Topic: Why I Am Not Using Hardware Wallet For Cold Storage (Read 7265 times)

This thread is just Dorky and HCP flaming/trolling each other which is against the forum rules. Therefore this thread will be locked and potentially trashcanned.

No, I just got tired of trying to explain things that you didn't seem to be comprehending.

You keep inventing more and more convoluted scenarios to try and do "end-runs" around logic and reason... like how a supposed attacker has full access to my entire Bitcoin transaction history and knowledge of every single one of my addresses... so they'd be able to determine whether or not passphrases being provided are "real". Which, of course, is defeated simply by running any cold-storage funding transactions through a mixer etc. and using my "decoy" wallet for day to day transactions.

In the same scenario using your system... exactly the same thing would happen... except, if they've found a bunch of encrypted files and ask for the password, you have no defense. They can see the files, they know they exist, they know there are passwords that decrypt them and will know instantly whether the password you give is correct. With a hardware wallet using a passphrase, there is NO evidence that the wallet exists... because it doesn't until you enter the passphrase.

And this is what you don't seem to want to admit... there is NO 100% secure method of securing your stuff. I admit that hardware wallets are not perfect... there are still attack vectors... just like with your system... but a hardware wallet helps minimise these and provides, in my opinion, a number of benefits that your system doesn't.


You even claimed at one point that your method is "unhackable"

Then conceded that nothing is safe:

And then denied that you conceded that point...


You then descended into just calling every one of my points "Bullshit"... calling me an idiot, dumb nut, silly and a low life and accused me of just being a trouble maker
Personal attacks aside, that's not how you "win" a debate...



Then you started down the whole "hardware wallets are more inconvenient because you have to remember a passphrase AND a PIN" path... I guess I should have just pointed out at the time that with your setup you potentially need to remember a whole bunch of extra stuff as well, like your email account+password where you stored your backup... or your online storage account+password where you stored your backup... or where you put that CD with the backup data on it... because that is just as "difficult" and "inconvenient" as remembering a 4-8 digit PIN



And now you also seem to think that for some reason hardware wallet users are forever tied to hardware wallets:
Which is just plain wrong...

If I lose my hardware wallet... I can simply take my seed backup and generate a paper wallet or import it into a software wallet or import it into a web wallet should the need arise... or simply do nothing and continue using those addresses as cold storage knowing that I still have access to all my coins should I so require in the future.



TL;DR:
I prefer hardware wallets as they offer all the benefits of cold storage and provide added security for hot wallet/day to day spending in a handy, convenient, portable package that still provides me complete control of my private keys, at a relatively reasonable price for anyone with modest/substantial amounts invested in cryptocurrency.

Dorky prefers his digital version of paper wallets as he believes it provides the benefits of cold storage with the best security at near to zero cost, without some of the issues associated with paper wallets (like susceptibility to loss/damage/theft) while still maintaining control of private keys.

Neither method is 100% secure.

Well, my debate with HCP shows that even the loss of the hardware wallet does not mean the BTC is lost too because the owner can recover the BTC thru the seeds and passphrases (which needs to be secured too).

However, my point is if BTC can be recovered thru seeds and passphrases, then why not just secure the BTC with very strong encryption directly on the private keys instead, for cold storage?

With a hardware wallet, the owner will have to keep buying a new one if the previous one is lost. HCP argued that's not the case, but of course if the owner wishes to continue using BTC for cold storage plus spending, he has no choice but to spend for a new hardware wallet. And for purpose of spending, hardware wallet is not the only option available. Desktop wallets can serve the purpose too. However for purpose of cold storage only, then a digitized paper wallet (i.e. store it digitally instead of printing it out) that is strongly encrypted is the best and cheapest way possible. For short, a strongly encrypted private key that is generated offline. It's digital, which makes it 100% portable anywhere in the world. You can store it in your email inbox, instead of dependent on bank vault or something like that. Multiple backup can be made cheaply (because it's digital) without the need to buy another wallet. Hardware wallet can do the same too, but without the convenience and control.

It all depends on the investor. Some, in fact, a lot, uses hardware wallet for cold storage. For them, it is practicable and efficient in the sense that they are as if carrying their coins wherever they may be. It is synonymous to a tangible property which gives a good sense of belief that one is able to see/experience ones possession. On the other hand, some do not use hardware wallet for cold storage which is premised on the belief that it is creating more risks on the safety of ones property. An example of the latter is when the hardware wallet is stolen or broken. Its natural effect is that it will presumably lose all BTC investments.   

Alright, has HCP lost the debate?

I don't use hardware wallets. Otherwise I would have to blindly trust the actual hardware isn't somehow designed to steal anything. I rather trust an offline laptop and usb. Gives me peace of mind.

agree with you, you just need to have quality paper or print in plastic sheet, so the key is just there safe for you to read.
Beside all hardware can fail and you need a backup anyway, you can't just relay on hardware wallet...

You're still not quite getting it. Maybe I'm not explaining it properly?

If you give the hacker JUST the seed (ie. they've found your encrypted seed file wherever you stored it and you've handed over the password to that file)... and they import JUST the seed into a wallet... then it will generate a complete and valid wallet. You use this wallet as your "decoy"... put some coins in it... run a few transactions to generate history etc.

There is absolutely no way for the hacker to know or prove that you have a passphrase, that when combined with your seed, will generate a completely different wallet with your actual stash in it. In fact, you could even generate a second "decoy" using a different dummy passphrase if you wanted to be super paranoid about it all.

Seed words only = Valid Wallet
Seed words + Dummy Passphrase = Completely different, valid wallet#2
Seed words + Actual Passphrase = completely different, valid wallet#3

You can theoretically use an infinite number of passphrases and generate an infinite number of wallets, because of the way the system works, ANY passphrase you give, when combined with seed words, will generate a valid wallet. Even if the hacker is aware that you can use passphrases with seed words, they cannot prove that you actually do or have used one... you have plausible deniability. There is no evidence of your hidden wallet existing. This is what renders the $5 wrench attack useless.



You don't actually need to remember the PIN... the PIN only protects access to the hardware wallet itself... generally speaking, most of the hardware wallets that I'm aware of will factory reset after X number of incorrect PIN attempts. As long as your seed is safely backed up somewhere, you can simply restore using the seed (and passphrase) and your wallet is regenerated.

And lets be honest here... if you're going to struggle with a 4 digit pin, what hope do you have to remember a 20+ character alphanumeric+symbol password to an encrypted file?

Sure, I still have to remember 2 things (password to encrypted seed + wallet passphrase) as opposed to one (password to encrypted key)... but that's like saying that walking 2 steps is harder than walking 1 step.



Not necessarily... with a seed+passphrase, if the seed is compromised then the passphrase is your protection layer. I vaguely seem to recall that someone put up a bounty by publishing a seed that had some coins stored in a "hidden wallet", protected by a passphrase... and it got taken down after a year or so as no-one had hacked it and taken the coins. I've been trying to find the source, but I can't seem to find it. My point is that your seed only really needs to be "safely" backed up (ie. written down). It doesn't necessarily need to be "securely" backed up (ie. encrypted).

Additionally, if you just wrote your seed down and stored it someplace "safe", then your requirements for remembered passwords would drop down to 1... the passphrase for your "Actual" wallet... and you've shifted part of your security model from "digital" to "physical".



That's the point... they CAN'T verify whether or not I have a passphrase... or if the passphrase that I have given are "real" or "dummy"... unlike a password for an encrypted container, that either decrypts the file or it doesn't.

If the hacker needs the seed + passphrase to unlock the keys, then they will ask for them both, not just the seed.
Like I said, any way a hardware wallet user would use to recover his keys if ever his wallet got lost, stolen, destroyed, i.e. he does step 1, then step 2, then step 3, etc for recovery, so will the hacker ask for the necessary information to commit the same steps for the keys.

If you have a lot of things to remember/memorize, i.e. the seed, the passphrase, the PIN, etc, then the weakest link in the whole security is your brain.
Ultimately you will still need to record/store all these in one place just in case you forgotten any of them.
And that will still boils down to the need for encryption of all of them just so you only need to remember less things, i.e. remember 1 vs remember 3.
My method tries to simplify the steps so the requirement is to remember only 1 thing in order to prevent the brain from being a weak link.

In case you still don't realize this, the method I laid out in my article covers from the very start to the very end of securing the cold storage.
Using the hardware wallet for cold storage, on the other hand, describes the steps only half way thru.
Hardware companies don't explain to users that while they need to do a paper backup of their seeds/passphrases, they also need to back it up securely, i.e. using a 2nd computer to encrypt the backup.
Instead, the companies leave this area of discussion out for users' imagination and that opens to huge security risks that the hardware companies avoid addressing.
Because if they choose to address how to secure the paper backups of the seeds/passphrases, they may give the correct impression that users don't need hardware wallet after all.

Why did I say my method explains going from Point A to Point B?
Why did I say you (being pro-hardware wallet) explains going from Point A to Point C, then from Point C to Point D, and finally from Point D to Point B?
Because when you talk about securing the keys thru hardware wallet only, you only give the direction from Point A to Point C.
And when you talk about dummy wallets (to fake savings) and passphrases (to make things hidden), you give direction from Point C to Point D.
Finally when you mention about encrypting the seeds/passphrases, you give the direction from Point D to Point B (the final destination).
For you to keep arguing about how and why hardware wallet is safe and secure certainly gives the false impression that no backup is necessary, i.e. the direction to go from Point D to Point B.
However a backup (of the seeds, passphrases, and PIN if you are using hardware wallet) is STILL necessary to complete the whole steps in securing the keys.
And that's where the direction to Point B is needed, which the hardware wallet companies try to avoid covering.
Because if they do, the users will realize if they have to go thru 2 extra Points to reach Point B, then might as well just encrypt the keys direct to save themselves the hassle of going thru Point C and Point D unnecessarily.

Will the extra steps (i.e. going thru Point C and Point D, to reach Point B) worth the trouble?
Will that help make the cold storage more secure?
The answer is a big NO.
Having to go thru extra unnecessary steps complicates things and may create higher chance of user error.
If a hacker is savvy enough to recover your keys from your hardware wallet, I assume he will be savvy enough to know what necessary information to ask for the recovery, thus vulnerability to the $5 wrench.
I do not see a hacker being Dorky enough like me who doesn't know about hardware wallet and just kidnap you, ask for the seeds, let you go, then found out I need more than just seeds, and figured out I need to re-kidnap you again for more information.
I see a hacker being very savvy, does his homework completely, kidnaps you and ask for the seeds, passphrases, and PIN, all in one go, and verify everything on the spot to make sure you tell the truth before letting you go with everything stolen.
Going thru unnecessary steps to secure the keys is not worth the complications, which is why I came out with my method, which is not really even a proprietary stuff.
Anyone who cares about his own security will most likely arrive at the same/similar method too.

No, I'm not telling lies... it would appear that you are still not understanding how a seed + passphrase combination works

Encrypted Private key = traces/evidence...
Encrypted Seed = traces/evidence...

However, the advantage of the seed system over an encrypted private key is this:

Handover password to encrypted private key = private key exposed, all coins controlled by that key exposed.
Handover password to encrypted seed = seed exposed... ONLY the default wallet is exposed... all other wallets generated using passphrases from that seed are invisible/hidden with no traces/evidence

You cannot prove the existence of ANY of these hidden wallets... as there is NO EVIDENCE OR TRACE of them anywhere... they are only generated by a passphrase that exists purely inside your head.

Hopefully, that helps clear things up for you.

Here I address HCP's fallacies...

I am a person that says going from Point A to Point B is superior.
HCP is a person that says going from Point A to Point C, then from Point C to Point D, and finally from Point D to Point B is superior.

HCP says using hardware wallet for cold storage is cheaper than buying a new computer, which is FALSE (as I explained).
HCP says encrypting the keys is visible while encrypting the seeds is hidden, which is FALSE (as I explained).
HCP says his concern is storing encrypted keys while he has no concern storing encrypted seeds, which is FALSE.

Edit:
I forgot to add another point...
HCP says encrypting the keys gives no security (zero) while encrypting the seeds gives security, which is FALSE.
The act of encryption is the same regardless of what object is being encrypted, be it txt, jpg, png, pdf, djvu, epub, etc, including keys and seeds.
So why is HCP saying encrypting the keys gives zero security?
Why is HCP lying?

You contradicted yourself within 2 paragraphs.

First, you said you are concerned with storing encrypted keys as it leaves traces/evidence behind, so your hardware wallet leaves no traces/evidence.
Then, you said you can store encrypted seeds in email/cloud/bank vault/etc which leaves plentiful traces/evidence behind, but then you said they are hidden!
My goodness, what lies you are telling.

I am correct to say you are arguing purely for the sake of winning an argument.

You keep saying my method leaves traces/evidence behind, which is not true.
And I successfully debunked your disinformation countless times.
Please do everyone a favor and explain in detailed how my method leaves traces/evidence behind.
And please also explain in detailed how you encrypting the seeds and storing them in email/cloud/bank vault will leave no traces/evidence behind.

If you say my method leaves traces/evidence behind, then please tell me where exactly I stored my stuff by pinpointing the specific location out.

I simply can't believe a person like HCP say encrypting the keys is visible while encrypting the seeds is hidden.
Both the keys and seeds can be in text format or in picture format, and encrypting them is EXACTLY the same.
Whether they are visible or hidden is not a point of argument in my original steemit article.
But HCP keep bringing it up here saying encrypting the keys is visible but encrypting the seeds is hidden.
Wow, seriously.
What kind of disinformation and confusion is HCP trying to spread here?

I think it should be very clear by now to everyone (excluding HCP) that using hardware wallet for cold storage actually increases unnecessary complexities.
And these unnecessary complexities are actually one of the reasons why many users lose their bitcoin stored in hardware wallets.

The disadvantages (in addition to my original points in my steemit article) of using hardware wallet are very clear:
1. Costs more (for use as well as for recovery, i.e. the whole package).
2. Vulnerable to $5 wrench attack.
3. Inconvenient.
4. Complicated.

The more you argue, the more you reveal your folly.
I've made myself super clear already in my steemit article and here.
I believe almost everyone (excluding you) already got my points.

Seeds? Why would you have multiple seeds? You still don't seem to understand how a single BIP39 seed and use of passphrases work for being able to hide your coins in totally invisibile, undetectable, hidden wallets...

It goes more like this:

Hacker: Hey, gimme your seed. And we have our computer standing by to validate the seed on the spot.
Victim: Okay, here you go. Have my seed... all 24 words of it...
Hacker: Is that everything?
Victim: Yep... that's all my coins!
Hacker: Well, thanks for the coins... wooo $20K, I'm rich! you're free to go
Victim: Phew... good thing they didn't know about the hidden wallets/addresses containing my other 20 BTC generated from that seed + my personal private passphrase(s) that only I know about... BECAUSE THERE IS NO EVIDENCE ANYWHERE THAT THIS HIDDEN WALLET EXISTS... I'd best go regenerate my hidden wallet and move my coins to a new seed (+passphrase) using one of the freely available desktop wallets or buy another hardware wallet and restore it or use something like the opensource BIP39 mnemonic code converter websites to get the keys and sweep them.

compared with say:
Hacker: Hey, we hacked your email/cloud storage... we found these 5 encrypted files... give us the password(s) to decrypt the files. And we have our computer standing by to validate the passwords on the spot.
Victim: Okay, here you go. Have my password(s)... Please let me go now.
Hacker: Thanks for the 25 BTC... wooo $100K, we're superrich!... you're free to go
Victim: Damn... that was ALL my coins, now I'm broke

Do you see my concern with storing encrypted keys now? It leaves traces/evidence behind. It has to, as these encrypted files need to exist somewhere for me to be able to decrypt them to get my keys out. Sure, you could try and hide all your keys around multiple email accounts... or stored on different encrypted devices in different locations... but there is still tangible/physical evidence that these devices/files exist and that means they could be discovered. It also completely negates the "convenience" of your method, having stuff spread everywhere.

With a seed (+ passphrase)... I can store it encrypted, and if my email/cloud backup is hacked, and they find my encrypted seed, I can hand over the password to decrypt the seed... The seed on it's own will generate a valid wallet and valid addresses that I can put some coins in as a decoy (or even for use as a relatively secure hot wallet).  However, my main stash of coins can be hidden using the SAME seed in combination with a passphrase. This will generate a completely different wallet with completely different addresses.

Now the hackers might be smart and be like... "Ok, buster we know all about passphrases... hand it over!"... but you can say "I don't bother using one it's too hard to remember these things!"... and they simply cannot prove that you have a passphrase. There is NO evidence anywhere of this hidden wallet existing... but it can be generated at anytime by using the seed+passphrase... Can you recreate an encrypted file containing your private key(s) from 24 words written on a piece of paper and a passphrase?

Quote

Even Trezor recommends paper backup @ https://doc.satoshilabs.com/trezor-faq/software.html#why-should-i-do-a-paper-backup-of-my-seed
Unfortunately enough, that is actually one of the weakest link in Trezor's security.

No one is denying that securing the seed is the weak link in the hardware wallet chain. However, you can encrypt the seed and put it in various places like emails/cloud storage... and even if these are compromised by a hacker, you can still be protected by having your hidden wallet as outlined above, whereas a simple encrypted file only has 1 layer of protection...

Quote

Besides, if you want to use hardware wallet, you need to remember:
1. The 12-word/24-word seeds.

You don't need to remember this... you just need to store it securely.

Quote

2. The PIN.

Yeah... 4-6 digit numbers that you get to choose are so hard to memorise...

Quote

3. The passphrase.

Yes, just like your encryption password for your encrypted keys

Quote

4. The encryption password for the seeds (if you do backup on that).

Yep... so that's one extra password I need to remember...

Quote

5. The encryption password for the PIN (if you do backup on that).
6. The encryption password for the passphrase (if you do backup on that).

Seriously? Encrypt my pin? and why would you encrypt your passphrase? It is the same thing as remembering your encryption password AND it potentially leaves evidence that your passphrase exists

In total... you only need to remember 2 passwords/passphrases... One is the encryption password for the secure backup of your seed... and the other is the passphrase that protects your hidden wallet.

Quote

With the method I laid out in my steemit article, you only need to remember:
1. The encryption password for the keys.
If my method is not far more convenient, I don't know what is.

1 passphrase vs 2. Technically, yes it is more convenient... but it certainly isn't "far more" convenient.

Quote

Buying a 2nd computer is compulsory for maximum security, regardless of whether you go for hardware wallet or not.

Why do you need a 2nd computer? Hardware wallets allow you to use any computer/device you like... as they don't expose the keys to the device. That's the whole point. You don't need to be using an "offline" computer to set them up or use them.

For those using hardware wallet, what will really happen in real life is as below...

Hacker: Hey, gimme your seeds.
Victim: Okay, here you go. The passphrase. You can have everything in it. Please let me go now.
Hacker: Har har harrr.... Nice try, pal. I am not asking for the passphrase. I am asking for the seeds! And we have our computer standing by to validate the seeds on the spot.
Victim: Ops. Oh nooo....

Hardware wallet seller: We sell super secure wallets. We use super secure seeds.
You: Yeah, but how are you going to secure the seeds? You can't expect to remember them with your brains without some risk of memory loss. Even a single tiny spelling/memorization mistake causes everything to be totally gone for good.
Hardware wallet seller: Sure, you should encrypt the seeds as well.
You: In that case why do I even need hardware wallet for cold storage? I can do the same directly to the keys instead of the seeds.
Hardware wallet seller: Our hardware wallet is secure for spending as well.
You: For spending, we can use desktop wallet too, which is free.
Hardware wallet seller: Ummm.... urrrr.....


Even Trezor recommends paper backup @ https://doc.satoshilabs.com/trezor-faq/software.html#why-should-i-do-a-paper-backup-of-my-seed
Unfortunately enough, that is actually one of the weakest link in Trezor's security.
For more details, check out the disadvantages of paper backups.

Besides, if you want to use hardware wallet, you need to remember:
1. The 12-word/24-word seeds.
2. The PIN.
3. The passphrase.
4. The encryption password for the seeds (if you do backup on that).
5. The encryption password for the PIN (if you do backup on that).
6. The encryption password for the passphrase (if you do backup on that).

With the method I laid out in my steemit article, you only need to remember:
1. The encryption password for the keys.
If my method is not far more convenient, I don't know what is.

And if you want to use Trezor with backups, you still need to buy a 2nd computer for the backup too, for maximum security.
So your total cost of using Trezor is the additional unnecessary cost of buying a hardware wallet.
Buying a 2nd computer is compulsory for maximum security, regardless of whether you go for hardware wallet or not.

Yes, in fact one of the main reasons why I wrote the article is to help people avoid getting cheated off their savings.
The more noobs dabble in "high tech" stuff, the more vulnerable they are to getting cheated unless they become savvy in this.
Getting paper wallet has its risks too, as it is very easily destroyed, stolen and/or lost.
Best is to digitally-encrypt the paper wallet with very strong encryption as my steemit article suggested, for cold storage.