Bitcoin Forum

So I'm familiar with Trezor, by name only, as I saw them advertised a lot before launch. Been seeing some other ads on Facebook as of late for a diff hardware wallet called Ledger, looks more fancy, not that that really means anything.

That being said. Of all the currently available HW wallets, what do you use if any, and why ?

I do know the trezor is ~$55 while Ledger which comes with a nano ver or some such shit is ~$150.

Been contemplating getting one vs a locally stored wallet file / paper wallet etc. for moving some coins off of CB after making a few more trades.

Ty.

Have a look over in this section of the forum

https://bitcointalk.org/index.php?board=261.0

This should give you all the answers you need :)

You can buy a Ledger Nano S for the same price as a Trezor One (59€). Without considering Ledger has often discounts on their products, like -50% recently. (I don't know about Trezor). The Nano X costs less than the Model T.

I bought Ledger devices since I prefer its design and I believe more in its security. One of the reasons is also that it's a french start-up, I know it's a stupid reason but well patriotism you know.
If someone owns a lot of different altcoins Ledger supports more than Trezor. One of the negative points for Ledger is the Secure Element chip not open source, but that's doesn't really matter for the average Joe, and the cheap plastic used.

Ledger HW is expensive only if you buy the one with higher capacity, which may make sense if you handle more altcoins.
The simple Ledger Nano is as cheap as Trezor.

Whether you need it depends on what you want to do and what your tech skills are. If you 100% know how to safely generate paper wallet(s) for yourself and how to store them (offline) and only want to HODL, you don't need more. But usually it's not the case. Locally stored wallet file is not a safe way to keep big amount of money, since computers can be hacked if they get online (whether you keep them online 24/7, whether you go online for 5 minutes now and then only for a few transactions, the risk is still there).

That 59 EUR they cost worth it 100% imho, for both security and convenience.

Well, as far as coins go, I still dabble in BTC once in a while but my main playground is with LTC. But ya, I do like the Ledger design better myself not that that means much.

But seems like it, Ledger, may be the way to go if and when I get a HW wallet just for the added security of even say storing a wallet file on a disk / thumb drive off line.

Would have to double check,  but as far as avoid issues goes. As long as trezor does LTC which I believe it does. It, may be the better option. Def more reading to do.
.

Trezor supports LTC. You should read about the unfixable vulnerability (https://donjon.ledger.com/Unfixable-Key-Extraction-Attack-on-Trezor/) found in Trezor devices and their response (https://blog.trezor.io/our-response-to-ledgers-mitbitcoinexpo-findings-194f1b0a97d4) to the described attacks. They are very unlike to happen and require a physical access to the device, but everyone should be warned about it before making a purchase. Ledger is not vulnerable to any (publicly known) attack at the moment, but because of Secure Element, it is not fully open-source.

Oh, given the nature of the item(s) at hand. I'll most def do my due diligence as one may say. I'm probably not getting one, whichever one, until around xmas when I put some coins away for a while... at least 2 yrs... depends.

Ty.

If the value of the coins you own is a few hundred $, maybe you can live with the knowledge that you can lose them at any moment. But when it comes to a few thousand dollars, few can afford such a loss - and there are users on the forum who have lost very large sums of coins because a $50 hardware wallet was too expensive for them. It is your decision whether to invest in security or not, but anyone who understands what crypto is will tell you that it is not wise to keep such things online.

I see you're a trader so you can’t avoid having a certain amount of funds online, but in any case the correct option is to move them from the crypto exchange when you stop trading. Even a desktop wallet can be a safe option if you take all the precautions.

I have a Trezor 1 and a Ledger Nano S.

The Ledger has been abandoned. There's something about the way they operate I dislike. In this game you should be humble and open and they certainly are not. Trezor's attitude is better and more communicative so they're the ones I stick with.

I am starting to wonder about the future of hardware wallets, more holes are found every day, but since all current ones need physical access to exploit I'm not going to sweat it until that changes.

80% of what I have is secure even if my house burns down with the rest on coinbase pro. So ya. I stand to lose roughly a grand if shit hits the fan but like you pointed out. I trade actively all year, so theres an inherent risk.

Wo wether it is now or xmas time, it's still a gamble. But one in already in.

But fwiw, my main account is MoreBloodWine. So I'm not necessarily new to crypto. Just gotta finish up some stustufstustuff before using it again. I had lost it for a good long while and only started recently finishing some things up before I use it again.

even then, based on what I know. Wether its trezor or ledger, physical access on the drive is not enough in and of itself.

But I am 50/50 with a slight lean towards ledger.

Yes it is.

https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/

https://www.ledger.com/chaos-communication-congress-in-response-to-wallet-fails-presentation/

However the chances of someone breaking in, finding it, knowing what it is and knowing how to get at it are on the astronomical side. And it's also neutralised by having a 25th password. But who knows whether new angles will be found?

For me online security is obviously the big one and so far they're fine.

I'll read that later, but even if I personally had your drive. Unless I had whatever pass phrase is set up. I couldnt do anything with it. Unless I missed something, I would need your drive and the wallet / system its tied to, to steal your funds. But just the drive itself, last I knew, wasnt even close to enough.

That was a good read but I'm still 50/50 with me leaning a tad more towards ledger. Either way they both for the most part seem like really great choices, did come across the model t for trezor. That's an interesting price tag. But really. For just btc and LTC. Either the trezor one or nano s seems like they would be the more than sufficient models. Setting aside what seems like possibly better security in the higher models which one might then argue. If you're going to get a hw wallet. Just go big or go home.

Def more research to do but of the what seems like 6 diff. companies. They're the two to really consider.

Broke down, bit the bullet and bought the Trezor Model T using some of the LTC I have.

Will post back after I get it in what I'm guessing will be about a week.

Let’s take a hypothetical situation of someone coming into the physical possession of your hardware wallet, and that this wallet has some kind of vulnerability that can be exploited with the help of cheap equipment and little technical knowledge. This currently exists with Trezor models which are extremely vulnerable in case the user has not set up passphrase, the seed can be extracted within minutes. The conclusion is that all those who are not aware of this vulnerability and do nothing to insure themselves, have at least one additional risk when it comes to protecting their assets.

For now, Ledger is definitely at an advantage because there is no such vulnerability - if there was one, Trezor would surely make it public. But what some people don't like about Ledger is the fact that it's not open source, for which Ledger again gives somewhat logical reasons.

Every device has its weak points, it's only a matter of time before someone discovers them. What plays the biggest role in the case of hardware wallets are possible remote attacks, which have not been recorded so far (or at least no one has made it public).


Congratulations on your purchase, although it didn't seem to me that you would choose the most expensive option at the moment. Just a week ago you could get Nano S for some 30+ EUR, and Trezor T is 180 EUR now (VAT included).

Attacks aside. Short of someone stealing it from me / breaking into my home. As you or someone else pointed out. They'd have to know what their doing and have the right equipment. Would hope by the time i know it's missing I could xfer anything on it.

Not to sound like a smartass, but who wouldnt setup a passphrase? Even if it came as an after thought. Or maybe it's just that no one considers it. I'm not much of a techie in terms of things like this. But if it's an option of added security, I'm going to use it.

As for my purchase, it was sort of an impulse buy. But that being said. I do love the larger screen. They also seem to have better support I'd rsther have when needed than need it and have Apu from quickemart. Or better yet. Tech support from the show IT Crowd.

I could have gotten the model one. But something kept nagging at me to get the T.

But ya, $162.46 USD (149 EUR) wasn't easy but felt kind of right besides hurting while doing it lmao

Also, as for remote attacks. Unless I'm overly tired and not on the same page as you. That only seems feasible with the Nano X and its BT... unless your also considering how someone may leave the wallet connected to a computer even if its not actively being used (the wallet).

Anyway, going back to the trezor vulnerability. Might sound stupid, but even with a passphrase. Isnt that attack still feasible but just taking longer ?

Most people, unfortunately. There is no requirement to set up a passphrase to use a hardware wallet, most wallets deem it an "advanced feature" and so it is buried in the back of their user guides/set up guides, and so most users just don't know about it or don't care about it.

Ledger made a blog post about this here: https://www.ledger.com/ledger-nano-x-bluetooth-security-model-of-a-wireless-hardware-wallet/. Basically, the Bluetooth connection requires user approval to set up and pair, is encrypted, only ever transmits public information, your private keys never leave the secure element, and nothing can be signed without the user verifying it on the hardware wallet.

Having a passphrase doesn't actually make a difference to the vulnerability - if someone has access to your Trezor, they can still extract your seed in a matter of minutes. What a passphrase does is mean that once they have your seed, they do not have immediate access to your wallets and instead would have to combine your seed with brute forcing your passphrase. Provided your passphrase is long and random enough, this is unfeasible/impossible, and as you say, would give you plenty of time to recover from your back ups and transfer your coins to another wallet.

One thing I probably should have thought of asking before spending the money that I did for the Model T, as unlikely as it would be for one let alone both for this to happen to. At least for what I'm guessing would probably be 15 to 20 years if it all.

Just for shits and giggles, what would happen to the funds on the wallets if both sites (trezor/ledger) were to just completely disappear, servers and everything, and for whatever reason a user like me was not made aware until way after the fact or something.

The wallets don't actually store your coins. All they store is the seed phrase and private keys to the addresses your coins are located at. Your coins never leave the blockchain. Similarly, the software that Trezor and Ledger provide is simply an interface to interact with the private keys stored on the wallet.

In the event that the company ceased operating, and you no longer had a copy of their software or were able to download it from anywhere, then you would have two options to access your private keys. The first would be to use a different piece of software which supports your hardware wallet. The most popular example of this is the Electrum wallet (electrum.org). You can use Electrum with both Trezor and Ledger devices to access any wallets, accounts, and keys stored on them, view your addresses, sign transactions, etc.

The second method, which you could use if there was no software which would interact with your wallet, or if you lose or break your wallet altogether, would be to recover from your seed phrase. Given that BIP39 is used so widely at the moment, it is almost certain that in 15-20 years there will be software that supports it, even if we have moved on to something else and BIP39 is obsolete.

So download a copy of Electrum and keep it on a spare thumb (or micro SD etc.) drive with nothing but, better safe than sorry lol

As for recovering from seed phrase, guessing that's the most unlikely scenario needed unless the wallet was, like you mentioned, damaged in some way. But that's I guess a bridge crossed if and when its approached since I assume, even if it's not too difficult, is a somewhat involved process.

There's no guarantee that would work either. Because of various bugs and vulnerabilities being found in the code, Electrum versions older than 3.3.0 no longer connect or sync. It's entirely possible (perhaps even likely) that a version of Electrum you download today will also not be able to connect 20 years in the future. It's also entirely possible that Electrum no longer exists 20 years in the future, and so there are no servers being run for old clients to connect to.

After you set up your hardware wallet for the first time and write down your seed phrase, I would suggest taking a note of the first address generated, wiping your wallet, recovering from the seed phrase you wrote down, and checking the addresses match, as a way to verify the seed phrase you wrote down is correct. Too many people only discover they have made a mistake in writing down their seed when they need to restore from it, at which point it is obviously too late.

Fair point about electrum.

I like to try and think ahead sometimes.

But that being said, I'm usually pretty good about not messing up sm electronics in any way. But it also probably wouldn't hurt to get something like a model one down the road and restore the seed on it. Keeping it as a protected backup with the Model T being the always used when needed device. Only using the model one incase of damage to the T or quickly needing to move coins due to damage or loss / theft if I take the Model T out with me for some reason.

As for testing the seed, I hadn't considered that... so TY... seriously !!!

All of that said. I did download and install electrum on the desktop just to check it out since i never have before. I noticed it had diff wallet features. Like watch only, which really any app or program can do that. Might keep it on my phone for that aspect (watch only).

Unless you know of something better that does watch only but can also say, notify me of incoming / outgoing transactions via something like a push notification like many games, banking apps do. But with at least btc and ltc addresses.

But it (electrum) also has a seed function it seems, among others like read from device.

But who in their right mind would use that (seed function) if they didn't need an emergency move for some reason ?

I only ask because from what I can tell. Restoring from seed would have to include private keys etc somehow or what good with it be if having to restore to let's say a new unit bec of damage or having to move coins bec of loss / theft.

So it would be like why have a hw wallet if someone is dumb enough to use a seed on electrum aside from needing an emergency move. Even though I suspect that might be the main if not only reason. But you never know with some people.

Anyway, do ppl actually opt for electrum on a daily basis vs say hw respective sites like ledger / trezor ?

I just don't see how it (electrum) can make a hw remain safe wether its trezor or ledger.

But I do like the idea of stand alone programs which currently it seems only ledger has but was obviously not a swaying consideration for me to get it instead of the model t.

Anyway, sorry for the run off there with all that. My mind speeds like I'm on coke when I dont sleep, and I didnt sleep last night. I at least hope I made sense lol

But the run offs aren't always a bad thing...

But I feel, based on trezor alone. I have everything i need to know known. Since this reply was mostly an electrum thing lmao

Ttyl and ty for humoring me.

Gonna try and go relax before this headache turns into something else.

Not quite sure what you mean here in terms of "including private keys". All the private keys on your wallet are ultimately derived from your seed phrase. If you import your seed phrase to a new piece of software or hardware, it will generate all the same private keys, and therefore all the same addresses, as your old wallet, and therefore give you access to all the same coins. You don't have to back up your private keys or even look at them, provided you have your seed phrase backed up.

As I mentioned above, Electrum is simply the interface to communicate with your hardware wallet. Your hardware wallet will generate a seed and generate a wallet, Electrum just lets you navigate it in a user friendly way. Your private keys never actually leave the hardware wallet, and no transaction or signing can take place without you confirming it on the hardware wallet. Electrum is also open source.

Exactly that is what I mean... you said it yourself, derived from the seed phrase.

So any device that seed is used on, can send / receive funds this eliminating the use of why have a hw wallet.

Ex.

Electrum Setup > What Kind (Standard) > Creste New Seed or Restore One

So further the ex.

Not so smart guy walks in loving his new hw wallet. Wants to use electrum with it vs say the wallets main / normal interface, however that works. So he adds his seed to electrum. Since all addresses and keys generate from that as you pointed out and I not so clearly asked.

If his system is compromised, even if it's not. His wallet is now technically negated bec funds can now be sent using electrum since the seed his trezor or ledger generated was restored to it (electrum).

Not saying many if any would try this, but in terms of electrum and hw wallets. I assume this is why it has the read from device option, at least on desktop ? Assuming it just reads public shit asking you to confirm on the device to send.

Sorry if I wasnt so clear before. But I've gotten some sleep, so maybe I'm clearer now ? Lol

Eitherway, ty for humoring me.

Ahh right, I see where the confusion lies.

So what you have written would be accurate in the case of someone restoring their wallet to Electrum by inputting their seed phrase. In such a case, as you say, the security of your hardware wallet would now be negated as your seed and private keys are now also stored in a "hot", internet connected wallet.

Using Electrum as an interface for your hardware wallet is different to that. You never need to input your seed phrase in to Electrum, and your private keys never leave the hardware wallet. In this situation, because Electrum doesn't have your seed or private keys, it is useless on it's own and can't sign any transactions unless your hardware wallet is also connected and unlocked. Electrum is only being used in this scenario as a user friendly way with a nice GUI to send instructions to your hardware wallet - your wallet, accounts, private keys, etc. never leave the hardware wallet and do not need to be imported anywhere else.

Thought as much, ty.

My wallets processing now, so since they're in Russia. I'll probably see a ship notification early tomorrow. Guessing then that it's in my hands by Mon at the latest if rona isn't messing intl mail up too much still.

Might need to get a longer cable based on what they send with it. But usb extenders are cheap enough.

But I'll be watching this package like aHawk. We dont have issue with mail theft but not taking a chance with something so small !

Ledger is a much bigger company which I think influences how it's ran compared to Satoshilabs.



Trezor T supports 1392 different coins and tokens: https://trezor.io/coins/

Couldn't find any up-to-date information regarding the number of supported assets by Ledger.



https://blog.trezor.io/introducing-tropic-square-why-transparency-matters-a895dab12dd3

If and when something more secure is found, until it gets broke if it ever did. I would hope Trezor would offer some sort of discoint swap value for the more secure wallet. So like a 1-1... T for T etc. but at say a 60% or so reduced cost.

I personally like D'CENT biometric wallet. I've used Trezor before, switched to Ledger Nano S for more security, then finally settled on D'CENT biometric wallet.
I am no advocate of certain brand and purely based on my personal experience in using various wallets in the market. The latter is more convenient and easier to use by far.

Each brand has its ups and downs, that's for you to decide based on what your needs are.

https://youtu.be/zqEEQM5o4OU (https://youtu.be/zqEEQM5o4OU)


 

This list (https://www.ledger.com/supported-crypto-assets) contains 1,355 entries, so pretty similar figures.

It really is a meaningless statistic though. Ignoring the fact that 99.9% of altcoins and tokens are completely pointless and/or an outright scam, according to https://etherscan.io/tokens, there are over 250 thousand different ERC20 tokens on Ethereum, all of which can be supported by any wallet which supports Ethereum. There are also a bunch of other platforms with thousands of their own tokens, so both wallets could honestly claim they support 250k+ assets.

If it works for you, great, but you should be aware that fingerprint spoofing is surprisingly easy, and biometrics in general are not a good way to secure your data. You leave fingerprints which can be used to break in to your hardware wallet on everything you touch, including on the hardware wallet itself.

So it showed up yesterday, didn't know until today. Got into a weird loop on the setup when naming the Trezor. But I figured that out. That said, it asked me if I wanted to set a pin, which I did, options seemed to be 1 to 9 numbers. Anyway, maybe this is what you meant by pass phrase, I don't know. But if not, what am I missing here ?

Edit: NM, figured it out. Just did a wipe of the device, then going to restore seed to double check if the pass wallet address is the same as well as the normal one. Pass phrase isn't even secure, but its for a test so... not like I can't do a new one that from what little I know is always attached to the seed.

Edit: The trick is just remembering if I ever send coins to the "normal" address, to send them to the pass address.

But, seed restore confirmed...

I did also notice Electrum generates new address. Will probably just stick with the trezor site. Electrum seems like it might confuse things in some respect, Especially since it seems set passphrases would be typed via keyboard on a computer, which I have very few problems with if any, but still. But it definitely seems like a use one or the other but not both type of situation.

Edit: although now that I'm thinking about the passphrase thing while I'm working on dinner.

I guess it doesn't matter whether it's typed in to the computer or on the device itself. For the simple fact that it's probably one of the most unlikeliest of scenarios that somebody would get a hold of the physical device knowing that I've typed the passphrase onto the computer unless it was a close relative and or friend.

So I guess that much is technically a null point. But the inconsistencies with electrum using different addresses than what's on the trezor website is a little weird.

To rectify that I guess we should say, is that just entering the addresses given to me by trezor manually into electrum as a watch wallet? But then if you go to send from that, the secret key, is still stored on the device and never transferred to electrum?

But then what if it's a wallet with a passphrase I set on electrum but want to see that address on the trezor site. Same thing by just entering the pass. I guess think of it as a backwards compatibility type question.

Although I dont recall seeing an option to add an address into trezor except for legacy addresses, guessing that's what electrum generates ?

But ya. Def seems like trezor site or electrum but cant be both even though any address generated falls back to the seed so to speak.

I like the idea of using the Standalone software versus the trezor website. I just still have some concerns I guess you could say.

Technically, if you were ever to enter your seed on the same computer, which you shouldn't really do, it could be a threat.


By default, Electrum generates native SegWit addresses (bc1...) while Trezor Wallet supports only legacy (1...) and nested SegWit (3...) addresses. The upcoming Trezor Suite (a desktop and mobile app) will introduce an official support for generating native SegWit addresses. However, it is still in early beta. If you want to use the same type of addresses as Trezor Wallet supports then you should take a closer look at the following screen which appears when adding a new wallet using a hardware device.

https://i.imgur.com/W3KH6xS.png

First, you have to select what type of address you want (p2sh-segwit would be the best choice if you need to be able to access your coins through Trezor Wallet for some reason). Then, you can modify the derivation path. The last number is the number of the account you want to access. Zero is the first account, one is the second and so on. I would leave it at native SegWit, though.


If you enter your address manually into Electrum then you will get a watch-only wallet. However, in order to be able to spend coins using your hardware wallet, you have to choose another option ('Standard wallet -> Use a hardware device').


Yes, your private keys never leave your device. Electrum only knows your Master Public Key from which new addresses are derived. If you disconnect your hardware wallet, Electrum will act as a watch-only wallet.


I hope that you don't confuse a passphrase with a password which encrypts Electrum wallet file. Once you enable passphrase support in the settings on Trezor Wallet, both Electrum and Trezor Wallet will prompt you to enter your passphrase every time you open your wallet. You should see the same addresses on both wallets using the same passphrase.

From Electrum Load, but first...

No I didn't not confuse wallet lock and passphrasing lol. I get the phrase is like an extra word to the seed.

But from Electrum Load...

default_wallet > Standard Wallet > Used a Hardware Device > Prompts for PassPhrase > Screenshot you shared (native segwit m/84'/2'/0'") > Deny file lock bec it's public and that I don't care about.

But the BTC address that shows is a bc1 address when I would like to see the one I initially got from Trezor / that Trezor shows if I log online using the same pass which is a 36x address.

Same for Electrum-LTC which shows me a ltc1 address but on the trezor site, using the same passphrase. Shows me a MEQ address.

Everything else I previously wrote I'm comfortable with and have learned some. So really it's this one minor inconvenience that has me slightly confused. Since between the Electrum wallets and the trezor site using the same passphrase. I am given two very diff addfresses when going to the respective "receive" tabs online and in the desktop wallets.

I'm sure I just overlooked something simple, I would hope, in Electrum. But given what I am currently seeing, even if I wanted to use addresses initially given to me by Electrum. The reverse would hold true that I wouldn't see them online via the trezor site.

So the easiest solution it seems would be to get the trezor addresses to show on Electrum by way of adjusting a particular setting or adding something. Which I sort of mentioned before in by maybe adding the addresses given to me by trezor, when using my passphrase, manually which would make it like a watch wallet on Trezor but still needing the device attached to be able to send from it ?!?

Edit: Reading back, I guess I could try it without waiting for a reply, but I'm guessing wipe the wallet file and redoing it all with the legacy option ticked ?

It seems with a passphrase set, legacy or not. The address are all the same secured in a WELL protected manor. I just want to / would prefer to see the same addresses between the two so I have the option to use the Electrum clients at home when needed but the trezor site when required. If I am away from home.

At least until the Trezor suite I'm now learning about thx to you is done. So I would have their client to show addresses in the way I am seeking and then their site when needed.

CMIW, seems like you choose the wrong script type. You should choose p2sh-segwit if you want to access the 3xxx address instead of native-segwit (bcxxx).

Not sure how I get send-able merit, otherwise I would give this a +1. But that did the trick for both LTC & BTC. I can now see both addresses in their respective Electrum clients that were originally given to me on the Trezor website using the nTH seed word / passphrase..

Ty !

Also, CMIW ?

Correct me if I'm wrong ?

Lastly, if someone can send me any current publication links on the "beta" stuff for Trezor previously mentioned, that would be awesome... Ty.

One final thing I want to keep separate from the above reply, not that I guess I really need to... and this is purely out of curiosity. But how / or why is it that the trezor site and the Electrum clients generate diff QR codes for the same address ? Even though off the top of my head I would fathom a guess that's just because they used some sort of varying coding methods even though QR readers can read both.

There are different sizes of QR codes, different versions of QR codes, different ways to encode the data, different methods of error correction, different degrees of error correction, etc., meaning the same data can produce different QR codes.

In addition, it is possible to encode more information that just the address in a QR code. One code may also include a request for payment, an amount to be sent, or even additional information which will be read by your wallet (Example: Electrum contains a "description" field which can be encoded in the QR code).

As long as they both scan to the correct address, nothing to worry about.

lol... I didn't even thing of added info. That said, if the electrum QR's include a note field. I may incorporate it's QR codea into my sm peoject instead of those provided by trezor. I'll have to scan each with the coinbase app later to see what's what.

Cost will be approx $13, but a dual sided ID card. One with BTC logo, address typed and address QR. With the reverse being LTC . Size of a credit card, kept in the wallet. If needed to receive coin to the trezor addresses. Just gotta pull it out.

There isn't really much information about it because only few people got invited to the beta. You can become a beta tester (https://beta-wallet.trezor.io/) by subscribing to the Trezor newsletter. Don't worry, they won't spam your e-mail. I haven't tested the new software, yet. I will give it a shot in the next few days.

Think that's what I signed up for during the initial Waller setup, but Ty.

Will do it again for good measure using thst link.