Trezor or Paper Wallet?

[pimacoin]

ledger Nano is a great device. I can give it a try. But my advice will be to exchange you bitcoins for precious metals.

[1713516407]

1713516407

[1713516407]

1713516407

[1713516407]

1713516407

[1713516407]

1713516407

[1713516407]

1713516407

[vintages]

It isn't "unsafe"... There was a vulnerability discovered that had the potential to be exploited. However, there were a specific set of things that needed to be done for that "exploit" to be utilised. Specifically, the attack would need physical access to your device... and would need to load a custom firmware onto it.

Resetting the device upon delivery and updating the firmware would effectively remove a "bad" custom firmware that had been loaded using the exploit. Additionally, the vulnerability has since been patched as of version 1.4.1 of the Ledger firmware.

Oh! I see. At least the uncertainity is getting better than before. I was thinking the hardware could be attacked anywhere, anytime without any physical contact. I was meaning to transfer my coins but I guess I should leave it then.

Now, since I already have and using the hardware, I should probably reset it; this won't cause any danger right? (I know i am been paraniod but just want to be on a safer fence.) Though, this will be my first time of resetting it cause I never gave it a thought to reset it when I got it months ago.

[HCP]

Be aware that simply resetting the device will not make you "safe" if your device had previously been tampered with... As there is a possibility that your current seed had been generated by a compromised firmware.

So, what you would need to do is reset it, reload the firmware and then to be completely sure you were "OK", you would need to create an entirely new seed once you were sure you were on a "clean" firmware and then move all your coins to the addresses generated by the new seed.

The problem with trying to move from one seed to another with only one device is that it can require a fair bit of time. Assuming you have already updated to latest "patched" firmware, the process would look something like:

1. Reset device
2. Set up new seed
3. Get new addresses for all the coins you need to transfer
4. Reset device
5. Restore OLD seed
6. Send all your coins to new addresses from Step 3.
7. Reset device
8. Restore NEW seed
9. Live happily ever after

[vintages]

Well, there is no way to check and know if my device had previously been tampared with. The hardware has always been on my possession. I have never lossed it, though I have recklessly placed it on places i shouldn't. And I perfectly trust my family members. But I can't say for my colleagues whom I always travel with.

Anyway, I will follow your procedure. Hey HCP, thanks man for putting me through. Its unfortunate we don't get notifications for replied post, my replies would have come sooner. I just thought i should check out this thread before I begin. Glad to see your reply  

[Welsh]

Well, there is no way to check and know if my device had previously been tampared with. The hardware has always been on my possession. I have never lossed it, though I have recklessly placed it on places i shouldn't. And I perfectly trust my family members. But I can't say for my colleagues whom I always travel with.

Anyway, I will follow your procedure. Hey HCP, thanks man for putting me through. Its unfortunate we don't get notifications for replied post, my replies would have come sooner. I just thought i should check out this thread before I begin. Glad to see your reply  

A great rule of thumb to go by which may be complete paranoia is if you think it could of been tampered with at anytime then you transfer everything as soon as possible and get a  non compromised device. It's extremely unlikely that your work colleagues possess the skills to compromise the device but, always assume that whoever had access to it physically could well compromise it.

[HCP]

Its unfortunate we don't get notifications for replied post, my replies would have come sooner. I just thought i should check out this thread before I begin. Glad to see your reply 

Just for future reference, if you click the "notify" link in the top right corner you can setup email notifications for comments and replies on a specific thread...

Very useful if you want to keep tabs on a specific thread. Also, the "watchlist" feature is handy for threads you're interested in, but don't necessarily want immediate notification for.. you can then simply click the "watchlist" link in the top left corner to see a list of "watched" topics that have new posts

[RocketShipJumper]

Haven't gotten to try Trezor or Paper Wallet yet. Maybe you wanna try Paxful.com? I've been cycling through the different wallets and I got on Paxful recently and it's pretty good so far as I'm concerned.

[bob123]

Haven't gotten to try Trezor or Paper Wallet yet. Maybe you wanna try Paxful.com? I've been cycling through the different wallets and I got on Paxful recently and it's pretty good so far as I'm concerned.

An online wallet is not comparable to a hardware wallet (trezor) or a paper wallet security-wise.

In an online wallet your private keys are stored (either encrypted or unencrypted) on the service providers server. This creates a lot of new attack vectors compared to hardware-/paper wallets.

With a hardware wallet you have a dedicated device which creates and holds the pivate keys in an airgapped device. It can be used on infected PC's without being exposed to theft.

A (properly created) paper wallet also is completely airgapped.
The whole security of a paper wallet relies on 1) the physical security and 2) the way it has been generated.

[786SehrishAkhtar]

I think Ledger s Nano is more trustful instead of Trezor.
My Friend Bought it and told me its a more secure wallet rather than anything else. I also suggest to use Ledger S nano rather than any other thing

[yogg]

Have you considered using a brain wallet ? You can store your bitcoin in your head => https://en.bitcoin.it/wiki/Brainwallet
These won't become technologically obsolete (as today's hardware wallet may become). Also, the technology to hack into your brain isn't here yet.

If you don't get Alzheimer's disease or brain cancer, well your coins are pretty safe in a brain wallet. No critical piece of paper that may burn, no hardware.

[TryNinja]

I'm not sure if that's a good idea. I have seen multiple articles and people saying that Brain wallets are not safe and that you shouldn't use them.

It's not to do with length, but entropy. Humans are terrible at creating randomness, even what you think is hard to guess could in all probability be guessed with enough iteration.

Family names for example are easy to guess, there's a finite number of them and a vast portion of names are from a set of only a few hundred.

What's the chance of you remembering what names are, the spelling, punctuation and ordering? Fairly low I suspect, humans are also terrible at remembering explicit data like that.

As soon as people start trying to be clever, the probably shifts from theft to irrecoverable loss. Just use the cryptographic keys the way they are supposed to be used, 256 bits of entropy created with a CSRNG

https://bitcoin.stackexchange.com/a/41619

And: https://en.bitcoin.it/wiki/Brainwallet#Low_Entropy_from_Human-Generated_Passphrases

[yogg]

I'm not sure if that's a good idea. I have seen multiple articles and people saying that Brain wallets are not safe and that you shouldn't use them.

It's not to do with length, but entropy. Humans are terrible at creating randomness, even what you think is hard to guess could in all probability be guessed with enough iteration.

Family names for example are easy to guess, there's a finite number of them and a vast portion of names are from a set of only a few hundred.

What's the chance of you remembering what names are, the spelling, punctuation and ordering? Fairly low I suspect, humans are also terrible at remembering explicit data like that.

As soon as people start trying to be clever, the probably shifts from theft to irrecoverable loss. Just use the cryptographic keys the way they are supposed to be used, 256 bits of entropy created with a CSRNG

https://bitcoin.stackexchange.com/a/41619

And: https://en.bitcoin.it/wiki/Brainwallet#Low_Entropy_from_Human-Generated_Passphrases

It's the same as saying passwords are not safe and we shouldn't use them. Of course, if your password is among the List of the most common passwords then you're in trouble.

You can create a secure brainwallet.
How these "24 words seeds" that are used everywhere happen to be secure ? Just use a similar seed for your brainwallet.
Sure, if you go like "whiskers is the nicest cat 2016" for your bitcoin seed, then it's like having "password1234" as a password.

There also something else : once you have spent funds from one address you shouldn't use this address to receive bitcoin to again. So it's hard to keep track of everything manually.

A little bit more about entropy :


(Source : https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/ )

[SuperAcaiBowl]

With the TREZOR you should still have a paper wallet backup for it.

The TREZOR key generation is on the device though, so it avoids the situation where you generate your paper wallet on a compromised machine and therefore your keys are compromised. It's also easy to use the TREZOR if you want to spend from your cold wallet without compromising it.

[Kakmakr]

Now, its really getting confusing. I am not sure of the one to stick to or use anymore myself because I read in this thread; https://bitcointalk.org/index.php?topic=3176978.msg33348015#msg33348015  about how a guy descovered how unsafe it is to store cryptos in a hardware wallet. I have used both (Ledger and Trezor) but later chosed Ledger because of it metal nature.
And haven't really considered the paper wallet because of the tendency of fire outbreak (you never can tell what might happen) but with that recent discovery, I'm just confused of the one to stick to.

Do not get to fired up <excuse the pun> about this. A fire can destroy both paper wallets and hardware wallets. The strategy of storing paper wallets in multiple locations, will solve this problem. You can even store your hardware wallet seed in multiple locations, if you want to be safe.

In the event of a fire, the hardware wallet might be destroyed, but you can just retrieve the seed from the secondary location and then buy a new wallet and retrieve the keys from the seed onto that wallet. <You do not have to retrieve it back onto a hardware wallet>

The paper wallet is just easier, because you can make duplicate copies and nothing needs to be replaced to retrieve those coins.   

[kazinish44]

paper wallet (i think its the  ::)better option and safe so long no one steals it )

[Killrbit]

While a paper wallet could be considered safer, it primarily depends on how often u plan to hold your coins and use them, if u plan to transact from the paper wallet regularly then u risk your coin each time u transfer money out from the paper wallet as you have to out your keys online every time you want to make a transfer. You would then have to create a new paper wallet for full sfatey, and doing this constantly could get tiresome and expensive( constant transfer fees). In this case it would better to use a hardware wallet like the trezor or ledger. If however u dont plan to touch your coins for years than yes a paper wallet is technically safer provided you follow best practices.

[loews]

honestly i have a preference for paper wallet. They are safer because you can take multiple copies and store them in a different place in case someone comes to hunt you

[HCP]

honestly i have a preference for paper wallet. They are safer because you can take multiple copies and store them in a different place in case someone comes to hunt you

How exactly does storing multiple copies in different locations protect you (or your bitcoins) if someone comes hunting for you?

If they hunt you down and find you... they take the copy you have at your location and then transfer your coins. What use are the multiple copies? The only thing that having multiple copies stored in multiple locations protects you from is accidental loss (fire/water damage, accidentally thrown away etc) of the copy you have with you. It isn't going to stop anyone who "comes to hunt you".

[Sam San]

honestly i have a preference for paper wallet. They are safer because you can take multiple copies and store them in a different place in case someone comes to hunt you

How exactly does storing multiple copies in different locations protect you (or your bitcoins) if someone comes hunting for you?

If they hunt you down and find you... they take the copy you have at your location and then transfer your coins. What use are the multiple copies? The only thing that having multiple copies stored in multiple locations protects you from is accidental loss (fire/water damage, accidentally thrown away etc) of the copy you have with you. It isn't going to stop anyone who "comes to hunt you".

now the process of determining the identity of members of the KYC crypto-network has been launched, how many copies of your wallets will no longer be important when people and their bitcoins are extracted from these lists.

[Killrbit]

i can print multiple keys with paper and place it all the secure place for back up. i cant do that with hardware wallets.

Actually one of the Key advatages of trezor is that you can create multiple passphrases which essentially creates an entirely new wallet on the same device, with the pass phrase acting as an additional 25th seed word to the original 24 word seed generated on the device. Essentially then u would have different Keys for each wallet.