Bitcoin Forum
April 25, 2018, 03:40:28 PM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Why do we trust hardware wallet manufacturers?  (Read 311 times)
KIANA
Jr. Member
*
Offline Offline

Activity: 47
Merit: 4


View Profile
March 13, 2018, 03:24:23 PM
Merited by suchmoon (2)
 #1


I have recently bought a hardware wallet. (Ledger Nano S)

This made me think about the reasons why I should trust my life savings
to these companies? They write software that I cannot understand and I
trust other people to verify that the software that they wrote is 100% safe.

Why do I trust the people who "verified" that code? I have no idea what
their motivation is and if I can trust them.

The only answer that I could get, was that the honesty and the trust
would benefit the group and the community that was using this
technology.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1524670828
Hero Member
*
Offline Offline

Posts: 1524670828

View Profile Personal Message (Offline)

Ignore
1524670828
Reply with quote  #2

1524670828
Report to moderator
ranochigo
Legendary
*
Offline Offline

Activity: 1428
Merit: 1052


DateCoin - The HOTTEST ICO


View Profile WWW
March 13, 2018, 04:06:00 PM
 #2

It's the same question; How do you trust the people who develop desktop wallets?

If you can't review the code for the hardware wallets, you probably didn't review the code for the desktop wallets that you've used either. If you want to be more specific and thorough, you didn't review the source code for your operating system either. There is certainly no way to be 100% safe if you can't review and build everything yourself.

Wallets like Electrum has incorporated hardware wallets into their software. The trust goes to the contributors of Electrum instead of the hardware wallet developers in this case.

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1302
Merit: 1029


Use SegWit and enjoy lower fees


View Profile
March 13, 2018, 04:48:11 PM
 #3

Looks like you already answered your own question. If you can't verify the source code, the only way to stay safe is trust the people and community who already verify the source code.
But such trust already proven to work in other popular open-source project such as Linux and most development application.

    ▄████████▄
  ▄████████████▄
 ████████████████
██████████████████
██████████████████
██████████████████
 ████████████████
  ▀████████████▀
    ▀████████▀

    █ ███ ██ █
   █ ██ ██ ██ █
  █ ██ █  █ ██ █
      █    █
   ▄  ▄█▀
   ██▄▀▀
 ▄ ▀▀▄█▀
 ██ ▀▄
▄ ▀▄█▀
▀██▀▀▄
▄▄▄ ██
 ▀▀▀▀▄█
 ▀██ █▀▄█
   ▄▄▄▄▀█ █▄
    ▀▄▄▄▄ ▀█ █▄▄
      ▀▀▀█▄▄▄ ▀▀▀ ▄
        ▀▀▀▀▄███▀ ▀
▀█▄  ▄   
▀▀▄██   
▀█▄▀▀ ▄
▄▀ ██
▀█▄▀ ▄
▄▀▀██▀
██ ▄▄▄
█▄▀▀▀▀
█▄▀█ ██▀
▄█ █▀▄▄▄▄   
▄▄█ █▀ ▄▄▄▄▀   
▄ ▀▀▀ ▄▄▄█▀▀▀     
▀ ▀███▄▀▀▀▀       
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄███████████████▀▀▀█████▄
▄████████████▀▀     ██████▄
█████████▀▀   ▄▄▀   ███████
██████▄    ▄▄█▀    ████████
█████████▄██▀      ████████
▀██████████▄▄    ████████▀
 ▀████████▄█████▄████████▀
  ▀█████████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
.
.......ADD.......
yahoo62278
   ▄▄█████▄▄▄▄▄▄▄
 ▄██████████████████▄
█████████▀▀▀   ▀▀▀█████
███████            ▀████▄
██████     █████▄   █████▄
 █████▄     ▀▀▀▀██████████
 ███████▄          ▀██████
 ██████▀▀████▄▄▄▄   ▀█████
 ▀████    ▀██████    ██████
  ▀███▄     ▀▀▀▀    ███████
    █████▄▄▄   ▄▄▄█████████
      ▀██████████████████▀
          ▀▀▀▀▀▀▀█████▀▀
Spazzer
Member
**
Offline Offline

Activity: 84
Merit: 18


View Profile WWW
March 13, 2018, 05:54:45 PM
 #4

If you can't verify the source code, the only way to stay safe is trust the people and community who already verify the source code.

This. You have to remember that this applies to anything in life. Why do we trust strangers when asking restaurant advice? Same applies here.

Kprawn
Legendary
*
Online Online

Activity: 1456
Merit: 1028



View Profile
March 13, 2018, 07:01:01 PM
 #5

This is from the Ledger FAQ :

Ledger's hardware wallets are architectured around "secure elements" or secure chips. This is the same technology that

you find in chip and PIN payment cards or SIM cards.
These chips bring guarantees against physical attacks and raise the

level of security of your private keys. It is a industry standard.

The software is also Open Source : https://github.com/LedgerHQ/ledger-nano-s


BitMaxz
Legendary
*
Offline Offline

Activity: 1050
Merit: 1018


View Profile
March 13, 2018, 07:44:50 PM
 #6

Honestly to me, I don't trust any wallet or even the hardware wallet. Since everything in bitcoin needs internet to be able to operate. There is still possible that those hardware wallets or desktop wallet or any wallet with high trusted reviews it's not guaranteed 100% that they are safe, but it still depends on you how you protect your wallet.

Anyway, hardware wallets are good for offline use and it is called the 2nd layer of authentication before you can send any amount of coins from your hardware wallet.

Hardware wallet is safe 90% I don't give 100% because I heard someone said that hacker was stolen bitcoin. If you know trezor wallet it is one of the hardware wallets competitors by ledger nano. Time ago a trezor wallet is hackable, but developers release the latest firmware and fix the issue about trezor wallet and now I don't hear any customer complains about their wallet. However, I'm not still satisfied to trust them

In that time I lose faith in hardware wallets because even hardware wallets can be hackable. So, now I don't trust them.

You are still lucky that you bought a ledger nano s as of now I see good reviews about this wallet and I think they are safe not 100% but you secured just follow the safety guidelines.

If you really wanted to verify 1 of the hardware wallet like ledger nano s and if you are not satisfied with the answer from a manufacturer, then you need to hire a programmer just to verify the program is safe or not.

For me testing them with your own you can verify that your wallet is safe, then if you still experience bad issue about hardware wallet in the future it means that wallet is not safe and your security level is low.

So for me electrum wallet is enough just add your password as your 2nd layer of authentication and save your seed phrase in the safety place and you are safe. This is just what I experience and I am using that wallet for a long time that until now I can guarantee you that electrum wallet is safe. I test them a lot even I don't exactly know what inside the electrum program, but I always scan them before I install if it is clean or not. This is just your alternative if ever you wanted to switch to electrum, but you can stay to use ledger nano s even I don't know what is program inside for me they are safe because I don't hear any customers complaint.

Jet Cash
Hero Member
*****
Online Online

Activity: 868
Merit: 816


Satan's Slave


View Profile WWW
March 13, 2018, 07:50:51 PM
 #7

Why do you trust banks with your money? Oh wait, I don't, and I don't trust online or other wallets either.

I don't see what's wrong with a password protected Bitcoin core wallet. I think that is the most trustworthy, but that's just an instinctive reaction on my part.

Don't drink and drive ==>> Click here to find out why
DannyHamilton
Legendary
*
Offline Offline

Activity: 2142
Merit: 1321



View Profile
March 13, 2018, 08:46:16 PM
Merited by bones261 (2), suchmoon (1), HCP (1)
 #8

Why do you trust banks with your money? Oh wait, I don't, and I don't trust online or other wallets either.

I don't see what's wrong with a password protected Bitcoin core wallet. I think that is the most trustworthy, but that's just an instinctive reaction on my part.

But the OP question still remains.

Why do you trust the Bitcoin Core wallet?
Why do you trust the operating system that you are running your Bitcoin Core wallet on?
Why do you trust the hardware that your operating system is running on?
Why do you trust the mathematical functions of ECDSA and SHA?

I think the important question that the OP was asking is...

"If I do not have the technical expertise to know exactly what the software and hardware are doing, then how can I be certain that those who do have the technical expertise aren't lying to me?"

The security of open source relies on the concept that hiding the true nature of the thing requires that ALL TECHNICALLY CAPABLE people in the ENTIRE WORLD will collude to hide the behavior of the thing from ALL TECHNICALLY INCAPABLE people.  If even 1 single technically capable person refuses to collude with all the other technically capable people, then that one person can reveal the true nature of the thing to all the technically incapable people.

Kakmakr
Legendary
*
Offline Offline

Activity: 1274
Merit: 1059

★ ChipMixer | Bitcoin mixing service ★


View Profile
March 14, 2018, 06:42:30 AM
 #9

I also think it has a lot to do with reputation. If you want to grow into a multi Billion dollar business, you will have to build a strong trust relationship with your customers. One big mistake will destroy all the hard work that was done to establish this business.

We are not talking about the little "Mom and Dad" business here. These companies have a lot to lose, if they fail.
https://techcrunch.com/2018/01/18/ledger-raises-another-70-million-to-become-the-leader-in-cryptocurrency-hardware-wallets/

Reputation is the secret to their success, so they will use all the resources they have to build a trusted Brand. The competition to become the industry leader is very competitive. <Ledger vs Trezor>

vit05
Full Member
***
Offline Offline

Activity: 266
Merit: 124



View Profile
March 18, 2018, 11:46:49 PM
 #10

In open source projects, such as the majority of wallets, you may think that the reward for finding a flaw in these projects is very high. You do not have to trust the honesty of all those who have technical knowledge. You can rely on greed. In addition, since most of the world lives in an open environment and all those who own Bitcoin are in communities where when a failure occurs, they can scream for the community. And quickly this failure will be known by everyone.
But the best thing about Bitcoin is that you do not have to use a hardware wallet if you do not feel secure. You can use a paperwallet, pendrive. A wallet like Electrum etc.

____________yahoo62278 CAMPAIGN MANAGER________  ◥◥  The Best & Most Popular Manager  ◤◤  ____________
ICO Manager          Bounty Manager          Signature Campaign Manager          Twitter Campaign Manager
█████████████████████████   ADD "yahoo62278" on Telegram & Skype   █████████████████████████
virendarnagpal
Jr. Member
*
Offline Offline

Activity: 154
Merit: 2


View Profile
March 23, 2018, 12:17:15 PM
 #11

In our daily life we are using so many technical machines / hardware / software.  Whatever we are using is developed / invented / manufactured by others.  We are traveling by air, train, road transport.  First we have to trust the engineers who made aircraft, rails, buses, cars.  Then we are having trust on the pilots, drivers that they will carry us safe to our destination. Do we know anything about airoplane.  I think 99.99% of us do not know it's technicalities even the pilot flying the machine may not be having complete knowledge about the plane.  Pilot is just having knowledge how to fly it and primary issues related to it.  But we are blindly trusting him.
In the same way we are trusting service providers like Banks, insurance companies, health centers, doctors.  While paying premium to insurance company we are paying just because we have faith in them that in case of need they will repay the insured amount.  While getting surgical operations from surgeon we have to 100% surrender ourselves to the  doctors for the operation required.  In many of the operations we are first given medicines to make us unconscious only after that operation is done.
So without having trust we will not be able to avail and enjoy the facilities provided by others.
In above case transactions must be secured by password.  One time password option may also be opted as an additional security.  Authenticator app if generated in mobile will give additional security. 

║█ INTRO (https://introa.io/en/) █║
Business Intelligence Services for the participants of residential construction market
owlcatz
Legendary
*
Offline Offline

Activity: 1470
Merit: 1077


BTC, XMR & VIA FTW


View Profile WWW
March 24, 2018, 01:42:08 AM
 #12

Oh, FFS, if you don't like a hardware wallet, just use paper, it's even more secure if you do it right? Tongue

           ▄▄▄▄▄▄▄▄
      ▄▄██████████████▄▄
    ▄████████████████████▄
   ████████████████████████
  ███▀██████████████████▀███
 ████  ▀██████████████▀  ████
█████    ▀██████████▀    █████
█████      ▀██████▀      █████
█████       ▀██▀       █████
█████   ██▄        ▄██   █████
▀▀▀▀▀   ████▄    ▄████   ▀▀▀▀▀
        ██████▄▄██████
  ██████████████████████████
   ████████████████████████
    ▀████████████████████▀
      ▀▀██████████████▀▀
           ▀▀▀▀▀▀▀▀

Monero
          ▄▄▄██████▄▄▄
      ▄▄████████████████▄▄
    ▄███████████▀██████████▄
   ████████████  █  █████████
  █████████         ██████████
 ████████████         █████████
▄███████████    ███    ████████▄
███████████▌   ▀▀▀▀   ▄█████████
███████████   ▄▄▄▄   ▀██████████
▀█████████▌   ███▀    ▐████████▀
 ███████             ▐█████████
  █████████  █  ▄▄▄▄██████████
   ███████  █  ▄█████████████
    ▀████████▄▄████████████▀
       ▀████████████████▀▀
          ▀▀▀██████▀▀▀

.Bitcoin
           ▄▄▄███████▄▄▄
       ▄▄█████████████████▄▄
     ▄████▀▀           ▀▀████▄
    ███▀                   ▀███
   ███   ███           ███   ███
  ███     ███         ███     ███
 ███       ███       ███       ███
 ███     ██████     ██████     ███
 ███        ████   ████        ███
 ███     █████████████████     ███
 ███         ███▄ ▄███         ███
  ███         ███████         ███
   ███▄        █████        ▄███
    ████▄       ███       ▄████
     ▀█████▄▄         ▄▄█████▀
       ▀▀█████████████████▀▀
            ▀▀███████▀▀

.Viacoin
Kakmakr
Legendary
*
Offline Offline

Activity: 1274
Merit: 1059

★ ChipMixer | Bitcoin mixing service ★


View Profile
March 24, 2018, 06:58:15 AM
 #13

Oh, FFS, if you don't like a hardware wallet, just use paper, it's even more secure if you do it right? Tongue

This was a legitimate question from a newbie and deserve a legitimate answer. Some people in 3rd world countries will spend 50% of their monthly earnings on a hardware wallet like this and should get value for their money and the peace of mind that it is as secure as it is advertised.

The "if you do it right" part of your statement is very important. There are not a lot of newbies who knows how to do this in the most secure manner < air gapped computer and what not>  and that is why they are placing that trust into 3rd party hardware wallet providers hands.

Paper wallets can be your worst nightmare when you do it wrong and it is more suitable for long-term storage. Hardware wallets is a lot safer and more practical for daily use. 

Let's be a bit more understanding and supportive to these newbies.  Wink

kblaidd
Newbie
*
Offline Offline

Activity: 23
Merit: 9


View Profile
March 25, 2018, 06:21:37 AM
 #14

There's no reason to trust the developer of a hardware wallet any more than there is to trust the developers of software wallets. The difference is that however well meaning the developers are, a software wallet is inherently insecure. A hardware wallet, running on an entirely 'known' system, should be considerably more secure. If the developers are dishonest then all bets are off - even if the source code checks out.

You can also keep the private key offline on a computer with the ethernet and wifi and bluetooth adapters physically removed, then use it to sign transactions offline. Then copy them manually to a 'live' computer. The problem is, when you make things complicated like this, your risk of losing money due to a screw-up can be larger than your risk of being hacked.

PMs hassling me for money may be made public
bob123
Sr. Member
****
Offline Offline

Activity: 546
Merit: 387



View Profile
March 25, 2018, 02:51:48 PM
 #15

You can also keep the private key offline on a computer with the ethernet and wifi and bluetooth adapters physically removed, then use it to sign transactions offline. Then copy them manually to a 'live' computer. The problem is, when you make things complicated like this, your risk of losing money due to a screw-up can be larger than your risk of being hacked.

Physically removing network interfaces is a good step to ensure the device is really airgapped.
But i disagree with a higher risk due to screw-ups. If the seed/private keys are backed up properly i don't see a higher chance in losing funds compared to a
desktop wallet running on an everyday-pc.

While i agree that there indeed is a risk in screwing up i think that with proper back ups (which everyone should have, regardless of storing type) this risk can be compensated.

wilwxk
Sr. Member
****
Offline Offline

Activity: 322
Merit: 280



View Profile
March 25, 2018, 03:16:37 PM
 #16

But if you see the amount of users of the airplanes, desktops, bitcoin core wallet and compare with the amount of users of the hardware wallets, how big is the number of people that studied about the risks  and how big is the number of developers that checked inside the hardware wallets (remember that the ledger and trezor are not open-hardware), im not defending that the hadware wallets are not safe and we need to  verify every single componet of the wallet, im trying to say that the hardware wallets are on the few explored world of crypos where we see a different type of trap every day.

Cimmy_revenger
Sr. Member
****
Offline Offline

Activity: 504
Merit: 250


https://baanx.com


View Profile
March 25, 2018, 05:18:05 PM
 #17


I have recently bought a hardware wallet. (Ledger Nano S)

This made me think about the reasons why I should trust my life savings
to these companies? They write software that I cannot understand and I
trust other people to verify that the software that they wrote is 100% safe.

Why do I trust the people who "verified" that code? I have no idea what
their motivation is and if I can trust them.

The only answer that I could get, was that the honesty and the trust
would benefit the group and the community that was using this
technology.

your question is almost the same as what I want to ask others who understand about hardware wallet.
I also want to have it, but I do not understand about hardware  wallet

                                                                            █████▄▄▄▄▄▄
                                                                            ▀▀▀▀███████████▄▄
                                                                                   ▀▀██████████▄▄
                                                                                       ▀▀██████████▄▄
                                                                                           ▀▀██████████▄▄                    ▄████▄▄▄
                                                                                               ▀▀██████████▄▄              ▄███████████
████████████████▄        ██████████               ██████████        ████████▄       █████████▄▄    ▀▀██████████▄▄        ▄███████████▀
█████▀▀▀▀▀▀██████▌      ████████████             ████████████       ██████████▄     ████████████▄▄     ▀▀██████████▄▄  ▄███████████▀
█████       █████▌     ██████  ██████           ██████  ██████      ████████████▄   ███████████████▄       ▀▀████████████████████▀
█████▄▄▄▄▄▄█████▀     ██████    ██████         ██████    ██████     ██████████████▄ █████████████████▄         ████████████████▀
█████▀▀▀▀▀▀█████▄    ██████      ██████       ██████      ██████    ████████ ▀███████████████████████▀     ▄▄████████████████████▄▄
█████       █████▌  ████████████████████     ████████████████████   ████████   ▀███████████████████▀    ▄▄███████████████▀ ▀█████████▄▄
█████▄▄▄▄▄▄████████████████▀▀▀▀▀▀████████▄▄▄████████▀▀▀▀▀▀████████  ████████     ▀██████████████▀▀   ▄▄████████████████▀      ▀▀█████████▄▄
████████████████▀▀███████▀        ▀███████████████▀        ▀███████ ████████       ▀█████████▀▀   ▄▄█████████████████▀            ▀▀█████████▄▄
                                                                                                ██████████████████▀▀                  ▀▀█████████
The Cryptobank Revolution
▬▬  ANN  Whitepaper  Telegram  Facebook  Twitter  Medium  ▬▬

██
██
██
██
██
██
██
██
██
██
Open Source Blockchain Baanx
Mobile Cryptobank Platform
Branded Cryptobank Network

██
██
██
██
██
██
██
██
██
██
Docnaster
Hero Member
*****
Offline Offline

Activity: 560
Merit: 503


Sportsbet.io


View Profile
March 25, 2018, 07:35:44 PM
 #18

Why do you trust your bank account not to be hacked, or the ATM not to mess up your balance? Even if you don't understand it, it was built by people that understand better than you do.

Therefore your money is safer with them, than it is with yourself.

European Central Bank
Legendary
*
Online Online

Activity: 952
Merit: 1027



View Profile
March 25, 2018, 11:37:52 PM
 #19

like others have said i choose to trust the crypto hive mind to unearth these problems on my behalf and that's a much, much, much more powerful beast than your own knowledge or that of one individual whose opinions you rate.

if there is such a thing as a vested interest, it's making sure hardware wallets are as safe as they can be. it's in the extreme interest of what must be millions of people by now.


Why do you trust your bank account not to be hacked, or the ATM not to mess up your balance? Even if you don't understand it, it was built by people that understand better than you do.

Therefore your money is safer with them, than it is with yourself.

i'm not sure how valid that is. everything about banking is hidden and if they really screw up you're theoretically still in safe hands, that's why people trust it. that's not the case with hardware wallets. you have to rely on the creators and the people who pick their efforts apart too because everyone's ass is hanging on the line. it's then down to you to choose your course of action. no one's gonna save you.

aervin11
Full Member
***
Offline Offline

Activity: 224
Merit: 101



View Profile
March 26, 2018, 08:19:29 AM
 #20

give me bitcoin Grin

This is not the appropriate thread for begging bitcoins. Work your ass out and you would get your share.

Why do you trust your bank account not to be hacked, or the ATM not to mess up your balance? Even if you don't understand it, it was built by people that understand better than you do.

Therefore your money is safer with them, than it is with yourself.

Because bank is secured and got their insurance that whatever you left on banks, you could get it on banks. So as Ledger Nano, but you are ONLY the one who is responsible for your assets, whatever you lose, you are the one responsible for it and nobody would recover it for you.

M O S   ║    Decentralized Stock Market Lottery Platform    ║   M O S
────────  Telegram    Whitepaper  ────────
Lottery for the Blockchain Era   Register to Join MOS Token Sale

SR. MEMBER
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!