Topic: Why I Am Not Using Hardware Wallet For Cold Storage - page 3. (Read 7266 times)

  ???cold storage is a good choice for me now.

The short + simple idea is to generate a "paper wallet" and then digitally encrypt it (but then the whole process is digital, without the paper printing).

You need a forever offline + formatted computer (to be free of viruses, malwares, keyloggers, etc), preferably a 2nd computer, never mind the OS.
You use a reliable 3rd-party address generator like Electrum to generate new addresses + keys, preferably one at a time instead of a bunch of 20s.
You export and encrypt (single, double or triple encryption) the private keys with software like WinRar into .rar file format with strong but personally memorable passwords (alphanumeric + symbol, over 20+ characters long).
You do the necessary backups online (like email to yourself) and offline (i.e. burn to multiple copies of optical disc, I recommend Verbatim's CD with AZO technology).

Once you get the idea how the whole thing is done, you can customize the entire process according to your preference.

I expected to get a tutorial, how to create a wallet. So no third party would be needed to save Bitcoins.

You are right, i dont use Hardaware wallet too, i believe in myself and there is only one person who has my private key, and that person is me.
Also, blockchain has a lot of security so it is safe to hold in there. there are a lot of security meassures and you are probably never gonna be stoled.

My article said it was only for cold storage, with an offline and formatted computer. But when it comes to spending, it isn't less convenient if you appreciate 100% control.

Example:
You have 100 btc.
You generate 20 addresses (with keys of course).
You transfer 5 btc to each address.
When you spend, you take out only 1 of the 20 addresses for use.
You spend only 5 btc and everyone knows you have at least 5 btc only (instead of 100 btc, because your addresses aren't a bunch of change addresses that reshuffle your 100 btc with every transaction).
If you get the $5 wrench attack, you can pretend you have only another 5 btc address (just as when you pretend you have only the dummy wallet with your hardware wallet).
If you want to cover the trace of your 5 btc, you use washers.

How can you do all the above with hardware wallet, satisfactorily?

Indeed, but if you can digitally-encrypt (maybe with double or triple encryption) your paper wallet with strong passwords (over 20-char with alphanumeric + symbol), that is even better than any paper wallet, as you can now store them anywhere online and multiple backups.

I find it easier to have half a dozen hidden wallets on my Trezors.  By entering my 7 digit Trezor PIN you would see the decoy wallet with < 2 coins at any time.  I therefore would have no clue such a thing as hidden wallets exist.  Its a better answer for the "$5 dollar wrench" than someone finding half a dozen paper wallets and me telling them there isn't a 7th or more around somewhere.  In a perfect NO adversary world both paper and hardware wallets are NOT able to be hacked at this point in time.  Only operator error would permit such an occurrence today.  Paper is more prone for errors when the time comes for coins to be moved, in my opinion.

And how are you going to spend/generate it? Offline wallet I suppose, for maximum security.

Everyone says paper wallets are the safest but they don't consider the generation and the spending process which exposes it to threats and once its spent, a new paper wallet will have to be generated. Hardware wallets are the closest you can get while balancing convenience and security.

Hahaha .like steemshit

SteemIt sounds like a new term for taking a shit on something.

Lot of people posting their Steemit articles here trying to make bank.

Anyway, this is common sense. TRUE COLD STORAGE = PAPER WALLET

Anyone who lost  a significant amount of Bitcoin will tell you a paper wallet is the safest way of storing it. Think of it like cash money, except you are holding a paper with your keys on it. No one can hack you if you use this method.

No, I'm not here to argue or anything.

You can't criticise them if you cannot find any fault with them. How are you going to be generating the keys with 100% security if you do not wish to verify the source code? No wallet will ever be safe for you then. You can only generate it by hand.
I don't really understand where you got that inference from. I merely said that the derivation method can be known. You can get the private keys from the seeds=getting your gold from the paper that holds your gold without any restriction at all.
Nah, I just feel that theres some misconception.
Wait... Didn't you mention that hardware wallets are flawed because you are depending on a third party to generate it for you? I think you misunderstood something.
Of course. I didn't say everyone SHOULD write their own OS in the first place, I don't even expect anyone using Bitcoin to be able to. If you love your privacy and security, you would be having thousands of private keys whenever you spend the coin. Isn't a 12 word seed way easier?
You uh, forgot to cover the way to spend your coins. Of course I can craft a transaction at the moment when you decrypt your encrypted rar file to send the coins to my address.

How it possible to capture sent packets without noticing user?

I'm sure there were people saying similar things about Mt. Gox... and Bitfinex... and right before all their coins/$$$/data disappeared.

Quote

And thank you for bringing up that $5 wrench attack because I came across such argument while writing my article.
Here's the thing, can anyone using hardware wallet be safe from the "$5 wrench attack"?
Here's an honest + objective answer... NO.

Actually, they can be safer than you... because the hardware wallet gives them the safety of "plausible deniability". You can create "dummy" wallets with "small amounts" of bitcoin... say 1-10% of your total holdings. If someone threatens you, you give them the password to the dummy wallet... they find your coins and think "Job done"... meanwhile your 90-99% of actual holdings are safely stored in a hidden wallet that they can't possible know or prove exists... rendering a $5 wrench attack nullified for a relatively minor cost.

Whereas, with your method, they'll keep hitting until they get the password (or passwords in the case of multiple encryption) that decrypts it correctly.

Quote

And is it better to use my approach vs hardware wallet? Yes.

See... I was going to let the "Saying no procedure is 100% safe sounds like speculation to me" slide... but now you're just coming off as a little bit arrogant.

"Saying your procedure is 100% safe sounds like arrogance to me"

Quote

Why? Using hardware wallet is a physical dead giveaway that you have bitcoin and/or other cryptocurrencies.
Using digitally-encrypted private keys that I suggested is not, unless you try to brag and boost that you are rich because you have plenty of cryptocurrencies, in which case you are the security risk, not my approach.

No, you just used a very public forum like Steemit to declare to the entire world that you use Crypto... and how you choose to store them. Guessing you trust them more than hardware wallet devs/manufacturers too... so I'm sure your IP address is safe when them.



I'm not declaring that hardware wallets are 100% safe, or the only answer to everyone's crypto storage needs... there are still attack vectors that exist (no solution is 100% secure). What they are is safer than using just a software wallet on a desktop PC/tablet/mobile device... and more convenient than locking everything away on paper wallets in secure storage (or triple encrypted, digitally stored private keys)...

But hey, like I said... Horses for courses... you've got a system that works for you, so that's great. Is it "better" than a hardware wallet? A viable alternative sure, but better? I'd say that is somewhat debatable and likely dependent on the use case(s) of a given person...

People discussing security when using Windows - come on! Don't you see the gap here? Windows has a long, long record of insecurity, and there is no sign, that this will ever stop. (Oh, yes - Microsoft last recently announced, they'll embrace Linux. That might be a first step.)

In the professional world of security you do not talk Windows. Otherwise it is snake oil (thx to Bruce Schneier for this wording).

>> Saying no procedure is 100% safe sounds like speculation to me.
this sentence makes me puzzled
Security is not about emotions, not about opinions or speculation.
it is a race between experience and development. Similiar to banks, who protect the wealth. The layers of protection were increased step by step, until it gets too expensive to try and steal money. So security is all about trade-offs: you have a certain amount of value to protect, then you also need to invest a certain amount for the protection layer. You can not protect a 1 million value with 5 cents of security thoughts. And then there is not only security against theft, it is also about privacy.

So best practices might look a bit like this:
Trades at the 100 Dollars/Yen/Euros/Satoshis level can be on a phone wallet.
The 1000 range can start to be used with multisig.
The 10.000 range requires some cold storage.
All beyond requires cold storage and multisig.
And when it comes to privacy, you may want to add a layer of tumbler/coinjoin/mimblewimble.

I would say I have used WinRar for many several years and it never disappoint me, not even once.

All those videos saying WinRar's .rar files can be hacked is fake because they use brute force on negligible passwords like "abc" and "123".

And thank you for bringing up that $5 wrench attack because I came across such argument while writing my article.
Here's the thing, can anyone using hardware wallet be safe from the "$5 wrench attack"?
Here's an honest + objective answer... NO.

And is it better to use my approach vs hardware wallet? Yes.
Why? Using hardware wallet is a physical dead giveaway that you have bitcoin and/or other cryptocurrencies.
Using digitally-encrypted private keys that I suggested is not, unless you try to brag and boost that you are rich because you have plenty of cryptocurrencies, in which case you are the security risk, not my approach.

The theme is good and I myself do not use a hard wallet.

So you can say... with 100% certainty... that there are no "bugs, glitches, backdoors, ... etc that either allows them to be hacked or they screws up on their own, or both." in RAR software... with it's closed sources?

And for the record... your method would probably fail the "$5 wrench attack":