Author

Topic: Why all this hype with Hardware Wallets when Bitcoin Core is all you need? (Read 728 times)

hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
I'm kinda missing in this thread the benefit of a hardware wallet to secure the wallet seed and transaction signing from a possibly malicious computer. And I see this as the main benefit of those devices. Topics like how you secure your mnemonic seed words and other mandatory wallet secrets apply to all sort of wallets and are not valid to distinguish them from each other.
I believe because the main argument was that an airgapped Bitcoin Core install should be all you need. I am pretty sure most would agree here that a hot wallet is always less secure than a semi-hot / cold wallet such as in a hardware wallet. Even if the PC is airgapped, not only is it much more hassle to use in everyday scenarios, also it's simply less secure to physical attacks as described above.

Taking into account physical access, breaking into your space, physical threats and whatnot is another thing I won't go into detail. From my view it all depends on which usage scenarios you have and what kind of threats you want or need to be protected from.
This is exactly right. As so often, the answer seems to be again 'it depends'. Wink The best solution varies from person to person, based on circumstances, preferences, technical abilities and threat model.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
I'm kinda missing in this thread the benefit of a hardware wallet to secure the wallet seed and transaction signing from a possibly malicious computer. And I see this as the main benefit of those devices. Topics like how you secure your mnemonic seed words and other mandatory wallet secrets apply to all sort of wallets and are not valid to distinguish them from each other.

Software wallets like Bitcoin Core or others are basically unprotected if the computer used to run them got compromised. A keylogger can grab your wallet securing passphrase, active malware can exfiltrate your wallet and/or steal/transfer your funds away. Active malware should be able to steal any main secret of your software wallet on a compromised device.

As far as I'm aware of a hardware wallet should protect you from losing your wallet seed and/or funds by malicious transaction(s) if you're careful to always check your transaction details before you get them signed by your hardware wallet. AFAIK no malware can manipulate your hardware wallet unnoticed by a careful user.

An air-gapped (encrypted) computer should provide similar security with far less convenience as already discussed here. Taking into account physical access, breaking into your space, physical threats and whatnot is another thing I won't go into detail. From my view it all depends on which usage scenarios you have and what kind of threats you want or need to be protected from.

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I'm aware that Mycelium and Coinomi do sell other services within their "main" one, but I wasn't aware that Electrum does it as well. What kind of "crap" are we talking about?
Electrum isn't nearly as "bad" as the others, it's only 2FA. And although they show a Disclaimer ("a small fee will be charged on each transaction"), I've seen many topics from users who are surprised they suddenly have to pay $20 or more on their first transaction.
legendary
Activity: 1148
Merit: 3117
Additionally, Android smartphone company (such as Samsung and Xiaomi) add lots of bloat software which also perform lots of data collection and tracking.
Now that you mention it: it is indeed amazing how a problem that started on Microsoft Windows has now reached Android phones. And even hardware wallets are doing that shit nowadays, spamming all kinds of "services" within their software.
I especially dislike that you can't buy a product and be done with it. They use the product you paid for to try and earn more from you. That's one of the reasons I try to stay away from IoT-devices.

Now that you mention the conundrum where OEM push their services thought their mobile platforms, I've got something to add to this discussion that (many) are not aware - Xiaomi, a company that is mostly know to the public by selling smartphone devices (up until 2020 Xiaomi smartphones accounted for around 11.4 percent of the global smartphone market[1]), air purifiers, earphones, portable battery chargers and robot vacuum cleaners, define themselves as an "internet company" straight into their IPO documents[2] (page 6) instead of a company focused on producing hardware products for the overall public (as opposed to Apple definition on their 1980 IPO documents[3] for example).

The profit that they have per (smarthphone) unit sold is also very low - according to Investopedia we are talking about $2 per smarpthone sold (which still encompasses 65% of their total revenue). Why so low? Because they aim to have a lot of users using their smarthphones and don't mind even doing it at a loss because - despise the low profit generated - they will have a huge audience that will allow them to sell their services that they offer in their pre-installed apps (Music, Data, Photo Storage for example). According to Investopedia[4]:
Unlike Electrum, Mycelium and Coinomi (and probably many more wallets) that all try to sell me crap.
I'm aware that Mycelium and Coinomi do sell other services within their "main" one, but I wasn't aware that Electrum does it as well. What kind of "crap" are we talking about?

[1]https://www.statista.com/topics/5136/xiaomi/#dossierKeyfigures
[2]https://www1.hkexnews.hk/listedco/listconews/sehk/2018/0625/ltn20180625033.pdf
[3]https://www.sec.gov/files/18-02062-FOIA.pdf
[4]https://www.investopedia.com/news/how-xiaomi-makes-money/
[5]https://www.youtube.com/watch?v=esUOQpKNLsE
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Additionally, Android smartphone company (such as Samsung and Xiaomi) add lots of bloat software which also perform lots of data collection and tracking.
Now that you mention it: it is indeed amazing how a problem that started on Microsoft Windows has now reached Android phones. And even hardware wallets are doing that shit nowadays, spamming all kinds of "services" within their software.
I especially dislike that you can't buy a product and be done with it. They use the product you paid for to try and earn more from you. That's one of the reasons I try to stay away from IoT-devices. And it's one of the reasons I like Bitcoin Core: it doesn't advertise anything. Unlike Electrum, Mycelium and Coinomi (and probably many more wallets) that all try to sell me crap.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
-snip- The only thing I can remember that can defeat that is hardware error.
That's not a problem if you have a backup of the wallet.dat file; I suppose you already have a backup, because who doesn't.
hero member
Activity: 1274
Merit: 681
I rather die on my feet than to live on my knees
I also only use Bitcoin Core and an offline VM for the more sensitive info. And of course, I have the VM encrypted and all sensitive info inside this VM also encrypted. And the VM file itself is also encrypted, so, I think I have the thing more or less protected! So I hope. The only thing I can remember that can defeat that is hardware error. But, any hardware is susceptible of hardware failure...
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
This is where something like Ledger is actually doing a really good job, since they literally look like USB drives
Of course, none of that helps if Ledger leaks millions of addresses where their hardware wallet can be found.... And that's really the biggest concern I have buying anything dedicated to Bitcoin: it can make you a target.
For the record, I don't like Ledger as a company and their closed-source, low-quality products, I just think the USB-thumb drive form factor is quite smart.
I totally agree on the topic of buying from a Bitcoin company / buying a specialized product. On one hand, it's nice to see for instance Foundation Devices pushing self-hosting, on the other hand it's quite shocking that this is apparently not the industry standard so far for Bitcoin companies.
~
In the default configuration, the software accompanying hardware wallet usually does connect to a central server and does link addresses by pulling their balances at once. However, that doesn't have to be the case.
It's the specific reason why I show how to install electrum server on a Bitcoin full node, even before the Lightning installation instructions.

It would still be cool to have some mechanism that makes the whole system more privacy-friendly, as I reckon there are surely many altruistic Electrum servers. Unfortunately, so far my ideas about using PIR for this weren't very fruitful, but I'm happy to discuss more about that topic!

Would you say the average person's phone or laptop is safe enough for a Software wallet, even protected by password?
Probably not. And yet, they use it for banking all the time.
I still think unrooted phones are more secure than Windows computers. I trust my Android more than I'd trust Windows (which I don't use anyway), and I would never use any Windows computer to even check my email.
I think it's clear that using a non-rooted Android or iOS device is the most secure platform to be on at the moment; while definitely not being great for privacy. Windows would be something like the 'worst of both worlds' due to telemetry and being an old OS not designed around security, while Linux would be a trade-off giving much more privacy but with reduced security.
From experience, no OS has as good sandboxing, secure boot with a hardware trust anchor like iOS.

I'd normally recommend partitioning (separate devices for different purposes), but this means having to choose whether to do Bitcoin payments on the 'privacy device' (Linux box) or on the 'secure device' (mobile device). It's a tough question. Wink
hero member
Activity: 1008
Merit: 960
Would you say the average person's phone or laptop is safe enough for a Software wallet, even protected by password?
Probably not. And yet, they use it for banking all the time.
I still think unrooted phones are more secure than Windows computers. I trust my Android more than I'd trust Windows (which I don't use anyway), and I would never use any Windows computer to even check my email.

I have some privacy issues with Android. Google can track you so much with Android. There's a log of even what apps you have opened and at what times. Plus all the location data, etc. It's incredible the amount of data that Google (or Apple) has these days on most of the people in the world.

A device with some kind of open OS like Linux or OpenBSD, etc, is kinda the best bet these days.

Although there's even risk at the CPU level. For the paranoid, RISC-V is getting a lot of traction these days (it's an open source set of instructions to build CPUs).
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Would you say the average person's phone or laptop is safe enough for a Software wallet, even protected by password?
Probably not. And yet, they use it for banking all the time.
I still think unrooted phones are more secure than Windows computers. I trust my Android more than I'd trust Windows (which I don't use anyway), and I would never use any Windows computer to even check my email.
legendary
Activity: 882
Merit: 1873
Crypto Swap Exchange
I find using a hardware wallet much more work than using a software wallet.

My order of convenience (from easiest to most work):
-software wallet without password (for very small amounts, like a few wallets with a few dollars each)
-software wallet with password (the most common option I guess)
-hardware wallet (getting it, connecting the cable and typing numbers on small buttons make it inconvenient)
-cold storage setup (a proper setup including figuring out which wallet versions to use takes me a long time)
Debatable.  Software wallet is great, I admit it.  Most convenient too.  But there are some security issues I can not ignore.

Software wallets are great for me and you who I guess do not have TikTok, YooToob3000xyz Downloader, Free APK Downloader and all of that crap installed on our devices and do not click on all of these 'Claim Your $100,000 Check NOW!' ads or install this random malware out of the 'ALERT! ALERT! VIRUS DETECTED' annoying pop-up ads.

Also, the regular person does not choose a secure password but an easy to remember one.  Would you say the average person's phone or laptop is safe enough for a Software wallet, even protected by password?

I can't imagine traveling with a hardware wallet. I'd very much prefer to use a software wallet, funded with just enough for the trip.
I can see why and I can not contradict you.

-
Regards,
PrivacyG
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Using a Hardware Wallet is more convenient.  And since almost everyone is a lazy butt choosing convenience over utility, there we go.
I find using a hardware wallet much more work than using a software wallet.

My order of convenience (from easiest to most work):
-software wallet without password (for very small amounts, like a few wallets with a few dollars each)
-software wallet with password (the most common option I guess)
-hardware wallet (getting it, connecting the cable and typing numbers on small buttons make it inconvenient)
-cold storage setup (a proper setup including figuring out which wallet versions to use takes me a long time)

I literally use all four of those:
I use different wallets for different purposes. I know the shortcomings (and I'm aware I might not even know everything), but it's enough to reduce the risk to an acceptable level without being inconvenient.

Seriously now.  I can not imagine myself carrying an old airgapped computer with me on a trip.  I can not imagine myself doing the signing and all of that using two separate computers in a hotel.  I would rather carry around a Hardware Wallet instead and use that one safely.  This is why I think they are worth the cost.
I can't imagine traveling with a hardware wallet. I'd very much prefer to use a software wallet, funded with just enough for the trip.

Quote
I could pop up Electrum on a Tails and sign a single transaction without the server knowing all the UTXO's I own.
If you bring Tails, you don't need 2 separate computers. Just your normal laptop, reboot, and sign the transaction offline.

Quote
But if you are in a huge hurry to move your coins, you better not have your funds on an old offline computer as you may end up throwing all of that through the window.  Been in a hurry before with an old airgapped computer and it was pure hell.
It prevents panic selling Wink
legendary
Activity: 882
Merit: 1873
Crypto Swap Exchange
So many of you guys talking about technical stuff yet the answer is for me so much simpler than that.  Using a Hardware Wallet is more convenient.  And since almost everyone is a lazy butt choosing convenience over utility, there we go.

Seriously now.  I can not imagine myself carrying an old airgapped computer with me on a trip.  I can not imagine myself doing the signing and all of that using two separate computers in a hotel.  I would rather carry around a Hardware Wallet instead and use that one safely.  This is why I think they are worth the cost.

There are many drawbacks but also many aspects I like.  Drawbacks being you have so much more control over your data with an airgapped cold storage than a Hardware Wallet provides you.  I could pop up Electrum on a Tails and sign a single transaction without the server knowing all the UTXO's I own.  Hardware Wallets are not like that, unless you use a random Passphrase for your transaction but then you have to plug in your Hardware Wallet with the main Passphrase first and send the required amount to one of the random Passphrase's public keys which again means less privacy.  Offline airgapped cold storage gives you more control.  Sign the transaction, broadcast it and shut down Tails.  All the other addresses in your cold storage are now unknown to the server.

Aspects I like.  You can put that damn thing in your pocket and securely move Bitcoins around in the middle of the Ocean, long as you have data connection.  You can toss it inside your pocket and even if you ever lose it, nobody would be able to steal from it unless you dropped a Trezor with balances on the main account without Passphrase security or identify you by inspecting it unless you left fingerprints on it and the one picking it up is some FBI agent.

Now that I thought about pros and cons, I am starting to see this in a similar way there is cash and card for Fiat.  You can pull a $50 bill out of your pocket without anyone knowing how many others you have in your other pockets or wallet, if any.  It is however easier to carry around a card with $50,000 on it than it is to carry $50,000 cash on you.  You can toss that card right inside your sock and carelessly walk around.  But all of this is at the expense of your privacy.

You see.  Even if there is Bitcoin Core and Electrum, Hardware Wallets come handy in some situations.  The best thing of all this is you can have a Do It Yourself storage using older devices you already own or you can have a Hardware Wallet instead and make things more convenient for yourself.  You have the choice, it is amazing.

But if you are in a huge hurry to move your coins, you better not have your funds on an old offline computer as you may end up throwing all of that through the window.  Been in a hurry before with an old airgapped computer and it was pure hell.

-
Regards,
PrivacyG
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
But you're missing one point, which is that you need physical access to the device. To have physical access to it you need to first notice it, and a hardware wallet is pretty obviously a device containing money, so the chances are that an attacker will grab it and try to hack it. A raspberry pi or an old computer laying around is way less tempting in the eyes of an attacker.
By the time "an attacker" has physical access to any hardware you have lying around, you have a problem already. And a small hardware wallet can be much harder to find than a large computer.

This is where something like Ledger is actually doing a really good job, since they literally look like USB drives
Of course, none of that helps if Ledger leaks millions of addresses where their hardware wallet can be found.... And that's really the biggest concern I have buying anything dedicated to Bitcoin: it can make you a target.

I know some of you guys are super paranoid and I understand why one would want top security for all wallets they use, however, I personally don't think I need that much security for a wallet I am going to be using in front of other people in the first place, just a phone wallet on my phone would do.
Maybe it's not that likely to happen, just like $5 wrench attacks on debit cards don't happen often, even though those cards can often access a decent amount of money.
sr. member
Activity: 1190
Merit: 469
if you swallowed your hardware wallet you just traded one problem for another one  Shocked

Probably just a painful surgical procedure, but at least the thieves won't be able to find it, of course, you should have your seeds stored in another place just in case the stomach acid damages all those chips, either way, the implications will be a lot worse if you try to eat your laptop while someone is breaking into your house.

imagine going through all that and then finding out the hospital was required to examine your usb hard drive. by examine i mean hook it up to a computer and take a look at what's on it. hopefully you encrypted it. Grin
legendary
Activity: 2436
Merit: 6643
be constructive or S.T.F.U
if you swallowed your hardware wallet you just traded one problem for another one  Shocked

Probably just a painful surgical procedure, but at least the thieves won't be able to find it, of course, you should have your seeds stored in another place just in case the stomach acid damages all those chips, either way, the implications will be a lot worse if you try to eat your laptop while someone is breaking into your house.
sr. member
Activity: 1190
Merit: 469


also, should I need to hide my funds at any given point, I am pretty sure I can swallow my hw or even shove it up my arse if I had to, not sure I can do that with a full tower PC. :Dd

if you swallowed your hardware wallet you just traded one problem for another one  Shocked
legendary
Activity: 2436
Merit: 6643
be constructive or S.T.F.U
Sure, not everyone has two smartphones.

Get Sirin Labs Finney or HTC Exodus and then you won't need the casing nor the extra phone, I don't think they are anywhere near cheap tho.


a hardware wallet is pretty obviously a device containing money, so the chances are that an attacker will grab it and try to hack it. A raspberry pi or an old computer laying around is way less tempting in the eyes of an attacker.

Assuming we all agree that nobody should be bringing their hw wallet with them for a walk, then we can only assume that someone will break into your house, if that person knows you own crypto and you are being targeted, they will take everything that has a semiconductor in it (hopefully they will leave the fridge alone), now if that person doesn't know anything about crypto, I am pretty sure they will be more tempted to steal the old PC than something that looks like a USB drive.



As far as the OP goes, I am not sure where does the assumption of everyone having a spare PC comes from and thus I don't think that should be used an argument, now besides the extra physical securities that any decent hw has over your old PC, is the ability to hide it and move it once needed, if the building catches fire, or some other country decides to invade your country and you have to flee home, it would be a lot easier to grab that hw and run.

also, should I need to hide my funds at any given point, I am pretty sure I can swallow my hw or even shove it up my arse if I had to, not sure I can do that with a full tower PC. :Dd
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
But you're missing one point, which is that you need physical access to the device. To have physical access to it you need to first notice it, and a hardware wallet is pretty obviously a device containing money, so the chances are that an attacker will grab it and try to hack it. A raspberry pi or an old computer laying around is way less tempting in the eyes of an attacker.
That's a good point! This is where something like Ledger is actually doing a really good job, since they literally look like USB drives with a random branding on it for the average person.

I do believe we need more designs like this in the future; one possibility would even be to fit a hardware wallet into a cheap smartphone casing. That would really blend in well. Sure, not everyone has two smartphones, but I've seen that in the past and it would literally allow you to sign transactions in plain sight without much suspicion.
hero member
Activity: 1008
Merit: 960
~snip~
I've got to repeat myself, but let's not forget that there's a big difference in attack surface between an embedded device with secure element versus a full PC (Raspberry Pi counts as well) without secure chip and probably even without secure boot (old laptops, Raspberry), possibly even with outdated BIOSes that might be full of holes like a good Swiss cheese.

I'll leave this article as a very current example of a severe BIOS bug:
https://thehackernews.com/2022/03/new-dell-bios-bugs-affect-millions-of.html

Of course, you can have also Linux kernel bugs, library bugs, and the list goes on - as well as cold boot attacks and everything I mentioned. On a hardware wallet, you have the SoC, the firmware, and that's basically it. There's much less code to audit and keep secure & updated than on a full PC. Like, if you're really worried, it's realistic to read the whole codebase of a hardware wallet, but it's impossible for one person to read through all the code that runs on an airgapped 'old laptop wallet' or a SeedSigner. This would include kernel and all libraries and packages.

Yeah, that's fair and I agree with the issues that a PC or Raspberry Pi bring to the table. I'll start by saying that there's of course not a single best way of doing this, these are all security "guidelines" and no system is 100% secure.

But you're missing one point, which is that you need physical access to the device. To have physical access to it you need to first notice it, and a hardware wallet is pretty obviously a device containing money, so the chances are that an attacker will grab it and try to hack it. A raspberry pi or an old computer laying around is way less tempting in the eyes of an attacker.
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
~snip~

So Bitcoin Core allows to do the same thing, most people have an old pc that they do not use, they can just install bitcoin core, generate a wallet, export descriptors to the online PC (the daily use PC), there you create a watch-only wallet, import descriptors and you will have a functional watch wallet (allowing to create new receiving addresses and create unsigned transactions) after a transaction is created you just copy the psbt file in a USB flash drive, bring to the offline PC, sign and bring back to the online PC to broadcast.

~snip~

Let me know your thoughts.

Basically a hardware wallet is a product, ready to use, with a company that can provide support for newbies. You don't need a hardware wallet, but it's easier to use for people in general. Bitcoin literally started with Bitcoin Core. Hardware wallets were created later on, for people that didn't want to deal with the setup.

You can of course just have an offline pc (A raspberry pi Zero is ideal for this as it doesn't have any networking hardware) and run Electrum in it. PSBTs can even be transferred using a webcam through QR codes, it's pretty cool. But this is a DIY solution, which is not ideal for everyone.
I've got to repeat myself, but let's not forget that there's a big difference in attack surface between an embedded device with secure element versus a full PC (Raspberry Pi counts as well) without secure chip and probably even without secure boot (old laptops, Raspberry), possibly even with outdated BIOSes that might be full of holes like a good Swiss cheese.

I'll leave this article as a very current example of a severe BIOS bug:
https://thehackernews.com/2022/03/new-dell-bios-bugs-affect-millions-of.html

Of course, you can have also Linux kernel bugs, library bugs, and the list goes on - as well as cold boot attacks and everything I mentioned. On a hardware wallet, you have the SoC, the firmware, and that's basically it. There's much less code to audit and keep secure & updated than on a full PC. Like, if you're really worried, it's realistic to read the whole codebase of a hardware wallet, but it's impossible for one person to read through all the code that runs on an airgapped 'old laptop wallet' or a SeedSigner. This would include kernel and all libraries and packages.
hero member
Activity: 1008
Merit: 960
~snip~

So Bitcoin Core allows to do the same thing, most people have an old pc that they do not use, they can just install bitcoin core, generate a wallet, export descriptors to the online PC (the daily use PC), there you create a watch-only wallet, import descriptors and you will have a functional watch wallet (allowing to create new receiving addresses and create unsigned transactions) after a transaction is created you just copy the psbt file in a USB flash drive, bring to the offline PC, sign and bring back to the online PC to broadcast.

~snip~

Let me know your thoughts.

Basically a hardware wallet is a product, ready to use, with a company that can provide support for newbies. You don't need a hardware wallet, but it's easier to use for people in general. Bitcoin literally started with Bitcoin Core. Hardware wallets were created later on, for people that didn't want to deal with the setup.

You can of course just have an offline pc (A raspberry pi Zero is ideal for this as it doesn't have any networking hardware) and run Electrum in it. PSBTs can even be transferred using a webcam through QR codes, it's pretty cool. But this is a DIY solution, which is not ideal for everyone.
jr. member
Activity: 32
Merit: 128
I just thought of an even easier protection against this: get a laptop with RAM soldered to the mainboard. No way someone's going to freeze it and desolder at the same time.
now you're talking!  Cool

That is a great advice!

Another thing would be to use the dedicated offline PC with tails, as far as I know it is not vulnerable to a cold boot attack since RAM is overwritten after shutting it down (assuming PC was not previously compromised).
sr. member
Activity: 1190
Merit: 469

There's no point in encrypting RAM: to use it, the same RAM needs to have the decryption key.

apparently there's methods to bypassing the ram and storing the decryption keys in cpu so what you're saying isn't true but anyhow. maybe only hardcore linux geeks can do that.

Quote
I just thought of an even easier protection against this: get a laptop with RAM soldered to the mainboard. No way someone's going to freeze it and desolder at the same time.

now you're talking!  Cool
legendary
Activity: 2212
Merit: 7064
I am asking this question since whenever I see someone asking about how to store bitcoin, all the answers I read is buy a HW, but I rarely see someone advising to just use Bitcoin Core... the most reviewed and secure client?
You are comparing apples and oranges here, and Bitcoin Core is not viable option for most newbies.
Most of them can't wait for hours and days for blockchain download and sync and they don't care at all about running full node.
If you recommend someone new to use Bitcoin Core he would say that it's slow and maybe he would never again use BTC.

I do understand that there is a lot of marketing involved and they want to sell it, but in reality what offers HW vs Bitcoin Core?
I don't care about marketing gimmicks of some hardware wallets, but they can offer nice balance of security and usability.
Good hardware wallets can be open source, air-gapped, offline devices that can be used for storing seed words and signing transactions.
Bitcoin Core need internet connection to work properly.

At the end what are we doing extra? Some air gaped wallets like coldcard we create the unsigned tx, copy to SD Card, sign with the device, and bring back to the online PC to broadcast. We are doing exactly the same thing or can be even more since if we don't use it directly with Bitcoin Core and instead we use electrum, we will need also need to have a server like electrs which makes the bridge between Bitcoin Core and electrum.
I don't like coldcard wallet after they changed their license and stop being open source, so I don't recommend them, but you are nor mixing Electrum SPV wallet and Bitcoin Core.
I honestly don't understand the point you want to make with your comment here.
Nobody is forcing you to use hardware wallets and they are not needed, if you have offline computer device with Electrum wallet.
jr. member
Activity: 32
Merit: 128
Source? I'm genuinely curious and I'm finding nothing on that matter.

For seed extraction I thought the old versions were vulnerable to Oled side channel  (ledger was vulnerable but not critical) not allowing seed extraction.

The charlatan has a great blog and he listed all hacks, if you want to check, here is the link:
https://thecharlatan.ch/List-Of-Hardware-Wallet-Hacks/
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
Sure seed plate is not needed, but that is the recommendations I use to see. Why not when using a latptop? Because with bitcoin core you just backup a wallet.dat
And backing up a file is less prone to errors and cheaper than backing up words on paper or steel washers?

You'd advise to do backups; sure, you can do that. But reliability of laptop storage would mean you might be looking at replacing that crappy old laptop HDD short time after setting it up, so having to buy a new one (or upgrade to SSD) will again cost you time and money to install, set up and restore. Lots of hassle.

Backups can be made in USB Flash Drive, DVD, SD Cards etc
Do you read my replies in full? I said when your HDD fails, you'll need to replace it. You can't just run off of your DVD backup. USB drive could work, but the performance will be bad; they don't hold indefinitely and 1 USB drive is at least 5 bucks while you can make a paper backup for a few cents.

Not 'many of them can be hacked easily'. The hacks that were possible, weren't too simple to perform (took multiple hours & good equipment + knowledge) and they were only on hardware wallets of the 'first generation' (without secure element) and on firmware versions that are ancient by 2022. I believe the Trezor hack utilized a 2016 firmware; that would be 6 years ago now. I also explicitly mentioned that I'd prefer a HW wallet with secure element over a laptop when it comes to physical attacks.

The way to exploit the trezor one is the same for the last version, both can not be fixed.
Again: do you even read? Both have no secure element. You're literally talking without having a clue.


That doesn't require a bug in Bitcoin Core. Assuming the same attacker model (access to the device for a reasonable, but equal amount of time), he'll just need to pull the HDD out of the laptop, while he'd have to perform a pretty advanced low-level hardware attack on the hardware wallet and might not pull it off in time for the owner to notice the loss, restore the seed and move the funds.

That completley goes out of the point, the bug was in ledger software making to loose funds because of change, so again, I do not imagine this kind of "bugs" happening in the most reviewed client such as Bitcoin Core
[/quote]
Again, when using a PC, it's not only running Core; also lots of other software that can have bugs, which gives an attacker access to Bitcoin Core, e.g. by exploiting something in the Linux kernel. Hardware wallets don't run an OS, so the attack surface is much smaller.

Source? And even if they did exist, as you say: it would be pretty complicated. Probably buying you enough time to move your funds.
https://www.youtube.com/watch?v=s3f1zNpzINY
And check their blog for more info how technique was improved recently.
I don't have time right now to watch videos, and this 'hacker movie' style make it appear pretty cringe and untrustworthy, but in the first few seconds they say that it's very difficult and requires lots of very sophisticated equipment and experience. That's what I said (if you bothered to read, which apparently you don't).
If you also take a look at how laptop HDDs are read out, you will quickly notice it's much easier and quicker, and even a cold boot attack will be easier to do than this.

Well first, you can put in a passphrase on a hardware wallet as well, so that's not an argument. And while you say more attacks will be developed, also better SE chips will be developed. It's a cat-and-mouse game and the attacker is always going to be a step behind. Until now, even the oldest of secure elements used in hardware wallets are secure, to the best of my knowledge.

So now we assume that if HW is seized can be compromised, so let's add a passphrase, if you add a secure  one entering will be so tedious in some models or nearly impossible to be easy of use, and in other HW you will have to type with the PC which is not a safe practice.
If someone doesn't use the passphrase, it's their fault, not the hardware wallet's fault. Only because on some models it's tedious, doesn't mean it must be so on all of them. For instance on my Foundation Passport it's very easy and quick to do. We're talking about the general concept of hardware wallets here; and the fact is that they're just more secure. Sure, something could be more tedious or whatnot; but it's not inherent to the concept. You could make a huge hardware wallet with a full-sized keyboard but running Passport code and with a Passport PCB in it.

Falling for scams is not HW fault, what I just said is that someone educated is less likely to fall for it, I do not see how ridiculous is this statement.
Because you're talking about arguments against hardware wallets and bringing up that people may enter the seed into a phishing webpage. They can do that with literally any wallet.

To store several copies of the wallet.dat you'll need several airgapped devices. If you store them all on the same device it's as good as having no backup at all.
Yes correct, several devices.
Do you trust to be able to keep multiple USB and DVD drives safe from damage (water, fire, rubble) as well as physical deterioration over time? Data rot.

i think you can just encrypt the ram.
There's no point in encrypting RAM: to use it, the same RAM needs to have the decryption key.

I just thought of an even easier protection against this: get a laptop with RAM soldered to the mainboard. No way someone's going to freeze it and desolder at the same time.
That's why I recommended MacBooks Cheesy Soldered RAM and SSD. Tongue I believe on the latest ones with M1... chip, the storage and RAM is even within the SoC actually.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
i think you can just encrypt the ram.
There's no point in encrypting RAM: to use it, the same RAM needs to have the decryption key.

I just thought of an even easier protection against this: get a laptop with RAM soldered to the mainboard. No way someone's going to freeze it and desolder at the same time.
sr. member
Activity: 1190
Merit: 469

That requires the laptop to be shut down when getting into attacker's hands.

If it's on, you can just freeze the RAM and get the keys out.

hopefully someone would have a security protocol such that it was not possible for someone else to gain access to their laptop when it was turned on. a security protocol is more than just saying "i'm encrypting my laptop hard drive. done.". it could encompass other things too. freezing RAM i never hear of that but i think you can just encrypt the ram.

Quote
I also don't know that everyone running core has full disk encryption turned on.

we're talking about an individual with a sizeable amount of bitcoin right? Grin
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
That was on ledger, in version 0.13 if not wrong. Just search ledger lost funds chane address, you will find all information about it.
Got any more details? Google yields nothing and it must have been a different version than 0.13 since no such version exists in Ledger's release history.
Adding quotation marks to "change address" yields related results, specially these:

However, it's more of a client issue (Ledger Live) than the hardware wallet itself, fund is safe all along.
legendary
Activity: 3150
Merit: 2185
Playgram - The Telegram Casino
Quote from:  HeRetiK  link=topic=5391270.msg59634037#msg59634037 date=1648164085
Given full physical access and sufficient expertise the seed can be extracted from certain Trezor models, but AFAIK no such attacks have been successfully mounted on Ledger devices. Feel free to bring me up to date in case there's been any successful seed extractions from Ledger devices recently.

Recently I am not aware no, old ledger models yes but since nano X not that I am aware.

Source? I'm genuinely curious and I'm finding nothing on that matter.


Quote from:  HeRetiK  link=topic=5391270.msg59634037#msg59634037 date=1648164085
I guess you're referring to paper wallets? Since hardware wallets are commonly deterministic it's technically not possible to lose funds to unknown change addresses (though if you have any more info on that I'd love to hear it).

That was on ledger, in version 0.13 if not wrong. Just search ledger lost funds chane address, you will find all information about it.

Got any more details? Google yields nothing and it must have been a different version than 0.13 since no such version exists in Ledger's release history.

jr. member
Activity: 32
Merit: 128
I'm sorry, but you're actually talking out of your ass here.

Why would you include the cost of seed plates when using a hardware wallet, but not when using a laptop? It makes no sense. Either you factor in the cost with both or with none. I prefer none, because I won't assume how someone secures their seed based on their wallet choice.

Sure seed plate is not needed, but that is the recommendations I use to see. Why not when using a latptop? Because with bitcoin core you just backup a wallet.dat

You'd advise to do backups; sure, you can do that. But reliability of laptop storage would mean you might be looking at replacing that crappy old laptop HDD short time after setting it up, so having to buy a new one (or upgrade to SSD) will again cost you time and money to install, set up and restore. Lots of hassle.

Backups can be made in USB Flash Drive, DVD, SD Cards etc

Not 'many of them can be hacked easily'. The hacks that were possible, weren't too simple to perform (took multiple hours & good equipment + knowledge) and they were only on hardware wallets of the 'first generation' (without secure element) and on firmware versions that are ancient by 2022. I believe the Trezor hack utilized a 2016 firmware; that would be 6 years ago now. I also explicitly mentioned that I'd prefer a HW wallet with secure element over a laptop when it comes to physical attacks.

The way to exploit the trezor one is the same for the last version, both can not be fixed.

That doesn't require a bug in Bitcoin Core. Assuming the same attacker model (access to the device for a reasonable, but equal amount of time), he'll just need to pull the HDD out of the laptop, while he'd have to perform a pretty advanced low-level hardware attack on the hardware wallet and might not pull it off in time for the owner to notice the loss, restore the seed and move the funds.

That completley goes out of the point, the bug was in ledger software making to loose funds because of change, so again, I do not imagine this kind of "bugs" happening in the most reviewed client such as Bitcoin Core

Source? And even if they did exist, as you say: it would be pretty complicated. Probably buying you enough time to move your funds.
https://www.youtube.com/watch?v=s3f1zNpzINY
And check their blog for more info how technique was improved recently.

Well first, you can put in a passphrase on a hardware wallet as well, so that's not an argument. And while you say more attacks will be developed, also better SE chips will be developed. It's a cat-and-mouse game and the attacker is always going to be a step behind. Until now, even the oldest of secure elements used in hardware wallets are secure, to the best of my knowledge.

So now we assume that if HW is seized can be compromised, so let's add a passphrase, if you add a secure  one entering will be so tedious in some models or nearly impossible to be easy of use, and in other HW you will have to type with the PC which is not a safe practice.


Again BS: falling for phishing sites and giving away your seed words isn't due to the wallet being a HW wallet. That can happen with literally any wallet. How can this seriously be considered an argument against hardware wallets?
Or is it more leaning into whataboutism such as: 'Well, attacks that a HW wallet can't protect you against, do exist, so they're useless'?

There are reasons against hardware wallets, but the ones you present are so weak, it's ridiculous.

Falling for scams is not HW fault, what I just said is that someone educated is less likely to fall for it, I do not see how ridiculous is this statement.

* The average Joe will not save 400+GB on his HDD. He doesn't understand pruning, he doesn't want to wait days for the initial sync and doesn't understand why should he download such amount of data.
* The average Joe probably has Windows or mobile phone he wants to use Bitcoin with.
* The average Joe is not tech savvy and he would make mistakes if we would advise him use cold storage. I've seen case when one was claiming he has cold storage which he connects to the internet when he send transactions.
  (Yes, he got his money stolen by some malware/exploit).

Bitcoin core is great, but it's not for everybody.
Bitcoin core, if used as hot wallet, is as vulnerable as any hot wallet..

You are right, maybe I was wrong assuming that average Joe would be interested in learning more or could have concerns about delegating security.

If computer is compromised yes, it will not be safe, however I was referring in to use bitcoin core offline.

Quote from:  LoyceV    link=topic=5391270.msg59634037#msg59634037 date=1648164085
You don't see the average PC user do this, right? The average user who gets confused when the internet icon has moved sure can't handle this. And even if they can do it, it's a lot of work for making a transaction. That's okay if you do it once a year, it's not okay for daily use.

That was a good one  Grin
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
As far as I know, it's relatively commonly done in high-security level pentests and in critical practical attacks (mostly physical attacks against companies) as well. The technique has definitely attracted lots of research and it was proven to work quite well by lots of different folks.
I read about an arrest in the Netherlands not so long ago, where the SWAT team entered through the windows to prevent the guy from turning off his computer.
Okay, here's another solution: add a dead man's switch to your chair. If you get up, it disconnects the power to your PC. That's going to be seriously annoying to use, but for the truely paranoid that's a small price to pay.
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
you can just freeze the RAM and get the keys out.
Has that ever happened in a real life theft? That's some James Bond level burglary!
If you really worry about this:
Quote
the RAM can be safely moved to a different computer
Then glue the RAM into your computer. Good luck to any thief.
As far as I know, it's relatively commonly done in high-security level pentests and in critical practical attacks (mostly physical attacks against companies) as well. The technique has definitely attracted lots of research and it was proven to work quite well by lots of different folks.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
you can just freeze the RAM and get the keys out.
Has that ever happened in a real life theft? That's some James Bond level burglary!
If you really worry about this:
Quote
the RAM can be safely moved to a different computer
Then glue the RAM into your computer. Good luck to any thief.
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!

That doesn't require a bug in Bitcoin Core. Assuming the same attacker model (access to the device for a reasonable, but equal amount of time), he'll just need to pull the HDD out of the laptop, while he'd have to perform a pretty advanced low-level hardware attack on the hardware wallet and might not pull it off in time for the owner to notice the loss, restore the seed and move the funds.

not if the hard drive is encrypted...
That requires the laptop to be shut down when getting into attacker's hands. If it's on, you can just freeze the RAM and get the keys out.
I also don't know that everyone running core has full disk encryption turned on.

Since a laptop is a general-purpose device, it inherently has a larger attack surface. For example, older laptops and certain Linux distros (or both) may not support secure boot, allowing for other attack vectors that you don't have when a HW wallet boots up.
I'd argue it will be harder to crack a HDD password (offline attacks on an ISO of it etc.) than a hardware wallet's password (no way to extract the memory contents + limited amounts of tries before erasing itself.

I've taken the time to read the discussion. What's up with the continuing debriefing of the hardware wallets' disadvantages? It's clear that they are both needed; it's just that each satisfies the same needs, but for different people. (Except if they may also want altcoins etc.)

The reasons are portability, easiness on transferal and security simplified. I wouldn't buy a hardware wallet to avoid running my own full node; I'd rather give an extra buck to a Raspberry Pi and have my hardware wallet connected to my node. That way I could enjoy all the benefits.

If I didn't want to spare a single dollar to my Bitcoin node setup AND had an old dusty PC/laptop left over, I'd use it to run a node.
That's what I recommend. Smiley Core with electrs & connect a hardware wallet-compatible SPV wallet to it.


For instance, people are already taking pictures of seed words even though the software tells them not to
I do that too, but only for (mobile) wallets which I'll use for a very small amount. For convenience, I'm willing to risk it.
Shame! Grin


My own preference: I use different wallets for different purposes. I know the shortcomings (and I'm aware I might not even know everything), but it's enough to reduce the risk to an acceptable level without being inconvenient.
This is a kind of diversification that definitely makes sense. People also talk about getting hardware wallets with secure chips from different manufacturers to minimize risk of backdoors. This again goes towards 'paranoia-level security' as we often do around here, but I support the idea.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Most people i know don't bother buy seed plate if they decide to use hardware wallet.
I consider ordering anything dedicated to crypto bad OPSEC.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Yes buying a laptop will be more expensive, however when you see how much some hardware wallets cost + seed plates if they buy (it is the setup that I see most often people talking about) price does not go too far from a cheap laptop

Most people i know don't bother buy seed plate if they decide to use hardware wallet.

also about storage causing lost of funds we may assume that several copies of wallet.dat will be stored

There's additional cost if you store copy wallet.dat on different storage.

That doesn't require a bug in Bitcoin Core. Assuming the same attacker model (access to the device for a reasonable, but equal amount of time), he'll just need to pull the HDD out of the laptop, while he'd have to perform a pretty advanced low-level hardware attack on the hardware wallet and might not pull it off in time for the owner to notice the loss, restore the seed and move the funds.
not if the hard drive is encrypted...

The scenario mention access to physical device, so it's vulnerable against malware which target BIOS or boot partition (which usually separated and not encrypted).
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
So Bitcoin Core allows to do the same thing, most people have an old pc that they do not use, they can just install bitcoin core, generate a wallet, export descriptors to the online PC (the daily use PC), there you create a watch-only wallet, import descriptors and you will have a functional watch wallet (allowing to create new receiving addresses and create unsigned transactions) after a transaction is created you just copy the psbt file in a USB flash drive, bring to the offline PC, sign and bring back to the online PC to broadcast.
You don't see the average PC user do this, right? The average user who gets confused when the internet icon has moved sure can't handle this. And even if they can do it, it's a lot of work for making a transaction. That's okay if you do it once a year, it's not okay for daily use.

For instance, people are already taking pictures of seed words even though the software tells them not to
I do that too, but only for (mobile) wallets which I'll use for a very small amount. For convenience, I'm willing to risk it.
People have also lost funds stored in a hardware wallet after they entered their seed words in a phishing site. Lack of common sense is a great way to lose your money Sad

someone taking the time to learn and do all the process will be less likely to commit error, we see some users loosing all funds from HW because they fall for pishing sites asking seed etc.
In reality, most Bitcoin Core users run it on an online system, and most of them probably use Windows. That makes losing funds much more likely than it is when using a hardware wallet, even though human stupidity will always find a way.



My own preference: I use different wallets for different purposes. I know the shortcomings (and I'm aware I might not even know everything), but it's enough to reduce the risk to an acceptable level without being inconvenient.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
I am asking this question since whenever I see someone asking about how to store bitcoin, all the answers I read is buy a HW, but I rarely see someone advising to just use Bitcoin Core... the most reviewed and secure client?

* The average Joe will not save 400+GB on his HDD. He doesn't understand pruning, he doesn't want to wait days for the initial sync and doesn't understand why should he download such amount of data.
* The average Joe probably has Windows or mobile phone he wants to use Bitcoin with.
* The average Joe is not tech savvy and he would make mistakes if we would advise him use cold storage. I've seen case when one was claiming he has cold storage which he connects to the internet when he send transactions.
  (Yes, he got his money stolen by some malware/exploit).

Bitcoin core is great, but it's not for everybody.
Bitcoin core, if used as hot wallet, is as vulnerable as any hot wallet.

So what other option we have for newbies? At least from my side it's not marketing; it's genuine attempt to help users keep their coins safe.


wanted to post in bitcoin and not bitcoin tehcnical support (since I do not think it is the correct place) but I can not delete it

Then move it. See bottom-left link.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
I've taken the time to read the discussion. What's up with the continuing debriefing of the hardware wallets' disadvantages? It's clear that they are both needed; it's just that each satisfies the same needs, but for different people. (Except if they may also want altcoins etc.)

The reasons are portability, easiness on transferal and security simplified. I wouldn't buy a hardware wallet to avoid running my own full node; I'd rather give an extra buck to a Raspberry Pi and have my hardware wallet connected to my node. That way I could enjoy all the benefits.

If I didn't want to spare a single dollar to my Bitcoin node setup AND had an old dusty PC/laptop left over, I'd use it to run a node.
legendary
Activity: 4522
Merit: 3426
One of the major benefits of a hardware wallet is that it is portable, and you can safely plug it into any computer.
sr. member
Activity: 1190
Merit: 469

That doesn't require a bug in Bitcoin Core. Assuming the same attacker model (access to the device for a reasonable, but equal amount of time), he'll just need to pull the HDD out of the laptop, while he'd have to perform a pretty advanced low-level hardware attack on the hardware wallet and might not pull it off in time for the owner to notice the loss, restore the seed and move the funds.

not if the hard drive is encrypted...
legendary
Activity: 3150
Merit: 2185
Playgram - The Telegram Casino
also about storage causing lost of funds we may assume that several copies of wallet.dat will be stored

To store several copies of the wallet.dat you'll need several airgapped devices. If you store them all on the same device it's as good as having no backup at all.


with a strong passphrase it would not be that easy or even possible to crack it in a reasonable time, allowing funds to be moved before they are able to crack. That can not be said if they find the seed or get the HW seeing how many of them can be hacked easily

Given a strong enough passphrase even a fully known seed is useless to an attacker.

Given full physical access and sufficient expertise the seed can be extracted from certain Trezor models, but AFAIK no such attacks have been successfully mounted on Ledger devices. Feel free to bring me up to date in case there's been any successful seed extractions from Ledger devices recently.


even worse if firmware is not updated and still have vulnerabilities, and to not mention bugs that may even cause loose of funds, I can't imagine Bitcoin Core having bugs with change addresses to cause loose of funds as we ever seen with HW for example.

I guess you're referring to paper wallets? Since hardware wallets are commonly deterministic it's technically not possible to lose funds to unknown change addresses (though if you have any more info on that I'd love to hear it).


we see some users loosing all funds from HW because they fall for pishing sites asking seed etc.

Seeds are also used by Bitcoin Core and other software wallets so that doesn't make a difference. Except, a lot of phishing sites ask for private keys directly rather than the seed, which for a regular user is impossible to obtain from the hardware wallet directly.


Don't get me wrong, if you know what you're doing setting up cold storage using an airgapped device is fine, in some cases maybe even preferable. Just be aware of what the actual up and downsides are.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
There is no problem with using both hardware wallet and bitcoin core there are still people being scammed with hardware wallets and cold-storage Bitcoin core or being hacked physically there are some USB tools out there that can leak or download your data or download your keyloggers.
 
So it depends on you on how you protect yourself from any attacks. If you don't have any budget buying a hardware wallet you can have cold storage as your best option you can either use Bitcoin Core or Electrum as an offline wallet.
You can also make an airgap wallet through a mobile phone just make sure you don't connect it to the internet forever and you have paper seed backup for future recovery.

There is no perfect wallet against hackers and scammers every day they are developing techniques to find a way to hack your wallet.
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
I'm sorry, but you're actually talking out of your ass here.

Yes buying a laptop will be more expensive, however when you see how much some hardware wallets cost + seed plates if they buy (it is the setup that I see most often people talking about) price does not go too far from a cheap laptop
Why would you include the cost of seed plates when using a hardware wallet, but not when using a laptop? It makes no sense. Either you factor in the cost with both or with none. I prefer none, because I won't assume how someone secures their seed based on their wallet choice.

also about storage causing lost of funds we may assume that several copies of wallet.dat will be stored, with a strong passphrase it would not be that easy or even possible to crack it in a reasonable time, allowing funds to be moved before they are able to crack.
You'd advise to do backups; sure, you can do that. But reliability of laptop storage would mean you might be looking at replacing that crappy old laptop HDD short time after setting it up, so having to buy a new one (or upgrade to SSD) will again cost you time and money to install, set up and restore. Lots of hassle.

That can not be said if they find the seed or get the HW seeing how many of them can be hacked easily, even worse if firmware is not updated and still have vulnerabilities, and to not mention bugs that may even cause loose of funds
Not 'many of them can be hacked easily'. The hacks that were possible, weren't too simple to perform (took multiple hours & good equipment + knowledge) and they were only on hardware wallets of the 'first generation' (without secure element) and on firmware versions that are ancient by 2022. I believe the Trezor hack utilized a 2016 firmware; that would be 6 years ago now. I also explicitly mentioned that I'd prefer a HW wallet with secure element over a laptop when it comes to physical attacks.

I can't imagine Bitcoin Core having bugs with change addresses to cause loose of funds as we ever seen with HW for example.
That doesn't require a bug in Bitcoin Core. Assuming the same attacker model (access to the device for a reasonable, but equal amount of time), he'll just need to pull the HDD out of the laptop, while he'd have to perform a pretty advanced low-level hardware attack on the hardware wallet and might not pull it off in time for the owner to notice the loss, restore the seed and move the funds.

There are some complicated techniques to even hack SE of HW
Source? And even if they did exist, as you say: it would be pretty complicated. Probably buying you enough time to move your funds.

I do assume that in future because of more HW adoption those techniques will be developed, being less far secure than we may think, like we see right now some forensic labs unlocking iphones, androids in matter of seconds but brute forcing a strong passphrase will be always more complicated I think.
Well first, you can put in a passphrase on a hardware wallet as well, so that's not an argument. And while you say more attacks will be developed, also better SE chips will be developed. It's a cat-and-mouse game and the attacker is always going to be a step behind. Until now, even the oldest of secure elements used in hardware wallets are secure, to the best of my knowledge.

About user error you are right, however someone taking the time to learn and do all the process will be less likely to commit error, we see some users loosing all funds from HW because they fall for pishing sites asking seed etc.
Again BS: falling for phishing sites and giving away your seed words isn't due to the wallet being a HW wallet. That can happen with literally any wallet. How can this seriously be considered an argument against hardware wallets?
Or is it more leaning into whataboutism such as: 'Well, attacks that a HW wallet can't protect you against, do exist, so they're useless'?

There are reasons against hardware wallets, but the ones you present are so weak, it's ridiculous.
legendary
Activity: 1148
Merit: 3117
2. Exporting the unsigned transaction and signing it on a air-gapped device may be difficult for many people. Most of the people want to be able to make transactions easily.  
Also, if you intend make daily transactions using BTC (for example), the burden of always having to carry a laptop with you may not be the most enjoyable experience. Besides all the good points mentioned by previous users, HW also provide portability where you can basically have control of your entire wallet in a pocket of your desire. One could argue, however, that a "main" laptop could be used as the holder of the original wallet and then one could make small transactions to devices that are more easy to carry (such as Passport, Trezor) but you'll still have to add the HW devices which you seem to be against/not supportive in the first place.

Plus, if you present an average person with the option to buy a HW wallet and follow a few steps vs. telling them about Bitcoin Core, that they should download the entire blockchain, set it up correctly to avoid configurations and keep the node updated (amongst other factors), I'm sure that most people would be inclined over to a HW device - hence creating the need for such a device to exist...
jr. member
Activity: 32
Merit: 128
You're right; an airgapped laptop running Bitcoin core will offer similar security against a lot of attacks and it costs nothing if you already have a second computer that you can 'sacrifice' for this. I say 'sacrifice' because if I were to use such a setup, I'd rip out any wireless connectivity options permanently and also never run anything else on it ever again.

There's a few points against it, though. Firstly, if you do not have such a second device 'for free', purchasing a reliable laptop will be more expensive than purchasing a hardware wallet.
Old hardware also has the risk of breaking down more quickly, especially if that device still runs a HDD, which would mean a loss of funds or need to buy another device and restore the seed.
They also don't have secure storage chips unlike most good hardware wallets. This means a HW wallet can withstand a physical attack, when the attacker gets their hands on it, while a laptop in the hands of an attacker can quickly lead to compromised private keys.
In fact, a recent MacBook would be the best choice against a physical attacker, since it's much harder to access the solid state memory on them than on basically any other desktop computer. That would most definitely be more expensive than any hardware wallet, though.

Besides the hardware aspects, there's the issue of user error. What seems trivial to you and me, is going to be super hard for the majority of people out there. The risk of them skipping a step or doing something a bit differently because it seems to them just as secure, is very high. For instance, people are already taking pictures of seed words even though the software tells them not to - just one example. We saw already on this forum that they may believe disconnecting from the Wi-Fi is equivalent to desoldering an antenna (which sounds hilarious to us).

And finally, even if someone is able and has the laptop to spare, it's just more convenient to use a HW wallet with same or higher security. By spending a hundred bucks on a HW wallet, I don't have to modify a laptop, set it up, download the blockchain, go through all those security measures. I also simply may not want to have a huge device (compared to the hardware wallet) and its charger laying around (harder to conceal, takes more space, harder to carry while traveling / moving).

Yes buying a laptop will be more expensive, however when you see how much some hardware wallets cost + seed plates if they buy (it is the setup that I see most often people talking about) price does not go too far from a cheap laptop, also about storage causing lost of funds we may assume that several copies of wallet.dat will be stored, with a strong passphrase it would not be that easy or even possible to crack it in a reasonable time, allowing funds to be moved before they are able to crack. That can not be said if they find the seed or get the HW seeing how many of them can be hacked easily, even worse if firmware is not updated and still have vulnerabilities, and to not mention bugs that may even cause loose of funds, I can't imagine Bitcoin Core having bugs with change addresses to cause loose of funds as we ever seen with HW for example.

There are some complicated techniques to even hack SE of HW, I do assume that in future because of more HW adoption those techniques will be developed, being less far secure than we may think, like we see right now some forensic labs unlocking iphones, androids in matter of seconds but brute forcing a strong passphrase will be always more complicated I think.

About user error you are right, however someone taking the time to learn and do all the process will be less likely to commit error, we see some users loosing all funds from HW because they fall for pishing sites asking seed etc.
legendary
Activity: 3150
Merit: 2185
Playgram - The Telegram Casino
There's just a world of difference when it comes to ease of use.

I tend to recommend people hardware wallets for securing their coins because there's simply a lot less that can go wrong during the setup process and while doing transactions. Sure, setting up an airgapped system is relatively straightforward if you're somewhat tech savvy, but a lot of folks aren't and I rather have a hardware wallet with nice instructions holding their hands than trying to pilot them through properly setting up cold storage. I also personally switched to a hardware wallet eventually because it's just much less of a hassle, especially when transacting somewhat regularly.


I am not against any HW (just mentioned that one as example since it offers an air gap setup similar as what would do with an offline PC) but comparing to any HW we have on the other side the "official" client, the most reviewed client, secure and free. Any company will review Bitcoin Core since they use it, but that won't be the other way, why would a programmer involved in an open source project such as bitcoin would review for free products of a private company? I am talking about the security of device, firmware updates, etc.

You'd be mistaken to believe that no one is reviewing the source code and components of hardware wallets just because those were developed by a private company. Security researchers love hacking away at hardware wallets. Especially the hardware parts of it. You'll find plenty of security research papers on Ledger, Trezor and some of the other common hardware wallets.
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
You're right; an airgapped laptop running Bitcoin core will offer similar security against a lot of attacks and it costs nothing if you already have a second computer that you can 'sacrifice' for this. I say 'sacrifice' because if I were to use such a setup, I'd rip out any wireless connectivity options permanently and also never run anything else on it ever again.

There's a few points against it, though. Firstly, if you do not have such a second device 'for free', purchasing a reliable laptop will be more expensive than purchasing a hardware wallet.
Old hardware also has the risk of breaking down more quickly, especially if that device still runs a HDD, which would mean a loss of funds or need to buy another device and restore the seed.
They also don't have secure storage chips unlike most good hardware wallets. This means a HW wallet can withstand a physical attack, when the attacker gets their hands on it, while a laptop in the hands of an attacker can quickly lead to compromised private keys.
In fact, a recent MacBook would be the best choice against a physical attacker, since it's much harder to access the solid state memory on them than on basically any other desktop computer. That would most definitely be more expensive than any hardware wallet, though.

Besides the hardware aspects, there's the issue of user error. What seems trivial to you and me, is going to be super hard for the majority of people out there. The risk of them skipping a step or doing something a bit differently because it seems to them just as secure, is very high. For instance, people are already taking pictures of seed words even though the software tells them not to - just one example. We saw already on this forum that they may believe disconnecting from the Wi-Fi is equivalent to desoldering an antenna (which sounds hilarious to us).

And finally, even if someone is able and has the laptop to spare, it's just more convenient to use a HW wallet with same or higher security. By spending a hundred bucks on a HW wallet, I don't have to modify a laptop, set it up, download the blockchain, go through all those security measures. I also simply may not want to have a huge device (compared to the hardware wallet) and its charger laying around (harder to conceal, takes more space, harder to carry while traveling / moving).
jr. member
Activity: 32
Merit: 128
1. If you want 100% security with bitcoin core or electrum, you need an air-gapped device for generating the wallet and signing the transactions. Not all people have an air-gapped device.
2. Exporting the unsigned transaction and signing it on a air-gapped device may be difficult for many people. Most of the people want to be able to make transactions easily.  
3. If you use bitcoin core, you need to download the blockchain. That's why many people prefer SPV wallets.
4. Many people want a multi-currency wallet for holding their altcoins.  
5. Most of the people don't know how running their own full node can be helpful to them.

1. I think most of people will have 1 on old computer which will do the job.
2. Yes valid point, that is why I've mentioned coldcard as example since it would be the exact same steps which may seem difficult, instead of using the SD CARD could be a USB Flash Drive, but for other HW like trezor, ledger you are right.
3. Valid point too, many people may prefer it at beginning... but as soon as they start to learn more, they will understand why it is absolutely important to run a full node (which leads to your 5th answer since running a node and not using does not makes too much sense).
4. Yes, if they are interested in altcoins sure.

legendary
Activity: 2380
Merit: 5213
1. If you want 100% security with bitcoin core or electrum, you need an air-gapped device for generating the wallet and signing the transactions. Not all people have an air-gapped device.
2. Exporting the unsigned transaction and signing it on a air-gapped device may be difficult for many people. Most of the people want to be able to make transactions easily.  
3. If you use bitcoin core, you need to download the blockchain. That's why many people prefer SPV wallets.
4. Many people want a multi-currency wallet for holding their altcoins.  
5. Most of the people don't know how running their own full node can be helpful to them.
jr. member
Activity: 32
Merit: 128
I am asking this question since whenever I see someone asking about how to store bitcoin, all the answers I read is buy a HW, but I rarely see someone advising to just use Bitcoin Core... the most reviewed and secure client? Those two arguments should be enough to convince people isn't it? When digging into bitcoin, we all know how important is to run a full node, and a big part of HW they may run Bitcoin Core as node, but not a lot use them as a wallet, and even worst, some they not even use their node, the one that auto connects with the HW.

I do understand that there is a lot of marketing involved and they want to sell it, but in reality what offers HW vs Bitcoin Core?

Hardware wallets generate the private keys offline, and allow to sign transactions with your keys offline in a friendly way.

So Bitcoin Core allows to do the same thing, most people have an old pc that they do not use, they can just install bitcoin core, generate a wallet, export descriptors to the online PC (the daily use PC), there you create a watch-only wallet, import descriptors and you will have a functional watch wallet (allowing to create new receiving addresses and create unsigned transactions) after a transaction is created you just copy the psbt file in a USB flash drive, bring to the offline PC, sign and bring back to the online PC to broadcast.

At the end what are we doing extra? Some air gaped wallets like coldcard we create the unsigned tx, copy to SD Card, sign with the device, and bring back to the online PC to broadcast. We are doing exactly the same thing or can be even more since if we don't use it directly with Bitcoin Core and instead we use electrum, we will need also need to have a server like electrs which makes the bridge between Bitcoin Core and electrum.

I am not against any HW (just mentioned that one as example since it offers an air gap setup similar as what would do with an offline PC) but comparing to any HW we have on the other side the "official" client, the most reviewed client, secure and free. Any company will review Bitcoin Core since they use it, but that won't be the other way, why would a programmer involved in an open source project such as bitcoin would review for free products of a private company? I am talking about the security of device, firmware updates, etc.

Let me know your thoughts.

Thank you.

Edit: Sorry, wanted to post in bitcoin and not bitcoin tehcnical support (since I do not think it is the correct place) but I can not delete it
Jump to: