Bitcoin Forum

Bitcoin => Bitcoin Discussion => Topic started by: jacobmayes94 on May 17, 2016, 09:34:40 AM



Title: Ledger Wallet - My Review - Comparing Wallets For Security - Wiped itself???
Post by: jacobmayes94 on May 17, 2016, 09:34:40 AM
I am already a user of TREZOR and multisig type vaults from coinbase. Both of these are great for storing large amounts of funds safely. I also decided to give LEDGER a try. It is much cheaper than TREZOR at £20 for the HW.1 wallet. That's right only £20 for highly secure storage of bitcoins.

I set it up using the chrome application from ledger. I used aload of nectar points from my credit card on ebay to buy one of these along with a £144 worth paper wallet which I swept, a way of 'cashing out' my nectar points (had £160 worth) with an ebay voucher. This was simple enough.

First it installs  the drivers, automatically on windows 7 and 10. You set a PIN and then write down your recovery seed on the provided card. You then are asked to unplug and replug when it has been created.

Unlike TREZOR, the ledger  does not have a screen, but can nicely fit on any key ring. You can use it in electrum or the ledger app and a couple of other pieces of software. For the life of me, I could not get Multibit HD to detect the ledger on two machines.

Due to the nature of the recovery seed, ledger *MUST* be set up on a PC you know to be clean. In my case my freshly reformatted and installed laptop.

Once set up you enter your PIN before you use it in electrum. You only get 3 attempts or it wipes the ledger. It also comes with a security card; and a QR code which you can make another one from. This security card is needed, as when you send bitcoins from a ledger hardware wallet, it sends a challenge based on the address numeric and asks you to enter in numbers/letters from the security card corresponding to that address. This challenge will also let you know if malware has tried to get you to sign a transaction to who knows where.

Once you have entered the correct sequence it asks for, it will sign the transaction and broadcast it to the network. It  can safely be kept on a set of keys (the HW.1 seems so fragile however so do not be ham-fisted with it)

The private keys are stored IN the device. Transaction signing happens IN the device. For ultimate security, Trezor with its internal display seems like top notch security, but the ledger is a cheaper and acceptable competitor. I read a post of someone who lost loads of coins in a WINRAR  pass worded folder, for anything larger than a few hundred quid, your best options are in order of security below in my opinion:

1. TREZOR - with the seed stored safely / OR Encrypted Paper Wallet

2. Ledger - with the seed stored safely

3. Coinbase Multi-Sig Vault - (you can recover your vault if you forget the passphrase with the user key, or decrypt it without coinbase with the user key and encrypted seed, should coinbase ever go bust, this however requires trust in that coinbase never kept a copy of the keys during set up) this is great for convenience, can use the coinbase mobile app to view balances, and has timed withdrawls.

4. Generic Paper Wallet (stored securely) - I have ranked this lower than the other three, as the TREZOR and LEDGER is both protected by some authencation factor, where someone finding your paper wallet is not unless you encrypted it.

5. Bitcoin QT encrypted wallet or other encrypted wallet (vulnerable to malware upon decryption)

6. Online wallet (weakest, use for funds you will quickly move or spend and if you do, use 2FA. You have been warned)

7. Vanity Addresses generated online at some random site (DO NOT USE)!

Only one small downside of this wallet and trezor:
I have a vanity address I generated on my own PC with vanitygen. It would be nice to be able to import its private key and use it with LEDGER, but then it would probably render it much more insecure as it would enable the PC to write to the secure element. You cannot import private keys onto these.

I would say that LEDGER is great for the price, and it has the possibility to support Altcoins such as Litecoin or Doge. In a way I prefer it to my TREZOR for convenience and the build, but for ULTIMATE* security the TREZOR is best.

Whatever wallet you use, I highly recommend never storing all your funds in a SINGLE wallet.

The use of 2FA on any exchanges, and the use of HW wallets and the multisig vault protected my coins during a malware infection. Do not underestimate them. I would recommend a ledger for £20 if you store large quantities of coins, it is easy to use and if your storing say 500 quid of bitcoin or more, whats £20 to you? Even with a HW wallet, use common sense. And I do wonder if smart malware could over time work out how to exploit the challenge by gathering enough information from varying transactions, but it is much more secure than many alternatives.

For the sake of £20, please consider something like this if you keep a large sum of coins. I get disheartened when I read stories of people loosing coins or their life savings to malware.

EDIT: As I state, you keep your seed. safe. My ledger somehow wiped itself??? no wrong PIN entries or anything as far as I know. Seed restored.









Title: Re: Ledger Wallet - My Review - Comparing Wallets For Security
Post by: bittrojan on May 17, 2016, 10:14:59 AM
Its a good information for people who want try to use hardware wallet,and by the way you should a lucky guy who have try the most poplar hardware bitcon wallet,both Trezor and Ledger are awesome as i read on review,and i think this review also usefull for people,but for now i dont think i need a hardware wallet.


Title: Re: Ledger Wallet - My Review - Comparing Wallets For Security
Post by: cryptoheadd on May 17, 2016, 10:19:48 AM
That's a great review.

I've both Ledger & Trezor wallet.
Trezor wallet is pretty good & I'd recommend it to anyone who's looking for a hardware wallet.


Title: Re: Ledger Wallet - My Review - Comparing Wallets For Security
Post by: yayayo on May 17, 2016, 11:25:47 PM
Thank you for the detailed review. I have to admit that I've not used any hardware wallet yet and remain a bit skeptical - at least using such a device for long term storage. Reason is that you make yourself dependent on a hardware device which might stop functioning. Ok, you might have a seed to reconstruct your keys. But it won't be straightforward to do if your device is broken and there is no replacement, because the manufacturer stopped building it.

And if you have a seed to keep secure, couldn't you just keep a private key secure?

So for me, holding a paper wallet is still a better and cheaper solution than buying a hardware wallet. This is valid, as long as the hardware wallet does nothing else than securing transactions. Once it would become an actual wallet, which allows sending and receiving Bitcoin with no additional devices / websites needed, I might change my mind because of the convenience benefit.

ya.ya.yo!


Title: Re: Ledger Wallet - My Review - Comparing Wallets For Security
Post by: nanonymousx on May 18, 2016, 04:19:40 AM
Thanks for the great review. How do you send?
Do you need a CLEAN pc to send bitcoin? You probably touch base in the article, but it is not clear to me.


Title: Re: Ledger Wallet - My Review - Comparing Wallets For Security
Post by: morepounds on May 18, 2016, 04:25:31 AM
I have been saving about 50btc online. Think its time for trezor now


Title: Re: Ledger Wallet - My Review - Comparing Wallets For Security
Post by: Edwardard on May 18, 2016, 04:32:08 AM
i think i should buy a trezor wallet after reading op's review.where can i buy a trezor online? any legit website?


Title: Re: Ledger Wallet - My Review - Comparing Wallets For Security
Post by: Quartx on May 18, 2016, 04:42:27 AM
Regarding your point about importing private keys for vanity addresses. As seed wallets are generated from seed passwords, even if it allows you to import your private keys, says the day come when you need to find back your seed wallet with the seed, the addresses from the vanity addresses importing using private keys would n not be regenerated /recovered. That is probably why


Title: Re: Ledger Wallet - My Review - Comparing Wallets For Security
Post by: jhenfelipe on May 18, 2016, 04:46:39 AM
Nice review. You gave me an idea of using different kinds of wallets for storing my coins. As of now I'm using Online wallet upon receiving, sending, and storing my Bitcoins. As you mentioned on your review, online wallet is the weakest, yes maybe. That's why I do use 2FA for an extra protection so that my account will be more protected.

Thank you for sharing your experience.


Title: Re: Ledger Wallet - My Review - Comparing Wallets For Security
Post by: justspare on May 18, 2016, 05:17:17 AM
I was thinking about buying a trezor some time ago, my friend recommended the ledger to me and I ordered one. I absolutely love it. Would recommend it to anyone who wants to keep their coins safe.


Title: Re: Ledger Wallet - My Review - Comparing Wallets For Security
Post by: HeroCat on May 18, 2016, 07:18:50 AM
Trezor is better from safety point - it can resist computer wide spread malware or viruses. Ledger as installed software can not do that or is not so safe, so Trezor is better. Yes, you must pay a lot more for Trezor, but you can get wallet safety.  ;)


Title: Re: Ledger Wallet - My Review - Comparing Wallets For Security
Post by: BitcoinSupremo on May 18, 2016, 07:25:26 AM
Trezor is better from safety point - it can resist computer wide spread malware or viruses. Ledger as installed software can not do that or is not so safe, so Trezor is better. Yes, you must pay a lot more for Trezor, but you can get wallet safety.  ;)

Trezor of course is better, but if you use HW in a Linux environment it has almost the same security of Trezor, and I think I don't have heard any stories of even electrum desktop hacked, let alone a hardware wallet so I think both are safe, of course HW is the cheaper one so you have to be a bit more knowledgeable to use it well, but in the end they both do the same, save your Bitcoins.


Title: Re: Ledger Wallet - My Review - Comparing Wallets For Security
Post by: jacobmayes94 on May 27, 2016, 11:00:45 PM
My ledger has wiped itself???? 'welcome to your new ledger wallet' glad I have the seed with over a grand of BTC on it which restored okay.... That was... unexpected... I was wondering if this stick on my keys is vulnerable to ESD.

Jacob


Title: Re: Ledger Wallet - My Review - Comparing Wallets For Security
Post by: BitcoinNewsMagazine on May 28, 2016, 01:56:47 AM
I have been saving about 50btc online. Think its time for trezor now

Dude, storing over 23K online is dangerous. Get yourself a Trezor (http://bitcointrezor.com/) right away, pay for the DHL express shipping and you can have in a few days. Seriously. You can prepare yourself by reading the online user manual (http://doc.satoshilabs.com/trezor-user/index.html) while you are waiting for the unit to arrive.


Title: Re: Ledger Wallet - My Review - Comparing Wallets For Security - Wiped itself???
Post by: bigredbutton on May 28, 2016, 02:05:50 AM
I have a Trezor and Keepkey and highly recommend both.


Title: Re: Ledger Wallet - My Review - Comparing Wallets For Security
Post by: btchip on May 28, 2016, 02:11:49 AM
My ledger has wiped itself???? 'welcome to your new ledger wallet' glad I have the seed with over a grand of BTC on it which restored okay.... That was... unexpected... I was wondering if this stick on my keys is vulnerable to ESD.

Jacob

We have identified a bug that can cause this in some specific sequence of events. It has been fixed for the next firmware update (the one including Segwit)




Title: Re: Ledger Wallet - My Review - Comparing Wallets For Security - Wiped itself???
Post by: BitcoinNewsMagazine on May 28, 2016, 02:31:49 AM
I have a Trezor and Keepkey and highly recommend both.

KeepKey IMO has a security flaw in that passphrase encryption of your seed is not enabled by default. KeepKey can certainly enable passphrases but they have not. Management must have had a bad experience in the past losing a passphrase. To protect your Trezor against physical attack encrypting your seed with a passphrase is a good option, as long as you feel comfortable with it. If you lost your passphrase you would lose your bitcoin. However the seed would be worthless to a thief without the passphrase. Trezor gives you the option it is your choice. Because of the way Ledger uses a secure element passphrases are not required or needed. However you may miss the convenience of the screen Trezor provides. It is good to have choices.