Bitcoin Forum
October 22, 2019, 10:05:11 AM *
News: 10th anniversary art contest
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 [7] 8 »  All
  Print  
Author Topic: It is NOT secure to use hardware wallets (and it never was)  (Read 1941 times)
Spendulus
Legendary
*
Offline Offline

Activity: 2394
Merit: 1189



View Profile
April 21, 2018, 05:06:44 AM
 #121

The "long term storage problem" is the simplest thing in the world to solve. Consider that a bitcoin address is no more than a 50-some digit long number All you need is a copy of that number in a safe depot box.

An 'address' is a 160 binary number. This, of course, can be encoded in any format.
Just like it is done with the displayed addresses (Base 58 encoding).

But to be able to gain access over the funds sent to the address you need the private key (256 bit binary number), which also can be encoded into *any* format.


The question is wether you want to put it into a depot box.
It matters on how much you trust the phsysical security of this box.

If you want to keep it away from everyones knowledge, such a storage might not be the best idea.

Sort of right. I referred to the private key, which is a 50-some digit long number. How one encodes it does not address the question or affect the answer.

Next, the question was not "if you want to keep it away from everyone's knowledge."

But that really doesn't matter. Please take a moment to think this over.

A private key can of course be password encoded, or encoded using a private scheme. Most of the orientation on this thread is "How to save and THEN RETRIEVE bitcoins." This implies a device capable of the retrieval, a computer or a hardware wallet, whatever.

A paper wallet does not do this, it simply stores the values. Therefore it does not have the complexities of devices with computing capabilities or data storage capabilities.

It's quite reasonable to believe there will in the future be various ways to read these keys into active devices.
1571738711
Hero Member
*
Offline Offline

Posts: 1571738711

View Profile Personal Message (Offline)

Ignore
1571738711
Reply with quote  #2

1571738711
Report to moderator
1571738711
Hero Member
*
Offline Offline

Posts: 1571738711

View Profile Personal Message (Offline)

Ignore
1571738711
Reply with quote  #2

1571738711
Report to moderator
1571738711
Hero Member
*
Offline Offline

Posts: 1571738711

View Profile Personal Message (Offline)

Ignore
1571738711
Reply with quote  #2

1571738711
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
justmyname
Sr. Member
****
Offline Offline

Activity: 383
Merit: 250


View Profile
April 22, 2018, 04:14:08 PM
Last edit: April 22, 2018, 04:41:36 PM by justmyname
 #122

Ledger Hardware Receive Address Attack

Whenever using a hardware wallet  to send or receive. Make sure to check the display of your device to make sure the coins are going to the right address. A virus can change the address.

https://www.youtube.com/watch?v=9Wf1SFTQxAs

https://www.youtube.com/watch?v=sZuxHSM8p-Q
Artlee87
Newbie
*
Offline Offline

Activity: 48
Merit: 0


View Profile
April 22, 2018, 07:46:02 PM
 #123

Paper wallet in a safe deposit box ftw lol
justmyname
Sr. Member
****
Offline Offline

Activity: 383
Merit: 250


View Profile
April 23, 2018, 01:23:28 AM
 #124

Paper wallet in a safe deposit box ftw lol

And if someone physically gets your paper wallet you lose the coins. Or you could have some technical problem when the day comes to use the coins. Cheesy   
AGD
Legendary
*
Offline Offline

Activity: 1849
Merit: 1058


Keeper of the Private Key


View Profile
April 23, 2018, 06:50:40 AM
 #125

...
Not when the "paper wallet" is made out of stainless steel.

...


Yeah. This is a so called 'steel paper wallet'
Can I also create a 'wooden steel paper wallet'?

Bitcoin is not a bubble, it's the pin!
+++ GPG Public key FFBD756C24B54962E6A772EA1C680D74DB714D40 +++ http://pgp.mit.edu/pks/lookup?op=get&search=0x1C680D74DB714D40
fargoway
Newbie
*
Offline Offline

Activity: 164
Merit: 0


View Profile
April 23, 2018, 06:59:23 AM
 #126

Paper wallet in a safe deposit box ftw lol
And if someone physically gets your paper wallet you lose the coins. Or you could have some technical problem when the day comes to use the coins. Cheesy   
If someone physically gets your cash/gold/cloths/house/car you will lose your cash/gold/cloths/house/car. Or it could be damaged, burned, broken, etc.
You are never in safe for 100%, that's how our life works.
bob123
Legendary
*
Offline Offline

Activity: 1050
Merit: 1568



View Profile WWW
April 23, 2018, 07:02:00 AM
 #127

Paper wallet in a safe deposit box ftw lol

The question is wether "Be your own bank" still applies here if you let a bank be your bank instead of being the bank yourself.

Those boxes do not guarantee availability at any given moment.
This may be more secured (from stealing attempts) than storing private keys under your pillow, but is not a reliable (in terms of availability, access, etc.. ) long-term storage.

Those boxes can still be seized by the government.

squatter
Hero Member
*****
Offline Offline

Activity: 1246
Merit: 931


STOP SNITCHIN'


View Profile
April 23, 2018, 07:16:11 AM
 #128

Paper wallet in a safe deposit box ftw lol

The question is wether "Be your own bank" still applies here if you let a bank be your bank instead of being the bank yourself.

Those boxes do not guarantee availability at any given moment.
This may be more secured (from stealing attempts) than storing private keys under your pillow, but is not a reliable (in terms of availability, access, etc.. ) long-term storage.

Those boxes can still be seized by the government.

Yeah, it's tough to "be your own bank" when your funds are physically in the custody of someone else. But every storage medium has its tradeoffs. It just depends what the biggest threats are.

A friend of a friend had his house burglarized and his safe stolen -- everything gone. Probably a targeted/inside job. Anyway, in hindsight, I guess he'd have been better off with a safe deposit box. I think the moral of that story is don't put all your eggs in one basket. You should never store everything in one place.

bitmover
Hero Member
*****
Offline Offline

Activity: 630
Merit: 1068



View Profile
April 23, 2018, 03:30:13 PM
 #129

Yeah, it's tough to "be your own bank" when your funds are physically in the custody of someone else. But every storage medium has its tradeoffs. It just depends what the biggest threats are.

A friend of a friend had his house burglarized and his safe stolen -- everything gone. Probably a targeted/inside job. Anyway, in hindsight, I guess he'd have been better off with a safe deposit box. I think the moral of that story is don't put all your eggs in one basket. You should never store everything in one place.

Maybe if his privatekeys were inside a drawer, they would not have been stolen. They would look worthless.

Or splitting privatekey/seed in two separate pieces of paper maybe a good idea also.

Spendulus
Legendary
*
Offline Offline

Activity: 2394
Merit: 1189



View Profile
April 24, 2018, 12:42:22 AM
 #130

Paper wallet in a safe deposit box ftw lol

And if someone physically gets your paper wallet you lose the coins. Or you could have some technical problem when the day comes to use the coins. Cheesy   

I would suggest, anyone that put a paper wallet in long term storage, see that a decoding program is placed there also. An example would be the bitaddress.org script. Whatever is needed. Toss an entire computer if you like, if you think that script won't run in ten years.

Whatever you put into long term storage, remove the batteries first.
PlayUp
Newbie
*
Offline Offline

Activity: 13
Merit: 0


View Profile
April 24, 2018, 01:27:56 AM
 #131


I am most certainly not technical enough to grasp the extent of that document, but it does appear to imply that a hacker requires physical access to your device beforehand before hacking into it.

Everyone is aware of this threat. This is without doubt the pitfall of any hard wallet, not knowing how it was configured and what hands it has passed through beforehand.

Following on from this, however, has anyone else had any difficulty downloading the latest firmware from ledger?

I have recently converted from a PC to a Mac (help me lord) and am having trouble getting 1.4.1 onto my device. I know this sounds a really noob question but would there be any reason my ledger would read the software differently if it was previously connected to a windows based app rather than ios?

HCP
Legendary
*
Online Online

Activity: 1120
Merit: 1838

<insert witty quote here>


View Profile
April 24, 2018, 04:16:03 AM
Merited by Last of the V8s (1)
 #132

Following on from this, however, has anyone else had any difficulty downloading the latest firmware from ledger?
I have recently converted from a PC to a Mac (help me lord) and am having trouble getting 1.4.1 onto my device. I know this sounds a really noob question but would there be any reason my ledger would read the software differently if it was previously connected to a windows based app rather than ios?
1.4.1 was a bit of a nuisance for some folks, getting "confusing error messages... however, Ledger have already released 1.4.2... https://www.ledger.fr/2018/04/17/announcing-ledger-firmware-1-4-2/

As noted in that blog post, they have a detailed step-by-step here: https://support.ledgerwallet.com/hc/en-us/articles/360002731113

I believe you can update directly from 1.3.1 to 1.4.2 without needing to load the 1.4.1 firmware. Also, going from Windows to MacOSX shouldn't make any difference to the device... it should switch without issue. What is the exact issue you've having? device not recognised? device recognised but update failing? Huh

Spendulus
Legendary
*
Offline Offline

Activity: 2394
Merit: 1189



View Profile
April 24, 2018, 05:42:05 PM
 #133

....
I have recently converted from a PC to a Mac (help me lord) and am having trouble getting 1.4.1 onto my device. I know this sounds a really noob question but would there be any reason my ledger would read the software differently if it was previously connected to a windows based app rather than ios?


It IS a different program, being compiled under OS X and relying on somewhat different underlying libraries.

They say to use Google Chrome or Chromium as the browser, were you doing that?
frostalvin
Newbie
*
Offline Offline

Activity: 13
Merit: 0


View Profile
April 25, 2018, 01:30:51 AM
 #134

yes I know, my friend once told me if using hardware it does not guarantee the safety of our coin .
and I'm still confused want to plunge into the world of cloudmining, I do not understand after I get the results of the developers think 'my money is where
bob123
Legendary
*
Offline Offline

Activity: 1050
Merit: 1568



View Profile WWW
April 25, 2018, 11:55:44 AM
 #135

yes I know, my friend once told me if using hardware it does not guarantee the safety of our coin.

In reality nothing guarantees the security and safety of your coins.
But a hardware wallet is one of the best (if not the best when looking at security/convinience) type of storage for your BTC.



and I'm still confused want to plunge into the world of cloudmining, ..

You should reconsider this. Cloud mining mainly is just scam.

Why should someone rent his hardware and mine for you for less profit than he could have when just mining for themselves?
If you are heavily interested in mining, buy a mining rig and join a pool. But without cheap(!) electricity this is just a waste of energy (without any profit).


justmyname
Sr. Member
****
Offline Offline

Activity: 383
Merit: 250


View Profile
April 28, 2018, 02:33:01 AM
 #136

Paper wallet in a safe deposit box ftw lol

A safety deposit box is only as safe as those working at the bank.  Cheesy
network.decentralizer
Jr. Member
*
Offline Offline

Activity: 30
Merit: 1


View Profile
April 28, 2018, 09:59:26 PM
 #137

Allow me to say that all of this kind of "bugs" and "exploits" will not cause any problem to a normal user. You are SAFE! Nobody will modify the hardware wallet if you buy it from the official store(Trezor, ledger etc.).

No program can have access to the hardware wallet seed or private keys. To sign a transaction you need to press a button so every time you want to make a transaction you need to double check the outputs.

All other threads like man-in-the-middle attack are just theory.
harbs23
Newbie
*
Offline Offline

Activity: 82
Merit: 0


View Profile
April 28, 2018, 10:54:36 PM
 #138

I have been warning people about hardware wallets for years. Bitcoin is the most personal store of value. Don't break it by using untrusted third party soft/hardware:

https://krebsonsecurity.com/wp-content/uploads/2018/03/ledgerattack.pdf

Worth mentioning, that the guy who found this exploit is 15 ys young.
Yes ! Your right hardware wallet have a lot of vulnerability.
But? What about paper wallet ?/is it advisable to use?
Spendulus
Legendary
*
Offline Offline

Activity: 2394
Merit: 1189



View Profile
April 29, 2018, 01:38:20 AM
Merited by squatter (1)
 #139

Paper wallet in a safe deposit box ftw lol

A safety deposit box is only as safe as those working at the bank.  Cheesy

I would have to disagree with this.

First of all, contents of a safe deposit box should be "tamper evident." Google that it will become clear that any prowling in that box can and should be detected. Yes that can include taking pictures of anyone opening the box, using a cam that doesn't look like a cam.

Important contents should not be obvious. A paper wallet should not be on a piece of paper that shouts "BITCOIN KEYS." It might be engraved on something that looks like a family heirloom. Johnny's First Communication certificate. Etc.

They could be on a page that looked like a listing of bank account numbers, split into pieces.

These things would not stop a determined attacker that already knew you had a stash, so one additional level of security is needed.

That is the encoding of the private key with a key phrase that only you know.

At this point you have

1. A box that does not appear to have any bitcoin paper wallets.
2. one object of many in the box that has the keys or sequences.
3. The key needs another part that is not in the box.
4. The box has tamper evident contents, hence an intruder is detected.

thekey@yaf.cloud
Copper Member
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
April 29, 2018, 07:07:40 AM
 #140

Here is a concept of next generation highly secured hardware wallet:

                             Bkey.tech

It is physically separated from untrusted environment and it`s inputs\outputs fully controlled by owner.

So it cannot be hacked remotely by design and very user friendly.

Also there will be several protective solutions to prevent "wrench attack".

Pages: « 1 2 3 4 5 6 [7] 8 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!