Bitcoin Forum

"bugs, glitches, backdoors, ... etc that either allows them to be hacked or they screws up on their own, or both."

"maximum security (free of 3rd-party trust)/maximum trustless"

Are you sure about that? All you are doing is switching your trust from one software/hardware provider to another (with closed sources)...


But hey, you found a system that works for you...  ;)

First, I desire to be in control of my private keys.

Second, different hardware wallets, or any type of wallets, be it hardware, desktop, mobile, or online, have different approach to encryption.

Third, replacement cost is very high with hardware wallet.

I can email myself my strongly encrypted private keys (so even if my email gets hacked, no hacker can crack my private keys unless they have some super hyper ultra quantum computer that can hack into any strongly encrypted private keys within minutes/seconds/hours).

Fourth, to rely on any 3rd-party wallet to secure and/or cold storage my cryptocurrencies is itself a big security hole.

Fifth, I am not a fan nor a believer of some apocalyptic event to be caused by some major EMP attacks, either from some man-made terrorist attacks or from a natural cause like solar spot, solar flare, or solar storm.

Sixth, direct control of your private keys allows you to enjoy any free cryptocurrency due to hard fork.

Even if I am using the world's most secure wallet ever, doesn't mean I can let down my defense and start tolerating any infested computer.

Currently there is absolutely no procedure to make a cold storage that is 100% safe

The guy lost me at recovery seeds being "paper claims" to private keys. The source code for deriving said private keys from your recovery seeds are out there. You can derive your private keys yourself without the need for any third party support. Also, at least with Trezor, you can import your recovery seeds / private keys into a software wallet such as Multibit, so you're not forced to buy a new one.

Of course you don't need a hardware wallet to store your coins securely. I personally just find it way more convenient to use my cold storage with the ease of a hot wallet.

You do realize MultiBit no longer exists... right?

The guy lost me at recovery seeds being "paper claims" to private keys. The source code for deriving said private keys from your recovery seeds are out there. You can derive your private keys yourself without the need for any third party support. Also, at least with Trezor, you can import your recovery seeds / private keys into a software wallet such as Multibit, so you're not forced to buy a new one.

Of course you don't need a hardware wallet to store your coins securely. I personally just find it way more convenient to use my cold storage with the ease of a hot wallet.

Do you have any proof that the hardware wallet providers have access to your private key?

No I don't have. And I do not intend to spend my time becoming a top expert in finding the evidence before deciding not to use it.

Most hardware wallet uses a standard method of generating seeds. It is widely used and with the seeds, you can import it into LOTS of wallet or just simply write a script to extract it yourself.

This is where I said you argue for the sake of arguing and ended up missing some of the points. Oh well, so I guess the recovery seeds have no problem after all and rely on no 3rd party. Well, guess I am going to protect the seeds after all. But NO, I am going to protect my private keys directly instead. You are in fact avoiding the point that recovery seeds need to be properly secured as well. By avoiding that point, you are indirectly implying the recovery seeds need not be secured nor elaborate how to secure them.

Jesus, I don't even know if I should continue but oh well.

Don't continue, then.

How are they helping you to secure when you are free to review the code to find and test for bugs? If you don't like to rely on third-parties, it might be better for you to write your own OS or wallet.

Duh, why should I need to write my own OS or wallet when I already have wallet generators like Electrum to do it for me? And do I trust Electrum? I don't need to if you understand my points accurately instead of arguing like a very smart guy.

Point 2 and point 2.

Whatever your point is, does not invalidate my point that if a person can secure his seeds well, he might as well just do it directly with his private keys. And besides, do you really expect everyone to be a tech savvy that they are able to write their own OS, etc? Be reasonable. What I am offering is a way that is far less complicated that an average Internet user can use.

It's kinda hard to hack a wallet when the keys are never exposed to the outside world.

Hard to hack? My approach is not even hackable.

Currently there is absolutely no procedure to make a cold storage that is 100% safe.

This guy doesn't even understand how Bitcoin works. Rambled on about a bunch of useless points to get paid through that Steemit platform. No, I didn't even read, because thankfully the other guy pasted his main points. By all means, don't use a hardware wallet. Maybe you shouldn't be using Bitcoin either, since you need everything done via holding your hand.

Not only Trezor has that capacity to import your seeds in another compatible wallet with the seed of a hardware wallet. Ledger Nano S has also support for it. I think that paper wallets are a pain in the a** while hardware wallets can be used both ways, even hot and even cold storage depending on the user.

Or maybe you can just be clear and point out how my approach of cold storage will be hackable.
Saying no procedure is 100% safe sounds like speculation to me.

So you can say... with 100% certainty... that there are no "bugs, glitches, backdoors, ... etc that either allows them to be hacked or they screws up on their own, or both." in RAR software... with it's closed sources? ???

And for the record... your method would probably fail the "$5 wrench attack":
https://i.imgur.com/NIKdhw8.png

I would say I have used WinRar for many several years and it never disappoint me, not even once.

And thank you for bringing up that $5 wrench attack because I came across such argument while writing my article.
Here's the thing, can anyone using hardware wallet be safe from the "$5 wrench attack"?
Here's an honest + objective answer... NO.

And is it better to use my approach vs hardware wallet? Yes.

Why? Using hardware wallet is a physical dead giveaway that you have bitcoin and/or other cryptocurrencies.
Using digitally-encrypted private keys that I suggested is not, unless you try to brag and boost that you are rich because you have plenty of cryptocurrencies, in which case you are the security risk, not my approach.

No I don't have. And I do not intend to spend my time becoming a top expert in finding the evidence before deciding not to use it.

But NO, I am going to protect my private keys directly instead. You are in fact avoiding the point that recovery seeds need to be properly secured as well. By avoiding that point, you are indirectly implying the recovery seeds need not be secured nor elaborate how to secure them.

Don't continue, then.

Duh, why should I need to write my own OS or wallet when I already have wallet generators like Electrum to do it for me? And do I trust Electrum? I don't need to if you understand my points accurately instead of arguing like a very smart guy.

Whatever your point is, does not invalidate my point that if a person can secure his seeds well, he might as well just do it directly with his private keys. And besides, do you really expect everyone to be a tech savvy that they are able to write their own OS, etc? Be reasonable. What I am offering is a way that is far less complicated that an average Internet user can use.

Hard to hack? My approach is not even hackable.

Not sure if I should post it here, but I just wrote a steemit article on "Why I Am Not Using Hardware Wallet For Cold Storage" @ https://steemit.com/wallet/@dorky/why-i-am-not-using-hardware-wallet-for-cold-storage (https://steemit.com/wallet/@dorky/why-i-am-not-using-hardware-wallet-for-cold-storage) to help people make better decisions.

Check it out.

Lot of people posting their Steemit articles here trying to make bank. ;D

Anyway, this is common sense. TRUE COLD STORAGE = PAPER WALLET

Anyone who lost  a significant amount of Bitcoin will tell you a paper wallet is the safest way of storing it. Think of it like cash money, except you are holding a paper with your keys on it. No one can hack you if you use this method.

SteemIt sounds like a new term for taking a shit on something.

Anyone who lost  a significant amount of Bitcoin will tell you a paper wallet is the safest way of storing it. Think of it like cash money, except you are holding a paper with your keys on it. No one can hack you if you use this method.

I'm sure there were people saying similar things about Mt. Gox... and Bitfinex... and <insert scam/hackedService/buggySoftware here> right before all their coins/$$$/data disappeared.

Not everything is the same. You are comparing apple to oranges.

Actually, they can be safer than you... because the hardware wallet gives them the safety of "plausible deniability (https://blog.trezor.io/hide-your-trezor-wallets-with-multiple-passphrases-f2e0834026eb)". You can create "dummy" wallets with "small amounts" of bitcoin... say 1-10% of your total holdings. If someone threatens you, you give them the password to the dummy wallet... they find your coins and think "Job done"... meanwhile your 90-99% of actual holdings are safely stored in a hidden wallet that they can't possible know or prove exists... rendering a $5 wrench attack nullified for a relatively minor cost.

Whereas, with your method, they'll keep hitting until they get the password (or passwords in the case of multiple encryption) that decrypts it correctly.

I came upon that point too when writing my article. I would say you are an intelligent man if you can use my method to do similar dummy wallet. There is nothing to stop you from personal customization when you are 100% in control. Not being able to see that with my method means you are not.

See... I was going to let the "Saying no procedure is 100% safe sounds like speculation to me" slide... but now you're just coming off as a little bit arrogant.

"Saying your procedure is 100% safe sounds like arrogance to me"

"Saying no procedure is 100% safe sounds like speculation to me" means I believe in a way that can give 100% security. And my method is one example.

No, you just used a very public forum like Steemit to declare to the entire world that you use Crypto... and how you choose to store them. Guessing you trust them more than hardware wallet devs/manufacturers too... so I'm sure your IP address is safe when them. ;)

And so when you participate in this forum and all your previous comments that also imply you have crypto. Your dummy wallet may not save you if they know you have a lot more. I wish when I debate with someone, that person would be objective. My method can also do dummy wallet, but unfortunately for you, you can't see how that is possible. 100% direct control of your own private keys is the building block. The only thing that stops you is your level of creativity.

I'm not declaring that hardware wallets are 100% safe, or the only answer to everyone's crypto storage needs... there are still attack vectors that exist (no solution is 100% secure). What they are is safer than using just a software wallet on a desktop PC/tablet/mobile device... and more convenient than locking everything away on paper wallets in secure storage (or triple encrypted, digitally stored private keys)...

But hey, like I said... Horses for courses... you've got a system that works for you, so that's great. Is it "better" than a hardware wallet? A viable alternative sure, but better? I'd say that is somewhat debatable and likely dependent on the use case(s) of a given person...

It was clearly stated for cold storage.

You can't criticise them if you cannot find any fault with them. How are you going to be generating the keys with 100% security if you do not wish to verify the source code? No wallet will ever be safe for you then. You can only generate it by hand.

Alright, sure. Don't use Windows. Don't use any wallet generator. Just generate by hand. And proceed to digitally-encrypt the private keys like I suggested. If you want hardcore, then learn programming and write your own encryption program too for the job.

I don't really understand where you got that inference from. I merely said that the derivation method can be known. You can get the private keys from the seeds=getting your gold from the paper that holds your gold without any restriction at all.

I mean, if you generate a bunch of private keys thru seeds, and then derive the private keys from the seeds thru some source code, and encrypt them...
Or generate a bunch of private keys thru seeds and encrypt them, and if you want to know the private keys you use a source code to do the derivation...
You are making it an additional hassle compare to just...
Generate a bunch of private keys, and encrypt them.

You may just encrypt the seeds and save yourself the hassle. But then you are not really being responsible.

Wait... Didn't you mention that hardware wallets are flawed because you are depending on a third party to generate it for you? I think you misunderstood something.

I wasn't using some hardware wallet to do the generation. Just desktop ones that allow import and export features so I can backup the keys. And I did this with an offline, formatted 2nd computer. Hardware wallets were never programmed for exporting the private keys out. You are literally stuck with the hardware wallet. You may send your bitcoin to another wallet but that defeats the purpose. And writing a source code to derive the keys from the seeds isn't really the intention of hardware wallet companies anyway, or else they are simply complicating things.

Of course. I didn't say everyone SHOULD write their own OS in the first place, I don't even expect anyone using Bitcoin to be able to. If you love your privacy and security, you would be having thousands of private keys whenever you spend the coin. Isn't a 12 word seed way easier?

No. a 12-word seed (much less a 24-word one) is NOT way easier. That's your subjective opinion. I have given an example in my steemit article why that is so. You are not being objective. Besides, using those seeds allows easier brute force hacking because they are all dictionary words with all small caps (do you realize this?).

You uh, forgot to cover the way to spend your coins. Of course I can craft a transaction at the moment when you decrypt your encrypted rar file to send the coins to my address.

My method is for cold storage only. And I have already explained how to cover my trace partially when it's time to spend. Go re-read my article again. And I never lay claim that my method (nor any hardware wallet) can cover any trace, which is why that's not one of my points of argument. But then there are "free" washers around that can easily do the job when it's time.

Lot of people posting their Steemit articles here trying to make bank. ;D

Anyway, this is common sense. TRUE COLD STORAGE = PAPER WALLET

Anyone who lost  a significant amount of Bitcoin will tell you a paper wallet is the safest way of storing it. Think of it like cash money, except you are holding a paper with your keys on it. No one can hack you if you use this method.

And how are you going to spend/generate it? Offline wallet I suppose, for maximum security.

Everyone says paper wallets are the safest but they don't consider the generation and the spending process which exposes it to threats and once its spent, a new paper wallet will have to be generated. Hardware wallets are the closest you can get while balancing convenience and security.

I expected to get a tutorial, how to create a wallet. So no third party would be needed to save Bitcoins.

Not everything is the same. You are comparing apple to oranges.

"Saying no procedure is 100% safe sounds like speculation to me" means I believe in a way that can give 100% security. And my method is one example.

I came upon that point too when writing my article. I would say you are an intelligent man if you can use my method to do similar dummy wallet. There is nothing to stop you from personal customization when you are 100% in control. Not being able to see that with my method means you are not.

My article said it was only for cold storage, with an offline and formatted computer. But when it comes to spending, it isn't less convenient if you appreciate 100% control.

Example:
You have 100 btc.
You generate 20 addresses (with keys of course).
You transfer 5 btc to each address.
When you spend, you take out only 1 of the 20 addresses for use.
You spend only 5 btc and everyone knows you have at least 5 btc only (instead of 100 btc, because your addresses aren't a bunch of change addresses that reshuffle your 100 btc with every transaction).
If you get the $5 wrench attack, you can pretend you have only another 5 btc address (just as when you pretend you have only the dummy wallet with your hardware wallet).
If you want to cover the trace of your 5 btc, you use washers.

How can you do all the above with hardware wallet, satisfactorily?

everyone knows you have at least 5 btc only (instead of 100 btc, because your addresses aren't a bunch of change addresses that reshuffle your 100 btc with every transaction)

You are not being objective. Besides, using those seeds allows easier brute force hacking because they are all dictionary words with all small caps (do you realize this?).

No, I'm not. You stated that you have "used WinRar for many several years and it never disappoint me, not even once" as some sort of proof that you can trust it 100%... so I pointed out that this is exactly the type of comment people have made about various services/software over the years... which then turn out to be a scam or buggy and financial and/or data loss occurs. Just because something hasn't "failed" yet, doesn't mean it won't.

My article isn't mainly about using WinRar for cold storage. If you feel WinRar is insecure, or less secure, you have the freedom to go for other encryption software or write your own software.

I've asked several times now, how you can be 100% certain that WinRAR has no backdoors (or unpublicised bugs/flaws) that could allow an attacker to sidestep your encryption and access your private keys. The simple and very objective answer is that you can't be 100% certain of this, as it is closed source. You are putting your faith and trust in the WinRAR devs, just like you claim hardware wallet users are having to put their faith and trust in the hardware wallet manufacturers.

And just like you, we can't be certain that hardware wallets are 100% secure either... because there is no 100% secure system. There will always be attack vectors. Your continued assertion that your method is one example of 100% security without any real supporting proof seems to be showing a certain lack of objectivity.

If WinRar is not safe/secure, then tell me which software is. Or at least tell me or point out to me real-life cases of it being hacked, despite using very strong alphanumeric + symbol passwords.

"I wish when I debate with someone, that person would be objective" and play the ball... not the man (http://www.phrases.org.uk/bulletin_board/10/messages/132.html). :-\

You talked about hardware wallet's dummy wallet, as if doing your own encryption will render you incapable of doing the same, as if doing dummy wallet is only a possibility if you rely on a 3rd-party. To me, that is very subjective and not smart at all.

Is that a serious question? Because it should be fairly obvious to "an intelligent man" how one could satisfactorily achieve that with a hardware wallet.

??? Why would your total of 100 BTC be shuffled with every transaction?

Huh? I thought you know something about change addresses? If you are using hardware wallet, you should know what I mean.

Why could you not also have 20 addresses with 5 btc each when using a hardware wallet? ??? Assuming you're spending less than 5 btc as per your example, the wallet would only need one UTXO so "you spend only 5 btc and everyone knows you have at least 5 btc only (instead of 100 btc, because your wallet only needs to use one input from one address)".

For added defense against the wrench attack, you simply create multiple different wallets with one address each... hand over the passphrase to the "exposed" 5 BTC and your dummy wallet.

The bonus is that with a hardware wallet there is exactly ZERO evidence that these multiple wallets even exist... whereas, with your system of 20 different encrypted private keys and an attacker has hacked your email or found your USB/CD with the encrypted files... they can actually see all the different encrypted items in your inbox or on your CD etc. So, I'm not quite sure how you deny the existence of other keys/addresses?

All that hardware wallet can do for cold storage, my method can do the same. This appears to be beyond your comprehension. You speak as if hardware wallet cannot be hacked. That's your subjectivity. And if you feel my method of encrypting all private keys in one place is unsafe, then what is actually stopping you from encrypting each of them separately? Clearly, you do not understand and yet act like you do. Show me real-life cases of any WinRar files getting hacked despite strong passwords (not passwords like "abc" or "123"). Hackers know if you are using hardware wallet, most likely the passphrase you give them will refer to the dummy wallet. There is nothing to stop them from keep using a $5 wrench on you, or on your loved ones.

Obviously to you, those arguing for paper wallet vs hardware wallet must be stupid. And those arguing for digitally-encrypted paper wallet (like me) is even more stupid. I begin to wonder, that if I were to write an article on why I use only hardware wallet for cold storage, you would find the false pleasure to argue why I am also wrong in this. Ultimately you will say no method is 100% safe. And if that is the case, I would like to refer you to the Bible verse Matthew 6:19-21.

Do you realise that a 24 word seed... is effectively like having a 24 character password from an "alphabet" that has 2048 possible characters in it... whereas your proposed password of 20+ characters (we'll even be generous and say 24 character to compare apples to apples) using alphanumerics + symbols gives you a total of 26 upper + 26 lower + 10 numbers + say ~30 symbols... for a total "alphabet" size of ~92 total characters to choose from.

2048²⁴ combinations (https://www.wolframalpha.com/input/?i=2048%5E24) vs. ~92²⁴ combinations (https://www.wolframalpha.com/input/?i=92%5E24)... Tell me again which one is going to be easier to brute force?

I would like to send you a file encrypted with my method and see if you can actually hack it to rest the case.

For added defense against the wrench attack, you simply create multiple different wallets with one address each... hand over the passphrase to the "exposed" 5 BTC and your dummy wallet.

That can be done with my method.

The bonus is that with a hardware wallet there is exactly ZERO evidence that these multiple wallets even exist... whereas, with your system of 20 different encrypted private keys and an attacker has hacked your email or found your USB/CD with the encrypted files... they can actually see all the different encrypted items in your inbox or on your CD etc. So, I'm not quite sure how you deny the existence of other keys/addresses?

If I encrypt 1 address, then encrypt another 1 separately, and store them both separately, will you be able to find the evidence of my other address if you are able to hack into one of them? You can't. But you just don't see this.

If the hacker can hack into my email and then hack my encrypted files, then there is nothing stopping them from hack every other people's, including your hardware wallet. Like I said, your argument is not objective. You keep assuming my method is a handicap and limited.

My article isn't mainly about using WinRar for cold storage. If you feel WinRar is insecure, or less secure, you have the freedom to go for other encryption software or write your own software.

If WinRar is not safe/secure, then tell me which software is. Or at least tell me or point out to me real-life cases of it being hacked, despite using very strong alphanumeric + symbol passwords.

You talked about hardware wallet's dummy wallet, as if doing your own encryption will render you incapable of doing the same, as if doing dummy wallet is only a possibility if you rely on a 3rd-party. To me, that is very subjective and not smart at all.

Huh? I thought you know something about change addresses? If you are using hardware wallet, you should know what I mean.

All that hardware wallet can do for cold storage, my method can do the same. This appears to be beyond your comprehension.

You speak as if hardware wallet cannot be hacked. That's your subjectivity.

I would like to send you a file encrypted with my method and see if you can actually hack it to rest the case.

Above it all, refer to Matthew 6:19-21. The Bible is right.

And I also pointed out how having multiple copies of encrypted keys spread about the place in emails and on physical media leaves evidence behind that there is something hidden... whereas dummy wallets from seeds/passphrases do not. There is no evidence of anything existing other than the default wallet from the seed. You keep talking about being able to implementing a similar system using your method... but then just imply that I am unintelligent because I don't know how to do it... so would you care to enlighten us? I'm actually genuinely interested.

You will know the answer from within if you ask yourself what you should do if there is no other way other than to digitally-encrypt the keys.
To leave evidence behind is a choice, in which nobody has to make. Just ask yourself, since you have 100% control, what are the steps you should do to cover the evidence, your heart will point the way.
And you are assuming hackers and kidnappers will be ignorant of dummy wallets.

I know what change addresses are used for and how they work... but I'm not sure why you think that hardware wallets only contain "a bunch of change addresses that reshuffle your .. btc with every transaction".

If I have 20x 5 BTC inputs in my hardware wallet and I spend 5 BTC like in your example... how are the rest of my 19 inputs being reshuffled?

A fraction of the 5 btc not fully spent will be sent to some of the 19 addresses, in which I will know they are associated with you. Shouldn't this be obvious? Shouldn't you know this already?

You seem to be failing to grasp that I am not debating whether or not your system works... I've never once claimed that your system doesn't work... What I'm pointing out is that it is NOT 100% secure as you seem to believe... and that it is NOT 100% trustless (as currently implemented) and... in my opinion it is NOT better than a hardware wallet for the reasons I have explained.

Only because you need to trust WinRar. Now, tell me. How do you go about securing your hardware wallet seeds/mnemonics/passphrases? Don't tell me you leave them in the open, visually available for all to see. Surely you may not have a dog that may eat the stuff up. Or a fire-proof/flood-proof house. The moment you try securing them, the issue that you start to face is the EXACT same issue when trying to digitally-secure the private keys directly. Hardware wallets are offering you "Step 1-Step 2-Step 3" for cold storage. I am offering you "Step 1-Step 2" for the same cold storage with added advantages.

You mean where I have repeatedly stated that NO METHOD is 100% safe?? Unlike you and your magical "100% secure" method... subjectivity much?

Well, on 2nd thought, I guess nothing is safe. Or else there would be no Matthew 6:19-21.

Why? I'm not a hacker... I never claimed to be.

You claimed that a 24 word seed is easier to brute force than your 20+ alphanumeric+symbol password... I'm simply pointing out that you are incorrect and that seeds are in fact a lot stronger than a standard password. The maths already proves the case. But maybe you can just tell me what the seed is to my wallet and rest the case?

I guess that seed is much harder to brute force than my 20+ alphanumeric + symbol. But so what? I suppose you have a 100% fail-safe brain with super memory. Without such brain, how will you secure the seeds, that is the question I have for you.

Seriously? Now you want to make this a theological debate? According to those verses (https://www.biblegateway.com/passage/?search=Matthew%206:19-21)... you shouldn't even be using cold storage... ::)

I am using cold storage to delay any attempt of thievery. It's like making myself a much harder target than the next guy beside me. The cold storage will not help because someday bitcoin and the rest will all die. I rather have my cryptos die on that same day/moment than way much earlier, thus the cold storage.

A fraction of the 5 btc not fully spent will be sent to some of the 19 addresses, in which I will know they are associated with you. Shouldn't this be obvious? Shouldn't you know this already?

Lot of people posting their Steemit articles here trying to make bank. ;D

Anyway, this is common sense. TRUE COLD STORAGE = PAPER WALLET

Anyone who lost  a significant amount of Bitcoin will tell you a paper wallet is the safest way of storing it. Think of it like cash money, except you are holding a paper with your keys on it. No one can hack you if you use this method.

Wait... what?? The fraction of the 5 btc not spent will go to either a completely new "change" address, totally unrelated to all my other 19 addresses... or if I choose to not use change addresses as per the functionality offered in several wallets, the wallet will send the unspent amount back to the original address... which is also totally unrelated (from an external point of view) to all my other 19 addresses.

You have read BIP32 and BIP44 and understand about "external" (aka receive) and "internal" (aka change) addresses (https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#change) right? Pretty much all the hardware wallets that I'm aware of implement BIP44... and keep receive and change addresses separated as per the specification, that is to say using Derivation Paths of m/44'/0'/0'/0 and m/44'/0'/0'/1 respectively.

Most of them are also smart enough to prevent address re-use so while you could follow a chain of transactions that start with one 5 btc input... it'll never touch any of the other inputs (or their chain of transactions) until such time as you don't have enough coins in a single input to be able to send the amount you want to send and it needs to use 2 or more inputs.

All of which is relatively moot for "cold storage" anyway... and works pretty much the same way as your "paper" wallet system.

Like I've been saying all along... your system is pretty much the same as using a hardware wallet, without the convenience of being able to spend easily if required... or sign messages... or use on an online machine while maintaining security... or use easily with a mobile phone wallet... or use as a FIDO U2F secure key...

But hey, you're happy with it... and you saved yourself $100. ;)

Like I've been saying all along... your system is pretty much the same as using a hardware wallet, without the convenience of being able to spend easily if required... or sign messages... or use on an online machine while maintaining security... or use easily with a mobile phone wallet... or use as a FIDO U2F secure key...

What about a bank cold storage, where you place your bitcoins in a cold storage online, but they put it on a paper ant store it for you ? Xapo for example does this. What are your thoughts on this type of cold storage?

To break can not, but you can lose the keys. If you store them on the computer then hack your PC and steal your codes much easier than to hack e-wallet. I think that in General it is impossible to store a large amount of bitcoins in one place.

I strongly do NOT recommend using Xapo for anything.
If you care enough, please go check the reviews given by others. I personally used it for a negligible while and the first experience is far more than enough to make me stay away from it. Even the founder (Wences Casares) has unethical business practice in the past that collects customers personal information and sold such data to 3rd-parties for profits. You use Xapo at your own risk. You have been warned.


Keyloggers are the biggest menace today. The malware can pretend to be a valid program and request the system to access certain file/registry or monitor clipboard changes.

What I do (beside installing anti-keylogger and anti-malware softwares) is that I encrypt my cold storage in an offline + formatted 2nd computer with very strong + long passwords and I never use these passwords on the computer I use for online purposes. As a last resort, I switch off the internet before using any password.

Edit:
I personally suggest SpyShelter Premium/Firewall.
Someone suggested Norton Power Eraser (@ https://www.bleepingcomputer.com/forums/t/640092/is-it-possible-that-i-have-been-hacked-strange-case/).
Generally, you better scan your system while in safe mode.

Hey thanks for the warning, I definitely did not read about xapo at all. Was recommended by a friend so i forgot to double check it  ::) Could you recommend an alternative to xapo ? I mean for the visa card that you can withdraw $$ at an atm from bitcoin, or make purchases?

For spending bitcoin, you should at least consider using a wallet that gives you control of the private key first.
Desktop wallet like Electrum is fine with me at the moment.
Hardware wallet is fine too, if you use it for spending (but I do not recommend it if it's for cold storage).
Xapo is a 3rd-party service provider that does not even give the user any control of the key.

You can check this out @ https://bitcoin.org/en/choose-your-wallet
Mobile wallet and web wallet should be 100% avoided.
So I would say go for desktop wallet and/or hardware wallet for spending only.

I use electrum it's okay everything is fine, but i want the ability to go a local shop that accepts bank cards, and use the xapo card to directly pay for my purchase in Euros using the xapo card that has a btc balance

1. You are assuming hackers and kidnappers are so stupid that they do not know about dummy wallets. You have wrong assumption.

2. If you have tons of change addresses, your backup will be very problematic. You don't believe? Try it out. You should pray your hardware wallet will stay fine without glitches, or else you can say sorry to all your savings.

Oh, yeah. Don't worry. You have the seeds written down and stored somewhere just in case for recovery. I assume they cannot be eaten, stolen, or destroyed.

3. What I mean is that 19 addresses are part of the change addresses as well, or else you will have far more than 20 addresses to look after.

5. If you want to spend, you don't necessarily must use hardware wallets to do the job. Desktop wallets can work fine and they cost $0.

Come on. Give me a break. You are here arguing against my method without giving even a single credit to it, as if it is useless. Clearly you are here to argue for the sake of winning an argument and rest assured I will never let you win this argument.

Like I've been saying all along... your system is pretty much the same as using a hardware wallet

You mean where I said "Is it "better" than a hardware wallet? A viable alternative sure, but better? I'd say that is somewhat debatable and likely dependent on the use case(s) of a given person"

A hardware wallet:
1. Doesn't give you 100% control of your keys. Using some source code to derive the keys from the seeds is bullshit as that's not the company's intention.

2. Doesn't protect you from a $5 wrench. Using dummy wallet as excuse is bullshit as we all know what you have is more than just dummy wallet.

3. Is a 3rd-party security risk. Denying this is bullshit. Saying/implying it is compulsory to use WinRar for my method is also bullshit.

4. Doesn't allow unlimited backups, vs my method that allows so.

5. Requires the same/similar need for encryption/security/backup (of seeds/mnemonics/passphrases). Implying they do not need so is bullshit.

There is NO such thing as needing hardware wallet to spend the cryptocurrencies easily, conveniently, safely, and securely. Implying that we need hardware wallet to spend is bullshit. In my article, I've said it clearly that hardware wallet is an option (but not the only option) when it's time to spend.

You being a smartass, either do not read my article, or read it but have partial understanding of it, try to seek the pleasure of arguing with me. I will not let you win this argument. It is very easy to spot someone arguing for ego, and someone arguing for solution. You argue for ego, because you give NO solution.

I have no idea which wallet is the best choice to spend btc like a credit/debit card would.
But I personally do not use Xapo, and do not recommend using it.

Which country has such level of adoption already that you can spend btc at local shops?
Are you from Japan?

You seem to have the assumption that all hackers and kidnappers are evil and sadistic enough to keep beating people for the hell of it... just in case you have more money. My point is that with a hardware wallet, there is no actual evidence anywhere how many wallets a person happens to have. They simply don't exist until a passphrase is entered...

However, if an attacker happens to find 20 items in my email account that are all encrypted... what do you think they're going to do if i stop at #1 and say I have nothing else? Perhaps they'll just ignore items 2 through 19?

I believe the assumption comes from you, as you are the one to mention the $5 wrench attack.
And yes, humans are naturally cruel, so the situation where they beat you until your skull cracks is a possibility.
And you are starting to contradict your own argument. Your argument is bullshit.

How in the world will an attacker find 20 items (or more, or nothing) in my email?
Care to clarify, instead of making things up? I am sincerely interested to know.

They're ALL able to be regenerated from a simple 12/24 word seed... unlike a bunch of randomly generated keys... ie. one of the main reasons for BIP32 existing in the first place. I can create a thousand addresses... and then have my computer explode into a million pieces... and drop my hardware wallet into the toilet and then microwave it... and you know what? I can recover all of them...  I don't even need the hardware wallet to do it.

That's not even the point, you silly.
And just because you can generate infinite keys doesn't mean that is the best option. Nor is that a good argument in favor of hardware wallet.
I wonder why are you even bringing this stupid point up, since it is neither relevant nor practical. Your argument is bullshit.

And oh, pray tell how are you going to recover all of them. And what are you going to do after the recovery? Store them in paper wallet? LOL
You will still have to buy a new hardware wallet. Hardware wallet companies are successful thanks to customers like you.

Exactly... I can just triple encrypt them and put them in my email, on USB thumbdrive, written down on a piece of paper in my favourite book between pages 57/58, stored on the cloud, stored in a bank vault...

You are clearly a troublemaker.
I am a person that will say a ball is round.
You will be a scum that will appear out of nowhere and say "No, a ball is circular."

But good for you. At least now you are beginning to see some of my points.

Here's a good advice for you: Don't encrypt the seeds. Encrypt the keys directly instead.
And do whatever you want with the encryption... put them in email, on USB, store on the cloud, in a bank vault...
But NO, you bullshit. Write NOT on a piece of paper or else you are talking paper wallet.

Ummm no... why wouldn't I just have 20 receive addresses? You really don't seem to understand how Hierarchical Deterministic wallets actually work.

That's not even the point, you silly. Duh, I never even say you must not have 20 addresses.

As I just mentioned above, I can just store it digitally encrypted if I so choose. I am then protected from exposure by the use of dummy wallets. The dummy wallet facility DOES give me the security of ensuring that an attacker can only have confidence of 1 wallet, the default wallet generated from the seed and no passphrase. While they may know how dummy wallets work and may suspect I have hidden wallets, there is nothing they can do to actually prove their existence, regardless of how much they hit my loved ones or me. Unlike having a whole bunch of digitally encrypted items laying around in my email and on thumb drives etc. Do you see the difference? I have plausible deniability because there is no proof of anything existing other than my seed.

I suggest you read my article over and over again repeatedly until you understand. Once you understand, you will know the answer.

At which point all your security is also 0. You're going to just import your keys into a desktop wallet? Oh that's right... 2nd computer offline... oh wait... how much did that second computer cost again? You're doing well if you found one for less than the price of a hw wallet...

Prove to me that my security is 0.
I don't want to go down to such lowlife level by saying hardware wallet security is 0 because it is not.
So when you say my method is 0, you are actually spreading disinformation that only a lowlife would do.
Any person care enough to make it secure, can make it extremely secure.

I also never said hardware wallets were compulsory for spending. I said they offer security without compromising convenience.

If I need to move some coins, I can plug the wallet in, sign the transaction, and then broadcast. I don't need to get my encrypted file, decrypt it, transfer an unsigned transaction to offline machine (better make sure that USB stick is clean)... sign transaction... back to online machine and broadcast. And the make sure I've destroyed all evidence of the key on the offline machine... Also, I've found that carrying a 2nd computer with me while travelling is a bit of a nuisance with the limited baggage allowances that airlines give these days :P

Nonsense. My article is for cold storage. Not for spending. Your argument is invalid.

And of course, a hardware wallet is NOT compulsory for spending. Even desktop wallet can do the job well.
Good for you that you see some light of day.

"Without a single credit"?? I've mentioned on multiple occasions, that your method is a viable alternative to hardware wallets... I just don't think it is as secure as you believe it to be (a point you eventually conceded) nor as useful overall as a hardware wallet for the reasons I've outlined... and I certainly never said it was useless.

I never conceded. You are talking nonsense. My method is better than both hardware and paper wallets combined for cold storage.
I don't need your belief to make it possible. You are talking nonsense. I never said it is for spending.
Please read my article over and over again repeatedly until you understand.

Okay, so you mean to say my method is useful and viable. Good for you.

I've taken the liberty of bolding it for your eyes to see ::)

Like I have said it clearly, no, it is not the same.
Let me repeat it here for your eyes to see...


I'd already bolded that one before... so I've underlined it as well this time...

Let me say it again. My method is superior to hardware and paper wallets combined for cold storage.  ;D

A viable alternative? Not better than hardware wallet? But as good/comparable as a hardware wallet?
Well, I am proud that a Dorky fella like me can think of a cheap way for cold storage comparable to a hardware wallet, but better.  ;D

It's no different to using encryption software to decrypt your keys now is it? Or are you going to do the decryption by hand?

There is big difference, as you keep failing to see.
But I will not point that out for you to see, because if you have to come to this stage of argument it proves you can never see.

How can they? There is no proof. No evidence of how many wallets I have. I could 1 or I could have 10000000. They don't know because there is no tangible evidence of anything past the seed existing, unlike having a series of encrypted items on disk or in email etc. that are visible.

Nonsense. There is also no evidence of how many wallets I have. I could have 20 or 100 or 0. They don't know because there is no tangible evidence that an encrypted folder will contain any key inside. It could even be empty.
Bullshit. Encrypted items on disk or email is not visible. You are making fake stories up. I am going to hold your balls on this.

I never said it wasn't a 3rd party security risk... you claimed your method was better than hw wallet as it didn't rely on a 3rd party... but clearly it does rely on 3rd parties... unless you've gone ahead and written yourself an OS and some encryption software from scratch... I've been trying to point out, since I made the mistake of offending your ego, that NO method is 100% safe. There is always risk.

You are playing it safe by saying no method is 100% safe. Thus you can be a fence-sitter and argue in anyway you like, be it in favor or against it.
I can guarantee if I write an opposite article saying hardware wallet is the best choice, you would take the liberty to argue why I am wrong too.

Pretty sure that there aren't any laws saying that 12/24 word seeds can't be stored in multiple places using multiple methods... but then legal systems around the world can be kinda crazy... so you never know. I'm also fairly sure that the hw wallet manufacturers don't limit purchases to 1 per person... Trezor sells 3 packs if I'm not mistaken.

You are clearly a very very stupid person.
Why would you want to encrypt your seeds when you can encrypt the keys direct?
You are now shooting yourself in the foot.
You are being stupid by encrypting the seeds that unlock the keys...
Instead of being smart and just encrypt the keys direct.
All the "vulnerabilities" that you claim my method has, is exactly as applicable as on your seed-encryption.
But you will say my method is the same as hardware wallet. In which I will continue to say, no, it's not the same.
But then you will be a smart ass and say hackers will see all the keys in the encrypted file. I say bullshit to you.
Trezor sells 3 packs... and there goes your stupid argument of spending $100... as now you need to spend $300 instead.
You are a bullshit.

Feel free to show where I have said that seeds don't need to be securely backed up somewhere...

Whether you are a hypocrite or otherwise, doesn't discredit the fact that you are arguing for a very very stupid point.
Your effort is on encrypting the seeds that generate the keys. My method is on encrypting the keys directly.
You can argue why my method is visible to everyone. And at the same time you may argue your encryption is totally hidden.
For that, I say you are a bullshit.

Obviously people are spending cryptocurrencies every day without using hardware wallets... I never said they were required to spend. I stated they offer a level of convenience without sacrificing security, which I believe your method does not.

Bullshit.
Please go read my article over and over again repeatedly until you understand. The title of my article says it clearly.
Have the courtesy to compare apple to apple. Don't compare apple to orange. My title clearly stated it is for cold storage.
How many times do I have to repeat this to a stupid fella like you? FOR COLD STORAGE, you dumb nut.

No solution for what exactly? How to store bitcoins securely while maintaining convenience? I thought that my solution would be fairly obvious... use a hardware wallet. In my opinion it offers the same level of security in some areas (securing seed), more in others (spending and dummy wallets) and is more convenient (portability, spending)... arguably it could be considered cheaper too, as a hw wallet is cheaper than a 2nd computer for spending or setting it all up offline.

Bullshit.
A hardware wallet does NOT secure the seeds. You are making things up.
You are a hypocrite.
At least I am objective to say that for spending, a hardware wallet is an option.
Unlike you, where you now clearly show your hypocrisy by saying the solution is to use hardware wallet.
Why no desktop wallet? Why no mobile wallet? You are a hypocrite.

Nonsense. A 2nd computer can be used for other offline work as well as for other work related to security that requires it to be offline.
And the purchase is just for one time.
You need to buy a new hardware wallet every time it breaks.
Oh, you don't need to buy a new one? You just use some source code and derive the keys?
Oh, pray tell how are you now going to secure the keys and spend the btc in it after the hardware breaks? LOL
I know what you will do. You will either turn the recovery into paper wallet (your dog forbids), or buy a new hardware wallet.
For this, I say you are a bullshit.

While we're talking about solutions... I'm still waiting to hear how you propose to leave no evidence of multiple encrypted addresses in your email or on your thumbdrive etc and/or how you would implement a dummy wallet solution with your method.

Telling me I'm not creative enough to see it or that "my heart will point the way" doesn't really explain it... and is the sort of answer people resort to when they don't actually have a solution either. Despite what you think, I am genuinely interested in possible solutions to these issues...

Being honest is no use to you. You make things up to argue your points.
You accuse my encryption is visible. If my encryption is visible, then so is your encrypted seeds.
My article is clearly written. Please go read my article over and over again until you understand.
You are not genuine in possible solutions. You are genuine in finding argument for the sake of arguing.
My article stated the solution. Go read it over and over again until you understand.

Let me say this to you:
Encrypting a paper wallet = encrypting a hardware wallet's recovery seeds/mnemonics/passphrases.
If only you can see this obvious truth...

Unless you say, "Well, there is no need to secure my recovery seeds/mnemonics/passphrases because I have 100% fail-safe brain memory."
In that case, I admit defeat.

Edit:
Or maybe I should be as specific as possible... just in case.
Digitally-encrypting or digitally-securing a paper wallet = digitally-encrypting or digitally-securing a hardware wallet's recovery seeds/mnemonics/passphrases.

The only difference with the former method is that I am 100% in control, don't need to do extra steps in securing/recovering the keys (like using a source code to derive the keys from the seeds), can customize the security to be as hardcore as I prefer, can do infinite backups, and don't need to spend more on any 3rd-party hardware.

Edit:
And please stop talking about dummy wallets.
In the future (or today?) hackers will know you will have a false seed standing by to trick them to a dummy wallet.
They will do far more than just accepting your dummy wallet.

Above it all, refer to Matthew 6:19-21. The Bible is right.

Paper wallets are hands down the best method of storing Bitcoin, it really surprises me that so called "experts" do not mention and promote them more considering how much theft and hacking goes on in this industry.

If everyone were to use paper wallets, I am convinced hackers would stop targeting these poor noobs as much given how easy it is these days. They just make a fake URL, use SEO to get a high rank and boom you make like $200,000 in a few days (I actually saw this happen right here on this forum).

The first thing all noobs should learn is how to make a paper wallet. It is so simple. Go to a site, generate your keys, write/print them, laminate or whatever, and then send Bitcoin to them and you can recover them on sites like Blockchain.info. There are just a few steps and the best part is it is like paper money which makes it easy for noobs to truly understand. This is opposed to hardware/software wallets which are a nightmare to setup for beginners.

For those using hardware wallet, what will really happen in real life is as below...

Hacker: Hey, gimme your seeds.
Victim: Okay, here you go. The passphrase. You can have everything in it. Please let me go now.
Hacker: Har har harrr.... Nice try, pal. I am not asking for the passphrase. I am asking for the seeds! And we have our computer standing by to validate the seeds on the spot.
Victim: Ops. Oh nooo....

Even Trezor recommends paper backup @ https://doc.satoshilabs.com/trezor-faq/software.html#why-should-i-do-a-paper-backup-of-my-seed
Unfortunately enough, that is actually one of the weakest link in Trezor's security.

Besides, if you want to use hardware wallet, you need to remember:
1. The 12-word/24-word seeds.

2. The PIN.

3. The passphrase.

4. The encryption password for the seeds (if you do backup on that).

5. The encryption password for the PIN (if you do backup on that).
6. The encryption password for the passphrase (if you do backup on that).

With the method I laid out in my steemit article, you only need to remember:
1. The encryption password for the keys.
If my method is not far more convenient, I don't know what is.

Buying a 2nd computer is compulsory for maximum security, regardless of whether you go for hardware wallet or not.

Seeds? Why would you have multiple seeds? You still don't seem to understand how a single BIP39 seed and use of passphrases work for being able to hide your coins in totally invisibile, undetectable, hidden wallets...

It goes more like this:

Hacker: Hey, gimme your seed. And we have our computer standing by to validate the seed on the spot.
Victim: Okay, here you go. Have my seed... all 24 words of it...
Hacker: <Enters seed and discovers default wallet with only 5 BTC in it> Is that everything?
Victim: Yep... that's all my coins! :(
Hacker: <Unable to prove existence of any other wallets> Well, thanks for the coins... wooo $20K, I'm rich! you're free to go
Victim: Phew... good thing they didn't know about the hidden wallets/addresses containing my other 20 BTC generated from that seed + my personal private passphrase(s) that only I know about... BECAUSE THERE IS NO EVIDENCE ANYWHERE THAT THIS HIDDEN WALLET EXISTS... I'd best go regenerate my hidden wallet and move my coins to a new seed (+passphrase) using one of the freely available desktop wallets or buy another hardware wallet and restore it or use something like the opensource BIP39 mnemonic code converter websites to get the keys and sweep them.

Thanks for the giveaway. That makes sure the next time a hacker attacks you he will ask for the seed + passphrase.
You FAILED.
And no, I don't need to encrypt my keys the way you wrongly and falsely imply.
As I have 100% control, I can encrypt each of them in any secure way I freely desire.

Do you see my concern with storing encrypted keys now? It leaves traces/evidence behind.... It also completely negates the "convenience" of your method, having stuff spread everywhere.

Nope, you are wrong.
1. There is no traces/evidence.
2. The "convenience" of my method beats the hassle of remembering + encrypting the hardware seeds, PIN, and passphrase. This is obvious for all.

With a seed (+ passphrase)... I can store it encrypted, and if my email/cloud backup is hacked, and they find my encrypted seed, I can hand over the password to decrypt the seed... The seed on it's own will generate a valid wallet and valid addresses that I can put some coins in as a decoy (or even for use as a relatively secure hot wallet).  However, my main stash of coins can be hidden using the SAME seed in combination with a passphrase. This will generate a completely different wallet with completely different addresses.

Hackers will ask for your seeds + passphrase.
Then you will lose everything.  :'(

Can you recreate an encrypted file containing your private key(s) from 24 words written on a piece of paper and a passphrase?

Answer: Absolutely a resounding YES, I can.
Any way a hardware user would use to recover all his keys in case of the hardware wallet being lost, stolen, or destroyed, will be the EXACT same way a hacker access the keys.
If a user needs the seeds + passphrase to recover his keys, so will the hacker ask for the same.
If a user needs to do ABC and then XYZ to recover his keys (in case of hardware wallet being lost, stolen, or destroyed), so will the hacker do the same.

No one is denying that securing the seed is the weak link in the hardware wallet chain. However, you can encrypt the seed and put it in various places like emails/cloud storage... and even if these are compromised by a hacker, you can still be protected by having your hidden wallet as outlined above, whereas a simple encrypted file only has 1 layer of protection...

Nope, you are wrong. An encrypted file can have multiple layers of protections + no traces of evidence.

In total... you only need to remember 2 passwords/passphrases... One is the encryption password for the secure backup of your seed... and the other is the passphrase that protects your hidden wallet.

LOL, see your self-contradiction right below, bolded and underlined for you.

1 passphrase vs 2. Technically, yes it is more convenient... but it certainly isn't "far more" convenient.

LOL. If my method already convenient to you, then why beat around the bushes?

Why do you need a 2nd computer? Hardware wallets allow you to use any computer/device you like... as they don't expose the keys to the device. That's the whole point. You don't need to be using an "offline" computer to set them up or use them.

I was not talking about using a 2nd computer for hardware wallet.
I was talking about using a 2nd computer for encrypting the keys.
And that also includes using the same computer for encrypting the seeds + passphrase.

Do you see my concern with storing encrypted keys now? It leaves traces/evidence behind. It has to, as these encrypted files need to exist somewhere for me to be able to decrypt them to get my keys out. Sure, you could try and hide all your keys around multiple email accounts... or stored on different encrypted devices in different locations... but there is still tangible/physical evidence that these devices/files exist and that means they could be discovered. It also completely negates the "convenience" of your method, having stuff spread everywhere.

With a seed (+ passphrase)... I can store it encrypted, and if my email/cloud backup is hacked, and they find my encrypted seed, I can hand over the password to decrypt the seed... The seed on it's own will generate a valid wallet and valid addresses that I can put some coins in as a decoy (or even for use as a relatively secure hot wallet).  However, my main stash of coins can be hidden using the SAME seed in combination with a passphrase. This will generate a completely different wallet with completely different addresses.

You don't need to remember this... you just need to store it securely.

Seriously? Are you honest?
You NEED to remember the seeds AND store them encrypted in case of recovery.
Storing it securely is the same as encrypting them and doing backups of the encryption.
Storing them in paper that you slip in between the pages of a book is NOT secure storage.

Yeah... 4-6 digit numbers that you get to choose are so hard to memorise... ::)

Whether it is hard to memorize.... or too easy to memorize.... does NOT discount the fact that you are REQUIRED to memorize a set of 4-6 digit numbers. Forgetting the PIN is not desirable, no matter how simple it is to memorize.

Yes, just like your encryption password for your encrypted keys

Of course. And you are being pretentious all along the entire argument.

Yep... so that's one extra password I need to remember...

That's one extra memory burden for you to handle. Thank you for acknowledging that.

Seriously? Encrypt my pin? and why would you encrypt your passphrase? It is the same thing as remembering your encryption password AND it potentially leaves evidence that your passphrase exists ::)

In total... you only need to remember 2 passwords/passphrases... One is the encryption password for the secure backup of your seed... and the other is the passphrase that protects your hidden wallet.

Nope, according to your points above, I can see you need at least 3 things to remember/memorize:
1. The encryption password for the secure backup of your seed.
2. The passphrase that protects your hidden wallet.
3. The PIN (not encrypting it does NOT mean it needs not remembered/memorized).

You contradicted yourself within 2 paragraphs.

First, you said you are concerned with storing encrypted keys as it leaves traces/evidence behind, so your hardware wallet leaves no traces/evidence.
Then, you said you can store encrypted seeds in email/cloud/bank vault/etc which leaves plentiful traces/evidence behind, but then you said they are hidden!
My goodness, what lies you are telling.

No, I'm not telling lies... it would appear that you are still not understanding how a seed + passphrase combination works :-\

Encrypted Private key = traces/evidence...
Encrypted Seed = traces/evidence...

However, the advantage of the seed system over an encrypted private key is this:

Handover password to encrypted private key = private key exposed, all coins controlled by that key exposed.
Handover password to encrypted seed = seed exposed... ONLY the default wallet is exposed... all other wallets generated using passphrases from that seed are invisible/hidden with no traces/evidence

You cannot prove the existence of ANY of these hidden wallets... as there is NO EVIDENCE OR TRACE of them anywhere... they are only generated by a passphrase that exists purely inside your head.

Hopefully, that helps clear things up for you.

If the hacker needs the seed + passphrase to unlock the keys, then they will ask for them both, not just the seed.
Like I said, any way a hardware wallet user would use to recover his keys if ever his wallet got lost, stolen, destroyed, i.e. he does step 1, then step 2, then step 3, etc for recovery, so will the hacker ask for the necessary information to commit the same steps for the keys.

If you have a lot of things to remember/memorize, i.e. the seed, the passphrase, the PIN, etc, then the weakest link in the whole security is your brain.
Ultimately you will still need to record/store all these in one place just in case you forgotten any of them.
And that will still boils down to the need for encryption of all of them just so you only need to remember less things, i.e. remember 1 vs remember 3.
My method tries to simplify the steps so the requirement is to remember only 1 thing in order to prevent the brain from being a weak link.

Hardware companies don't explain to users that while they need to do a paper backup of their seeds/passphrases, they also need to back it up securely, i.e. using a 2nd computer to encrypt the backup.

If a hacker is savvy enough to recover your keys from your hardware wallet, I assume he will be savvy enough to know what necessary information to ask for the recovery, thus vulnerability to the $5 wrench.
I do not see a hacker being Dorky enough like me who doesn't know about hardware wallet and just kidnap you, ask for the seeds, let you go, then found out I need more than just seeds, and figured out I need to re-kidnap you again for more information.
I see a hacker being very savvy, does his homework completely, kidnaps you and ask for the seeds, passphrases, and PIN, all in one go, and verify everything on the spot to make sure you tell the truth before letting you go with everything stolen.

Lot of people posting their Steemit articles here trying to make bank. ;D

Anyway, this is common sense. TRUE COLD STORAGE = PAPER WALLET

Anyone who lost  a significant amount of Bitcoin will tell you a paper wallet is the safest way of storing it. Think of it like cash money, except you are holding a paper with your keys on it. No one can hack you if you use this method.

You're still not quite getting it. Maybe I'm not explaining it properly? :-\

If you give the hacker JUST the seed (ie. they've found your encrypted seed file wherever you stored it and you've handed over the password to that file)... and they import JUST the seed into a wallet... then it will generate a complete and valid wallet. You use this wallet as your "decoy"... put some coins in it... run a few transactions to generate history etc.

There is absolutely no way for the hacker to know or prove that you have a passphrase, that when combined with your seed, will generate a completely different wallet with your actual stash in it. In fact, you could even generate a second "decoy" using a different dummy passphrase if you wanted to be super paranoid about it all.

Seed words only = Valid Wallet
Seed words + Dummy Passphrase = Completely different, valid wallet#2
Seed words + Actual Passphrase = completely different, valid wallet#3

You can theoretically use an infinite number of passphrases and generate an infinite number of wallets, because of the way the system works, ANY passphrase you give, when combined with seed words, will generate a valid wallet. Even if the hacker is aware that you can use passphrases with seed words, they cannot prove that you actually do or have used one... you have plausible deniability. There is no evidence of your hidden wallet existing. This is what renders the $5 wrench attack useless.

Tell me, if a hacker kidnaps you...
Because he identified some of the addresses you used in past transactions may indicate you have more bitcoins...
And you give him the seeds...
And he check the seeds with his computer...
And he found out NONE of the addresses generated by the given seeds actually contain the addresses you used in past transactions...
Do you think he will let you go easily?
You talk about using infinite passphrases as if they matters.
What if you forgotten the passphrases that generate the addresses you do your cold storage? You lose everything.
If you intent to remember 1st passphrase for cold storage, and 2nd passphrase for dummy wallet, you would need to remember at least a minimum of 2 passphrases (not 1, even if you don't choose to remember the seeds).
You keep forgetting that if you make it too complicated for the hacker to steal from you, you may also make it too complicated for yourself in case of recovery.
You also keep forgetting the fact that if you make it too tough for the hacker to steal from you, you may also increase the level of complication that may give rise to user-committed errors.

If you sincerely use the seeds only = hacker steals everything.
If you use the seeds + 2 passphrases (you have to if you use hardware wallet) = hacker may not be able to steal the cold storage wallet, but you have to remember 3 things.
Why compulsory to remember seeds + 2 passphrases? Answer, game theory.
If you give seeds only, what will the hacker find? Will he accept it?
If you give seeds + dummy passphrase, what will the hacker find? Will he accept it?
If I were a hacker, I would take note of ALL the addresses you used in past transactions (that clearly associated to you) and make sure some of the addresses generated by your given seeds + passphrases are the same addresses used in past transaction.
How much can you fake it?
In the end, you have to fake a lot of things just to make sure your future hacker-cum-kidnapper can't get away with everything.

Sure, I still have to remember 2 things (password to encrypted seed + wallet passphrase) as opposed to one (password to encrypted key)... but that's like saying that walking 2 steps is harder than walking 1 step.

Walking 2 steps is definitely not harder if that's exercise for better health.
But if that extra walk is unnecessary and gives no additional benefit, then it is useless.

Not necessarily... with a seed+passphrase, if the seed is compromised then the passphrase is your protection layer. I vaguely seem to recall that someone put up a bounty by publishing a seed that had some coins stored in a "hidden wallet", protected by a passphrase... and it got taken down after a year or so as no-one had hacked it and taken the coins. I've been trying to find the source, but I can't seem to find it. My point is that your seed only really needs to be "safely" backed up (ie. written down). It doesn't necessarily need to be "securely" backed up (ie. encrypted).

Additionally, if you just wrote your seed down and stored it someplace "safe", then your requirements for remembered passwords would drop down to 1... the passphrase for your "Actual" wallet... and you've shifted part of your security model from "digital" to "physical".

Do you know my method of just encrypting the keys is way much more convenient than what you are doing with your hardware wallet?

And if your seeds are compromised, as in got lost/stolen/destroyed in which you can't even recover them, because you write them down in a piece of paper and store it between the pages of a book, your dog eaten it, or your book got destroyed by fire/flood, or you forgotten which book you actually store your seeds, will you be able to recover your cold storage if you lost your seeds, never mind if you still remember your passphrases?
I already said physical backup is not as good, and yet you keep beating the dead horse.

If you have to remember the seeds + passphrases for your own recovery, those are exactly what you need to store securely (not safely), never mind the hacker.
You cannot imply that the seeds and PIN are not important because the hacker can't do anything with them without the passphrase.
I already said it, but why are you not getting the message?
I even took the trouble to bold the statement just in case you don't get it, as I rightly suspect.
Here are the bolded statements I made.
If the hacker cannot do anything with the seeds alone, then so will you.
If the hacker find no addresses associated with you, he will know a passphrase is involved.
He will ask you for the RIGHT passphrase that generates the addresses used.

That's the point... they CAN'T verify whether or not I have a passphrase... or if the passphrase that I have given are "real" or "dummy"... unlike a password for an encrypted container, that either decrypts the file or it doesn't.

If a hacker identified your addresses used in past transactions are NOT the same addresses generated by the seeds or seeds + passphrase given, then they will know clearly you are lying to them.
And if you make it too complicated to them, you are also making it too complicated to yourself.
And some day you will screw up not due to hacker, but due to your own user-based error.

It all depends on the investor. Some, in fact, a lot, uses hardware wallet for cold storage. For them, it is practicable and efficient in the sense that they are as if carrying their coins wherever they may be. It is synonymous to a tangible property which gives a good sense of belief that one is able to see/experience ones possession. On the other hand, some do not use hardware wallet for cold storage which is premised on the belief that it is creating more risks on the safety of ones property. An example of the latter is when the hardware wallet is stolen or broken. Its natural effect is that it will presumably lose all BTC investments.  

Alright, has HCP lost the debate?

Hard to hack? My approach is not even hackable.

Well, on 2nd thought, I guess nothing is safe. Or else there would be no Matthew 6:19-21.

I never conceded. You are talking nonsense. My method is better than both hardware and paper wallets combined for cold storage.

That's not even the point, you silly.
Your argument is bullshit.

You are clearly a troublemaker.
You will be a scum that will appear out of nowhere and say "No, a ball is circular."

That's not even the point, you silly.

You are clearly a very very stupid person.
You are a bullshit.

For that, I say you are a bullshit.

Bullshit.
...you dumb nut.

Bullshit.
For this, I say you are a bullshit.

I don't mind if you are a smart person. In fact, I would be very happy if you are smarter than I am. At least I can learn from you.
But if you are a stupid jackass pretending to be some smart ass, then I don't wish to be troubled by a lowlife such as you.

With a hardware wallet, the owner will have to keep buying a new one if the previous one is lost. HCP argued that's not the case, but of course if the owner wishes to continue using BTC for cold storage plus spending, he has no choice but to spend for a new hardware wallet.

No, I just got tired of trying to explain things that you didn't seem to be comprehending.

You keep inventing more and more convoluted scenarios to try and do "end-runs" around logic and reason... like how a supposed attacker has full access to my entire Bitcoin transaction history and knowledge of every single one of my addresses... so they'd be able to determine whether or not passphrases being provided are "real". Which, of course, is defeated simply by running any cold-storage funding transactions through a mixer etc. and using my "decoy" wallet for day to day transactions.

In the same scenario using your system... exactly the same thing would happen... except, if they've found a bunch of encrypted files and ask for the password, you have no defense. They can see the files, they know they exist, they know there are passwords that decrypt them and will know instantly whether the password you give is correct. With a hardware wallet using a passphrase, there is NO evidence that the wallet exists... because it doesn't until you enter the passphrase.

You are dumb. And rightly so.
You said they found a bunch of encrypted files and ask for the password.
Hey man, I don't necessarily really need to make it so obvious to them that the file stores the private keys, do I?
To claim they will know an encrypted file will contain the private keys is pure dumb speculation.
The only way they will know a file contains private keys is if I tell them "Hey, those files contain private keys."
You are making your argument based on dumbness and that's why I keep calling you names.
The level of discretion that hardware wallet provides can also be attained with my method too, can't you even see?
Either you are dumb by not getting it, or you are just playing dumb.

And this is what you don't seem to want to admit... there is NO 100% secure method of securing your stuff. I admit that hardware wallets are not perfect... there are still attack vectors... just like with your system... but a hardware wallet helps minimise these and provides, in my opinion, a number of benefits that your system doesn't.

You even claimed at one point that your method is "unhackable" ::)

Then conceded that nothing is safe:

And then denied that you conceded that point...

The reason why I said my approach is not even hackable is because ---> the private keys are generated offline and strongly encrypted offline.
N-O-B-O-D-Y even know they exists, let alone hack them.
And if they are found by some hackers, they wouldn't even know the file contains private keys.
There are myriads of stuff that are encrypted (ebooks, company documents, etc) that are simply not private keys.
And unless you know the password to access the file, you wouldn't even know what the hell is contained inside the file.
And yet you keep claiming the hackers will find the file and ask for the password.
I say, bullshit to you.

You then descended into just calling every one of my points "Bullshit"... calling me an idiot, dumb nut, silly and a low life and accused me of just being a trouble maker
Personal attacks aside, that's not how you "win" a debate...

You are indeed a bullshit. I continue to stand by that.

Then you started down the whole "hardware wallets are more inconvenient because you have to remember a passphrase AND a PIN" path... I guess I should have just pointed out at the time that with your setup you potentially need to remember a whole bunch of extra stuff as well, like your email account+password where you stored your backup... or your online storage account+password where you stored your backup... or where you put that CD with the backup data on it... because that is just as "difficult" and "inconvenient" as remembering a 4-8 digit PIN ::)

Here's why you are a bullshit (and never short of it).
Yes, my method still needs to remember a number of things such as online storage account+password, etc, but they are definitely cannot be compared to remembering a PIN.
Because as you and I know it, using hardware wallet requires you to remember the seeds, passphrases and PIN.
You use your hardware wallet; you are obligated to remember the seeds, passphrases, PIN, where you store your seeds, where you store your passphrases, etc.
To claim you only need to remember the PIN says you are bullshit.
To imply that writing the seeds and passphrases down a piece of paper and slip it between the pages of a book is safer (!) is bullshit.

And now you also seem to think that for some reason hardware wallet users are forever tied to hardware wallets:
Which is just plain wrong...

If I lose my hardware wallet... I can simply take my seed backup and generate a paper wallet or import it into a software wallet or import it into a web wallet should the need arise... or simply do nothing and continue using those addresses as cold storage knowing that I still have access to all my coins should I so require in the future.

What a lie.
What a joke.
Take your pick.
If you intend to make it cold storage and not spend it, you might as well go for my method.
The only reason why you use hardware wallet is so that you can spend your BTC securely.
Now you claim you can simply do nothing.
Why are you being so intellectually dishonest?
The moment you need to spend, you will be compelled to buy a new hardware wallet.
Software wallet?
Web wallet?
What a lie + joke.
Software wallet and web wallet are far less secure than hardware wallet, and yet here you imply they are good alternatives in case of screw up.
Indeed you are a bullshit.

TL;DR:
I prefer hardware wallets as they offer all the benefits of cold storage and provide added security for hot wallet/day to day spending in a handy, convenient, portable package that still provides me complete control of my private keys, at a relatively reasonable price for anyone with modest/substantial amounts invested in cryptocurrency.

Dorky prefers his digital version of paper wallets as he believes it provides the benefits of cold storage with the best security at near to zero cost, without some of the issues associated with paper wallets (like susceptibility to loss/damage/theft) while still maintaining control of private keys.

Neither method is 100% secure.

You said it here yourself.... for hot wallet/day to day spending.
And yet you said you can choose to do nothing if you lose your hardware wallet.
Pray tell, how are you going to spend your BTC then?
Use software wallet or web wallet?
Hey, we can start a debate on how insecure are software wallet and web wallet, if you want to.

I already said it many times before.
If you use hardware wallet, you don't control your private keys.
You only control the seeds + passphrases that will generate the private keys.
Can you even see the difference?
No they are not reasonable price compare to my method that is way much cheaper with direct control.
Your control of private keys through the seeds and passphrases are indirect control, not direct control.
It is much like going from Point A to Point B, and from Point B to Point C (instead of from Point A to Point C directly).
The replacement cost of hardware wallet is both expensive and unnecessary.