It is NOT secure to use hardware wallets (and it never was)

[Spendulus]

The "long term storage problem" is the simplest thing in the world to solve. Consider that a bitcoin address is no more than a 50-some digit long number All you need is a copy of that number in a safe depot box.

An 'address' is a 160 binary number. This, of course, can be encoded in any format.
Just like it is done with the displayed addresses (Base 58 encoding).

But to be able to gain access over the funds sent to the address you need the private key (256 bit binary number), which also can be encoded into *any* format.


The question is wether you want to put it into a depot box.
It matters on how much you trust the phsysical security of this box.

If you want to keep it away from everyones knowledge, such a storage might not be the best idea.

Sort of right. I referred to the private key, which is a 50-some digit long number. How one encodes it does not address the question or affect the answer.

Next, the question was not "if you want to keep it away from everyone's knowledge."

But that really doesn't matter. Please take a moment to think this over.

A private key can of course be password encoded, or encoded using a private scheme. Most of the orientation on this thread is "How to save and THEN RETRIEVE bitcoins." This implies a device capable of the retrieval, a computer or a hardware wallet, whatever.

A paper wallet does not do this, it simply stores the values. Therefore it does not have the complexities of devices with computing capabilities or data storage capabilities.

It's quite reasonable to believe there will in the future be various ways to read these keys into active devices.

[justmyname]

Ledger Hardware Receive Address Attack

Whenever using a hardware wallet  to send or receive. Make sure to check the display of your device to make sure the coins are going to the right address. A virus can change the address.

https://www.youtube.com/watch?v=9Wf1SFTQxAs

https://www.youtube.com/watch?v=sZuxHSM8p-Q

[Artlee87]

Paper wallet in a safe deposit box ftw lol

[justmyname]

Paper wallet in a safe deposit box ftw lol

And if someone physically gets your paper wallet you lose the coins. Or you could have some technical problem when the day comes to use the coins.    

[AGD]

...
Not when the "paper wallet" is made out of stainless steel.

...

Yeah. This is a so called 'steel paper wallet'
Can I also create a 'wooden steel paper wallet'?

[fargoway]

Paper wallet in a safe deposit box ftw lol

And if someone physically gets your paper wallet you lose the coins. Or you could have some technical problem when the day comes to use the coins.    

If someone physically gets your cash/gold/cloths/house/car you will lose your cash/gold/cloths/house/car. Or it could be damaged, burned, broken, etc.
You are never in safe for 100%, that's how our life works.

[bob123]

Paper wallet in a safe deposit box ftw lol

The question is wether "Be your own bank" still applies here if you let a bank be your bank instead of being the bank yourself.

Those boxes do not guarantee availability at any given moment.
This may be more secured (from stealing attempts) than storing private keys under your pillow, but is not a reliable (in terms of availability, access, etc.. ) long-term storage.

Those boxes can still be seized by the government.

[squatter]

Paper wallet in a safe deposit box ftw lol

The question is wether "Be your own bank" still applies here if you let a bank be your bank instead of being the bank yourself.

Those boxes do not guarantee availability at any given moment.
This may be more secured (from stealing attempts) than storing private keys under your pillow, but is not a reliable (in terms of availability, access, etc.. ) long-term storage.

Those boxes can still be seized by the government.

Yeah, it's tough to "be your own bank" when your funds are physically in the custody of someone else. But every storage medium has its tradeoffs. It just depends what the biggest threats are.

A friend of a friend had his house burglarized and his safe stolen -- everything gone. Probably a targeted/inside job. Anyway, in hindsight, I guess he'd have been better off with a safe deposit box. I think the moral of that story is don't put all your eggs in one basket. You should never store everything in one place.

[bitmover]

Yeah, it's tough to "be your own bank" when your funds are physically in the custody of someone else. But every storage medium has its tradeoffs. It just depends what the biggest threats are.

A friend of a friend had his house burglarized and his safe stolen -- everything gone. Probably a targeted/inside job. Anyway, in hindsight, I guess he'd have been better off with a safe deposit box. I think the moral of that story is don't put all your eggs in one basket. You should never store everything in one place.

Maybe if his privatekeys were inside a drawer, they would not have been stolen. They would look worthless.

Or splitting privatekey/seed in two separate pieces of paper maybe a good idea also.

[Spendulus]

Paper wallet in a safe deposit box ftw lol

And if someone physically gets your paper wallet you lose the coins. Or you could have some technical problem when the day comes to use the coins.    

I would suggest, anyone that put a paper wallet in long term storage, see that a decoding program is placed there also. An example would be the bitaddress.org script. Whatever is needed. Toss an entire computer if you like, if you think that script won't run in ten years.

Whatever you put into long term storage, remove the batteries first.

[PlayUp]

I am most certainly not technical enough to grasp the extent of that document, but it does appear to imply that a hacker requires physical access to your device beforehand before hacking into it.

Everyone is aware of this threat. This is without doubt the pitfall of any hard wallet, not knowing how it was configured and what hands it has passed through beforehand.

Following on from this, however, has anyone else had any difficulty downloading the latest firmware from ledger?

I have recently converted from a PC to a Mac (help me lord) and am having trouble getting 1.4.1 onto my device. I know this sounds a really noob question but would there be any reason my ledger would read the software differently if it was previously connected to a windows based app rather than ios?

[HCP]

Following on from this, however, has anyone else had any difficulty downloading the latest firmware from ledger?
I have recently converted from a PC to a Mac (help me lord) and am having trouble getting 1.4.1 onto my device. I know this sounds a really noob question but would there be any reason my ledger would read the software differently if it was previously connected to a windows based app rather than ios?

1.4.1 was a bit of a nuisance for some folks, getting "confusing error messages... however, Ledger have already released 1.4.2... https://www.ledger.fr/2018/04/17/announcing-ledger-firmware-1-4-2/

As noted in that blog post, they have a detailed step-by-step here: https://support.ledgerwallet.com/hc/en-us/articles/360002731113

I believe you can update directly from 1.3.1 to 1.4.2 without needing to load the 1.4.1 firmware. Also, going from Windows to MacOSX shouldn't make any difference to the device... it should switch without issue. What is the exact issue you've having? device not recognised? device recognised but update failing?

[Spendulus]

....
I have recently converted from a PC to a Mac (help me lord) and am having trouble getting 1.4.1 onto my device. I know this sounds a really noob question but would there be any reason my ledger would read the software differently if it was previously connected to a windows based app rather than ios?

It IS a different program, being compiled under OS X and relying on somewhat different underlying libraries.

They say to use Google Chrome or Chromium as the browser, were you doing that?

[frostalvin]

yes I know, my friend once told me if using hardware it does not guarantee the safety of our coin .
and I'm still confused want to plunge into the world of cloudmining, I do not understand after I get the results of the developers think 'my money is where

[bob123]

yes I know, my friend once told me if using hardware it does not guarantee the safety of our coin.

In reality nothing guarantees the security and safety of your coins.
But a hardware wallet is one of the best (if not the best when looking at security/convinience) type of storage for your BTC.

and I'm still confused want to plunge into the world of cloudmining, ..

You should reconsider this. Cloud mining mainly is just scam.

Why should someone rent his hardware and mine for you for less profit than he could have when just mining for themselves?
If you are heavily interested in mining, buy a mining rig and join a pool. But without cheap(!) electricity this is just a waste of energy (without any profit).

[justmyname]

Paper wallet in a safe deposit box ftw lol

A safety deposit box is only as safe as those working at the bank. 

[network.decentralizer]

Allow me to say that all of this kind of "bugs" and "exploits" will not cause any problem to a normal user. You are SAFE! Nobody will modify the hardware wallet if you buy it from the official store(Trezor, ledger etc.).

No program can have access to the hardware wallet seed or private keys. To sign a transaction you need to press a button so every time you want to make a transaction you need to double check the outputs.

All other threads like man-in-the-middle attack are just theory.

[harbs23]

I have been warning people about hardware wallets for years. Bitcoin is the most personal store of value. Don't break it by using untrusted third party soft/hardware:

https://krebsonsecurity.com/wp-content/uploads/2018/03/ledgerattack.pdf

Worth mentioning, that the guy who found this exploit is 15 ys young.

Yes ! Your right hardware wallet have a lot of vulnerability.
But? What about paper wallet ?/is it advisable to use?

[Spendulus]

Paper wallet in a safe deposit box ftw lol

A safety deposit box is only as safe as those working at the bank. 

I would have to disagree with this.

First of all, contents of a safe deposit box should be "tamper evident." Google that it will become clear that any prowling in that box can and should be detected. Yes that can include taking pictures of anyone opening the box, using a cam that doesn't look like a cam.

Important contents should not be obvious. A paper wallet should not be on a piece of paper that shouts "BITCOIN KEYS." It might be engraved on something that looks like a family heirloom. Johnny's First Communication certificate. Etc.

They could be on a page that looked like a listing of bank account numbers, split into pieces.

These things would not stop a determined attacker that already knew you had a stash, so one additional level of security is needed.

That is the encoding of the private key with a key phrase that only you know.

At this point you have

1. A box that does not appear to have any bitcoin paper wallets.
2. one object of many in the box that has the keys or sequences.
3. The key needs another part that is not in the box.
4. The box has tamper evident contents, hence an intruder is detected.

[thekey@yaf.cloud]

Here is a concept of next generation highly secured hardware wallet:

                             Bkey.tech

It is physically separated from untrusted environment and it`s inputs\outputs fully controlled by owner.

So it cannot be hacked remotely by design and very user friendly.

Also there will be several protective solutions to prevent "wrench attack".