Why I Am Not Using Hardware Wallet For Cold Storage

[HCP]

Do you see my concern with storing encrypted keys now? It leaves traces/evidence behind. It has to, as these encrypted files need to exist somewhere for me to be able to decrypt them to get my keys out. Sure, you could try and hide all your keys around multiple email accounts... or stored on different encrypted devices in different locations... but there is still tangible/physical evidence that these devices/files exist and that means they could be discovered. It also completely negates the "convenience" of your method, having stuff spread everywhere.

With a seed (+ passphrase)... I can store it encrypted, and if my email/cloud backup is hacked, and they find my encrypted seed, I can hand over the password to decrypt the seed... The seed on it's own will generate a valid wallet and valid addresses that I can put some coins in as a decoy (or even for use as a relatively secure hot wallet).  However, my main stash of coins can be hidden using the SAME seed in combination with a passphrase. This will generate a completely different wallet with completely different addresses.

You contradicted yourself within 2 paragraphs.

First, you said you are concerned with storing encrypted keys as it leaves traces/evidence behind, so your hardware wallet leaves no traces/evidence.
Then, you said you can store encrypted seeds in email/cloud/bank vault/etc which leaves plentiful traces/evidence behind, but then you said they are hidden!
My goodness, what lies you are telling.

No, I'm not telling lies... it would appear that you are still not understanding how a seed + passphrase combination works

Encrypted Private key = traces/evidence...
Encrypted Seed = traces/evidence...

However, the advantage of the seed system over an encrypted private key is this:

Handover password to encrypted private key = private key exposed, all coins controlled by that key exposed.
Handover password to encrypted seed = seed exposed... ONLY the default wallet is exposed... all other wallets generated using passphrases from that seed are invisible/hidden with no traces/evidence

You cannot prove the existence of ANY of these hidden wallets... as there is NO EVIDENCE OR TRACE of them anywhere... they are only generated by a passphrase that exists purely inside your head.

Hopefully, that helps clear things up for you.

[1715346019]

1715346019

[1715346019]

1715346019

[1715346019]

1715346019

[Dorky]

No, I'm not telling lies... it would appear that you are still not understanding how a seed + passphrase combination works

Encrypted Private key = traces/evidence...
Encrypted Seed = traces/evidence...

However, the advantage of the seed system over an encrypted private key is this:

Handover password to encrypted private key = private key exposed, all coins controlled by that key exposed.
Handover password to encrypted seed = seed exposed... ONLY the default wallet is exposed... all other wallets generated using passphrases from that seed are invisible/hidden with no traces/evidence

You cannot prove the existence of ANY of these hidden wallets... as there is NO EVIDENCE OR TRACE of them anywhere... they are only generated by a passphrase that exists purely inside your head.

Hopefully, that helps clear things up for you.

If the hacker needs the seed + passphrase to unlock the keys, then they will ask for them both, not just the seed.
Like I said, any way a hardware wallet user would use to recover his keys if ever his wallet got lost, stolen, destroyed, i.e. he does step 1, then step 2, then step 3, etc for recovery, so will the hacker ask for the necessary information to commit the same steps for the keys.

If you have a lot of things to remember/memorize, i.e. the seed, the passphrase, the PIN, etc, then the weakest link in the whole security is your brain.
Ultimately you will still need to record/store all these in one place just in case you forgotten any of them.
And that will still boils down to the need for encryption of all of them just so you only need to remember less things, i.e. remember 1 vs remember 3.
My method tries to simplify the steps so the requirement is to remember only 1 thing in order to prevent the brain from being a weak link.

In case you still don't realize this, the method I laid out in my article covers from the very start to the very end of securing the cold storage.
Using the hardware wallet for cold storage, on the other hand, describes the steps only half way thru.
Hardware companies don't explain to users that while they need to do a paper backup of their seeds/passphrases, they also need to back it up securely, i.e. using a 2nd computer to encrypt the backup.
Instead, the companies leave this area of discussion out for users' imagination and that opens to huge security risks that the hardware companies avoid addressing.
Because if they choose to address how to secure the paper backups of the seeds/passphrases, they may give the correct impression that users don't need hardware wallet after all.

Why did I say my method explains going from Point A to Point B?
Why did I say you (being pro-hardware wallet) explains going from Point A to Point C, then from Point C to Point D, and finally from Point D to Point B?
Because when you talk about securing the keys thru hardware wallet only, you only give the direction from Point A to Point C.
And when you talk about dummy wallets (to fake savings) and passphrases (to make things hidden), you give direction from Point C to Point D.
Finally when you mention about encrypting the seeds/passphrases, you give the direction from Point D to Point B (the final destination).
For you to keep arguing about how and why hardware wallet is safe and secure certainly gives the false impression that no backup is necessary, i.e. the direction to go from Point D to Point B.
However a backup (of the seeds, passphrases, and PIN if you are using hardware wallet) is STILL necessary to complete the whole steps in securing the keys.
And that's where the direction to Point B is needed, which the hardware wallet companies try to avoid covering.
Because if they do, the users will realize if they have to go thru 2 extra Points to reach Point B, then might as well just encrypt the keys direct to save themselves the hassle of going thru Point C and Point D unnecessarily.

Will the extra steps (i.e. going thru Point C and Point D, to reach Point B) worth the trouble?
Will that help make the cold storage more secure?
The answer is a big NO.
Having to go thru extra unnecessary steps complicates things and may create higher chance of user error.
If a hacker is savvy enough to recover your keys from your hardware wallet, I assume he will be savvy enough to know what necessary information to ask for the recovery, thus vulnerability to the $5 wrench.
I do not see a hacker being Dorky enough like me who doesn't know about hardware wallet and just kidnap you, ask for the seeds, let you go, then found out I need more than just seeds, and figured out I need to re-kidnap you again for more information.
I see a hacker being very savvy, does his homework completely, kidnaps you and ask for the seeds, passphrases, and PIN, all in one go, and verify everything on the spot to make sure you tell the truth before letting you go with everything stolen.
Going thru unnecessary steps to secure the keys is not worth the complications, which is why I came out with my method, which is not really even a proprietary stuff.
Anyone who cares about his own security will most likely arrive at the same/similar method too.

[HCP]

If the hacker needs the seed + passphrase to unlock the keys, then they will ask for them both, not just the seed.
Like I said, any way a hardware wallet user would use to recover his keys if ever his wallet got lost, stolen, destroyed, i.e. he does step 1, then step 2, then step 3, etc for recovery, so will the hacker ask for the necessary information to commit the same steps for the keys.

You're still not quite getting it. Maybe I'm not explaining it properly?

If you give the hacker JUST the seed (ie. they've found your encrypted seed file wherever you stored it and you've handed over the password to that file)... and they import JUST the seed into a wallet... then it will generate a complete and valid wallet. You use this wallet as your "decoy"... put some coins in it... run a few transactions to generate history etc.

There is absolutely no way for the hacker to know or prove that you have a passphrase, that when combined with your seed, will generate a completely different wallet with your actual stash in it. In fact, you could even generate a second "decoy" using a different dummy passphrase if you wanted to be super paranoid about it all.

Seed words only = Valid Wallet
Seed words + Dummy Passphrase = Completely different, valid wallet#2
Seed words + Actual Passphrase = completely different, valid wallet#3

You can theoretically use an infinite number of passphrases and generate an infinite number of wallets, because of the way the system works, ANY passphrase you give, when combined with seed words, will generate a valid wallet. Even if the hacker is aware that you can use passphrases with seed words, they cannot prove that you actually do or have used one... you have plausible deniability. There is no evidence of your hidden wallet existing. This is what renders the $5 wrench attack useless.

If you have a lot of things to remember/memorize, i.e. the seed, the passphrase, the PIN, etc, then the weakest link in the whole security is your brain.
Ultimately you will still need to record/store all these in one place just in case you forgotten any of them.
And that will still boils down to the need for encryption of all of them just so you only need to remember less things, i.e. remember 1 vs remember 3.
My method tries to simplify the steps so the requirement is to remember only 1 thing in order to prevent the brain from being a weak link.

You don't actually need to remember the PIN... the PIN only protects access to the hardware wallet itself... generally speaking, most of the hardware wallets that I'm aware of will factory reset after X number of incorrect PIN attempts. As long as your seed is safely backed up somewhere, you can simply restore using the seed (and passphrase) and your wallet is regenerated.

And lets be honest here... if you're going to struggle with a 4 digit pin, what hope do you have to remember a 20+ character alphanumeric+symbol password to an encrypted file?

Sure, I still have to remember 2 things (password to encrypted seed + wallet passphrase) as opposed to one (password to encrypted key)... but that's like saying that walking 2 steps is harder than walking 1 step.

Hardware companies don't explain to users that while they need to do a paper backup of their seeds/passphrases, they also need to back it up securely, i.e. using a 2nd computer to encrypt the backup.

Not necessarily... with a seed+passphrase, if the seed is compromised then the passphrase is your protection layer. I vaguely seem to recall that someone put up a bounty by publishing a seed that had some coins stored in a "hidden wallet", protected by a passphrase... and it got taken down after a year or so as no-one had hacked it and taken the coins. I've been trying to find the source, but I can't seem to find it. My point is that your seed only really needs to be "safely" backed up (ie. written down). It doesn't necessarily need to be "securely" backed up (ie. encrypted).

Additionally, if you just wrote your seed down and stored it someplace "safe", then your requirements for remembered passwords would drop down to 1... the passphrase for your "Actual" wallet... and you've shifted part of your security model from "digital" to "physical".

If a hacker is savvy enough to recover your keys from your hardware wallet, I assume he will be savvy enough to know what necessary information to ask for the recovery, thus vulnerability to the $5 wrench.
I do not see a hacker being Dorky enough like me who doesn't know about hardware wallet and just kidnap you, ask for the seeds, let you go, then found out I need more than just seeds, and figured out I need to re-kidnap you again for more information.
I see a hacker being very savvy, does his homework completely, kidnaps you and ask for the seeds, passphrases, and PIN, all in one go, and verify everything on the spot to make sure you tell the truth before letting you go with everything stolen.

That's the point... they CAN'T verify whether or not I have a passphrase... or if the passphrase that I have given are "real" or "dummy"... unlike a password for an encrypted container, that either decrypts the file or it doesn't.

[Piggy]

Not sure if I should post it here, but I just wrote a steemit article on "Why I Am Not Using Hardware Wallet For Cold Storage" @ https://steemit.com/wallet/@dorky/why-i-am-not-using-hardware-wallet-for-cold-storage to help people make better decisions.

Check it out.

Lot of people posting their Steemit articles here trying to make bank.

Anyway, this is common sense. TRUE COLD STORAGE = PAPER WALLET

Anyone who lost  a significant amount of Bitcoin will tell you a paper wallet is the safest way of storing it. Think of it like cash money, except you are holding a paper with your keys on it. No one can hack you if you use this method.

agree with you, you just need to have quality paper or print in plastic sheet, so the key is just there safe for you to read.
Beside all hardware can fail and you need a backup anyway, you can't just relay on hardware wallet...

[Dorky]

You're still not quite getting it. Maybe I'm not explaining it properly?

If you give the hacker JUST the seed (ie. they've found your encrypted seed file wherever you stored it and you've handed over the password to that file)... and they import JUST the seed into a wallet... then it will generate a complete and valid wallet. You use this wallet as your "decoy"... put some coins in it... run a few transactions to generate history etc.

There is absolutely no way for the hacker to know or prove that you have a passphrase, that when combined with your seed, will generate a completely different wallet with your actual stash in it. In fact, you could even generate a second "decoy" using a different dummy passphrase if you wanted to be super paranoid about it all.

Seed words only = Valid Wallet
Seed words + Dummy Passphrase = Completely different, valid wallet#2
Seed words + Actual Passphrase = completely different, valid wallet#3

You can theoretically use an infinite number of passphrases and generate an infinite number of wallets, because of the way the system works, ANY passphrase you give, when combined with seed words, will generate a valid wallet. Even if the hacker is aware that you can use passphrases with seed words, they cannot prove that you actually do or have used one... you have plausible deniability. There is no evidence of your hidden wallet existing. This is what renders the $5 wrench attack useless.

Tell me, if a hacker kidnaps you...
Because he identified some of the addresses you used in past transactions may indicate you have more bitcoins...
And you give him the seeds...
And he check the seeds with his computer...
And he found out NONE of the addresses generated by the given seeds actually contain the addresses you used in past transactions...
Do you think he will let you go easily?
You talk about using infinite passphrases as if they matters.
What if you forgotten the passphrases that generate the addresses you do your cold storage? You lose everything.
If you intent to remember 1st passphrase for cold storage, and 2nd passphrase for dummy wallet, you would need to remember at least a minimum of 2 passphrases (not 1, even if you don't choose to remember the seeds).
You keep forgetting that if you make it too complicated for the hacker to steal from you, you may also make it too complicated for yourself in case of recovery.
You also keep forgetting the fact that if you make it too tough for the hacker to steal from you, you may also increase the level of complication that may give rise to user-committed errors.

If you sincerely use the seeds only = hacker steals everything.
If you use the seeds + 2 passphrases (you have to if you use hardware wallet) = hacker may not be able to steal the cold storage wallet, but you have to remember 3 things.
Why compulsory to remember seeds + 2 passphrases? Answer, game theory.
If you give seeds only, what will the hacker find? Will he accept it?
If you give seeds + dummy passphrase, what will the hacker find? Will he accept it?
If I were a hacker, I would take note of ALL the addresses you used in past transactions (that clearly associated to you) and make sure some of the addresses generated by your given seeds + passphrases are the same addresses used in past transaction.
How much can you fake it?
In the end, you have to fake a lot of things just to make sure your future hacker-cum-kidnapper can't get away with everything.

Sure, I still have to remember 2 things (password to encrypted seed + wallet passphrase) as opposed to one (password to encrypted key)... but that's like saying that walking 2 steps is harder than walking 1 step.

Walking 2 steps is definitely not harder if that's exercise for better health.
But if that extra walk is unnecessary and gives no additional benefit, then it is useless.

Not necessarily... with a seed+passphrase, if the seed is compromised then the passphrase is your protection layer. I vaguely seem to recall that someone put up a bounty by publishing a seed that had some coins stored in a "hidden wallet", protected by a passphrase... and it got taken down after a year or so as no-one had hacked it and taken the coins. I've been trying to find the source, but I can't seem to find it. My point is that your seed only really needs to be "safely" backed up (ie. written down). It doesn't necessarily need to be "securely" backed up (ie. encrypted).

Additionally, if you just wrote your seed down and stored it someplace "safe", then your requirements for remembered passwords would drop down to 1... the passphrase for your "Actual" wallet... and you've shifted part of your security model from "digital" to "physical".

Do you know my method of just encrypting the keys is way much more convenient than what you are doing with your hardware wallet?

And if your seeds are compromised, as in got lost/stolen/destroyed in which you can't even recover them, because you write them down in a piece of paper and store it between the pages of a book, your dog eaten it, or your book got destroyed by fire/flood, or you forgotten which book you actually store your seeds, will you be able to recover your cold storage if you lost your seeds, never mind if you still remember your passphrases?
I already said physical backup is not as good, and yet you keep beating the dead horse.

If you have to remember the seeds + passphrases for your own recovery, those are exactly what you need to store securely (not safely), never mind the hacker.
You cannot imply that the seeds and PIN are not important because the hacker can't do anything with them without the passphrase.
I already said it, but why are you not getting the message?
I even took the trouble to bold the statement just in case you don't get it, as I rightly suspect.
Here are the bolded statements I made.

Any way a hardware user would use to recover all his keys in case of the hardware wallet being lost, stolen, or destroyed, will be the EXACT same way a hacker access the keys.
If a user needs the seeds + passphrase to recover his keys, so will the hacker ask for the same.
If a user needs to do ABC and then XYZ to recover his keys (in case of hardware wallet being lost, stolen, or destroyed), so will the hacker do the same.

If the hacker cannot do anything with the seeds alone, then so will you.
If the hacker find no addresses associated with you, he will know a passphrase is involved.
He will ask you for the RIGHT passphrase that generates the addresses used.

That's the point... they CAN'T verify whether or not I have a passphrase... or if the passphrase that I have given are "real" or "dummy"... unlike a password for an encrypted container, that either decrypts the file or it doesn't.

If a hacker identified your addresses used in past transactions are NOT the same addresses generated by the seeds or seeds + passphrase given, then they will know clearly you are lying to them.
And if you make it too complicated to them, you are also making it too complicated to yourself.
And some day you will screw up not due to hacker, but due to your own user-based error.

How to verify whether you have a passphrase (or more passphrases)?

Hacker: Gimme your seeds.
You: Here you go.
Hacker: Let me check......... hmmm, I find no address from the generated ones that is known to be associated to you. In the past you used these addresses for transactions (blockchain does not promise anonymity, only privacy) and the change addresses involved. None of the addresses generated from the seed you given me has the used addresses and change addresses. You are using passphrase. Gimme the passphrase.
You: Sure, here you go (you give the dummy passphrase).
Hacker: Let me check......... hmmm, I still cannot find the same used addresses and change addresses from the bunch of addresses generated from the seed + passphrase you gave. You are using more than 1 passphrase. Gimme another passphrase.
You: Gulp... ops... urmmm.... errr.....

Remember this very well:
If you make it too complicated to them, you are also making it too complicated to yourself.
Some day you will screw up not due to hacker, but due to your own user-based error.

[GummyDwarf]

I don't use hardware wallets. Otherwise I would have to blindly trust the actual hardware isn't somehow designed to steal anything. I rather trust an offline laptop and usb. Gives me peace of mind.

[Dorky]

Alright, has HCP lost the debate?

[Gotottack]

It all depends on the investor. Some, in fact, a lot, uses hardware wallet for cold storage. For them, it is practicable and efficient in the sense that they are as if carrying their coins wherever they may be. It is synonymous to a tangible property which gives a good sense of belief that one is able to see/experience ones possession. On the other hand, some do not use hardware wallet for cold storage which is premised on the belief that it is creating more risks on the safety of ones property. An example of the latter is when the hardware wallet is stolen or broken. Its natural effect is that it will presumably lose all BTC investments.   

[Dorky]

It all depends on the investor. Some, in fact, a lot, uses hardware wallet for cold storage. For them, it is practicable and efficient in the sense that they are as if carrying their coins wherever they may be. It is synonymous to a tangible property which gives a good sense of belief that one is able to see/experience ones possession. On the other hand, some do not use hardware wallet for cold storage which is premised on the belief that it is creating more risks on the safety of ones property. An example of the latter is when the hardware wallet is stolen or broken. Its natural effect is that it will presumably lose all BTC investments.  

Well, my debate with HCP shows that even the loss of the hardware wallet does not mean the BTC is lost too because the owner can recover the BTC thru the seeds and passphrases (which needs to be secured too).

However, my point is if BTC can be recovered thru seeds and passphrases, then why not just secure the BTC with very strong encryption directly on the private keys instead, for cold storage?

With a hardware wallet, the owner will have to keep buying a new one if the previous one is lost. HCP argued that's not the case, but of course if the owner wishes to continue using BTC for cold storage plus spending, he has no choice but to spend for a new hardware wallet. And for purpose of spending, hardware wallet is not the only option available. Desktop wallets can serve the purpose too. However for purpose of cold storage only, then a digitized paper wallet (i.e. store it digitally instead of printing it out) that is strongly encrypted is the best and cheapest way possible. For short, a strongly encrypted private key that is generated offline. It's digital, which makes it 100% portable anywhere in the world. You can store it in your email inbox, instead of dependent on bank vault or something like that. Multiple backup can be made cheaply (because it's digital) without the need to buy another wallet. Hardware wallet can do the same too, but without the convenience and control.

[HCP]

Alright, has HCP lost the debate?

No, I just got tired of trying to explain things that you didn't seem to be comprehending.

You keep inventing more and more convoluted scenarios to try and do "end-runs" around logic and reason... like how a supposed attacker has full access to my entire Bitcoin transaction history and knowledge of every single one of my addresses... so they'd be able to determine whether or not passphrases being provided are "real". Which, of course, is defeated simply by running any cold-storage funding transactions through a mixer etc. and using my "decoy" wallet for day to day transactions.

In the same scenario using your system... exactly the same thing would happen... except, if they've found a bunch of encrypted files and ask for the password, you have no defense. They can see the files, they know they exist, they know there are passwords that decrypt them and will know instantly whether the password you give is correct. With a hardware wallet using a passphrase, there is NO evidence that the wallet exists... because it doesn't until you enter the passphrase.

And this is what you don't seem to want to admit... there is NO 100% secure method of securing your stuff. I admit that hardware wallets are not perfect... there are still attack vectors... just like with your system... but a hardware wallet helps minimise these and provides, in my opinion, a number of benefits that your system doesn't.


You even claimed at one point that your method is "unhackable"

Hard to hack? My approach is not even hackable.

Then conceded that nothing is safe:

Well, on 2nd thought, I guess nothing is safe. Or else there would be no Matthew 6:19-21.

And then denied that you conceded that point...

I just don't think it is as secure as you believe it to be (a point you eventually conceded)

I never conceded. You are talking nonsense. My method is better than both hardware and paper wallets combined for cold storage.

You then descended into just calling every one of my points "Bullshit"... calling me an idiot, dumb nut, silly and a low life and accused me of just being a trouble maker

That's not even the point, you silly.
Your argument is bullshit.

You are clearly a troublemaker.
You will be a scum that will appear out of nowhere and say "No, a ball is circular."

That's not even the point, you silly.

You are clearly a very very stupid person.
You are a bullshit.

For that, I say you are a bullshit.

Bullshit.
...you dumb nut.

Bullshit.
For this, I say you are a bullshit.

I don't mind if you are a smart person. In fact, I would be very happy if you are smarter than I am. At least I can learn from you.
But if you are a stupid jackass pretending to be some smart ass, then I don't wish to be troubled by a lowlife such as you.

Personal attacks aside, that's not how you "win" a debate...



Then you started down the whole "hardware wallets are more inconvenient because you have to remember a passphrase AND a PIN" path... I guess I should have just pointed out at the time that with your setup you potentially need to remember a whole bunch of extra stuff as well, like your email account+password where you stored your backup... or your online storage account+password where you stored your backup... or where you put that CD with the backup data on it... because that is just as "difficult" and "inconvenient" as remembering a 4-8 digit PIN



And now you also seem to think that for some reason hardware wallet users are forever tied to hardware wallets:

With a hardware wallet, the owner will have to keep buying a new one if the previous one is lost. HCP argued that's not the case, but of course if the owner wishes to continue using BTC for cold storage plus spending, he has no choice but to spend for a new hardware wallet.

Which is just plain wrong...

If I lose my hardware wallet... I can simply take my seed backup and generate a paper wallet or import it into a software wallet or import it into a web wallet should the need arise... or simply do nothing and continue using those addresses as cold storage knowing that I still have access to all my coins should I so require in the future.



TL;DR:
I prefer hardware wallets as they offer all the benefits of cold storage and provide added security for hot wallet/day to day spending in a handy, convenient, portable package that still provides me complete control of my private keys, at a relatively reasonable price for anyone with modest/substantial amounts invested in cryptocurrency.

Dorky prefers his digital version of paper wallets as he believes it provides the benefits of cold storage with the best security at near to zero cost, without some of the issues associated with paper wallets (like susceptibility to loss/damage/theft) while still maintaining control of private keys.

Neither method is 100% secure.

[Dorky]

No, I just got tired of trying to explain things that you didn't seem to be comprehending.

You keep inventing more and more convoluted scenarios to try and do "end-runs" around logic and reason... like how a supposed attacker has full access to my entire Bitcoin transaction history and knowledge of every single one of my addresses... so they'd be able to determine whether or not passphrases being provided are "real". Which, of course, is defeated simply by running any cold-storage funding transactions through a mixer etc. and using my "decoy" wallet for day to day transactions.

In the same scenario using your system... exactly the same thing would happen... except, if they've found a bunch of encrypted files and ask for the password, you have no defense. They can see the files, they know they exist, they know there are passwords that decrypt them and will know instantly whether the password you give is correct. With a hardware wallet using a passphrase, there is NO evidence that the wallet exists... because it doesn't until you enter the passphrase.

You are dumb. And rightly so.
You said they found a bunch of encrypted files and ask for the password.
Hey man, I don't necessarily really need to make it so obvious to them that the file stores the private keys, do I?
To claim they will know an encrypted file will contain the private keys is pure dumb speculation.
The only way they will know a file contains private keys is if I tell them "Hey, those files contain private keys."
You are making your argument based on dumbness and that's why I keep calling you names.
The level of discretion that hardware wallet provides can also be attained with my method too, can't you even see?
Either you are dumb by not getting it, or you are just playing dumb.

And this is what you don't seem to want to admit... there is NO 100% secure method of securing your stuff. I admit that hardware wallets are not perfect... there are still attack vectors... just like with your system... but a hardware wallet helps minimise these and provides, in my opinion, a number of benefits that your system doesn't.

You even claimed at one point that your method is "unhackable"

Hard to hack? My approach is not even hackable.

Then conceded that nothing is safe:

Well, on 2nd thought, I guess nothing is safe. Or else there would be no Matthew 6:19-21.

And then denied that you conceded that point...

I just don't think it is as secure as you believe it to be (a point you eventually conceded)

I never conceded. You are talking nonsense. My method is better than both hardware and paper wallets combined for cold storage.

The reason why I said my approach is not even hackable is because ---> the private keys are generated offline and strongly encrypted offline.
N-O-B-O-D-Y even know they exists, let alone hack them.
And if they are found by some hackers, they wouldn't even know the file contains private keys.
There are myriads of stuff that are encrypted (ebooks, company documents, etc) that are simply not private keys.
And unless you know the password to access the file, you wouldn't even know what the hell is contained inside the file.
And yet you keep claiming the hackers will find the file and ask for the password.
I say, bullshit to you.

You then descended into just calling every one of my points "Bullshit"... calling me an idiot, dumb nut, silly and a low life and accused me of just being a trouble maker

That's not even the point, you silly.
Your argument is bullshit.

You are clearly a troublemaker.
You will be a scum that will appear out of nowhere and say "No, a ball is circular."

That's not even the point, you silly.

You are clearly a very very stupid person.
You are a bullshit.

For that, I say you are a bullshit.

Bullshit.
...you dumb nut.

Bullshit.
For this, I say you are a bullshit.

I don't mind if you are a smart person. In fact, I would be very happy if you are smarter than I am. At least I can learn from you.
But if you are a stupid jackass pretending to be some smart ass, then I don't wish to be troubled by a lowlife such as you.

Personal attacks aside, that's not how you "win" a debate...

You are indeed a bullshit. I continue to stand by that.

Then you started down the whole "hardware wallets are more inconvenient because you have to remember a passphrase AND a PIN" path... I guess I should have just pointed out at the time that with your setup you potentially need to remember a whole bunch of extra stuff as well, like your email account+password where you stored your backup... or your online storage account+password where you stored your backup... or where you put that CD with the backup data on it... because that is just as "difficult" and "inconvenient" as remembering a 4-8 digit PIN

Here's why you are a bullshit (and never short of it).
Yes, my method still needs to remember a number of things such as online storage account+password, etc, but they are definitely cannot be compared to remembering a PIN.
Because as you and I know it, using hardware wallet requires you to remember the seeds, passphrases and PIN.
You use your hardware wallet; you are obligated to remember the seeds, passphrases, PIN, where you store your seeds, where you store your passphrases, etc.
To claim you only need to remember the PIN says you are bullshit.
To imply that writing the seeds and passphrases down a piece of paper and slip it between the pages of a book is safer (!) is bullshit.

And now you also seem to think that for some reason hardware wallet users are forever tied to hardware wallets:

With a hardware wallet, the owner will have to keep buying a new one if the previous one is lost. HCP argued that's not the case, but of course if the owner wishes to continue using BTC for cold storage plus spending, he has no choice but to spend for a new hardware wallet.

Which is just plain wrong...

If I lose my hardware wallet... I can simply take my seed backup and generate a paper wallet or import it into a software wallet or import it into a web wallet should the need arise... or simply do nothing and continue using those addresses as cold storage knowing that I still have access to all my coins should I so require in the future.

What a lie.
What a joke.
Take your pick.
If you intend to make it cold storage and not spend it, you might as well go for my method.
The only reason why you use hardware wallet is so that you can spend your BTC securely.
Now you claim you can simply do nothing.
Why are you being so intellectually dishonest?
The moment you need to spend, you will be compelled to buy a new hardware wallet.
Software wallet?
Web wallet?
What a lie + joke.
Software wallet and web wallet are far less secure than hardware wallet, and yet here you imply they are good alternatives in case of screw up.
Indeed you are a bullshit.

TL;DR:
I prefer hardware wallets as they offer all the benefits of cold storage and provide added security for hot wallet/day to day spending in a handy, convenient, portable package that still provides me complete control of my private keys, at a relatively reasonable price for anyone with modest/substantial amounts invested in cryptocurrency.

Dorky prefers his digital version of paper wallets as he believes it provides the benefits of cold storage with the best security at near to zero cost, without some of the issues associated with paper wallets (like susceptibility to loss/damage/theft) while still maintaining control of private keys.

Neither method is 100% secure.

You said it here yourself.... for hot wallet/day to day spending.
And yet you said you can choose to do nothing if you lose your hardware wallet.
Pray tell, how are you going to spend your BTC then?
Use software wallet or web wallet?
Hey, we can start a debate on how insecure are software wallet and web wallet, if you want to.

I already said it many times before.
If you use hardware wallet, you don't control your private keys.
You only control the seeds + passphrases that will generate the private keys.
Can you even see the difference?
No they are not reasonable price compare to my method that is way much cheaper with direct control.
Your control of private keys through the seeds and passphrases are indirect control, not direct control.
It is much like going from Point A to Point B, and from Point B to Point C (instead of from Point A to Point C directly).
The replacement cost of hardware wallet is both expensive and unnecessary.

You are nothing but bullshit.

I have a very strong suspicion that HCP doesn't understand the meaning and nature of "strongly encrypted private keys".

A strongly encrypted private key simply means an anonymous file that is strongly encrypted.
To claim that an anonymous file contains private keys is bullshit.
No, that is wrong.
The anonymous file contains no private keys.
It contains only scanned copies of personal identification and driving license.
The fact is, only you know what is contained in that anonymous file.
Anyone saying the hacker will know what the file contains, is bullshit beyond logic.

TL;DR
You are selling hardware wallet.
I am not selling anything but simply a DIY method that anyone can do with better control and security at much cheaper price.

Only those who are irresponsible to themselves will try to transfer such responsibility to a 3rd-party by using hardware wallet.

[achow101]

This thread is just Dorky and HCP flaming/trolling each other which is against the forum rules. Therefore this thread will be locked and potentially trashcanned.