Bitcoin Forum
May 22, 2024, 10:43:30 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Bitcoin Discussion > .
Pages: « 1 2 3 [4]  All
« previous topic next topic »
  Print  
Author Topic: .  (Read 3209 times)
Rludd
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
December 06, 2017, 04:29:37 PM
 #61
Quote from: Bamel on December 06, 2017, 04:29:12 PM
Quote from: Amial on December 06, 2017, 04:28:40 PM
Quote from: Usine on December 06, 2017, 04:27:59 PM
Quote from: Renr on December 06, 2017, 04:27:41 PM
Quote from: Stianyd on December 06, 2017, 04:27:16 PM
Secure against what? Against random hackers trying to steal your coins, they are pretty solid. Against malware that compromises your PC, they are designed to be highly resistant. Against disassembly and hardware hacking of the device, possibly not so much. Against rubber hose cryptography, not at all. They also can't prevent you from sending your coins to an address given on a spoof email or web page (although fiat bank accounts aren't immune to that either). You also need to think carefully about writing down the device seed and then keeping it secure; if someone can steal the seed they don't need the device.
(Actually the Trezor, and possibly other devices, do have a defense against rubber hose cryptography: you can have an arbitrary number of secret passwords with other wallets behind them, and the attacker has no way of knowing if you have revealed all of them. But then maybe they just keep on beating you to be sure)

To a point. I would worry about plugging that thing in 10 years from now and it doesnt work.
I run a VM on my desktop that contains my desktop wallets. The VM is backed up to multiple sources both local and in the cloud. that way if the VM or my desktop crash, I can always just get a new computer, install HyperV, and import the VM from backup.

They are more secure than any other option that you have readily available right now.

I'm skeptical. I had a Ledger HW wallet which I used to hold coin while traveling.
I initialized on my phone using mycelium, wrote down the seed excluding 5 words, and carried the seed in a notebook I always had with me (the seed was written in the middle of other normal writing).
2 months go, the entire wallet was swept. I lost most of my savings. I have no idea how this happened.
I'm moving towards multisig solutions.

Could the 5 remaining words have been found by brute-forcing? Brute-forcing 12 words isn't feasible, but 5 is way easier, considering this is exponential. (assuming phone compromission)
But that would be a targeted attack (which could be possible, you're the one that could know if this should be in your treat model)

Of course not. Nothing is 100% secure. But it's more secure than everything else at least for now.
Aneelal
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
December 06, 2017, 04:33:24 PM
 #62
Quote from: Rludd on December 06, 2017, 04:29:37 PM
Quote from: Bamel on December 06, 2017, 04:29:12 PM
Quote from: Amial on December 06, 2017, 04:28:40 PM
Quote from: Usine on December 06, 2017, 04:27:59 PM
Quote from: Renr on December 06, 2017, 04:27:41 PM
Quote from: Stianyd on December 06, 2017, 04:27:16 PM
Secure against what? Against random hackers trying to steal your coins, they are pretty solid. Against malware that compromises your PC, they are designed to be highly resistant. Against disassembly and hardware hacking of the device, possibly not so much. Against rubber hose cryptography, not at all. They also can't prevent you from sending your coins to an address given on a spoof email or web page (although fiat bank accounts aren't immune to that either). You also need to think carefully about writing down the device seed and then keeping it secure; if someone can steal the seed they don't need the device.
(Actually the Trezor, and possibly other devices, do have a defense against rubber hose cryptography: you can have an arbitrary number of secret passwords with other wallets behind them, and the attacker has no way of knowing if you have revealed all of them. But then maybe they just keep on beating you to be sure)

To a point. I would worry about plugging that thing in 10 years from now and it doesnt work.
I run a VM on my desktop that contains my desktop wallets. The VM is backed up to multiple sources both local and in the cloud. that way if the VM or my desktop crash, I can always just get a new computer, install HyperV, and import the VM from backup.

They are more secure than any other option that you have readily available right now.

I'm skeptical. I had a Ledger HW wallet which I used to hold coin while traveling.
I initialized on my phone using mycelium, wrote down the seed excluding 5 words, and carried the seed in a notebook I always had with me (the seed was written in the middle of other normal writing).
2 months go, the entire wallet was swept. I lost most of my savings. I have no idea how this happened.
I'm moving towards multisig solutions.

Could the 5 remaining words have been found by brute-forcing? Brute-forcing 12 words isn't feasible, but 5 is way easier, considering this is exponential. (assuming phone compromission)
But that would be a targeted attack (which could be possible, you're the one that could know if this should be in your treat model)

Of course not. Nothing is 100% secure. But it's more secure than everything else at least for now.

I've got a pretty big bounty that says that they are...
Pages: « 1 2 3 [4]  All
  Print  
Bitcoin Forum > Bitcoin > Bitcoin Discussion > .
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!