Hardware wallets still aren't secure, and they never will be. Use paper wallets

[Chris!]

An attacker with a stolen device can extract the seed from the device. It takes less than 5 minutes and the necessary materials cost around 100$. This vulnerability affects Trezor One, Trezor T, Keepkey and all other Trezor clones. Unfortunately, this vulnerability cannot be patched and, for this reason, we decided not to give technical details about the attack to mitigate a possible exploitation in the field. However SatoshiLabs and Keepkey suggested users to either exclude physical attacks from their threat model, or to use a passphrase.

https://ledger-donjon.github.io/Unfixable-Key-Extraction-Attack-on-Trezor

Yet another hardware wallet issue folks, this time though, it's unpatchable. If you're using a hardware wallet, encrypt it. If you don't have a hardware wallet, use an offline generated private key/seed (aka "paper wallet"). Be your own bank. Stop trusting hardware wallet manufactures to protect your money.

[1715248188]

1715248188

[1715248188]

1715248188

[1715248188]

1715248188

[Rath_]

Trezor team responded to these findings in March. They have been aware of the attack since designing Trezor. Using a passphrase has always been recommended and it can protect anyone from any kind of physical attack*. Some of you might argue that recommending using a passphrase is not an appropriate solution. Convenience comes at a cost.

This being said, in combination with strong passphrases and at least the basic operational security principles, even the physical attacks presented by Ledger cannot affect Trezor users.

*except for $5 wrench attack

[o_e_l_e_o]

Trezor team responded to these findings in March.

This is true, but their response in March was thus:

This attack vector is also resource-intensive, requiring laboratory-level equipment for manipulations of the microchip as well as deep expertise in the subject.

If what Ledger have published is true, then this is no longer the case. You no longer need lab equipment worth hundreds of thousands of dollars and trained technicians. Apparently all you need now is $100 and some basic electronics knowledge.

They have been aware of the attack since designing Trezor. Using a passphrase has always been recommended and it can protect anyone from any kind of physical attack*.

Everyone should be using a passphrase, but I'd wager few do. I'd wager barely anyone is using a passphrase of 37 random characters, and I'm sure many would view entering 37 random characters (presumably from paper since you shouldn't be relying on memory) every time you want to open your wallet is not an acceptable trade-off between security and ease of use.

If you don't have a hardware wallet, use an offline generated private key/seed (aka "paper wallet").

I might be misunderstanding you here, but how is this safer? If your concern is regarding a physical attack on your hardware wallet, then surely with a physical attack on a paper wallet it is completely trivial to steal your coins?

[Chris!]

If you don't have a hardware wallet, use an offline generated private key/seed (aka "paper wallet").

I might be misunderstanding you here, but how is this safer? If your concern is regarding a physical attack on your hardware wallet, then surely with a physical attack on a paper wallet it is completely trivial to steal your coins?

It's a hell of a lot easier to hide something that an attacker is unaware of, than a laptop, a phone or a hardware wallet. A physical attack can only happen if you A. Know what you're looking for or B. Happen to stumble across something over smarter of hours or days tearing someone's house apart. It's also free rather than $100 and you don't need to worry about all of the other countless vulnerabilities that constantly pop up with hardware wallets.

I agree that a 37 character password suggestion is not going to be taken up by the vast majority of users, meaning hardware wallets just aren't as secure as truly offline generated private keys (not that they ever were). 

[HCP]

It's a hell of a lot easier to hide something that an attacker is unaware of, than a laptop, a phone or a hardware wallet. A physical attack can only happen if you A. Know what you're looking for or B. Happen to stumble across something over smarter of hours or days tearing someone's house apart.

So you expect that a thief knows what a cryptocurrency hardwallet is, but doesn't know what a paper wallet is? Or that it's easier to "hide" a paper wallet than a "usb stick"?

It's also free rather than $100 and you don't need to worry about all of the other countless vulnerabilities that constantly pop up with hardware wallets.

"Countless"? Stop being so dramatic. Sure, there have been some issues identified by several different parties of several hardware wallet devices. To my knowledge, all of the identified issues have either been patched and/or are able to be mitigated. And it's not like there have never been any issues with "paper wallets". I'm sure we're all aware of issues like this: https://blockonomi.com/security-vulnerabilities-walletgenerator/

I agree that a 37 character password suggestion is not going to be taken up by the vast majority of users, meaning hardware wallets just aren't as secure as truly offline generated private keys (not that they ever were). 

You don't need a 37 character password to make it "secure" per se... the 37 character BIP39 passphrase is suggested to make it as secure as having an "unknown" 12/24 word seed. Which, as we know, is generally measured in terms of "millions of millions of years" for brute-forcing. I can't find any firm numbers on the the time/effort required to bruteforce say an 8 or 16 character BIP39 passphrase. The PDF referenced by Ledger claims a 50% reduction in CPU intensive calculations, so does anyone have any references to calcs on how long a 16 char BIP39 passphrase would take to bruteforce?

In any case, saying that a private key written/printed on paper is more secure that a hardware wallet, assuming someone has physical access to both is somewhat disingenuous.


I guess the key takeaway is that NOTHING is 100% secure. As long as you know the risks inherent in the system you are using and take steps to mitigate such risks, then hardware wallets are no better or worse overall than paper wallets.

[erikalui]

There can be nothing as secure as cold storage/offline wallets and this was something I was worried about since if the device gets stolen, it's still possible that the money can be hacked. Is it the case with only trezor or ledger nano as well?

[bitmover]

Saying that "Hardware wallets still aren't secure, and they never will be." because a physical stolen device can be hacked is a bit sensationalist, isnt it?

What are the chances that a hacker come into my house, search and find my ledger and steal it? This is highly unlikely to happen, especially if you are a discrete person about your btc holdings.

Hardware wallets are still safe enough, especially for newbies.

If you don't have a hardware wallet, use an offline generated private key/seed (aka "paper wallet").

I might be misunderstanding you here, but how is this safer? If your concern is regarding a physical attack on your hardware wallet, then surely with a physical attack on a paper wallet it is completely trivial to steal your coins?

LOL

Paper wallet are much more complex to be really safe. Not everyone is able to properly airgap a computer , and the risks involved in case of a mistake are very high.

[Chris!]

So you expect that a thief knows what a cryptocurrency hardwallet is, but doesn't know what a paper wallet is? Or that it's easier to "hide" a paper wallet than a "usb stick"?

It's much easier to hide something if the thief doesn't know what to look for. I'm not going to get into it, but taking off a piece of something and etched the inside, then adding it back on is a hell of a lot less obvious than a usb in a safe or in your sock drawer. Hiding a hardware wallet or usb just makes it all that more obvious when the thief finds it. If they stumble across your private key but have no idea they've even found it, that's when you've done things properly.

"Countless"? Stop being so dramatic. Sure, there have been some issues identified by several different parties of several hardware wallet devices. To my knowledge, all of the identified issues have either been patched and/or are able to be mitigated. And it's not like there have never been any issues with "paper wallets". I'm sure we're all aware of issues like this: https://blockonomi.com/security-vulnerabilities-walletgenerator/

You seem to be taking this very personally. I'm starting to wonder why that is. I'm simply educating users of this forum on a free way to be their own bank. That's why we're all here actually. Is something wrong with that? I don't need a device that i didn't create in my house to hold my cryptocurrency and neither do you. You can create something of your own for free (or I suppose one could argue that it costs time and some paper/ink/materials).

Anyway, paper wallets cannot have issues if you use your own entropy and proper security. They're only as good as the person setting them up, which you can say about literally anything. If I owned a hardware wallet and a paper wallet, I would put all of my funds in the paper wallet unless I needed to spend them. I'm not looking into your link because it's just going to be the same bullshit FUD that's on the bitcoin wiki. Some crap about idiots setting up change addresses wrong, other crap about paper burning or water damage blah blah blah.. again, if you aren't going to bother to learn how to properly secure your funds then you will eventually lose them. I'm fully aware of the attacks that could take place on paper wallets. I'm not too worried about my dice being rigged, someone busting in and performing a cold boot attack or certain radio waves that my laptop may or may not give off. It's never going to be a zero chance that your funds are hacked, but paper wallets are substantially more secure than hardware wallets. The way I generate them anyway. If you go and generate a paper wallet online with bitaddress then you're better off just using a hot wallet or hardware wallet.

You don't need a 37 character password to make it "secure" per se... the 37 character BIP39 passphrase is suggested to make it as secure as having an "unknown" 12/24 word seed. Which, as we know, is generally measured in terms of "millions of millions of years" for brute-forcing. I can't find any firm numbers on the the time/effort required to bruteforce say an 8 or 16 character BIP39 passphrase. The PDF referenced by Ledger claims a 50% reduction in CPU intensive calculations, so does anyone have any references to calcs on how long a 16 char BIP39 passphrase would take to bruteforce?

In any case, saying that a private key written/printed on paper is more secure that a hardware wallet, assuming someone has physical access to both is somewhat disingenuous.


I guess the key takeaway is that NOTHING is 100% secure. As long as you know the risks inherent in the system you are using and take steps to mitigate such risks, then hardware wallets are no better or worse overall than paper wallets.

Everybody knows that the people setting these passwords will use the tried and true dog name and year of birth or their favourite grandchild or whatever other crap people use now. If you're protecting your hardware wallet with a password that wasn't randomly generated (good luck typing that 37 character randomly generated string of nonsense btw) then you're completely screwing yourself out of the somewhat half decent security that these overpriced USBs offered in the first place.

I'll give you a god password to memorize. Don't worry, it's safe because I don't know where you live. Go ahead. It's super easy to memorize. Just read it over 10x and I'm sure you'll have it. Either that or you could... Write it down. Oh or better yet, you could add it to your password manager. But then you're relying on your master password, which again wouldn't make sense to use a randomly generated password and you're back at square one. You have an unsecure hardware wallet with the password writen down. Or you memorized Molly1989AuntieSueLovesToBake (congrats) and it'll be so easy to crack your password. Not brute force. Who needs brute force when there are so many better/easier ways to crack it.

Code:

(N]Pq?.kHwO/mF@f2V- 7E)Uk0Ih#,}8rE_+g

Good luck and be your own bank.

Saying that "Hardware wallets still aren't secure, and they never will be." because a physical stolen device can be hacked is a bit sensationalist, isnt it?

What are the chances that a hacker come into my house, search and find my ledger and steal it? This is highly unlikely to happen, especially if you are a discrete person about your btc holdings.

Hardware wallets are still safe enough, especially for newbies.

Well lucky for those thieves they know what to look for when they break in now don't they? Binance was also safe for newbies. So was blockchain.info/com. Being idiot proof is the opposite of safe. If I wanted your version of safe I'd use my debit card through PayPal because that way if I'm watching an infomercial and buy some $99 knives that can cut through a tin roof at least I can get my money back.

LOL

Paper wallet are much more complex to be really safe. Not everyone is able to properly airgap a computer , and the risks involved in case of a mistake are very high.

Complex = not safe. Got it.

I bet I can teach even you how to properly air-gap a computer. It'll take 10 mins out of your day and you'll have a very useful tool for lots of other things in life.

The risks of making a mistake are the same (don't lose your private keys). What is higher risk with paper wallets? I'm not hashing out my pubkey by hand here. It's the exact same process anyone would use to generate a private key but it's air gapped. Okay, that and I use my own entropy source, but again, super easy to learn.

Only true if you specifically mention the usage of encrypted private key (see BIP 38) with strong passphrase.

100% agree.

[o_e_l_e_o]

but paper wallets are substantially more secure than hardware wallets.

That's not accurate though. Some paper wallets will be more secure than some hardware wallets, sure, but the reverse is also true. Given how I use and store my hardware wallet, the only vector of attack which I am susceptible to is a physical one, which sounds like it is the same case for you and your paper wallets. I'd wager that if an attacker gets his hands on either one of our wallets, it is significantly easier to clear out a paper wallet than it is to build the board to extract the seed from a hardware wallet. In addition to that, since I use multiple long passphrases, this attack wouldn't even work against me.

Your main argument seems to be that it is easier to hide a paper wallet than it is to hide a hardware wallet. A hardware wallet is small enough that I can hide it inside a light fitting, in an electrical socket, under the floorboards, bore a hole in a door/shelf/table/furniture/etc and hide it inside, and so forth. There is a close to zero chance a random attacker would find my hardware wallet without also burning down my house.

You have an unsecure hardware wallet with the password writen down.

How is this different to having an unsecured paper wallet which is written down?

I'm not trying to be deliberately antagonistic here. This finding regarding the Trezor is important, and it should be discussed, but saying that all hardware wallets are useless is wrong.

[Chris!]

but my paper wallets are substantially more secure than hardware wallets.

That's not accurate though.

FTFY

Your main argument seems to be that it is easier to hide a paper wallet than it is to hide a hardware wallet. A hardware wallet is small enough that I can hide it inside a light fitting, in an electrical socket, under the floorboards, bore a hole in a door/shelf/table/furniture/etc and hide it inside, and so forth. There is a close to zero chance a random attacker would find my hardware wallet without also burning down my house.

My main argument is that trusting a hardware wallet with my funds, and paying them $100 for me to trust them is very similar to trusting a bank and paying them for a safety deposit box. I much prefer trusting no one and not having a bill to go along with it.

How is this different to having an unsecured paper wallet which is written down?

I'm not trying to be deliberately antagonistic here. This finding regarding the Trezor is important, and it should be discussed, but saying that all hardware wallets are useless is wrong.

Personally, I've seen many issues come up with hardware wallets over the years and I still can't wrap my head around why people use them. I guess it's the same reason people keep funds on an exchange or hot wallet. Ease of use trumps security for the vast majority of users (until they get hacked of course). I'd rather have people learn to store their funds in the most secure manner.

I was a newbie before. I know exactly what newbies go through. I wish someone told me how I really shouldn't be using X or Y service because they aren't secure. Hardware wallets are probably 99% secure, although no normal person could actually confirm that. Paper wallets can be extremely secure if you do it right. I suppose I can make a guide so it doesn't look like I'm just bashing hardware wallets. Actually, I think I made one before. I'll have to find and bump that thread.

Being blissfully ignorant actually works in the fiat system. You can always get your money back if it's stolen, assuming it wasn't cash. It doesn't in crypto, so take every single precaution possible. Don't. Trust. Anyone. That includes hardware wallet manufactures.

[o_e_l_e_o]

but my paper wallets are substantially more secure than hardware wallets.

That's not accurate though.

FTFY

Sure, but the fact we are even discussing this means your technical knowledge is more advanced than probably 99% of crypto users. Most users would not be able to generate a paper wallet in a secure manner.

I much prefer trusting no one and not having a bill to go along with it.

There is always trust involved somewhere. Unless you built it yourself, you are trusting the manufacturers of your computer hardware, and the shippers who delivered it to you. Unless you designed it yourself, you are trusting the people who wrote your OS and software. It's probably also worth mentioning that Trezor device is fully open source, and hardware wallets in general are subjected to far more independent auditing and attempted hacking than the vast majority of other hardware or software.

I've seen many issues come up with hardware wallets over the years

True, but the majority of issues are from people using them incorrectly. There have also been plenty of issues with paper (or otherwise self-generated) wallets, again, usually from people using them incorrectly. Any method is only as good as the person using it.

Paper wallets can be extremely secure if you do it right.

I agree with you, but the vast majority of users do not have the ability to do it right. I'm also not claiming hardware wallets are infallible, but they can be just as good as paper wallets if also used correctly.

There's a great answer to this question from Andreas Antonopoulos which I think pretty much summarizes my argument: https://www.youtube.com/watch?v=4fsL5XWsTJ4&t=402

[Chris!]

but my paper wallets are substantially more secure than hardware wallets.

That's not accurate though.

FTFY

Sure, but the fact we are even discussing this means your technical knowledge is more advanced than probably 99% of crypto users. Most users would not be able to generate a paper wallet in a secure manner.

I consider myself pretty average with tech and I managed to figure it out over time. It's all about the effort you're willing to out into it I guess.

There is always trust involved somewhere. Unless you built it yourself, you are trusting the manufacturers of your computer hardware, and the shippers who delivered it to you. Unless you designed it yourself, you are trusting the people who wrote your OS and software. It's probably also worth mentioning that Trezor device is fully open source, and hardware wallets in general are subjected to far more independent auditing and attempted hacking than the vast majority of other hardware or software.

That's not necessarily true. The only thing I really need to trust is the RAM on my laptop or desktop when I boot up a live USB. If I have no Wifi card in the computer and no ethernet cable plugged in then I've removed the internet attack vector entirely. A cold boot attack is probably my biggest concern, unless I'm told otherwise.

I've seen many issues come up with hardware wallets over the years

True, but the majority of issues are from people using them incorrectly. There have also been plenty of issues with paper (or otherwise self-generated) wallets, again, usually from people using them incorrectly. Any method is only as good as the person using it.

I don't agree with that logic at all. Let's test this out in a real world scenerio:

The safest car in the world and the least safe car in he world are driven off a 200ft cliff. User error was to blame. Everyone inside both cars dies instantly. Should both cars be considered just as safe now?

Paper wallets can be extremely secure if you do it right.

I agree with you, but the vast majority of users do not have the ability to do it right. I'm also not claiming hardware wallets are infallible, but they can be just as good as paper wallets if also used correctly.

There's a great answer to this question from Andreas Antonopoulos which I think pretty much summarizes my argument: https://www.youtube.com/watch?v=4fsL5XWsTJ4&t=402

I watched it. He basically said you have to have some level of trust, meaning I won't bother with one. I just have to trust my RAM manufacturer not to add something onto it that could send off something remotely.

One car is safer than the other when both are used properly.

I'm tired of people saying paper wallets aren't secure or hardware wallets are just as secure. The only issue with them is user error. That's clearly not a paper wallet issue. It's user error.

[PrimeNumber7]

Anyway, paper wallets cannot have issues if you use your own entropy and proper security.

This is insane. Paper wallets have additional security vulnerabilities that HW wallets do not have.

When using a paper wallet:

• You must use a(n) (offline) computer to generate the private key to a paper wallet, and the portions of the private key may remain on the computer long after the fact. This is not a risk with HW wallets
• You must use a printer to print the private key for a paper wallet, and portions of this image may remain on the printer long after the fact. This is not a risk with HW wallets
• You must transfer the private key of your paper wallet onto a(n) (offline) computer to spend any of your coin, risking the private key remains on your computer long after the fact, and risking that someone will take a picture of your private key/paper wallet. Neither of these are a risk with a HW wallet
• An attacker may be able to compromise your paper wallet by being in possession of it temporarily for only a few seconds via taking a picture of your paper wallet. For a HW wallet to be compromised, the attacker must be in continuous possession of your HW wallet for a longer time, and must be in proximity of special electronic equipment. An attacker could stumble across a paper wallet, and compromise it without your knowledge, while a HW wallet being compromised without your knowledge would require a more targeted attack.

With a HW wallet, you can use multiple passphrases, including a passphrase that is easy to crack with nominal amounts of coin. You can monitor the coin in the easy to crack passphrase, and if coins are moved from addresses associated with that passphrase, you will know you need to quickly move the coin in addresses associated with a more complex passphrase. An attacker will also not know how much coin you have secured by your HW wallet, so if they find a single passphrase that can be used to generate private keys to spend coin, it may not be a good use of resources to look for additional passphrases that can be used to spend additional coin.

[Chris!]

This is insane.

I agree. Idk why people still trust these manufacturers when they're clearly incompetent.

When using a paper wallet:

• You must use a(n) (offline) computer to generate the private key to a paper wallet, and the portions of the private key may remain on the computer long after the fact.
  

Please tell me what part of the computer these "portions of private keys" remain on. Is it the CPU? The mobo? Oh it's the BIOS isn't it.

I'm not turning my wifi off on windows 10 and hoping for the best. I'm using an air-gapped system.

You must use a printer to print the private key for a paper wallet, and portions of this image may remain on the printer long after the fact. This is not a risk with HW wallets

Really? I haven't used a printer for paper wallets in about a year now. You do know that "paper wallet" is just a loose term people use, right? Imagine anything more durable than paper. Use that instead of paper.

• You must transfer the private key of your paper wallet onto a(n) (offline) computer to spend any of your coin, risking the private key remains on your computer long after the fact, and risking that someone will take a picture of your private key/paper wallet. Neither of these are a risk with a HW wallet

Again, sounds like you don't understand what an air-gapped system is. Also, who the hell is generating private keys in a public park where a stranger can take a picture of their screen? Wtf? Go in the corner of your house if you're really paranoid (which of course I am).

• An attacker may be able to compromise your paper wallet by being in possession of it temporarily for only a few seconds via taking a picture of your paper wallet. For a HW wallet to be compromised, the attacker must be in continuous possession of your HW wallet for a longer time, and must be in proximity of special electronic equipment. An attacker could stumble across a paper wallet, and compromise it without your knowledge, while a HW wallet being compromised without your knowledge would require a more targeted attack.

How did said attacker guess my BIP38 passphrase so quickly? They must have seen when I typed it out at the public park I generated my keys at I guess.

With a HW wallet, you can use multiple passphrases, including a passphrase that is easy to crack with nominal amounts of coin. You can monitor the coin in the easy to crack passphrase, and if coins are moved from addresses associated with that passphrase, you will know you need to quickly move the coin in addresses associated with a more complex passphrase. An attacker will also not know how much coin you have secured by your HW wallet, so if they find a single passphrase that can be used to generate private keys to spend coin, it may not be a good use of resources to look for additional passphrases that can be used to spend additional coin.

Better yet, set a great passphrase on everything and don't worry about it. Add a watch-only address to whatever wallet you choose and get on with your life knowing you're actually secure. No need to look out for the next vulnerability from your hardware wallet manufacturer.


Guys, I know it sucks that you wasted $100 on a glorified USB but there's no reason to start making up BS and FUD about paper wallets. I'm just trying to teach you how to secure your funds better - without relying on a third party.

Again, user error is not a vulnerability. If you shut your wifi off and think you have an air-gapped system you're going to have a bad time.[/list]

[HCP]

I'm not looking into your link because it's just going to be the same bullshit FUD that's on the bitcoin wiki. Some crap about idiots setting up change addresses wrong, other crap about paper burning or water damage blah blah blah..

Well, if you'd bothered to read it, then you would know that it didn't have anything to do with change addresses, paper burning or water damage or other "blah blah blah".

It was a very real "bug" that was discovered in a relatively popular Paper Wallet Generator that seemed to result in the same keys being generated for "different" users etc. I believe that there have also been issues in the past with vulnerabilities in libraries used by paper (and desktop) wallet software that has caused "weak" keys etc. There was even an issue with a particular browser that resulted in BIP38 Paper Wallets that couldn't be decrypted by other browsers.


Like I said earlier, every system has it's particular pros and cons... as long as you are aware of these, you can take the necessary steps to mitigate them. Simply claiming that "A > B" is a bit close minded and ignorant of the fact that "everybody is not you".

There are people in this world for whom blockchain.com is the "perfect" wallet... and there are others who wouldn't even type blockchain.com into a browser. So, if paper wallets fit your use case, well that's awesome.

[bitmover]

This is insane. Paper wallets have additional security vulnerabilities that HW wallets do not have.

When using a paper wallet:

• You must use a(n) (offline) computer to generate the private key to a paper wallet, and the portions of the private key may remain on the computer long after the fact. This is not a risk with HW wallets
• You must use a printer to print the private key for a paper wallet, and portions of this image may remain on the printer long after the fact. This is not a risk with HW wallets
• You must transfer the private key of your paper wallet onto a(n) (offline) computer to spend any of your coin, risking the private key remains on your computer long after the fact, and risking that someone will take a picture of your private key/paper wallet. Neither of these are a risk with a HW wallet
• An attacker may be able to compromise your paper wallet by being in possession of it temporarily for only a few seconds via taking a picture of your paper wallet. For a HW wallet to be compromised, the attacker must be in continuous possession of your HW wallet for a longer time, and must be in proximity of special electronic equipment. An attacker could stumble across a paper wallet, and compromise it without your knowledge, while a HW wallet being compromised without your knowledge would require a more targeted attack.

-snip-

Chris, stop being so aggressive and childish. You could learn a lot from this conversation. Generating a paper wallet is much more complex to be safer, it will require a lot more work.
As an "average tech guy" (as you said) there are a lot of small risks and vulnerabilities that you are ignoring or you don't understand at all. Printers, spending..., Some people even consider using one computer/printer only for that, which is more expensive than a HW.


It is also less practical to spend funds. You would eventually have to air gap the computer again to generate more keys or make a transaction  and even a one small mistake could compromise its security. Using a hardware wallet is much easier and you never expose your keys, even to spend.

[o_e_l_e_o]

If I have no Wifi card in the computer and no ethernet cable plugged in then I've removed the internet attack vector entirely.

You would eventually have to air gap the computer again to generate more keys or make a transaction

What is being described here it not an airgapped device. An airgapped device doesn't not have access to the internet, and will never have access to the internet again. Unplugging the ethernet cable doesn't allow you to airgap the device "again", it simply disconnects the device. If you are ever going to plug that ethernet cable back in, then it's not an airgapped device.

Disconnecting a computer in this way, even if booting from a live USB/CD, does not guarantee safety by any means.

[bitmover]

Disconnecting a computer in this way, even if booting from a live USB/CD, does not guarantee safety by any means.

Exactly.

The computer could get infected while online.

So much misinformation. A guy simple turn off the wifi an think this is better than a hw... This is why so many people lost BTC and get hacked. It is not easy to be responsible for your own money . You need to read and get informed

A permanently offline computer is certainly more expensive than 90usd hw and probably less safe (unless you have far more knowledge than an "average tech guy" and lots of time and are willing to work)

[PrimeNumber7]

My opinion is that you sound very arrogant, and are unwilling to admit that you are wrong, or that you can even learn something. This is a very dangerious way to handle the security of your coin. 

When using a paper wallet:

• You must use a(n) (offline) computer to generate the private key to a paper wallet, and the portions of the private key may remain on the computer long after the fact.
  

Please tell me what part of the computer these "portions of private keys" remain on. <>
I'm not turning my wifi off on windows 10 and hoping for the best. I'm using an air-gapped system.

Your private keys will be in your RAM, and may be on your HDD, depending on your specific method of generating your private keys.

Even if you are using an air-gapped computer, someone with physical access to the computer may be able to obtain any remnants of your private key that remain. This is the same threat model as what is being described with HW wallets, however a HW wallet is easier to secure/hide than a computer. 

• You must transfer the private key of your paper wallet onto a(n) (offline) computer to spend any of your coin, risking the private key remains on your computer long after the fact, and risking that someone will take a picture of your private key/paper wallet. Neither of these are a risk with a HW wallet

Again, sounds like you don't understand what an air-gapped system is. Also, who the hell is generating private keys in a public park where a stranger can take a picture of their screen? Wtf? Go in the corner of your house if you're really paranoid (which of course I am).

I am comparing the threat model of a paper wallet to that of a HW wallet.

If you take a paper wallet out of your safe to spend some of your coin, someone could take a picture of your paper wallet to compromise the seed, minus your passphrase. If you are using a HW wallet, an attacker taking a picture of your HW wallet would provide nothing to the attacker. The attacker would need physical access to the HW wallet for an extended period of time to compromise the seed in a similar way. 

• An attacker may be able to compromise your paper wallet by being in possession of it temporarily for only a few seconds via taking a picture of your paper wallet. For a HW wallet to be compromised, the attacker must be in continuous possession of your HW wallet for a longer time, and must be in proximity of special electronic equipment. An attacker could stumble across a paper wallet, and compromise it without your knowledge, while a HW wallet being compromised without your knowledge would require a more targeted attack.

How did said attacker guess my BIP38 passphrase so quickly? They must have seen when I typed it out at the public park I generated my keys at I guess.

Again, I am comparing the threat model of a HW wallet to that of a paper wallet. See my above response.

Again, user error is not a vulnerability.

I am going to disagree with this statement. If a process is so complex that the average user is going to make a mistake, this is a vulnerability. [/list]

[kosierosie]

Sensation at its best - the subject line says it all.

But besides the sensation, I'm probably missing something, but does it not make sense to just transfer your Bitcoin to a new wallet if you find that your HW wallet has been stolen?
Would you not do the same if your air-gapped home made system is stolen?
One of the best things about HW wallets is that you are bound to notice when its stolen and it will give you time to respond appropriately - not so with your software wallet.