Pages:
Author

Topic: Why do we trust hardware wallet manufacturers? (Read 744 times)

legendary
Activity: 3346
Merit: 3125
October 07, 2018, 07:39:16 PM
#38

I have recently bought a hardware wallet. (Ledger Nano S)

This made me think about the reasons why I should trust my life savings
to these companies? They write software that I cannot understand and I
trust other people to verify that the software that they wrote is 100% safe.

Why do I trust the people who "verified" that code? I have no idea what
their motivation is and if I can trust them.

The only answer that I could get, was that the honesty and the trust
would benefit the group and the community that was using this
technology.


Well,you cantrust them because you know who are those providers, in the case where your bitcoins disappear then you know who to blame, but remember hardware wallets are vulnerables too.

The problem here is if some one get access to your hardware wallet and take your bitcoins, you could think the ones who thief those coins was the wallet creators because they create your private key, but at end we can see tons of vulns on the move.
newbie
Activity: 6
Merit: 4
Peter Todd has a good talk on this

Slévárna: HARDWARE WALLET THREATS AND VULNERABILITIES - Peter Todd

Paralelní Polis
Streamed live on Oct 6, 2018

https://www.youtube.com/watch?v=r1qBuj_sco4

copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
I wonder about the physical bitcoins as well.  It wouldn't be hard for those who make the coins to keep a list of all the private keys they have generated and etched onto the coin.  I fear that one day we may all wake up and find our physical bitcoins are worth nothing more than the weight of the material from which they are made.

I think the only way to truly be secure is to create the private key using an off-line PC, engrave it onto a piece of material that will withstand any natural disaster, while keeping it safe from prying eyes, and do it all yourself.

legendary
Activity: 3682
Merit: 1580
Wallets like Electrum has incorporated hardware wallets into their software. The trust goes to the contributors of Electrum instead of the hardware wallet developers in this case.

electrum has incorporated plugins that interface with hardware wallets but the wallets themselves hold the seed. they could still be backdoored. electrum can't protect you in that case nor does it guarantee that hardware wallets you use are not backdoored.
member
Activity: 294
Merit: 10
World’s First Decentralized ICO Platform
That's a valid question. But the thing is, we have to trust someone. True, there's no 100 percent security, but we have no choice but to trust it. Many people think that if something is being used by millions that means it must be trustable. Millions of people can't be wrong at the same time, right?
jr. member
Activity: 73
Merit: 8

I have recently bought a hardware wallet. (Ledger Nano S)

This made me think about the reasons why I should trust my life savings
to these companies? They write software that I cannot understand and I
trust other people to verify that the software that they wrote is 100% safe.

Why do I trust the people who "verified" that code? I have no idea what
their motivation is and if I can trust them.

The only answer that I could get, was that the honesty and the trust
would benefit the group and the community that was using this
technology.


Trust is something more than a relationship between a person and a company, and without it, just nothing . If you don't trust companies like ledger nano it is possible not to enter this market. The company cares about your safety and gives its guarantees, I do not see any concerns in hardware wallets.
First, when you use it for the first time, you must set a PIN to protect your device from unwanted intrusion. Soon you will receive an initial password that you can use to create your personal keys that no one will ever know except you.
You will use the device screen to create the initial password. If a hacker has access to your computer screen, he could copy the initial password. This is why the initial password is displayed on the device screen, not on the computer.
The Ledger Wallet Nano S is equipped with a display and buttons for control. This allows you to take advantage of the additional factor of authentication directly from the device. That is, it allows you to set and enter security data, bypassing the computer and thus providing protection against phishing.hardware wallet application data is stored on a secure element inside the device
full member
Activity: 350
Merit: 100

I have recently bought a hardware wallet. (Ledger Nano S)

This made me think about the reasons why I should trust my life savings
to these companies? They write software that I cannot understand and I
trust other people to verify that the software that they wrote is 100% safe.

Why do I trust the people who "verified" that code? I have no idea what
their motivation is and if I can trust them.

The only answer that I could get, was that the honesty and the trust
would benefit the group and the community that was using this
technology.

With regards to security (Ledger Nano) Your confidential data is never exposed, It is secured inside a strongly isolated environment locked by a PIN CODE.
Your accounts as well are backed up on a recovery sheet, Easy restoration on any ledger device or compatible wallets.
hero member
Activity: 1680
Merit: 655
Because they are legally liable if you have prove that they have some kind of breach of security regarding your wallet. Hardware wallets like Trezor and Ledger are real companies which have a juridical personality. Any kind of wrong doing like tampering their own device will make them liable. And if that happens you could easily find them, as them being real companies will be hard to run away with your money unlike fake investment scams happening in the internet. I am not saying that they will run away with our money but knowing that they physically exist and are registered companies I myself know that my money is safe with their product.
hero member
Activity: 2730
Merit: 632
For all services you need in life and you can't provide them by yourself you have to trust someone. Banks, insurance, health services, the lady that cleans your apartement, it's all based on trust. So it's with hardware wallets manufactures.
No one isn't saying that 100% safety exists and that you are not taking certain risk but those wallets are proven and trusted and by now as far as I'm informed no one has reported any kind of abuse.
For sure the risk is there but those companies wont risk up their reputation.Why would they waste up their profitable business as of now for just a simple flaw of their wallets? Trust is indeed needed but doubts on storing up your long term or big amount of coins in there cant really be avoided but for now they are still trustable.
Just be sure you do purchase on direct to company or legitimate resellers not into just random dude in the net.
legendary
Activity: 2912
Merit: 1068
WOLF.BET - Provably Fair Crypto Casino
For all services you need in life and you can't provide them by yourself you have to trust someone. Banks, insurance, health services, the lady that cleans your apartement, it's all based on trust. So it's with hardware wallets manufactures.
No one isn't saying that 100% safety exists and that you are not taking certain risk but those wallets are proven and trusted and by now as far as I'm informed no one has reported any kind of abuse.
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
But you could never be 100% sure someone, somewhere down the line hasn't tampered with the device/product in question.

The most common supply line attack vector is a third party reseller making a copy of the original seed of your hardware wallet. This is easily thwarted by reinitializing your freshly received hardware wallet with a mnemonic of your own choosing, using the BIP-0039 wordlist.

Hardware wallet firmware is cryptographically signed and can not be overridden with malicious firmware without the hardware wallet alerting its owner -- at least that's the case with the Trezor, I assume it's the same with Ledger but I'm unfamiliar with their hardware.

Of course there's no such thing as 100% security, but I'd still argue that most hardware wallets are reasonably tamper-proof. (note: The hard- and software part, that is. As mentioned above, the original seed phrase cards are fairly easy to tamper with, I assume)
drm
legendary
Activity: 1176
Merit: 1005

I have recently bought a hardware wallet. (Ledger Nano S)

This made me think about the reasons why I should trust my life savings
to these companies? They write software that I cannot understand and I
trust other people to verify that the software that they wrote is 100% safe.

Why do I trust the people who "verified" that code? I have no idea what
their motivation is and if I can trust them.

The only answer that I could get, was that the honesty and the trust
would benefit the group and the community that was using this
technology.

If you had programming experience then you could look at the source code of the software of your hardware wallet. The source code is publicly available on GitHub, which allows anyone to verify it. And we also trust hardware wallets producers because at the moment there is no evidence that hardware wallets are unsafe. If this were otherwise, then there would be no trust.

But you could never be 100% sure someone, somewhere down the line hasn't tampered with the device/product in question.
member
Activity: 504
Merit: 19

I have recently bought a hardware wallet. (Ledger Nano S)

This made me think about the reasons why I should trust my life savings
to these companies? They write software that I cannot understand and I
trust other people to verify that the software that they wrote is 100% safe.

Why do I trust the people who "verified" that code? I have no idea what
their motivation is and if I can trust them.

The only answer that I could get, was that the honesty and the trust
would benefit the group and the community that was using this
technology.

If you had programming experience then you could look at the source code of the software of your hardware wallet. The source code is publicly available on GitHub, which allows anyone to verify it. And we also trust hardware wallets producers because at the moment there is no evidence that hardware wallets are unsafe. If this were otherwise, then there would be no trust.
legendary
Activity: 1624
Merit: 2481
Because is the trust of the source code instruction set. Machine code inside the data its called source code.

Hardware wallets which use a secure element (e.g. ledger nano s) are not completely open source.
This is simply due to the fact that those chips are mostly available to developer/manufacturer only.

Most of the hardware is under CDA. Ledger simply is not allowed to disclose how they interact with the element.

The majority of the source code is on github. But unfortunately not completely.
newbie
Activity: 36
Merit: 0
Official TREZOR firmware is signed by the SatoshiLabs master key. Installing unofficial firmware on the TREZOR is possible, but doing so will wipe the device storage and TREZOR will show a warning every time it starts. Reprogramming the bootloader is impossible because all TREZORs ship with their secure programming fuse blown.

You still have your seed phrase, so your coins are safe.
newbie
Activity: 70
Merit: 0
Ledger Wallet is a special case of an HD-purse that stores private keys and signs transactions on a separate, secure device. Those. no programs, no servers have access to the keys themselves, they just give the original data and get the result with permission of the one who presses the hardware confirmation button - there is no software way from the computer to unblock the wallet or confirm the transaction (conspiracy theories about bookmarks in the wallet we leave aside).
sr. member
Activity: 377
Merit: 282
Finis coronat opus
This made me think about the reasons why I should trust my life savings
to these companies? They write software that I cannot understand and I
trust other people to verify that the software that they wrote is 100% safe.

Why do I trust the people who "verified" that code? I have no idea what
their motivation is and if I can trust them.

This is what our life consists of. We must believe to someone because noone can check everything by himself. You must trust to engineers which build your car, to engineers check airplane which you use to fly. To doctors, to police officers, to coders.
BUT! What differ good things from bad? It's transparency. It means that you can check everything by yourself or 3rd part. In codding we call it "open source".
Your advantage in that opportunity. You can do it. Or hire people who could do it.
legendary
Activity: 1904
Merit: 1074
I don't. You shouldn't neither. There were HW wallet scams before on ebay. Check this out:
https://www.reddit.com/r/CryptoCurrency/comments/7oeik2/warning_if_youve_bought_a_ledger_wallet_where_the/

I never understood the need for a hardware wallet anyway. All you need is a piece of paper. If you can't secure a piece of paper then just quit. A properly generated paper wallet is the most secure wallet you can ever get.

Questioning the core wallet or your operating system (as long as its not a cracked version and freshly installed) is just being paranoiac btw.

You have to be crazy to buy a Hardware wallet from someone on eBay or Amazon and not directly from Ledger. Paper wallets

is not the solution for non-techies, because it is way too technical for them. {The risky part is when you have to sweep those

coins to use it} .... I like paper wallets and I do use them for cold storage, but they also carry a level of risk. If your only

option is paper wallets, then I would recommend that you divide your coins into smaller amounts and transfer them onto

multiple wallets. {it is just easier to use and less risky, if you quickly need to use a small amount}  Wink
legendary
Activity: 3276
Merit: 2442
I don't. You shouldn't neither. There were HW wallet scams before on ebay. Check this out:
https://www.reddit.com/r/CryptoCurrency/comments/7oeik2/warning_if_youve_bought_a_ledger_wallet_where_the/

I never understood the need for a hardware wallet anyway. All you need is a piece of paper. If you can't secure a piece of paper then just quit. A properly generated paper wallet is the most secure wallet you can ever get.

Questioning the core wallet or your operating system (as long as its not a cracked version and freshly installed) is just being paranoiac btw.
legendary
Activity: 1904
Merit: 1074
give me bitcoin Grin

This is not the appropriate thread for begging bitcoins. Work your ass out and you would get your share.

Why do you trust your bank account not to be hacked, or the ATM not to mess up your balance? Even if you don't understand it, it was built by people that understand better than you do.

Therefore your money is safer with them, than it is with yourself.

Because bank is secured and got their insurance that whatever you left on banks, you could get it on banks. So as Ledger Nano, but you are ONLY the one who is responsible for your assets, whatever you lose, you are the one responsible for it and nobody would recover it for you.

Have you ever lost any money linked to your online banking or credit cards? The Banks will rather pay their expensive

lawyers to fight you, than re-imbursing you for your losses. In the rare occasion when they do reimburse you, you have to

sign confidentiality documents not to reveal any information about the pay-out. The pay-out is also much less than your

losses.

I would much rather be in control of my own finances with a dodgy hardware wallet, than having to go through that again.

They make YOU feel like a thief, when you are the victim of the crime.  Angry
Pages:
Jump to: