it's one of the reasons I like Bitcoin Core: it doesn't advertise anything. Unlike Electrum, Mycelium and Coinomi (and probably many more wallets) that all try to sell me crap.

That's not a problem if you have a backup of the wallet.dat file; I suppose you already have a backup, because who doesn't.

I also only use Bitcoin Core and an offline VM for the more sensitive info. And of course, I have the VM encrypted and all sensitive info inside this VM also encrypted. And the VM file itself is also encrypted, so, I think I have the thing more or less protected! So I hope. The only thing I can remember that can defeat that is hardware error. But, any hardware is susceptible of hardware failure...

For the record, I don't like Ledger as a company and their closed-source, low-quality products, I just think the USB-thumb drive form factor is quite smart.
I totally agree on the topic of buying from a Bitcoin company / buying a specialized product. On one hand, it's nice to see for instance Foundation Devices pushing self-hosting, on the other hand it's quite shocking that this is apparently not the industry standard so far for Bitcoin companies.
In the default configuration, the software accompanying hardware wallet usually does connect to a central server and does link addresses by pulling their balances at once. However, that doesn't have to be the case.
It's the specific reason why I show how to install electrum server on a Bitcoin full node, even before the Lightning installation instructions.

It would still be cool to have some mechanism that makes the whole system more privacy-friendly, as I reckon there are surely many altruistic Electrum servers. Unfortunately, so far my ideas about using PIR for this weren't very fruitful, but I'm happy to discuss more about that topic!

I think it's clear that using a non-rooted Android or iOS device is the most secure platform to be on at the moment; while definitely not being great for privacy. Windows would be something like the 'worst of both worlds' due to telemetry and being an old OS not designed around security, while Linux would be a trade-off giving much more privacy but with reduced security.
From experience, no OS has as good sandboxing, secure boot with a hardware trust anchor like iOS.

I'd normally recommend partitioning (separate devices for different purposes), but this means having to choose whether to do Bitcoin payments on the 'privacy device' (Linux box) or on the 'secure device' (mobile device). It's a tough question.

I have some privacy issues with Android. Google can track you so much with Android. There's a log of even what apps you have opened and at what times. Plus all the location data, etc. It's incredible the amount of data that Google (or Apple) has these days on most of the people in the world.

A device with some kind of open OS like Linux or OpenBSD, etc, is kinda the best bet these days.

Although there's even risk at the CPU level. For the paranoid, RISC-V is getting a lot of traction these days (it's an open source set of instructions to build CPUs).

Probably not. And yet, they use it for banking all the time.
I still think unrooted phones are more secure than Windows computers. I trust my Android more than I'd trust Windows (which I don't use anyway), and I would never use any Windows computer to even check my email.

Debatable.  Software wallet is great, I admit it.  Most convenient too.  But there are some security issues I can not ignore.

Software wallets are great for me and you who I guess do not have TikTok, YooToob3000xyz Downloader, Free APK Downloader and all of that crap installed on our devices and do not click on all of these 'Claim Your $100,000 Check NOW!' ads or install this random malware out of the 'ALERT! ALERT! VIRUS DETECTED' annoying pop-up ads.

Also, the regular person does not choose a secure password but an easy to remember one.  Would you say the average person's phone or laptop is safe enough for a Software wallet, even protected by password?

I can see why and I can not contradict you.

-
Regards,
PrivacyG

I find using a hardware wallet much more work than using a software wallet.

My order of convenience (from easiest to most work):
-software wallet without password (for very small amounts, like a few wallets with a few dollars each)
-software wallet with password (the most common option I guess)
-hardware wallet (getting it, connecting the cable and typing numbers on small buttons make it inconvenient)
-cold storage setup (a proper setup including figuring out which wallet versions to use takes me a long time)

I literally use all four of those:

I can't imagine traveling with a hardware wallet. I'd very much prefer to use a software wallet, funded with just enough for the trip.

If you bring Tails, you don't need 2 separate computers. Just your normal laptop, reboot, and sign the transaction offline.

It prevents panic selling

So many of you guys talking about technical stuff yet the answer is for me so much simpler than that.  Using a Hardware Wallet is more convenient.  And since almost everyone is a lazy butt choosing convenience over utility, there we go.

Seriously now.  I can not imagine myself carrying an old airgapped computer with me on a trip.  I can not imagine myself doing the signing and all of that using two separate computers in a hotel.  I would rather carry around a Hardware Wallet instead and use that one safely.  This is why I think they are worth the cost.

There are many drawbacks but also many aspects I like.  Drawbacks being you have so much more control over your data with an airgapped cold storage than a Hardware Wallet provides you.  I could pop up Electrum on a Tails and sign a single transaction without the server knowing all the UTXO's I own.  Hardware Wallets are not like that, unless you use a random Passphrase for your transaction but then you have to plug in your Hardware Wallet with the main Passphrase first and send the required amount to one of the random Passphrase's public keys which again means less privacy.  Offline airgapped cold storage gives you more control.  Sign the transaction, broadcast it and shut down Tails.  All the other addresses in your cold storage are now unknown to the server.

Aspects I like.  You can put that damn thing in your pocket and securely move Bitcoins around in the middle of the Ocean, long as you have data connection.  You can toss it inside your pocket and even if you ever lose it, nobody would be able to steal from it unless you dropped a Trezor with balances on the main account without Passphrase security or identify you by inspecting it unless you left fingerprints on it and the one picking it up is some FBI agent.

Now that I thought about pros and cons, I am starting to see this in a similar way there is cash and card for Fiat.  You can pull a $50 bill out of your pocket without anyone knowing how many others you have in your other pockets or wallet, if any.  It is however easier to carry around a card with $50,000 on it than it is to carry $50,000 cash on you.  You can toss that card right inside your sock and carelessly walk around.  But all of this is at the expense of your privacy.

You see.  Even if there is Bitcoin Core and Electrum, Hardware Wallets come handy in some situations.  The best thing of all this is you can have a Do It Yourself storage using older devices you already own or you can have a Hardware Wallet instead and make things more convenient for yourself.  You have the choice, it is amazing.

But if you are in a huge hurry to move your coins, you better not have your funds on an old offline computer as you may end up throwing all of that through the window.  Been in a hurry before with an old airgapped computer and it was pure hell.

-
Regards,
PrivacyG

By the time "an attacker" has physical access to any hardware you have lying around, you have a problem already. And a small hardware wallet can be much harder to find than a large computer.

Of course, none of that helps if Ledger leaks millions of addresses where their hardware wallet can be found.... And that's really the biggest concern I have buying anything dedicated to Bitcoin: it can make you a target.

Maybe it's not that likely to happen, just like $5 wrench attacks on debit cards don't happen often, even though those cards can often access a decent amount of money.

imagine going through all that and then finding out the hospital was required to examine your usb hard drive. by examine i mean hook it up to a computer and take a look at what's on it. hopefully you encrypted it.

Probably just a painful surgical procedure, but at least the thieves won't be able to find it, of course, you should have your seeds stored in another place just in case the stomach acid damages all those chips, either way, the implications will be a lot worse if you try to eat your laptop while someone is breaking into your house.

if you swallowed your hardware wallet you just traded one problem for another one 

Get Sirin Labs Finney or HTC Exodus and then you won't need the casing nor the extra phone, I don't think they are anywhere near cheap tho.



Assuming we all agree that nobody should be bringing their hw wallet with them for a walk, then we can only assume that someone will break into your house, if that person knows you own crypto and you are being targeted, they will take everything that has a semiconductor in it (hopefully they will leave the fridge alone), now if that person doesn't know anything about crypto, I am pretty sure they will be more tempted to steal the old PC than something that looks like a USB drive.

---

As far as the OP goes, I am not sure where does the assumption of everyone having a spare PC comes from and thus I don't think that should be used an argument, now besides the extra physical securities that any decent hw has over your old PC, is the ability to hide it and move it once needed, if the building catches fire, or some other country decides to invade your country and you have to flee home, it would be a lot easier to grab that hw and run.

also, should I need to hide my funds at any given point, I am pretty sure I can swallow my hw or even shove it up my arse if I had to, not sure I can do that with a full tower PC. :Dd

That's a good point! This is where something like Ledger is actually doing a really good job, since they literally look like USB drives with a random branding on it for the average person.

I do believe we need more designs like this in the future; one possibility would even be to fit a hardware wallet into a cheap smartphone casing. That would really blend in well. Sure, not everyone has two smartphones, but I've seen that in the past and it would literally allow you to sign transactions in plain sight without much suspicion.

Yeah, that's fair and I agree with the issues that a PC or Raspberry Pi bring to the table. I'll start by saying that there's of course not a single best way of doing this, these are all security "guidelines" and no system is 100% secure.

But you're missing one point, which is that you need physical access to the device. To have physical access to it you need to first notice it, and a hardware wallet is pretty obviously a device containing money, so the chances are that an attacker will grab it and try to hack it. A raspberry pi or an old computer laying around is way less tempting in the eyes of an attacker.