Bitcoin Forum
December 10, 2019, 11:40:25 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Software wallet analysis by Veriphi  (Read 178 times)
Wind_FURY
Hero Member
*****
Offline Offline

Activity: 1302
Merit: 826


Crypto-Games.net: Multiple coins, multiple games


View Profile
November 20, 2019, 08:06:18 AM
Merited by dbshck (2), ETFbitcoin (2), pooya87 (1), fillippone (1)
 #1

I found a thorough software wallet analysis from veriphi.io, https://www.veriphi.io/en/software-wallet-analysis

Here's a link to the table presenting all known wallets, https://docs.google.com/spreadsheets/d/1aZ1zbaUEzCo9NCctN8-eL2VLIiSdY009tTJvRXDUWEw/edit?usp=sharing

Post mistakes and disagreements, if there are any.



▄▄▄████████▄▄▄
▄██████████████████▄
▄██████████████████████▄
██████████████████████████
████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
████████████████████████████
██████████████████████████
▀██████████████████████▀
▀██████████████████▀
▀▀▀████████▀▀▀
   ███████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
███████
BTC  ◉PLAY  ◉XMR  ◉DOGE  ◉BCH  ◉STRAT  ◉ETH  ◉GAS  ◉LTC  ◉DASH  ◉PPC
     ▄▄██████████████▄▄
  ▄██████████████████████▄        █████
▄██████████████████████████▄      █████
████ ▄▄▄▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄ ████     ▄██▀
████ █████ ██████ █████ ████    ▄██▀
████ █████ ██████ █████ ████    ██▀
████ █████ ██████ █████ ████    ██
████ ▀▀▀▀▀ ▀▀▀▀▀▀ ▀▀▀▀▀ ████ ▄██████▄
████████████████████████████ ████████
███████▀            ▀███████ ▀██████▀
█████▀                ▀█████
▀██████████████████████████▀
  ▀▀████████████████████▀▀ 
✔️DICE           
✔️BLACKJACK
✔️PLINKO
✔️VIDEO POKER
✔️ROULETTE     
✔️LOTTO
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1576021225
Hero Member
*
Offline Offline

Posts: 1576021225

View Profile Personal Message (Offline)

Ignore
1576021225
Reply with quote  #2

1576021225
Report to moderator
1576021225
Hero Member
*
Offline Offline

Posts: 1576021225

View Profile Personal Message (Offline)

Ignore
1576021225
Reply with quote  #2

1576021225
Report to moderator
nc50lc
Hero Member
*****
Offline Offline

Activity: 798
Merit: 827


Self-proclaimed Genius ㊙️


View Profile WWW
November 20, 2019, 08:36:04 AM
Merited by ETFbitcoin (1), hugeblack (1), fillippone (1)
 #2

Post mistakes and disagreements, if there are any.
For Electrum:
Line 12: "Wallet is API, SPV or a Node?" : AFAIK everyone describe Electrum as an SPV wallet.
Line 22: "Can you add extra entropy?" : Yes, Electrum supports SEED extension.
Line 36: "Can you have many accounts?" : If it's about multiple wallet files, it should be yes.
Line 39: "Can the user broadcast any TX?" : Yes by using the console command broadcast(tx)

For clarification, some of these fields should be specific, not yes or no.

OmegaStarScream
Staff
Legendary
*
Offline Offline

Activity: 1862
Merit: 1550


Exchange Bitcoin quicky--https://blockchain.com.do


View Profile
November 20, 2019, 09:06:51 AM
Last edit: November 20, 2019, 09:25:10 AM by OmegaStarScream
Merited by mocacinno (1)
 #3

How come hardware wallets like Trezor and Ledger are not recommended? they are making some desktop/mobile wallets look like a better option.

Also not sure what do they mean when they say that Trezor has bad privacy? as it's always possible to run Blockbook and connect the wallet to your own node.

mocacinno
Legendary
*
Offline Offline

Activity: 1792
Merit: 1852


https://unblur.ninja =>lightning network testsite


View Profile WWW
November 20, 2019, 09:12:09 AM
 #4

How come hardware wallets like Trezor and Ledger are not recommended? they are making some desktop/mobile wallets look like a better option.

Couldn't agree more... I just read the table and was about to post the exact same thing when i saw you beat me to the punch.

I guess they're missing some factors when they're determining whether or not to recommend a wallet. If they'd take the fact that private keys never touch your computer into account and give these factors a high score, the table would look a tad bit different. But offcourse, if you create a scoring system that's focussed on a less secure wallet, and ignore the features of hardware wallets but still try to use the same scoring system for them, you'll end up "proving" desktop wallets are more secure (for newbies reading this: this statement is untrue... Hardware wallets like trezor or ledger are far more secure than any desktop wallet)

crwth
Copper Member
Hero Member
*****
Offline Offline

Activity: 1148
Merit: 728


Semper Paratus | https://gunbot.ph


View Profile WWW
November 20, 2019, 09:19:19 AM
 #5

I think they should have included a summarized part who has the best feature, like what they do in comparing cars. Like of the most recommended feature highlighted, instead of having the 6 columns highlighted in Green, 5 in yellow, 9 in red, and 5 in black. It just seems biased.

So for example:
Open Source: Yes is highlighted in Green
Open Source: No is highlighted in Red

It's quite hard to understand what they are trying to say in that spreadsheet.

mocacinno
Legendary
*
Offline Offline

Activity: 1792
Merit: 1852


https://unblur.ninja =>lightning network testsite


View Profile WWW
November 20, 2019, 09:40:08 AM
Merited by ETFbitcoin (1), hugeblack (1)
 #6

One other thing just popped to mind when i read the spreadsheet for a second time... A new remark for both ledger and trezor: Both can be used together with electrum. If you use electrum together with a ledger or trezor, many of the "negative" features become "positive".

For example:
  • No shit coins (whatever that might mean)
  • no web app
  • open source backend
  • user can connect to his own node (he'll need an electrum node tough)
  • Python instead of javascript
  • multisig
  • 2FA
  • probably even coinjoin trough an electrum plugin???
  • most of the extra features supported by electrum
  • Tor enabled possible
  • complete fee selection
  • many price api's
  • RBF enabled
  • Coin control enabled
  • user can broacast any tx
  • message signing
  • batch spending
  • testnet
  • ...

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1848
Merit: 2123

Use SegWit and enjoy lower fees.


View Profile WWW
November 20, 2019, 06:54:01 PM
 #7

For Functionnalities list :
1. Support Level. I don't see why GitHub is included while most developer only accept bug report from their user.
2. Social Aspect. I don't understand what it means and there's no explanation on their page.

For Wasabi :
1. Coin Control? Yes. I think it should be Yes (Forced) instead


Line 12: "Wallet is API, SPV or a Node?" : AFAIK everyone describe Electrum as an SPV wallet.

I agree, while they describe difference between API and SPV correctly, they forget Electrum connect to random nodes/server by default.
They should use "API and SPV" instead.


HCP
Legendary
*
Offline Offline

Activity: 1176
Merit: 1990

<insert witty quote here>


View Profile
November 20, 2019, 08:16:39 PM
 #8

Quote
Recommended? "No"... Why? "Shitcoins"

So... apparently choice is a bad thing now? Huh Especially given that the "shitcoins" that BRD wallet supports are BCH, ETH and ERC20 tokens... 2 of which are Top 4 on CoinMarketCap... hardly what you would call a "shitcoin" Roll Eyes

The metrics used in this "analysis" are very subjective. Undecided

malevolent
can into space
Staff
Legendary
*
Offline Offline

Activity: 2408
Merit: 1303



View Profile
November 20, 2019, 08:24:36 PM
Merited by ETFbitcoin (1)
 #9

How come hardware wallets like Trezor and Ledger are not recommended? they are making some desktop/mobile wallets look like a better option.

Also not sure what do they mean when they say that Trezor has bad privacy? as it's always possible to run Blockbook and connect the wallet to your own node.

They're describing Trezor Wallet which isn't great, not the Trezor hardware wallet itself which can be used with other wallets.

Wind_FURY
Hero Member
*****
Offline Offline

Activity: 1302
Merit: 826


Crypto-Games.net: Multiple coins, multiple games


View Profile
November 21, 2019, 08:18:26 AM
 #10

How come hardware wallets like Trezor and Ledger are not recommended? they are making some desktop/mobile wallets look like a better option.

Couldn't agree more... I just read the table and was about to post the exact same thing when i saw you beat me to the punch.

I guess they're missing some factors when they're determining whether or not to recommend a wallet. If they'd take the fact that private keys never touch your computer into account and give these factors a high score, the table would look a tad bit different. But offcourse, if you create a scoring system that's focussed on a less secure wallet, and ignore the features of hardware wallets but still try to use the same scoring system for them, you'll end up "proving" desktop wallets are more secure (for newbies reading this: this statement is untrue... Hardware wallets like trezor or ledger are far more secure than any desktop wallet)


I believe they were grading the wallet app on Trezor's website, not the Trezor hardware itself? But I'll try to talk to them and show the questions in the topic. It shouldn't be hard for them to reply, if they have the time.


▄▄▄████████▄▄▄
▄██████████████████▄
▄██████████████████████▄
██████████████████████████
████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
████████████████████████████
██████████████████████████
▀██████████████████████▀
▀██████████████████▀
▀▀▀████████▀▀▀
   ███████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
███████
BTC  ◉PLAY  ◉XMR  ◉DOGE  ◉BCH  ◉STRAT  ◉ETH  ◉GAS  ◉LTC  ◉DASH  ◉PPC
     ▄▄██████████████▄▄
  ▄██████████████████████▄        █████
▄██████████████████████████▄      █████
████ ▄▄▄▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄ ████     ▄██▀
████ █████ ██████ █████ ████    ▄██▀
████ █████ ██████ █████ ████    ██▀
████ █████ ██████ █████ ████    ██
████ ▀▀▀▀▀ ▀▀▀▀▀▀ ▀▀▀▀▀ ████ ▄██████▄
████████████████████████████ ████████
███████▀            ▀███████ ▀██████▀
█████▀                ▀█████
▀██████████████████████████▀
  ▀▀████████████████████▀▀ 
✔️DICE           
✔️BLACKJACK
✔️PLINKO
✔️VIDEO POKER
✔️ROULETTE     
✔️LOTTO
mocacinno
Legendary
*
Offline Offline

Activity: 1792
Merit: 1852


https://unblur.ninja =>lightning network testsite


View Profile WWW
November 21, 2019, 11:23:20 AM
 #11


I believe they were grading the wallet app on Trezor's website, not the Trezor hardware itself? But I'll try to talk to them and show the questions in the topic. It shouldn't be hard for them to reply, if they have the time.

Eventough this is a valid assumption, it doesn't take away the fact that newbies reading this list will most likely jump to the wrong conclusion that it's better to create a wallet with an online wallet provider than to invest $100 for a ledger or a trezor. If you're a legit company and you publish a spreadsheet like this, newbies can suffer the consequences of your actions.

Wind_FURY
Hero Member
*****
Offline Offline

Activity: 1302
Merit: 826


Crypto-Games.net: Multiple coins, multiple games


View Profile
November 22, 2019, 05:35:08 AM
 #12


I believe they were grading the wallet app on Trezor's website, not the Trezor hardware itself? But I'll try to talk to them and show the questions in the topic. It shouldn't be hard for them to reply, if they have the time.

Eventough this is a valid assumption, it doesn't take away the fact that newbies reading this list will most likely jump to the wrong conclusion that it's better to create a wallet with an online wallet provider than to invest $100 for a ledger or a trezor. If you're a legit company and you publish a spreadsheet like this, newbies can suffer the consequences of your actions.


You're nitpicking, but I can see your point. I already pointed Verihpi about said criticism, and this topic. I believe a simple clarification near the top of the spreadsheet would do.


▄▄▄████████▄▄▄
▄██████████████████▄
▄██████████████████████▄
██████████████████████████
████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
████████████████████████████
██████████████████████████
▀██████████████████████▀
▀██████████████████▀
▀▀▀████████▀▀▀
   ███████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
███████
BTC  ◉PLAY  ◉XMR  ◉DOGE  ◉BCH  ◉STRAT  ◉ETH  ◉GAS  ◉LTC  ◉DASH  ◉PPC
     ▄▄██████████████▄▄
  ▄██████████████████████▄        █████
▄██████████████████████████▄      █████
████ ▄▄▄▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄ ████     ▄██▀
████ █████ ██████ █████ ████    ▄██▀
████ █████ ██████ █████ ████    ██▀
████ █████ ██████ █████ ████    ██
████ ▀▀▀▀▀ ▀▀▀▀▀▀ ▀▀▀▀▀ ████ ▄██████▄
████████████████████████████ ████████
███████▀            ▀███████ ▀██████▀
█████▀                ▀█████
▀██████████████████████████▀
  ▀▀████████████████████▀▀ 
✔️DICE           
✔️BLACKJACK
✔️PLINKO
✔️VIDEO POKER
✔️ROULETTE     
✔️LOTTO
MaciejVeriphi
Newbie
*
Offline Offline

Activity: 1
Merit: 1


View Profile
November 22, 2019, 09:14:25 AM
Merited by Wind_FURY (1)
 #13


I believe they were grading the wallet app on Trezor's website, not the Trezor hardware itself? But I'll try to talk to them and show the questions in the topic. It shouldn't be hard for them to reply, if they have the time.

Eventough this is a valid assumption, it doesn't take away the fact that newbies reading this list will most likely jump to the wrong conclusion that it's better to create a wallet with an online wallet provider than to invest $100 for a ledger or a trezor. If you're a legit company and you publish a spreadsheet like this, newbies can suffer the consequences of your actions.


You're nitpicking, but I can see your point. I already pointed Verihpi about said criticism, and this topic. I believe a simple clarification near the top of the spreadsheet would do.

Hi Everybody, This is Maciej from Veriphi, my twitter handle is @CepnikMaciej.

Thank you for starting this thread, we're happy this got so much traction. You were right about your presumption when we mention Trezor and Ledger, we are talking about their online platforms. This is specified in the related article when we point out this is a software analysis only. Indeed, in a perfect situation someone using a ledger or trezor with the electrum wallet has really strong security.

We agree this might not be clear enough, especially for people that fall upon the table without the associate article. We will be adding a comment specifying the difference. Thank you all for pointing this out.
Wind_FURY
Hero Member
*****
Offline Offline

Activity: 1302
Merit: 826


Crypto-Games.net: Multiple coins, multiple games


View Profile
December 02, 2019, 06:46:49 AM
 #14

My only criticism for your review is some wallets were "not recommended" because the reason was "shitcoins"? You would do that to GreenWallet, or Electrum if you can HODL shitcoins in them?


▄▄▄████████▄▄▄
▄██████████████████▄
▄██████████████████████▄
██████████████████████████
████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
████████████████████████████
██████████████████████████
▀██████████████████████▀
▀██████████████████▀
▀▀▀████████▀▀▀
   ███████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
███████
BTC  ◉PLAY  ◉XMR  ◉DOGE  ◉BCH  ◉STRAT  ◉ETH  ◉GAS  ◉LTC  ◉DASH  ◉PPC
     ▄▄██████████████▄▄
  ▄██████████████████████▄        █████
▄██████████████████████████▄      █████
████ ▄▄▄▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄ ████     ▄██▀
████ █████ ██████ █████ ████    ▄██▀
████ █████ ██████ █████ ████    ██▀
████ █████ ██████ █████ ████    ██
████ ▀▀▀▀▀ ▀▀▀▀▀▀ ▀▀▀▀▀ ████ ▄██████▄
████████████████████████████ ████████
███████▀            ▀███████ ▀██████▀
█████▀                ▀█████
▀██████████████████████████▀
  ▀▀████████████████████▀▀ 
✔️DICE           
✔️BLACKJACK
✔️PLINKO
✔️VIDEO POKER
✔️ROULETTE     
✔️LOTTO
nc50lc
Hero Member
*****
Offline Offline

Activity: 798
Merit: 827


Self-proclaimed Genius ㊙️


View Profile WWW
December 02, 2019, 06:58:27 AM
 #15

My only criticism for your review is some wallets were "not recommended" because the reason was "shitcoins"? You would do that to GreenWallet, or Electrum if you can HODL shitcoins in them?
I bet it's because of the inclusion criteria (written above the spreadsheet), which seemed like also used as the criteria for rating:
We have analyzed 48 features
for each wallet, the inclusion criteria is :
 
1) Mainly a Bitcoin Wallet
2) Enough Usage (Over 1000 Downloads)

That said, those that aren't specifically made for Bitcoins with minimal features/security fell to non-recommended.

pooya87
Legendary
*
Offline Offline

Activity: 1848
Merit: 2108


Remember tonight for it's the beginning of forever


View Profile
December 02, 2019, 08:25:13 AM
 #16

the list seems to become emotional thing rather than fact based when it comes to the black part at the end. i am talking about the S2X part! for example for Coinbase it says ""S2X, Custodial, Shitcoins"! what the hell does that even mean? Coinbase is a custodial bitcoin wallet, has nothing to do with shitcoins, it is not a good option to store bitcoins but it is an excellent option for beginners to buy bitcoin and get started with a familiar interface then move to a real wallet!

the row saying "P2SH" is misleading because P2SH is simply "pay to script hash" and it has nothing to do with SegWit but based on the Yes/No it seems like they mean a nested SegWit!

"Coin control" and "Batch spending?" rows should not even exist in custodial wallets because it doesn't make sense.

"Can the user broadcast any TX?" some of the columns also have an API that lets you push a TX like blockchain.com but it says "NO"

"Message Signing / Verification?" i believe you can sign a message from both blockchain.com and coinbase through their interface. and for blockchain.com since you already have your private keys you can do it elsewhere too.

"Shitcoin Exchange" shows yet another emotional row!

"Other BTC Features?" for bitcoin core says YES whereas it really doesn't support a lot of features. for example mnemonics (BIP39 and its family), coinjoin, lots of other BIPs.

ps. i am curious whether hardware wallets are actually "fully" open source?


for Electrum (some may have been mentioned):
Why? +user friendly and feature rich
Connects to a Backend Server? it is not a server that Electrum connects to, it is a node
both "Can you add extra entropy?" and "Can you add a passphrase?" should be YES
"Can you have many accounts?" if they mean actual accounts like on a site then it shouldn't be available for all collums only for web wallets, if they mean accounts as in different wallets then it is true for a lot of them including Electrum, bitcoin core,...
"Can the user broadcast any TX?" YES!
"Customizable UI (User Interface)" there isn't much customization option available! you can change units, show/hide some tabs to see "advanced" tabs but i wouldn't call it customization, but it is just my opinion.


all in all i think it was a good table but had some mistakes here and there. i also think it is better if they add some tool tips on each cell on first row explaining what they mean and also they should remove unrelated ones and instead of YES/NO it should place something like a dash indicating not-applicable.

malevolent
can into space
Staff
Legendary
*
Offline Offline

Activity: 2408
Merit: 1303



View Profile
December 03, 2019, 03:26:45 AM
 #17

ps. i am curious whether hardware wallets are actually "fully" open source?

As far as software goes, Trezor One and Trezor T are fully open source. You can also build one yourself from scratch. The microcontrollers' hardware is another matter.

Wind_FURY
Hero Member
*****
Offline Offline

Activity: 1302
Merit: 826


Crypto-Games.net: Multiple coins, multiple games


View Profile
December 03, 2019, 04:50:10 AM
 #18


the list seems to become emotional thing rather than fact based when it comes to the black part at the end. i am talking about the S2X part! for example for Coinbase it says ""S2X, Custodial, Shitcoins"! what the hell does that even mean? Coinbase is a custodial bitcoin wallet, has nothing to do with shitcoins, it is not a good option to store bitcoins but it is an excellent option for beginners to buy bitcoin and get started with a familiar interface then move to a real wallet!


But I agree though. Anyone who owns a service or an app that supported S2X should NOT be recommended, especially to newbies. Hahaha. Cool


▄▄▄████████▄▄▄
▄██████████████████▄
▄██████████████████████▄
██████████████████████████
████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
████████████████████████████
██████████████████████████
▀██████████████████████▀
▀██████████████████▀
▀▀▀████████▀▀▀
   ███████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
███████
BTC  ◉PLAY  ◉XMR  ◉DOGE  ◉BCH  ◉STRAT  ◉ETH  ◉GAS  ◉LTC  ◉DASH  ◉PPC
     ▄▄██████████████▄▄
  ▄██████████████████████▄        █████
▄██████████████████████████▄      █████
████ ▄▄▄▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄ ████     ▄██▀
████ █████ ██████ █████ ████    ▄██▀
████ █████ ██████ █████ ████    ██▀
████ █████ ██████ █████ ████    ██
████ ▀▀▀▀▀ ▀▀▀▀▀▀ ▀▀▀▀▀ ████ ▄██████▄
████████████████████████████ ████████
███████▀            ▀███████ ▀██████▀
█████▀                ▀█████
▀██████████████████████████▀
  ▀▀████████████████████▀▀ 
✔️DICE           
✔️BLACKJACK
✔️PLINKO
✔️VIDEO POKER
✔️ROULETTE     
✔️LOTTO
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!