Bitcoin Forum
September 20, 2018, 03:33:54 PM *
News: ♦♦ Bitcoin Core users must update to 0.16.3 [Torrent]. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: Are Hardware Wallets to be trusted?  (Read 665 times)
mayo2u
Member
**
Offline Offline

Activity: 132
Merit: 12


View Profile
December 12, 2017, 09:14:43 PM
 #21

Seems most of the people responding here didn't bother to read about subliminal channels before giving their 2c of wisdom.  

It looks like covert messages can be embedded in the signature itself.  This would be bad. Real bad.  

My simpleton solution would be to use paper wallets and sign transactions offline with a vetted copy of something like coinb.in where you can review the code line by line to verify that "k" is not being gamed.

Thoughts, smart people?



If there is a keylogger installed by the manufacturer in your brand-new desktop then you're SOL using any computer. I suppose there needs to be trust somewhere. But thanks for coinb.in - it looks very interesting. I've been using armory and my own brain key. (I'll let all of you decide if I'm a fool or not). But as the password has over 100 characters I'm fairly confident that,at over 10^130, that it's safe.

And, continuing down the paranoid road - I'm using a raspberry pi. Hmmm maybe I ought to worry about a keylogger there as well.

1537457634
Hero Member
*
Offline Offline

Posts: 1537457634

View Profile Personal Message (Offline)

Ignore
1537457634
Reply with quote  #2

1537457634
Report to moderator
1537457634
Hero Member
*
Offline Offline

Posts: 1537457634

View Profile Personal Message (Offline)

Ignore
1537457634
Reply with quote  #2

1537457634
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537457634
Hero Member
*
Offline Offline

Posts: 1537457634

View Profile Personal Message (Offline)

Ignore
1537457634
Reply with quote  #2

1537457634
Report to moderator
1537457634
Hero Member
*
Offline Offline

Posts: 1537457634

View Profile Personal Message (Offline)

Ignore
1537457634
Reply with quote  #2

1537457634
Report to moderator
1537457634
Hero Member
*
Offline Offline

Posts: 1537457634

View Profile Personal Message (Offline)

Ignore
1537457634
Reply with quote  #2

1537457634
Report to moderator
ttookk
Hero Member
*****
Offline Offline

Activity: 882
Merit: 508


The Future Of Work


View Profile
December 14, 2017, 12:07:39 AM
 #22

This is a question I asked myself recently as well. And refering to open source code doesn't completely solve the question, because the main attack vector I see, if a hardware wallet manufacturer would want to access customers funds, would be a bad random number generator.

I don't know how trezor and ledger generate their privkeys, though. Does anybody have any insight in that?



███████████████████████████████████████
███████████████████████████████████████
███████████████████████████████████████
███████████████████████████████████████
███████░░░░░░░░░░░░░░░░████████████████
███████░░░░░░░░░░░░░░░░████████████████
███████░░░░░░░░░░░░░░░▄████████████████
███████░░░░░░░░░░░░░▄██████████████████
███████░░░░░░░░░░░▄█████▀░░░░░░░███████
███████░░░░░░░░░▄█████▀░░░░░░░░░███████
███████░░░░░░░▄█████▀░░░░░░░░░░░███████
███████░░░░░▄█████▀░░░░░░░░░░░░░███████
███████░░░▄█████▀░░░░░░░░░░░░░░░███████
███████░▄█████▀░░░░░░░░░░░░░░░░░███████
████████████▀░░░░░░░░░░░░░░░░░░░███████
███████████████████████████████████████
███████████████████████████████████████
███████████████████████████████████████
███████████████████████████████████████

BLACKBOX OS
The Future of Work. Decentralized.
███████████████████
███████████████████
████████████▀▀█████
███████▀▀▀    █████
███▀    ▄▄▀  ▐█████
█████▄▄█     ██████
██████▌ ▄█▄  ██████
███████████████████
███████████████████




█ ANN THREAD █
legonappy
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
December 14, 2017, 05:38:00 PM
 #23

Hardware wallets are the most trustworthy among all types of bitcoin wallets. However, a large amount of bitcoin is always unsafe. So be careful.
bob123
Hero Member
*****
Offline Offline

Activity: 686
Merit: 562



View Profile WWW
December 14, 2017, 06:47:15 PM
 #24

I've been using armory and my own brain key. (I'll let all of you decide if I'm a fool or not). But as the password has over 100 characters I'm fairly confident that,at over 10^130, that it's safe.

Your 'brain key' contains 'over 100 characters' and its at about 10^130, interesting.
It seems like you are using a set of 10 characters and a set of 130. Thats pretty unefficient..
Why not using a set of 62 character (a-z,A-Z,0-9) and only a length of 72 with the same entropy?

Oh.. and did you already know that bitcoin private keys are taken out of a 2^160 pool ? Thats about 10^48.
Compared to your 10^130 thats pretty weak Sad  You can be proud to have a password which is massively stronger than the thing it protects.
Since in this scenario it is easier to crack btc and as we all know bitcoin can't be broken, such a long password may be a bit (?) paranoid, but i'll let you decide.

RGBKey
Hero Member
*****
Offline Offline

Activity: 826
Merit: 616


rgbkey.github.io/pgp.txt


View Profile WWW
December 15, 2017, 01:34:11 AM
 #25

This is a question I asked myself recently as well. And refering to open source code doesn't completely solve the question, because the main attack vector I see, if a hardware wallet manufacturer would want to access customers funds, would be a bad random number generator.

I don't know how trezor and ledger generate their privkeys, though. Does anybody have any insight in that?

What we really need is open source hardware. Devices that people can assemble themselves. Unfortunately the skill required to do something like this would be much higher than the average cryptocurrency enthusiast.

ttookk
Hero Member
*****
Offline Offline

Activity: 882
Merit: 508


The Future Of Work


View Profile
December 16, 2017, 03:43:20 AM
 #26

This is a question I asked myself recently as well. And refering to open source code doesn't completely solve the question, because the main attack vector I see, if a hardware wallet manufacturer would want to access customers funds, would be a bad random number generator.

I don't know how trezor and ledger generate their privkeys, though. Does anybody have any insight in that?

What we really need is open source hardware. Devices that people can assemble themselves. Unfortunately the skill required to do something like this would be much higher than the average cryptocurrency enthusiast.

I was actually just yesterday thinking about a different approach: roll the dice.

Make a spreadsheet with all the words used for the seed. Align them in a way that you can divide them in a way that makes sense (see below).

Get some dice, for example two W10 dice (two w10 dice can be used to roll numbers between 00-99), then create your seed by rolling the dice until you have 24 words. Put them into your hardware wallet --> totally trustless, ultra paranoid DIY random number generator. Now, at least the seed is generated safely.

Addendum: I haven't found the word list yet, but I assume it is not divisible by 10 or 100. With that in mind: to keep the chances of hitting a word as even as possible, it may be prudent to use different dice (Your local D&D dealer can help you out).


Speaking of assembling themselves: I recently thought about getting an old smartphone, physically disconnect anything that can broadcast and flash a custom ROM on it, which functions as a wallet. Input and output will be handled via camera and QR-Codes (Seed creation, see above Wink ).



███████████████████████████████████████
███████████████████████████████████████
███████████████████████████████████████
███████████████████████████████████████
███████░░░░░░░░░░░░░░░░████████████████
███████░░░░░░░░░░░░░░░░████████████████
███████░░░░░░░░░░░░░░░▄████████████████
███████░░░░░░░░░░░░░▄██████████████████
███████░░░░░░░░░░░▄█████▀░░░░░░░███████
███████░░░░░░░░░▄█████▀░░░░░░░░░███████
███████░░░░░░░▄█████▀░░░░░░░░░░░███████
███████░░░░░▄█████▀░░░░░░░░░░░░░███████
███████░░░▄█████▀░░░░░░░░░░░░░░░███████
███████░▄█████▀░░░░░░░░░░░░░░░░░███████
████████████▀░░░░░░░░░░░░░░░░░░░███████
███████████████████████████████████████
███████████████████████████████████████
███████████████████████████████████████
███████████████████████████████████████

BLACKBOX OS
The Future of Work. Decentralized.
███████████████████
███████████████████
████████████▀▀█████
███████▀▀▀    █████
███▀    ▄▄▀  ▐█████
█████▄▄█     ██████
██████▌ ▄█▄  ██████
███████████████████
███████████████████




█ ANN THREAD █
HCP
Hero Member
*****
Offline Offline

Activity: 728
Merit: 923

<insert witty quote here>


View Profile
December 16, 2017, 03:48:42 AM
 #27

Addendum: I haven't found the word list yet, but I assume it is not divisible by 10 or 100. With that in mind: to keep the chances of hitting a word as even as possible, it may be prudent to use different dice (Your local D&D dealer can help you out).
You mean the BIP39 wordlist? https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

ttookk
Hero Member
*****
Offline Offline

Activity: 882
Merit: 508


The Future Of Work


View Profile
December 16, 2017, 03:54:07 AM
 #28

Addendum: I haven't found the word list yet, but I assume it is not divisible by 10 or 100. With that in mind: to keep the chances of hitting a word as even as possible, it may be prudent to use different dice (Your local D&D dealer can help you out).
You mean the BIP39 wordlist? https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

Woohoo, yes, thanks Smiley

Ok, looks like the magic number 8 is the way to go. There are 8-sided dice, so that shouldn't be a problem… oh, and a 4-sided die at the end.

Alternatively, 16-sided die, leaves a rest of 8, so a 8-sided die for the finish. Saves one round, too.
16 pages with 128 words per page, 16 lines with 8 words per line. First, roll the page, then the line, then the word. Repeat 23 times.


Are the keys checksumed, though? This would mean that not every combination automatically works…



███████████████████████████████████████
███████████████████████████████████████
███████████████████████████████████████
███████████████████████████████████████
███████░░░░░░░░░░░░░░░░████████████████
███████░░░░░░░░░░░░░░░░████████████████
███████░░░░░░░░░░░░░░░▄████████████████
███████░░░░░░░░░░░░░▄██████████████████
███████░░░░░░░░░░░▄█████▀░░░░░░░███████
███████░░░░░░░░░▄█████▀░░░░░░░░░███████
███████░░░░░░░▄█████▀░░░░░░░░░░░███████
███████░░░░░▄█████▀░░░░░░░░░░░░░███████
███████░░░▄█████▀░░░░░░░░░░░░░░░███████
███████░▄█████▀░░░░░░░░░░░░░░░░░███████
████████████▀░░░░░░░░░░░░░░░░░░░███████
███████████████████████████████████████
███████████████████████████████████████
███████████████████████████████████████
███████████████████████████████████████

BLACKBOX OS
The Future of Work. Decentralized.
███████████████████
███████████████████
████████████▀▀█████
███████▀▀▀    █████
███▀    ▄▄▀  ▐█████
█████▄▄█     ██████
██████▌ ▄█▄  ██████
███████████████████
███████████████████




█ ANN THREAD █
RGBKey
Hero Member
*****
Offline Offline

Activity: 826
Merit: 616


rgbkey.github.io/pgp.txt


View Profile WWW
December 17, 2017, 01:25:31 AM
 #29

Addendum: I haven't found the word list yet, but I assume it is not divisible by 10 or 100. With that in mind: to keep the chances of hitting a word as even as possible, it may be prudent to use different dice (Your local D&D dealer can help you out).
You mean the BIP39 wordlist? https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

Woohoo, yes, thanks Smiley

Ok, looks like the magic number 8 is the way to go. There are 8-sided dice, so that shouldn't be a problem… oh, and a 4-sided die at the end.

Alternatively, 16-sided die, leaves a rest of 8, so a 8-sided die for the finish. Saves one round, too.
16 pages with 128 words per page, 16 lines with 8 words per line. First, roll the page, then the line, then the word. Repeat 23 times.


Are the keys checksumed, though? This would mean that not every combination automatically works…

It doesn't look like it to me. It seems the whole phrase is just hashed together with some salt (the string "mnemonic" plus your passphrase, if you have one), which means there's no checksum. You should be able to use dice to generate a valid BIP39 phrase by using the wordlist. Source.

codewench
Member
**
Offline Offline

Activity: 93
Merit: 29


View Profile
December 17, 2017, 03:40:16 AM
 #30

Are the keys checksumed, though? This would mean that not every combination automatically works…

It doesn't look like it to me. It seems the whole phrase is just hashed together with some salt (the string "mnemonic" plus your passphrase, if you have one), which means there's no checksum. You should be able to use dice to generate a valid BIP39 phrase by using the wordlist. Source.

There is a check value. Look further up in BIP39 in the "Generating the mnemonic" section. The dictionary of 2048 words results in a bit sequence 33/32nds of the needed length(s). The extra bits are the check value.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!