Are Hardware Wallets to be trusted?

[Political Sniper]

We all know the securityissues with Microsoft and specifically it's privacy concerns. But, I never seen anyone talking about the actual hardware you are using and trusting with your private keys. There's been evidence that previously reputable companies have been spying on it's customers via keyloggers. Just take dell for instance: http://www.zerohedge.com/news/2017-05-12/hp-laptops-discovered-be-spying-users-keylogger

Every time you are importing your private keys, or signing an address you are ultimately trusting the hardware which you are using. Even if you sign/import on a offline computer. You are still trusting the developers of the hardware which you are using. I don't think I'm completely crazy in thinking this is a genuine issue and should at least be discussed. There's been several companies which have spied on it's users through different means; Apple, dell and Microsoft are some of the biggest developers/manufacturers in the world and arguably the most 'trusted' in their field.

These hardware wallets which are very popular among the community today; Trezor and Ledger more specifically are seen as gods gift among the community and everyone believes they are 100% safe. But, can we really trust those behind the development? Can we trust that the government haven't got their hands in things? Please understand I'm not calling out the hardware wallets as scams or anything like that. I actually believe they are very user friendly and are a great storage option for a hot wallet which you need to access somewhat securely regularly.

But, these hardware wallets have been developed and manufactured by less renowned people than the companies mentioned above. Yet they were simply embraced by the community without any questions.

I'm just gong to quote some websites which I believe have concerns about this and hardware wallets too.

How much do you trust your hardware wallet?

When it comes down to how much you should trust your hardware, an issue that is becoming more popular nowadays, deterministic subliminal channel-free signature schemes seems to offer a great advantage. I’ve come to this conclusion while designing the Firmcoin and analyzing the possible adversaries for a hardware wallet.  Even if you trust your private keys to your hardware wallet, you generally don’t trust it as much as giving the hardware wallet full Internet access. not even wireless communication. You provide the hardware wallet with a transaction to sign, and you get it signed. In the case of a Bitcoin hardware wallet, which uses ECDSA, the best you can have is a subliminal-free but interactive signing protocol, that still poses some risks.

Read more here: https://bitslog.wordpress.com/2014/06/09/deterministic-signatures-subliminal-channels-and-hardware-wallets/

Ultimately, I would like some discussion on the safety of using hardware wallets specifically or generating/importing/exporting private keys on them.

[1713995816]

1713995816

[1713995816]

1713995816

[Jmesser80]

I’m probably not one who can answer the question about how safe the hardware wallets are, I don’t know programming or code etc. but the larger companies, Microsoft Apple Samsung, all had to start out as small companies no one knew about but have built trust in the products through time. Although I do agree vigilance is needed that’s why It’s good to have forums like this to bring possible issues to light.

[jseverson]

We all know the securityissues with Microsoft and specifically it's privacy concerns. But, I never seen anyone talking about the actual hardware you are using and trusting with your private keys. There's been evidence that previously reputable companies have been spying on it's customers via keyloggers. Just take dell for instance: http://www.zerohedge.com/news/2017-05-12/hp-laptops-discovered-be-spying-users-keylogger

Wow that's disturbing. I read about this a while ago but I thought it was just some statistics gathering software or something. I had no idea it was actually recording keystrokes on an unencrypted file, according to https://www.cnet.com/news/keylogger-discovered-on-some-hp-laptops-conexant/. Either way, this is why I support open-source software. Everything is up for review, so you know exactly what you're getting into. I have stopped trusting Windows for some time now, opting for Linux for more sensitive activites, and this just proves I'm right.

As for hardware wallets, I have to be honest that I have no idea how they work internally, but the fact that they have been completely safe thus far suggests that they're quite trustworthy. There are probably some out there that houses hundreds of thousands of coins. But then again, there are only no incidents until there has been an incident, so that could change in a hurry. I personally still trust them because it's not like they're running on some kind of freemium model, but that's just me.

[Nightwatchman]

The more valuable Bitcoin becomes, the harder it is to blindly trust any method of coin storage.

At one point I'm sure Mt Gox customers trusted the exchange.

The Ledger Nano S plug in for Chrome (Mac) has some holes in it, which has put me on full alert.

FWIW, I spread my coins in many different places to mitigate the risk of any one of them falling over.

[no0dlepunk]

I have read the OP and all I can say is - YES, hardware wallets are safe and could be trusted. I personally recommend Hardware Wallet HW. I've been using it for a year already, and so far I haven't gotten any issues at all. I have a hard plastic card that holds my private keys which makes it impossible for a hack.

[dawoodkhan97]

Hard wallets make it nearly impossible to hack
bitcoins and I have not heard of a single case
where a person's hard wallet was hacked unless
he forgot its private key.

Other than that hard wallets are the best and
secure medium for bitcoin storage.

[odolvlobo]

Start here: https://doc.satoshilabs.com/trezor-faq/software.html#why-should-i-trust-trezor-with-my-private-keys

[Xavofat]

But, can we really trust those behind the development? Can we trust that the government haven't got their hands in things?

You don't understand the importance of open source code.  Most major companies' code is closed source, so your average user can't just take a look and see whether the code that they produced is safe.

The hardware wallets require for you to consent to an update, so if an update contains malicious code, it's almost certain that several reputable users will have reviewed the code and publicised the problem.

Therefore, the reputation of the developers (while it is actually very good for TREZOR by the way - they own Slush Pool for example) is pretty much irrelevant in this case.

The more valuable Bitcoin becomes, the harder it is to blindly trust any method of coin storage.

That's why we have offline storage.

[martin.k]

Trusting is the hardest thing in Cryptocurrency world. You can easily be scammed in no time.
I am also searching for a good hardware wallet, but could not find any yet!

[megynacuna]

These hardware wallets which are very popular among the community today; Trezor and Ledger more specifically are seen as gods gift among the community and everyone believes they are 100% safe. But, can we really trust those behind the development?

That is why I decided to replace my Ledger Nano S with the latest Trezor T. Trezor software is open-source so everyone can check if the code is bug-free or if there are any backdoors. Ledger devices are based on secure elements which have limited space and capabilities and most importantly, we can't see what happens inside it. Also, Ledger has started working with Intel which is known for problems with Intel Management Engine. I don't trust developers, I trust community that checks the code provided by them.

Exactly, Trezor is very reliable and open source, it makes it have more room for development and improvements. I recently forked out 150$ for one and i think it's worth my investment because i've started taking my bitcoin saving seriously due to the astronomical rate at which it is rising in value.

[HongKong]

Hard wallets make it nearly impossible to hack
bitcoins and I have not heard of a single case
where a person's hard wallet was hacked unless
he forgot its private key.

Other than that hard wallets are the best and
secure medium for bitcoin storage.

You are somewhat correct. If there were any hacks involving a Hardware wallet then it would most likely be an inside job from the company that built that wallet.

[okissabam]

I think these hardware wallets are trusted because I haven't heard any complaint from a person who owns it that they've had problems or were ever hacked when they stored their coins, so most probably they are very reliable.

[TraderInc]

any word on keeper's key or the third popular one after nano and trezor ?

[gundala]

I think these hardware wallets are trusted because I haven't heard any complaint from a person who owns it that they've had problems or were ever hacked when they stored their coins, so most probably they are very reliable.

besides, wallet hardware can hardly be hacked because your private key is stored offline.
so this wallet is safe enough to be used to store digital coins. however, the price is rather expensive.

[sofi@]

Hard wallets so far are good way to kep your bitcoins unlike online wallets it can't be hack or stolen the only problem maybe is how you will keep it in a place that no one can steal it. But one issue you must take in is that regardless of what wallet you are goin to take crypto currency as its nature is too risky so whether you have better wallets if the price of cryptos suddenly fall back chances are you can still lose everything in an instant

[aplistir]

according to https://www.cnet.com/news/keylogger-discovered-on-some-hp-laptops-conexant/. Either way, this is why I support open-source software. Everything is up for review, so you know exactly what you're getting into. I have stopped trusting Windows for some time now, opting for Linux for more sensitive activites, and this just proves I'm right.

Have you ever tried to read the source code of Linux? There is so much code that it is pretty impossible to go through that. I would not be surprised if there were some surprises hidden in there too. NSA could have some programmers "contributing" to developing Linux, who could know. A well designed "bug" could be all that they want.

But I too trust Linux much more than windows, which really is spying its users.

As for hardware wallets, I have to be honest that I have no idea how they work internally, but the fact that they have been completely safe thus far suggests that they're quite trustworthy. There are probably some out there that houses hundreds of thousands of coins. But then again, there are only no incidents until there has been an incident, so that could change in a hurry. I personally still trust them because it's not like they're running on some kind of freemium model, but that's just me.

I trust hw-wallets too, but there could always be a bug in them too. Paper wallets are safer, if the key has been made with a good RNG.

[bob123]

These hardware wallets which are very popular among the community today; Trezor and Ledger more specifically are seen as gods gift among the community and everyone believes they are 100% safe. But, can we really trust those behind the development? Can we trust that the government haven't got their hands in things?

You don't really have to trust someone. You can verify everything by yourself because the 'important' parts of the wallets are open source
and therefore accessable by everyone who has access to the internet. To verify the hardware isn't as easy as verifying the software, but you can
still compare which chips are built-in and (theoretically) 'reproduce' it on an emulator? I mean, this second step is only for extremely paranoid people.
But this still could be an exaggerated option. 

Ultimately, I would like some discussion on the safety of using hardware wallets specifically or generating/importing/exporting private keys on them.

Hardware wallets are kinda made for generating private keys (randomly).
But you shouldn't be able to import/export private keys into/from a hardware wallet. Such a private key should be looked at as compromised.
Therefore, to guarantee the integrity and confidentality of your keys they only can (and should) be generated on your HW device.

[boogersguy]

Seems most of the people responding here didn't bother to read about subliminal channels before giving their 2c of wisdom. 

It looks like covert messages can be embedded in the signature itself.  This would be bad. Real bad. 

My simpleton solution would be to use paper wallets and sign transactions offline with a vetted copy of something like coinb.in where you can review the code line by line to verify that "k" is not being gamed.

Thoughts, smart people?

[Political Sniper]

These hardware wallets which are very popular among the community today; Trezor and Ledger more specifically are seen as gods gift among the community and everyone believes they are 100% safe. But, can we really trust those behind the development?

That is why I decided to replace my Ledger Nano S with the latest Trezor T. Trezor software is open-source so everyone can check if the code is bug-free or if there are any backdoors. Ledger devices are based on secure elements which have limited space and capabilities and most importantly, we can't see what happens inside it. Also, Ledger has started working with Intel which is known for problems with Intel Management Engine. I don't trust developers, I trust community that checks the code provided by them.

I'm not really taking about the code which is being used. Although, the code is open source and I do support open source software I'm more concerned about the hardware which is almost undetectable by the average user of Bitcoin.

Code can be checked because it's extracting information which uses CPU and you can monitor via your computer. But hardware isn't that straight forward.

[mayo2u]

Seems most of the people responding here didn't bother to read about subliminal channels before giving their 2c of wisdom.  

It looks like covert messages can be embedded in the signature itself.  This would be bad. Real bad.  

My simpleton solution would be to use paper wallets and sign transactions offline with a vetted copy of something like coinb.in where you can review the code line by line to verify that "k" is not being gamed.

Thoughts, smart people?

If there is a keylogger installed by the manufacturer in your brand-new desktop then you're SOL using any computer. I suppose there needs to be trust somewhere. But thanks for coinb.in - it looks very interesting. I've been using armory and my own brain key. (I'll let all of you decide if I'm a fool or not). But as the password has over 100 characters I'm fairly confident that,at over 10^130, that it's safe.

And, continuing down the paranoid road - I'm using a raspberry pi. Hmmm maybe I ought to worry about a keylogger there as well.