John Mcafee & Bitfi launch the first 'unhackable' hardware wallet

[gentlemand]

https://globenewswire.com/news-release/2018/06/19/1526755/0/en/Bitfi-and-McAfee-Announce-First-Truly-Unhackable-and-Open-Source-Crypto-Wallet.html

I particularly enjoy this feature - 'The private key only exists for a fraction of a second, just long enough to approve the transaction and is never stored anywhere' - because a full second is no good.

Have they taken a seemingly impossible leap in security or will this be a bit of a nothing? Truly unhackable is a bold and impossible claim I would've thought.

[TryNinja]

Does this mean that we need to type the password/seed/whatever everytime we want to sign a transaction? If not, then it doesn't matter since the password/seed/phrase/whatever that generates the private key is stored in the device.

[kevoh]

I particularly enjoy this feature - 'The private key only exists for a fraction of a second, just long enough to approve the transaction and is never stored anywhere' - because a full second is no good.

Have they taken a seemingly impossible leap in security or will this be a bit of a nothing? Truly unhackable is a bold and impossible claim I would've thought.

From what I've read so far, the device seems to be able to provide this ''unhackable" feature until the human factor in the creation of the secret phrase sets in. The secret phrase to be memorized consist of 34 characters including a minimum of 3 special characters but you will be amazed at how users will be lazy to create strong secret phrases.

[Aveatrex]

https://globenewswire.com/news-release/2018/06/19/1526755/0/en/Bitfi-and-McAfee-Announce-First-Truly-Unhackable-and-Open-Source-Crypto-Wallet.html

I particularly enjoy this feature - 'The private key only exists for a fraction of a second, just long enough to approve the transaction and is never stored anywhere' - because a full second is no good.

Have they taken a seemingly impossible leap in security or will this be a bit of a nothing? Truly unhackable is a bold and impossible claim I would've thought.

I'm pretty sure that this claim is just pure marketing.Nothing is 100% unhackable.I'm actually curious if the 1 year warranty means a warranty that the wallet never gets hacked or a warranty for the device like warranty of phones/computers etc..

[o_e_l_e_o]

Take any claims by McAfee with a pinch spoonful cupful bucketful of salt. He is a proven liar, scammer, con-artist and criminal, who charges $105,000 to pump-and-dump shitcoins.

This phrase in particular stood out to me: "The user-created phrase is impossible for others to guess but easy for the wallet holder to memorize." This doesn't mean your wallet isn't hackable.
Relevant XKCD:

[gentlemand]

From what I've read so far, the device seems to be able to provide this ''unhackable" feature until the human factor in the creation of the secret phrase sets in. The secret phrase to be memorized consist of 34 characters including a minimum of 3 special characters but you will be amazed at how users will be lazy to create strong secret phrases.

I don't really see how anyone can make an unhackable claim for hardware or software. New holes can't be accounted for.

You're right about the human factor though. I'd say it was better to force 24 word seeds on people. Their own practices are always too slack. Perhaps the device will insist on some minimum standard. Otherwise it'll be no better than a brain wallet.

[buwaytress]

I particularly enjoy this feature - 'The private key only exists for a fraction of a second, just long enough to approve the transaction and is never stored anywhere' - because a full second is no good.

Have they taken a seemingly impossible leap in security or will this be a bit of a nothing? Truly unhackable is a bold and impossible claim I would've thought.

From what I've read so far, the device seems to be able to provide this ''unhackable" feature until the human factor in the creation of the secret phrase sets in. The secret phrase to be memorized consist of 34 characters including a minimum of 3 special characters but you will be amazed at how users will be lazy to create strong secret phrases.

Exactly. If their claim of unhackable relies on the human factor, then basically almost any existing secure wallet is unhackable - provided the human user practises fullest possible measures to protect themselves.

But we all know the human factor is rationally lazy. All the countless threads of people getting hacked, or sending btc to the wrong address, or just signing up for a service that later they discover they don't know how to use.

It's not unhackable by any means if it still relies on humans to do the exact opposite of what they're naturally inclined to.

[Lucius]

I'm not surprised that we see one more hardware wallet on market, regarding the potential that cryptocurrency has in the future and one of the biggest problem this industry have is security, such wallet would be a perfect solution. Is it possible that they managed to make it perfect and unhackable and easy for use? I think that we will not know is that true until wallet come into use.

I check Bitfi site and at first glance it does not look nothing special, and there is no info about company what is common practice, rather strange if you ask me. John McAfee as a partner of this company is not surprising me, he repeatedly warned of wallets security.

Wallet is looking as Ledger Blue, with a price of 120$ + 15$ for shipping (USA) or 25$ for other countries and with possible custom tax, this wallet will be one of the most expensive on the market.

[gentlemand]

I think that we will not know is that true until wallet come into use.

Until it's hacked, rather.

Information about themselves is indeed a bit thin on the ground. Trezor had a huge amount of track record to draw on as Slushpool.

If I was looking to position myself in such a trust vital area I would not be using John Mcafee as my vouch.

[nc50lc]

I'm pretty sure that this claim is just pure marketing.Nothing is 100% unhackable.I'm actually curious if the 1 year warranty means a warranty that the wallet never gets hacked or a warranty for the device like warranty of phones/computers etc..

If it wasn't McAeat-himself, I would have believed it.
That guy has been using his social-media celebrity status as a Marketing tool for ICOs and crytocurrency-related stuffs, yeah right, who wouldn't.

[HCP]

While most wallets store a 24-word memory key to access funds, the Bitfi Wallet allows wallet holders to store an unlimited amount of funds, without possibility of loss or theft, by utilizing a proprietary and open-source Bitfi algorithm that calculates the private key with a powerful onboard CPU from the user’s own unique secret phrase

So, this is essentially a brainwallet right?

This is (IMHO) a "Bad Idea"™... It has been proven that humans are incredibly bad at choosing "strong" passwords.

THE RESULT IS THAT:

The wallet is controlled and backed-up using a single phrase (there is no separate password or pin-code and mnemonic seed to keep track of).

The phrase is user created in such a way that it is impossible to guess but is also easy to commit to memory. For example, a possible phrase can be “10 Scary Things My Doctor Is Not Telling Me” or “WhyDoesShakespeareLoveMonero”.

The wallet asks that you also enter a second anchor such as a phone number, social security number, or email address or “salt”. This ensures that no two users can ever end up with the same phrase.

I especially like the way they claim everything is secured by a single passphrase... that also needs a 2nd "anchor" like a social security number, or phone number or email address or "salt"... soooooo, that's two things you need to remember then?

This single passphrase+salt approach isn't exactly revolutionary either... they're basically just replicating WarpWallet but using a dedicated hardware device.

A truly secure cryptocurrency wallet allows the user to store an unlimited amount of funds without any risk or possibility of loss. To increase security to this level, the Bitfi wallet is controlled and backed-up using a single secret phrase which gives users the option to commit the phrase to memory without the need to write anything down.

And when you sustain an accidental head injury and suffer from memory loss... what then?

Honestly, their entire marketing spiel is so flawed. There are risks involved in EVERYTHING. Anyone with even just basic experience of Risk Management understands this... that's why it is called Risk Management and not Risk Elimination.

Once the wallet is set up, the device automatically receives the latest software updates thus completely eliminating any possibility for a user to download corrupt software or fall prey to phishing attacks.

And what happens when some junior intern at Bitfi uploads the wrong image to the update servers? or if/when Bitfi servers gets hacked and bad code is uploaded? There is no way for a user to NOT get the corrupt update  Forced updates are not a great idea, IMHO.


Still, it is good to see competition in the Hardware Wallet space... and I commend them for trying a different approach. Just not very impressed with their hyperbolic marketing

[o_e_l_e_o]

I've just spent 5 minutes looking in to this a bit more, and it gets even worse:

If you desire the absolute most secure method that exists then we recommend using the Diceware method. It is a simple method but makes truly impenetrable secret phrases (for example, an attacker who has computer equipment capable of one trillion guesses per second will need 27 million years to guess a 7 word passphrase that was set using Diceware).

For anyone not familiar with the Diceware method, it is simply a method of generating a list of random words. They recommend at least 6, but probably 7 words, to ensure your phrase is "unhackable". So basically you are trading a 24-word seed phrase for a 6-word brain wallet. This is honestly one of the worst ways you could possibly secure your coins.

A truly secure cryptocurrency wallet allows the user to store an unlimited amount of funds without any risk or possibility of loss. To increase security to this level, the Bitfi wallet is controlled and backed-up using a single secret phrase which gives users the option to commit the phrase to memory without the need to write anything down.

And when you sustain an accidental head injury and suffer from memory loss... what then?

Not just a head injury. There are hundreds of physical and mental illnesses out there that can cause memory loss. Brain wallets are for the brainless.

[RGBKey]

So, this is essentially a brainwallet right?

That's pretty much all you need to know about this to know how stupid it would be to use one. It's so so easy to think that you've remembered a phrase and then you forget it one day.

[o_e_l_e_o]

includes major technological breakthroughs that will forever change the way you interact with cryptocurrency.

Major technological breakthroughs!? It's a brain wallet, and a poor one at that. If anything, it's a step backwards.

[OmegaStarScream]

Code:

The entire first batch sold in just 22 minutes.

120$ and it went that fast? even the Trezor T model didn't go that fast. It seems like John McAfee can tweet about literally anything, and It will get sold.

[HCP]

Code:

The entire first batch sold in just 22 minutes.

120$ and it went that fast? even the Trezor T model didn't go that fast. It seems like John McAfee can tweet about literally anything, and It will get sold.

They never actually mentioned anywhere how many units were in the first batch (at least, not in any of the stories I could find)... it could have been 10 units (or 10,000)

I'm guessing the total was closer to the first number than the second

[gentlemand]

They never actually mentioned anywhere how many units were in the first batch (at least, not in any of the stories I could find)... it could have been 10 units (or 10,000)

I'm guessing the total was closer to the first number than the second

He's a huckster so you're probably right but he does have an awful lot of rabid fans at the moment.

I do find it strange though that someone who's pinned everything on being Security and Privacy Man makes this unhackable claim. I can't imagine any truly clued up programmer would ever assume their creation was stone cold guaranteed to be impregnable.

[Oilacris]

Take any claims by McAfee with a pinch spoonful cupful bucketful of salt. He is a proven liar, scammer, con-artist and criminal, who charges $105,000 to pump-and-dump shitcoins.

This phrase in particular stood out to me: "The user-created phrase is impossible for others to guess but easy for the wallet holder to memorize." This doesn't mean your wallet isn't hackable.
Relevant XKCD:

Based on that image i do completely agree on that thing where anyone can able to slam us a cheap wrench and asking forcefully about on your keys. We might not think of on that way but last resort would be like that one specially when someone do have info about on your crypto holdings.
Here we go again with unhackable thing proposed or introduced by Mcafee. This thing doesnt exist yet anything can really be hacked when keys are created.If its  brainwallet then the risk would always be tied up.

[notaek]

https://globenewswire.com/news-release/2018/06/19/1526755/0/en/Bitfi-and-McAfee-Announce-First-Truly-Unhackable-and-Open-Source-Crypto-Wallet.html

I particularly enjoy this feature - 'The private key only exists for a fraction of a second, just long enough to approve the transaction and is never stored anywhere' - because a full second is no good.

Have they taken a seemingly impossible leap in security or will this be a bit of a nothing? Truly unhackable is a bold and impossible claim I would've thought.

McAfee is a complete sellout. Just take a look at his Twitter profile and you'll know.
He uses his public image as an asset to help promote ICOs. (https://mcafeecryptoteam.com/effect.html)

I would take this guy's claim with a grain of salt. Overall, its just a marketing tactics to keep themselves ahead of the competition. (Trezor, Keepkey, Ledger - all of them I use and recommend BTW)

Does this mean that we need to type the password/seed/whatever everytime we want to sign a transaction?

Oh boy! If that's the case, then a simple keylogger will be able to read all the phrases everytime a user types them in.

[audaciousbeing]

https://globenewswire.com/news-release/2018/06/19/1526755/0/en/Bitfi-and-McAfee-Announce-First-Truly-Unhackable-and-Open-Source-Crypto-Wallet.html

I particularly enjoy this feature - 'The private key only exists for a fraction of a second, just long enough to approve the transaction and is never stored anywhere' - because a full second is no good.

Have they taken a seemingly impossible leap in security or will this be a bit of a nothing? Truly unhackable is a bold and impossible claim I would've thought.

Having a leap in form of security measures is good but claiming its ''unhackable'' is really an overstretched even bitcoin in which gave the impression that its fool proof, there have been discussions about the effect of the existence of Quantum computer could do to the blockchain. The best is to say its going to be difficult. Aside that saying a software is unhackable is an indictment to all of the existing wallets providing a far reaching satisfaction for people to keep their bitcoin and other crypto currency safe over the years.

I think addition of McAfee to the name is making it seems more popular but that name does not carry any weight from where I stand and I am sure its the same for other people too. Forgetting the human factor in any development is being overly confident which I see happening here. And the feature of private key existing for seconds is what I am not seeing as a special feature because normally when you want to send a transaction on say Electrum, you don't have any business with your private key, enter the necessary details then send without any issue. With this feature now, it means to copy your private key for claiming fork purposes its now a problem.