Bitcoin Forum
September 21, 2018, 03:22:43 AM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: Why I Am Not Using Hardware Wallet For Cold Storage  (Read 6903 times)
Dorky
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250


Best IoT Platform Based on Blockchain


View Profile
August 02, 2017, 08:30:17 AM
 #1

Not sure if I should post it here, but I just wrote a steemit article on "Why I Am Not Using Hardware Wallet For Cold Storage" @ https://steemit.com/wallet/@dorky/why-i-am-not-using-hardware-wallet-for-cold-storage to help people make better decisions.

Check it out.


     
     ██
    ███
  █ ███
 ██ ███
 ██ ███
 ██ ███
 ██ ███
 ██ ███
 ██ ███
 █  ██
   



         ▄▄▄██████████▄▄▄
      ▄████████████████████▄
    ▄████████████████████████▄
   █████▀▀▀▀▀▀███████▀▀▀▀▀▀████
  ██████      ███████      █████
 █████████▌   ███████   █████████
▐█████████▌   ███████   █████████▌
████████                   ███████
▐███████▄▄▄   ▄▄▄▄▄▄▄   ▄▄▄██████▌
 ██████████   ███████   █████████
  ██████▀▀▀   ███████   ▀▀▀█████
   █████      ███████      ████
    ▀████████████████████████▀
      ▀████████████████████▀
         ▀▀▀██████████▀▀▀


 
 ▄▄         ▄▄             ▄▄
▐██▌       ▐██▌           ███▌
▐██▌       ▐██▌     ▄▄▄▄▄▄███▌      ▄▄▄▄▄▄▄▄▄     ▄▄▄▄▄▄▄▄▄
▐██▌       ▐██▌   ▄██████████▌   ▄███████████   ▄██████████
▐█████████████▌  ███▀     ▐██▌  ▐███▀     ███  ▐███▀
▐██▌       ▐██▌ ▐██▌      ▐██▌  ███▌      ███  ███▌
▐██▌       ▐██▌  ███▄     ▐██▌  ▐███▄     ███  ▐███▄
▐██▌       ▐██▌   ▀██████████▌   ▀██████  ███   ▀██████████
▀▀         ▀▀       ▀▀▀▀▀▀▀▀       ▀▀▀▀  ▀▀▀      ▀▀▀▀▀▀▀▀


██
███
███
███ ██
███ ██
███ ██
███ ██
███ ██
███ ██
 ██ 
  █

██    Whitepaper    ██
.
██████████████████████████████████████████████████████████████████████████████████████████████
.
FacebookTwitterBitcointalk
1537500163
Hero Member
*
Offline Offline

Posts: 1537500163

View Profile Personal Message (Offline)

Ignore
1537500163
Reply with quote  #2

1537500163
Report to moderator
1537500163
Hero Member
*
Offline Offline

Posts: 1537500163

View Profile Personal Message (Offline)

Ignore
1537500163
Reply with quote  #2

1537500163
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537500163
Hero Member
*
Offline Offline

Posts: 1537500163

View Profile Personal Message (Offline)

Ignore
1537500163
Reply with quote  #2

1537500163
Report to moderator
HeRetiK
Hero Member
*****
Offline Offline

Activity: 868
Merit: 718


the forkings will continue until morale improves


View Profile
August 02, 2017, 09:37:24 AM
 #2

The guy lost me at recovery seeds being "paper claims" to private keys. The source code for deriving said private keys from your recovery seeds are out there. You can derive your private keys yourself without the need for any third party support. Also, at least with Trezor, you can import your recovery seeds / private keys into a software wallet such as Multibit, so you're not forced to buy a new one.

Of course you don't need a hardware wallet to store your coins securely. I personally just find it way more convenient to use my cold storage with the ease of a hot wallet.

HCP
Hero Member
*****
Offline Offline

Activity: 728
Merit: 923

<insert witty quote here>


View Profile
August 02, 2017, 11:31:40 AM
 #3

Yeah... I'm not sure about some of his claims either... It would seem that the OP must trust the RAR devs more than Crypto-wallet devs... Is RAR opensource? ummm NO. OP, do you know for sure that RAR has no:
Quote
"bugs, glitches, backdoors, ... etc that either allows them to be hacked or they screws up on their own, or both."
Huh I'll go ahead and guess no... Tongue

Quote
"maximum security (free of 3rd-party trust)/maximum trustless"
Are you sure about that? All you are doing is switching your trust from one software/hardware provider to another (with closed sources)...


But hey, you found a system that works for you...  Wink

paulreeves
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
August 02, 2017, 12:11:07 PM
 #4

Currently there is absolutely no procedure to make a cold storage that is 100% safe. Best case scenario, you get pseudo-random keys. If I get some time in the future, I'll write a small library that translates dice rolls in real world into private key and calculates public address from it. Then you'll be able to run it on a CPU that does not have, will not have and never had any network access and THAT will be safe cold storage.
ranochigo
Legendary
*
Offline Offline

Activity: 1540
Merit: 1086


View Profile WWW
August 02, 2017, 03:13:54 PM
 #5

Are you sure about that? All you are doing is switching your trust from one software/hardware provider to another (with closed sources)...


But hey, you found a system that works for you...  Wink
To be very fair, open sourced=/safe. The user still has to independently verify and install the firmware himself to be 100% safe. Though I find that rather redundant.


Not sure if you are misled or just don't bother researching on the topic but:
Quote
First, I desire to be in control of my private keys.
Do you have any proof that the hardware wallet providers have access to your private key?

As long as you can audit the source code and install it yourself, and can capture the packets sent, I can't see how they can do this without users noticing.

Quote
Second, different hardware wallets, or any type of wallets, be it hardware, desktop, mobile, or online, have different approach to encryption.
Most hardware wallet uses a standard method of generating seeds. It is widely used and with the seeds, you can import it into LOTS of wallet or just simply write a script to extract it yourself.
Quote
Third, replacement cost is very high with hardware wallet.
Refer to my second point.
Quote
I can email myself my strongly encrypted private keys (so even if my email gets hacked, no hacker can crack my private keys unless they have some super hyper ultra quantum computer that can hack into any strongly encrypted private keys within minutes/seconds/hours).
Jesus, I don't even know if I should continue but oh well.
Quote
Fourth, to rely on any 3rd-party wallet to secure and/or cold storage my cryptocurrencies is itself a big security hole.
How are they helping you to secure when you are free to review the code to find and test for bugs? If you don't like to rely on third-parties, it might be better for you to write your own OS or wallet.
Quote
Fifth, I am not a fan nor a believer of some apocalyptic event to be caused by some major EMP attacks, either from some man-made terrorist attacks or from a natural cause like solar spot, solar flare, or solar storm.
Quote
Sixth, direct control of your private keys allows you to enjoy any free cryptocurrency due to hard fork.
Point 2 and point 2.

Quote
Even if I am using the world's most secure wallet ever, doesn't mean I can let down my defense and start tolerating any infested computer.
It's kinda hard to hack a wallet when the keys are never exposed to the outside world.

piotr_n
Legendary
*
Offline Offline

Activity: 1918
Merit: 1002


aka tonikt


View Profile WWW
August 02, 2017, 04:23:44 PM
 #6

Currently there is absolutely no procedure to make a cold storage that is 100% safe
And there never will be.
Any security can be attacked, just like any bank can be robbed.

What you want to have is a cold storage wallet that is too expensive to attack.

And as for the hardware wallets, they are not "cold" per se - you always connect them to a PC that is connected to the internet.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
|Bitkoin|
Full Member
***
Offline Offline

Activity: 275
Merit: 100


Presale is live!


View Profile
August 02, 2017, 04:24:16 PM
 #7

The guy lost me at recovery seeds being "paper claims" to private keys. The source code for deriving said private keys from your recovery seeds are out there. You can derive your private keys yourself without the need for any third party support. Also, at least with Trezor, you can import your recovery seeds / private keys into a software wallet such as Multibit, so you're not forced to buy a new one.

Of course you don't need a hardware wallet to store your coins securely. I personally just find it way more convenient to use my cold storage with the ease of a hot wallet.

You do realize MultiBit no longer exists... right?

RDDRocket
Sr. Member
****
Offline Offline

Activity: 269
Merit: 250


View Profile
August 02, 2017, 05:03:13 PM
 #8

This guy doesn't even understand how Bitcoin works. Rambled on about a bunch of useless points to get paid through that Steemit platform. No, I didn't even read, because thankfully the other guy pasted his main points. By all means, don't use a hardware wallet. Maybe you shouldn't be using Bitcoin either, since you need everything done via holding your hand.
HeRetiK
Hero Member
*****
Offline Offline

Activity: 868
Merit: 718


the forkings will continue until morale improves


View Profile
August 02, 2017, 05:17:49 PM
 #9

The guy lost me at recovery seeds being "paper claims" to private keys. The source code for deriving said private keys from your recovery seeds are out there. You can derive your private keys yourself without the need for any third party support. Also, at least with Trezor, you can import your recovery seeds / private keys into a software wallet such as Multibit, so you're not forced to buy a new one.

Of course you don't need a hardware wallet to store your coins securely. I personally just find it way more convenient to use my cold storage with the ease of a hot wallet.

You do realize MultiBit no longer exists... right?

I did not, thanks for point it out. You can still import from Trezor to (an old version of) Multibit to Electrum... or actually to Electrum directly, apparently [1]. Point being that with the key derivation logic being public there will always be a way to replace your hardware wallet with a software wallet. Of course this also means to stay away from any hardware wallet that isn't open source.

[1] https://doc.satoshilabs.com/trezor-apps/electrum.html

swogerino
Legendary
*
Offline Offline

Activity: 1092
Merit: 1011



View Profile
August 02, 2017, 05:22:13 PM
 #10

The guy lost me at recovery seeds being "paper claims" to private keys. The source code for deriving said private keys from your recovery seeds are out there. You can derive your private keys yourself without the need for any third party support. Also, at least with Trezor, you can import your recovery seeds / private keys into a software wallet such as Multibit, so you're not forced to buy a new one.

Of course you don't need a hardware wallet to store your coins securely. I personally just find it way more convenient to use my cold storage with the ease of a hot wallet.

Not only Trezor has that capacity to import your seeds in another compatible wallet with the seed of a hardware wallet. Ledger Nano S has also support for it. I think that paper wallets are a pain in the a** while hardware wallets can be used both ways, even hot and even cold storage depending on the user.

﹏﹏﹋﹌﹌ WPP ENERGY ﹌﹌﹋﹏﹏
≈ WORLD POWER PRODUCTION ≈

████████████
██████████████████████
██████████████████████████████
██████████████████████████████████
████████████████████████████████████████
██████████████████████████████████████████
██████████████████████████████████████████████
███████████████████████████████████████████████
██████████████████████████████████████████████████
████████████████████████████████████████████████████
█████████████████████████████████████████████████████
████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████
███████████████████████████████████████████████████████
██████████████████████████████████████████████████████
████████████████████████████████████████████████████
██████████████████████████████████████████████████
████████████████████████████████████████████████
██████████████████████████████████████████████
██████████████████████████████████████████
████████████████████████████████████████
██████████████████████████████████
██████████████████████████████
██████████████████████
████████████
Dorky
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250


Best IoT Platform Based on Blockchain


View Profile
August 03, 2017, 06:18:53 AM
 #11

I can see clearly well you are arguing just for the sake of arguing and ended up missing some of the points.

Do you have any proof that the hardware wallet providers have access to your private key?

No I don't have. And I do not intend to spend my time becoming a top expert in finding the evidence before deciding not to use it.

Most hardware wallet uses a standard method of generating seeds. It is widely used and with the seeds, you can import it into LOTS of wallet or just simply write a script to extract it yourself.

This is where I said you argue for the sake of arguing and ended up missing some of the points. Oh well, so I guess the recovery seeds have no problem after all and rely on no 3rd party. Well, guess I am going to protect the seeds after all. But NO, I am going to protect my private keys directly instead. You are in fact avoiding the point that recovery seeds need to be properly secured as well. By avoiding that point, you are indirectly implying the recovery seeds need not be secured nor elaborate how to secure them.

Jesus, I don't even know if I should continue but oh well.

Don't continue, then.

How are they helping you to secure when you are free to review the code to find and test for bugs? If you don't like to rely on third-parties, it might be better for you to write your own OS or wallet.

Duh, why should I need to write my own OS or wallet when I already have wallet generators like Electrum to do it for me? And do I trust Electrum? I don't need to if you understand my points accurately instead of arguing like a very smart guy.

Point 2 and point 2.

Whatever your point is, does not invalidate my point that if a person can secure his seeds well, he might as well just do it directly with his private keys. And besides, do you really expect everyone to be a tech savvy that they are able to write their own OS, etc? Be reasonable. What I am offering is a way that is far less complicated that an average Internet user can use.

It's kinda hard to hack a wallet when the keys are never exposed to the outside world.

Hard to hack? My approach is not even hackable.


     
     ██
    ███
  █ ███
 ██ ███
 ██ ███
 ██ ███
 ██ ███
 ██ ███
 ██ ███
 █  ██
   



         ▄▄▄██████████▄▄▄
      ▄████████████████████▄
    ▄████████████████████████▄
   █████▀▀▀▀▀▀███████▀▀▀▀▀▀████
  ██████      ███████      █████
 █████████▌   ███████   █████████
▐█████████▌   ███████   █████████▌
████████                   ███████
▐███████▄▄▄   ▄▄▄▄▄▄▄   ▄▄▄██████▌
 ██████████   ███████   █████████
  ██████▀▀▀   ███████   ▀▀▀█████
   █████      ███████      ████
    ▀████████████████████████▀
      ▀████████████████████▀
         ▀▀▀██████████▀▀▀


 
 ▄▄         ▄▄             ▄▄
▐██▌       ▐██▌           ███▌
▐██▌       ▐██▌     ▄▄▄▄▄▄███▌      ▄▄▄▄▄▄▄▄▄     ▄▄▄▄▄▄▄▄▄
▐██▌       ▐██▌   ▄██████████▌   ▄███████████   ▄██████████
▐█████████████▌  ███▀     ▐██▌  ▐███▀     ███  ▐███▀
▐██▌       ▐██▌ ▐██▌      ▐██▌  ███▌      ███  ███▌
▐██▌       ▐██▌  ███▄     ▐██▌  ▐███▄     ███  ▐███▄
▐██▌       ▐██▌   ▀██████████▌   ▀██████  ███   ▀██████████
▀▀         ▀▀       ▀▀▀▀▀▀▀▀       ▀▀▀▀  ▀▀▀      ▀▀▀▀▀▀▀▀


██
███
███
███ ██
███ ██
███ ██
███ ██
███ ██
███ ██
 ██ 
  █

██    Whitepaper    ██
.
██████████████████████████████████████████████████████████████████████████████████████████████
.
FacebookTwitterBitcointalk
Dorky
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250


Best IoT Platform Based on Blockchain


View Profile
August 03, 2017, 06:21:11 AM
 #12

Currently there is absolutely no procedure to make a cold storage that is 100% safe.

Or maybe you can just be clear and point out how my approach of cold storage will be hackable.
Saying no procedure is 100% safe sounds like speculation to me.

This guy doesn't even understand how Bitcoin works. Rambled on about a bunch of useless points to get paid through that Steemit platform. No, I didn't even read, because thankfully the other guy pasted his main points. By all means, don't use a hardware wallet. Maybe you shouldn't be using Bitcoin either, since you need everything done via holding your hand.

You don't need to read if you don't want to. No, I don't use any hardware wallet. And no, whether I should or shouldn't be using bitcoin is 1) out of topic, and 2) is none of your business.

Not only Trezor has that capacity to import your seeds in another compatible wallet with the seed of a hardware wallet. Ledger Nano S has also support for it. I think that paper wallets are a pain in the a** while hardware wallets can be used both ways, even hot and even cold storage depending on the user.

Yes, the hardware wallet has support, but please note the support is limited. I didn't suggest paper wallet. I suggested a digitally-encrypted paper wallet. Yeah, hardware wallet can be used for cold storage (but not recommended, except as hot wallet just as an example), in which you will secure the recovery seeds. And securing the recovery seeds is no different from securing the private keys. Some pro-hardware wallet people never realize they actually have to secure their recovery seeds precisely and exactly the way they would secure the private keys. In fact, for such people not realizing this means their security isn't really high despite using hardware wallet.


     
     ██
    ███
  █ ███
 ██ ███
 ██ ███
 ██ ███
 ██ ███
 ██ ███
 ██ ███
 █  ██
   



         ▄▄▄██████████▄▄▄
      ▄████████████████████▄
    ▄████████████████████████▄
   █████▀▀▀▀▀▀███████▀▀▀▀▀▀████
  ██████      ███████      █████
 █████████▌   ███████   █████████
▐█████████▌   ███████   █████████▌
████████                   ███████
▐███████▄▄▄   ▄▄▄▄▄▄▄   ▄▄▄██████▌
 ██████████   ███████   █████████
  ██████▀▀▀   ███████   ▀▀▀█████
   █████      ███████      ████
    ▀████████████████████████▀
      ▀████████████████████▀
         ▀▀▀██████████▀▀▀


 
 ▄▄         ▄▄             ▄▄
▐██▌       ▐██▌           ███▌
▐██▌       ▐██▌     ▄▄▄▄▄▄███▌      ▄▄▄▄▄▄▄▄▄     ▄▄▄▄▄▄▄▄▄
▐██▌       ▐██▌   ▄██████████▌   ▄███████████   ▄██████████
▐█████████████▌  ███▀     ▐██▌  ▐███▀     ███  ▐███▀
▐██▌       ▐██▌ ▐██▌      ▐██▌  ███▌      ███  ███▌
▐██▌       ▐██▌  ███▄     ▐██▌  ▐███▄     ███  ▐███▄
▐██▌       ▐██▌   ▀██████████▌   ▀██████  ███   ▀██████████
▀▀         ▀▀       ▀▀▀▀▀▀▀▀       ▀▀▀▀  ▀▀▀      ▀▀▀▀▀▀▀▀


██
███
███
███ ██
███ ██
███ ██
███ ██
███ ██
███ ██
 ██ 
  █

██    Whitepaper    ██
.
██████████████████████████████████████████████████████████████████████████████████████████████
.
FacebookTwitterBitcointalk
HCP
Hero Member
*****
Offline Offline

Activity: 728
Merit: 923

<insert witty quote here>


View Profile
August 03, 2017, 09:33:13 AM
 #13

Or maybe you can just be clear and point out how my approach of cold storage will be hackable.
Saying no procedure is 100% safe sounds like speculation to me.
So you can say... with 100% certainty... that there are no "bugs, glitches, backdoors, ... etc that either allows them to be hacked or they screws up on their own, or both." in RAR software... with it's closed sources? Huh

And for the record... your method would probably fail the "$5 wrench attack":

Bagrras
Jr. Member
*
Offline Offline

Activity: 57
Merit: 10


View Profile
August 03, 2017, 11:45:24 PM
 #14

The theme is good and I myself do not use a hard wallet.
Dorky
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250


Best IoT Platform Based on Blockchain


View Profile
August 04, 2017, 02:37:51 AM
 #15

So you can say... with 100% certainty... that there are no "bugs, glitches, backdoors, ... etc that either allows them to be hacked or they screws up on their own, or both." in RAR software... with it's closed sources? Huh

And for the record... your method would probably fail the "$5 wrench attack":


I would say I have used WinRar for many several years and it never disappoint me, not even once.

All those videos saying WinRar's .rar files can be hacked is fake because they use brute force on negligible passwords like "abc" and "123".

And thank you for bringing up that $5 wrench attack because I came across such argument while writing my article.
Here's the thing, can anyone using hardware wallet be safe from the "$5 wrench attack"?
Here's an honest + objective answer... NO.

And is it better to use my approach vs hardware wallet? Yes.
Why? Using hardware wallet is a physical dead giveaway that you have bitcoin and/or other cryptocurrencies.
Using digitally-encrypted private keys that I suggested is not, unless you try to brag and boost that you are rich because you have plenty of cryptocurrencies, in which case you are the security risk, not my approach.


     
     ██
    ███
  █ ███
 ██ ███
 ██ ███
 ██ ███
 ██ ███
 ██ ███
 ██ ███
 █  ██
   



         ▄▄▄██████████▄▄▄
      ▄████████████████████▄
    ▄████████████████████████▄
   █████▀▀▀▀▀▀███████▀▀▀▀▀▀████
  ██████      ███████      █████
 █████████▌   ███████   █████████
▐█████████▌   ███████   █████████▌
████████                   ███████
▐███████▄▄▄   ▄▄▄▄▄▄▄   ▄▄▄██████▌
 ██████████   ███████   █████████
  ██████▀▀▀   ███████   ▀▀▀█████
   █████      ███████      ████
    ▀████████████████████████▀
      ▀████████████████████▀
         ▀▀▀██████████▀▀▀


 
 ▄▄         ▄▄             ▄▄
▐██▌       ▐██▌           ███▌
▐██▌       ▐██▌     ▄▄▄▄▄▄███▌      ▄▄▄▄▄▄▄▄▄     ▄▄▄▄▄▄▄▄▄
▐██▌       ▐██▌   ▄██████████▌   ▄███████████   ▄██████████
▐█████████████▌  ███▀     ▐██▌  ▐███▀     ███  ▐███▀
▐██▌       ▐██▌ ▐██▌      ▐██▌  ███▌      ███  ███▌
▐██▌       ▐██▌  ███▄     ▐██▌  ▐███▄     ███  ▐███▄
▐██▌       ▐██▌   ▀██████████▌   ▀██████  ███   ▀██████████
▀▀         ▀▀       ▀▀▀▀▀▀▀▀       ▀▀▀▀  ▀▀▀      ▀▀▀▀▀▀▀▀


██
███
███
███ ██
███ ██
███ ██
███ ██
███ ██
███ ██
 ██ 
  █

██    Whitepaper    ██
.
██████████████████████████████████████████████████████████████████████████████████████████████
.
FacebookTwitterBitcointalk
pebwindkraft
Full Member
***
Offline Offline

Activity: 246
Merit: 202


View Profile
August 04, 2017, 06:21:16 AM
 #16

People discussing security when using Windows - come on! Don't you see the gap here? Windows has a long, long record of insecurity, and there is no sign, that this will ever stop. (Oh, yes - Microsoft last recently announced, they'll embrace Linux. That might be a first step.)

In the professional world of security you do not talk Windows. Otherwise it is snake oil (thx to Bruce Schneier for this wording).

>> Saying no procedure is 100% safe sounds like speculation to me.
this sentence makes me puzzled Huh
Security is not about emotions, not about opinions or speculation.
it is a race between experience and development. Similiar to banks, who protect the wealth. The layers of protection were increased step by step, until it gets too expensive to try and steal money. So security is all about trade-offs: you have a certain amount of value to protect, then you also need to invest a certain amount for the protection layer. You can not protect a 1 million value with 5 cents of security thoughts. And then there is not only security against theft, it is also about privacy.

So best practices might look a bit like this:
Trades at the 100 Dollars/Yen/Euros/Satoshis level can be on a phone wallet.
The 1000 range can start to be used with multisig.
The 10.000 range requires some cold storage.
All beyond requires cold storage and multisig.
And when it comes to privacy, you may want to add a layer of tumbler/coinjoin/mimblewimble.

HCP
Hero Member
*****
Offline Offline

Activity: 728
Merit: 923

<insert witty quote here>


View Profile
August 04, 2017, 08:52:06 AM
 #17

I would say I have used WinRar for many several years and it never disappoint me, not even once.
I'm sure there were people saying similar things about Mt. Gox... and Bitfinex... and <insert scam/hackedService/buggySoftware here> right before all their coins/$$$/data disappeared.


Quote
And thank you for bringing up that $5 wrench attack because I came across such argument while writing my article.
Here's the thing, can anyone using hardware wallet be safe from the "$5 wrench attack"?
Here's an honest + objective answer... NO.
Actually, they can be safer than you... because the hardware wallet gives them the safety of "plausible deniability". You can create "dummy" wallets with "small amounts" of bitcoin... say 1-10% of your total holdings. If someone threatens you, you give them the password to the dummy wallet... they find your coins and think "Job done"... meanwhile your 90-99% of actual holdings are safely stored in a hidden wallet that they can't possible know or prove exists... rendering a $5 wrench attack nullified for a relatively minor cost.

Whereas, with your method, they'll keep hitting until they get the password (or passwords in the case of multiple encryption) that decrypts it correctly.


Quote
And is it better to use my approach vs hardware wallet? Yes.
See... I was going to let the "Saying no procedure is 100% safe sounds like speculation to me" slide... but now you're just coming off as a little bit arrogant.

"Saying your procedure is 100% safe sounds like arrogance to me"

Quote
Why? Using hardware wallet is a physical dead giveaway that you have bitcoin and/or other cryptocurrencies.
Using digitally-encrypted private keys that I suggested is not, unless you try to brag and boost that you are rich because you have plenty of cryptocurrencies, in which case you are the security risk, not my approach.
No, you just used a very public forum like Steemit to declare to the entire world that you use Crypto... and how you choose to store them. Guessing you trust them more than hardware wallet devs/manufacturers too... so I'm sure your IP address is safe when them. Wink



I'm not declaring that hardware wallets are 100% safe, or the only answer to everyone's crypto storage needs... there are still attack vectors that exist (no solution is 100% secure). What they are is safer than using just a software wallet on a desktop PC/tablet/mobile device... and more convenient than locking everything away on paper wallets in secure storage (or triple encrypted, digitally stored private keys)...

But hey, like I said... Horses for courses... you've got a system that works for you, so that's great. Is it "better" than a hardware wallet? A viable alternative sure, but better? I'd say that is somewhat debatable and likely dependent on the use case(s) of a given person...

JohnnyNnex
Member
**
Offline Offline

Activity: 69
Merit: 10


View Profile
August 04, 2017, 11:29:37 AM
 #18

How it possible to capture sent packets without noticing user?
ranochigo
Legendary
*
Offline Offline

Activity: 1540
Merit: 1086


View Profile WWW
August 04, 2017, 02:53:43 PM
 #19

No, I'm not here to argue or anything.

No I don't have. And I do not intend to spend my time becoming a top expert in finding the evidence before deciding not to use it.
You can't criticise them if you cannot find any fault with them. How are you going to be generating the keys with 100% security if you do not wish to verify the source code? No wallet will ever be safe for you then. You can only generate it by hand.
But NO, I am going to protect my private keys directly instead. You are in fact avoiding the point that recovery seeds need to be properly secured as well. By avoiding that point, you are indirectly implying the recovery seeds need not be secured nor elaborate how to secure them.
I don't really understand where you got that inference from. I merely said that the derivation method can be known. You can get the private keys from the seeds=getting your gold from the paper that holds your gold without any restriction at all.
Don't continue, then.
Nah, I just feel that theres some misconception.
Duh, why should I need to write my own OS or wallet when I already have wallet generators like Electrum to do it for me? And do I trust Electrum? I don't need to if you understand my points accurately instead of arguing like a very smart guy.
Wait... Didn't you mention that hardware wallets are flawed because you are depending on a third party to generate it for you? I think you misunderstood something.
Whatever your point is, does not invalidate my point that if a person can secure his seeds well, he might as well just do it directly with his private keys. And besides, do you really expect everyone to be a tech savvy that they are able to write their own OS, etc? Be reasonable. What I am offering is a way that is far less complicated that an average Internet user can use.
Of course. I didn't say everyone SHOULD write their own OS in the first place, I don't even expect anyone using Bitcoin to be able to. If you love your privacy and security, you would be having thousands of private keys whenever you spend the coin. Isn't a 12 word seed way easier?
Hard to hack? My approach is not even hackable.
You uh, forgot to cover the way to spend your coins. Of course I can craft a transaction at the moment when you decrypt your encrypted rar file to send the coins to my address.

bitcoinmaniac52
Sr. Member
****
Offline Offline

Activity: 532
Merit: 250


Presale is live!


View Profile
August 04, 2017, 07:27:26 PM
 #20

Not sure if I should post it here, but I just wrote a steemit article on "Why I Am Not Using Hardware Wallet For Cold Storage" @ https://steemit.com/wallet/@dorky/why-i-am-not-using-hardware-wallet-for-cold-storage to help people make better decisions.

Check it out.

Lot of people posting their Steemit articles here trying to make bank. Grin

Anyway, this is common sense. TRUE COLD STORAGE = PAPER WALLET

Anyone who lost  a significant amount of Bitcoin will tell you a paper wallet is the safest way of storing it. Think of it like cash money, except you are holding a paper with your keys on it. No one can hack you if you use this method.



    ▄▄█████████▄▄      █████████████▄▄       █████████████▄▄        █████     █████        █████   ███████████████████    ██▄                ▄██
   ███████████████▄    ████████████████▄     ████████████████▄      █████     ██████       █████   ███████████████████    ████▄            ▄████
  █████▀     ▀▀███▀    █████     ▀▀█████▄    █████     ▀▀█████▄     █████     ███████      █████          █████           ██████▄        ▄██████
 █████          ▀      █████        ▀▀▀▀▀    ▀▀▀▀▀        ▀▀▀██     █████     ████████     █████          █████           ████████▄    ▄████████
 █████▄                ███▀▀                                          ▀▀█     █████████    █████          █████            ▀██████▀    ▀██████▀
 ▀██████▄▄               ▄▄▄        ▄████    ▄▄▄▄▄        ▄▄▄       ▄         ██████████   █████          █████              ▀██▀  ▄██▄  ▀██▀
  ▀█████████▄▄         █████     ▄▄█████▀    █████     ▄▄█████▀     ███▄▄       ▀▀█ █████  █████          █████                  ▄██████▄
     ▀▀█████▀  ▄▄▄     ████████████████▀     ████████████████▀      █████     ▄▄     ▀▀▀██ █████          █████                ▄██████████▄
         ▀▀ ▄█████▄    █████████████▀▀       ██████████████▀        █████     ████▄       ▀▀▀███          █████              ▄██████████████▄
             ▀█████    █████                 █████     █████        █████     █████    ▄▄▄                █████            ▄████████▀▀████████▄
 ▄█▄          █████    █████                 █████      █████       █████     █████     █████▄▄▄
          █████           ████████▀    ▀████████
▄████▄▄     ▄█████     █████                 █████       █████      █████     █████      ███████
          ▀████           ██████▀        ▀██████
▀████████████████      █████                 █████        █████     █████     █████       ██████
            ▀██           ████▀            ▀████
  ▀▀██████████▀▀       █████                 █████         █████    █████     █████        █████
              ▀           ██▀                ▀██
██
██
██
██
██
██
██
██
██
██
██
██

     ██
    ██
   ██
  ██
 ██
██
 ██
  ██
   ██
    ██
     ██
Whitepaper
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
ANN Thread

██
 ██
  ██
   ██
    ██
     ██
    ██
   ██
  ██
 ██
██











Telegram
Facebook
Twitter
██
██
██
██
██
██
██
██
██
██
██
██
Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!