Pages:
Author

Topic: Why do we trust hardware wallet manufacturers? - page 2. (Read 744 times)

full member
Activity: 602
Merit: 103
give me bitcoin Grin

This is not the appropriate thread for begging bitcoins. Work your ass out and you would get your share.

Why do you trust your bank account not to be hacked, or the ATM not to mess up your balance? Even if you don't understand it, it was built by people that understand better than you do.

Therefore your money is safer with them, than it is with yourself.

Because bank is secured and got their insurance that whatever you left on banks, you could get it on banks. So as Ledger Nano, but you are ONLY the one who is responsible for your assets, whatever you lose, you are the one responsible for it and nobody would recover it for you.
legendary
Activity: 1288
Merit: 1087
like others have said i choose to trust the crypto hive mind to unearth these problems on my behalf and that's a much, much, much more powerful beast than your own knowledge or that of one individual whose opinions you rate.

if there is such a thing as a vested interest, it's making sure hardware wallets are as safe as they can be. it's in the extreme interest of what must be millions of people by now.


Why do you trust your bank account not to be hacked, or the ATM not to mess up your balance? Even if you don't understand it, it was built by people that understand better than you do.

Therefore your money is safer with them, than it is with yourself.

i'm not sure how valid that is. everything about banking is hidden and if they really screw up you're theoretically still in safe hands, that's why people trust it. that's not the case with hardware wallets. you have to rely on the creators and the people who pick their efforts apart too because everyone's ass is hanging on the line. it's then down to you to choose your course of action. no one's gonna save you.
sr. member
Activity: 1106
Merit: 252
Dextrust.org #Defi

I have recently bought a hardware wallet. (Ledger Nano S)

This made me think about the reasons why I should trust my life savings
to these companies? They write software that I cannot understand and I
trust other people to verify that the software that they wrote is 100% safe.

Why do I trust the people who "verified" that code? I have no idea what
their motivation is and if I can trust them.

The only answer that I could get, was that the honesty and the trust
would benefit the group and the community that was using this
technology.

your question is almost the same as what I want to ask others who understand about hardware wallet.
I also want to have it, but I do not understand about hardware  wallet
sr. member
Activity: 476
Merit: 314
But if you see the amount of users of the airplanes, desktops, bitcoin core wallet and compare with the amount of users of the hardware wallets, how big is the number of people that studied about the risks  and how big is the number of developers that checked inside the hardware wallets (remember that the ledger and trezor are not open-hardware), im not defending that the hadware wallets are not safe and we need to  verify every single componet of the wallet, im trying to say that the hardware wallets are on the few explored world of crypos where we see a different type of trap every day.
legendary
Activity: 1624
Merit: 2481
You can also keep the private key offline on a computer with the ethernet and wifi and bluetooth adapters physically removed, then use it to sign transactions offline. Then copy them manually to a 'live' computer. The problem is, when you make things complicated like this, your risk of losing money due to a screw-up can be larger than your risk of being hacked.

Physically removing network interfaces is a good step to ensure the device is really airgapped.
But i disagree with a higher risk due to screw-ups. If the seed/private keys are backed up properly i don't see a higher chance in losing funds compared to a
desktop wallet running on an everyday-pc.

While i agree that there indeed is a risk in screwing up i think that with proper back ups (which everyone should have, regardless of storing type) this risk can be compensated.
newbie
Activity: 26
Merit: 9
There's no reason to trust the developer of a hardware wallet any more than there is to trust the developers of software wallets. The difference is that however well meaning the developers are, a software wallet is inherently insecure. A hardware wallet, running on an entirely 'known' system, should be considerably more secure. If the developers are dishonest then all bets are off - even if the source code checks out.

You can also keep the private key offline on a computer with the ethernet and wifi and bluetooth adapters physically removed, then use it to sign transactions offline. Then copy them manually to a 'live' computer. The problem is, when you make things complicated like this, your risk of losing money due to a screw-up can be larger than your risk of being hacked.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
Oh, FFS, if you don't like a hardware wallet, just use paper, it's even more secure if you do it right? Tongue

This was a legitimate question from a newbie and deserve a legitimate answer. Some people in 3rd world countries will spend 50% of their monthly earnings on a hardware wallet like this and should get value for their money and the peace of mind that it is as secure as it is advertised.

The "if you do it right" part of your statement is very important. There are not a lot of newbies who knows how to do this in the most secure manner < air gapped computer and what not>  and that is why they are placing that trust into 3rd party hardware wallet providers hands.

Paper wallets can be your worst nightmare when you do it wrong and it is more suitable for long-term storage. Hardware wallets is a lot safer and more practical for daily use. 

Let's be a bit more understanding and supportive to these newbies.  Wink
legendary
Activity: 3570
Merit: 1959
Oh, FFS, if you don't like a hardware wallet, just use paper, it's even more secure if you do it right? Tongue
member
Activity: 672
Merit: 12
In our daily life we are using so many technical machines / hardware / software.  Whatever we are using is developed / invented / manufactured by others.  We are traveling by air, train, road transport.  First we have to trust the engineers who made aircraft, rails, buses, cars.  Then we are having trust on the pilots, drivers that they will carry us safe to our destination. Do we know anything about airoplane.  I think 99.99% of us do not know it's technicalities even the pilot flying the machine may not be having complete knowledge about the plane.  Pilot is just having knowledge how to fly it and primary issues related to it.  But we are blindly trusting him.
In the same way we are trusting service providers like Banks, insurance companies, health centers, doctors.  While paying premium to insurance company we are paying just because we have faith in them that in case of need they will repay the insured amount.  While getting surgical operations from surgeon we have to 100% surrender ourselves to the  doctors for the operation required.  In many of the operations we are first given medicines to make us unconscious only after that operation is done.
So without having trust we will not be able to avail and enjoy the facilities provided by others.
In above case transactions must be secured by password.  One time password option may also be opted as an additional security.  Authenticator app if generated in mobile will give additional security. 
hero member
Activity: 672
Merit: 526
In open source projects, such as the majority of wallets, you may think that the reward for finding a flaw in these projects is very high. You do not have to trust the honesty of all those who have technical knowledge. You can rely on greed. In addition, since most of the world lives in an open environment and all those who own Bitcoin are in communities where when a failure occurs, they can scream for the community. And quickly this failure will be known by everyone.
But the best thing about Bitcoin is that you do not have to use a hardware wallet if you do not feel secure. You can use a paperwallet, pendrive. A wallet like Electrum etc.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
I also think it has a lot to do with reputation. If you want to grow into a multi Billion dollar business, you will have to build a strong trust relationship with your customers. One big mistake will destroy all the hard work that was done to establish this business.

We are not talking about the little "Mom and Dad" business here. These companies have a lot to lose, if they fail.
https://techcrunch.com/2018/01/18/ledger-raises-another-70-million-to-become-the-leader-in-cryptocurrency-hardware-wallets/

Reputation is the secret to their success, so they will use all the resources they have to build a trusted Brand. The competition to become the industry leader is very competitive.
legendary
Activity: 3472
Merit: 4801
Why do you trust banks with your money? Oh wait, I don't, and I don't trust online or other wallets either.

I don't see what's wrong with a password protected Bitcoin core wallet. I think that is the most trustworthy, but that's just an instinctive reaction on my part.

But the OP question still remains.

Why do you trust the Bitcoin Core wallet?
Why do you trust the operating system that you are running your Bitcoin Core wallet on?
Why do you trust the hardware that your operating system is running on?
Why do you trust the mathematical functions of ECDSA and SHA?

I think the important question that the OP was asking is...

"If I do not have the technical expertise to know exactly what the software and hardware are doing, then how can I be certain that those who do have the technical expertise aren't lying to me?"

The security of open source relies on the concept that hiding the true nature of the thing requires that ALL TECHNICALLY CAPABLE people in the ENTIRE WORLD will collude to hide the behavior of the thing from ALL TECHNICALLY INCAPABLE people.  If even 1 single technically capable person refuses to collude with all the other technically capable people, then that one person can reveal the true nature of the thing to all the technically incapable people.
legendary
Activity: 2814
Merit: 2472
https://JetCash.com
Why do you trust banks with your money? Oh wait, I don't, and I don't trust online or other wallets either.

I don't see what's wrong with a password protected Bitcoin core wallet. I think that is the most trustworthy, but that's just an instinctive reaction on my part.
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
Honestly to me, I don't trust any wallet or even the hardware wallet. Since everything in bitcoin needs internet to be able to operate. There is still possible that those hardware wallets or desktop wallet or any wallet with high trusted reviews it's not guaranteed 100% that they are safe, but it still depends on you how you protect your wallet.

Anyway, hardware wallets are good for offline use and it is called the 2nd layer of authentication before you can send any amount of coins from your hardware wallet.

Hardware wallet is safe 90% I don't give 100% because I heard someone said that hacker was stolen bitcoin. If you know trezor wallet it is one of the hardware wallets competitors by ledger nano. Time ago a trezor wallet is hackable, but developers release the latest firmware and fix the issue about trezor wallet and now I don't hear any customer complains about their wallet. However, I'm not still satisfied to trust them

In that time I lose faith in hardware wallets because even hardware wallets can be hackable. So, now I don't trust them.

You are still lucky that you bought a ledger nano s as of now I see good reviews about this wallet and I think they are safe not 100% but you secured just follow the safety guidelines.

If you really wanted to verify 1 of the hardware wallet like ledger nano s and if you are not satisfied with the answer from a manufacturer, then you need to hire a programmer just to verify the program is safe or not.

For me testing them with your own you can verify that your wallet is safe, then if you still experience bad issue about hardware wallet in the future it means that wallet is not safe and your security level is low.

So for me electrum wallet is enough just add your password as your 2nd layer of authentication and save your seed phrase in the safety place and you are safe. This is just what I experience and I am using that wallet for a long time that until now I can guarantee you that electrum wallet is safe. I test them a lot even I don't exactly know what inside the electrum program, but I always scan them before I install if it is clean or not. This is just your alternative if ever you wanted to switch to electrum, but you can stay to use ledger nano s even I don't know what is program inside for me they are safe because I don't hear any customers complaint.
legendary
Activity: 1904
Merit: 1074
This is from the Ledger FAQ :

Ledger's hardware wallets are architectured around "secure elements" or secure chips. This is the same technology that

you find in chip and PIN payment cards or SIM cards.
These chips bring guarantees against physical attacks and raise the

level of security of your private keys. It is a industry standard.

The software is also Open Source : https://github.com/LedgerHQ/ledger-nano-s

sr. member
Activity: 1081
Merit: 309
I love technology.
If you can't verify the source code, the only way to stay safe is trust the people and community who already verify the source code.

This. You have to remember that this applies to anything in life. Why do we trust strangers when asking restaurant advice? Same applies here.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
It's the same question; How do you trust the people who develop desktop wallets?

If you can't review the code for the hardware wallets, you probably didn't review the code for the desktop wallets that you've used either. If you want to be more specific and thorough, you didn't review the source code for your operating system either. There is certainly no way to be 100% safe if you can't review and build everything yourself.

Wallets like Electrum has incorporated hardware wallets into their software. The trust goes to the contributors of Electrum instead of the hardware wallet developers in this case.
jr. member
Activity: 47
Merit: 12

I have recently bought a hardware wallet. (Ledger Nano S)

This made me think about the reasons why I should trust my life savings
to these companies? They write software that I cannot understand and I
trust other people to verify that the software that they wrote is 100% safe.

Why do I trust the people who "verified" that code? I have no idea what
their motivation is and if I can trust them.

The only answer that I could get, was that the honesty and the trust
would benefit the group and the community that was using this
technology.
Pages:
Jump to: