OpenDime or Hardware Wallet?

[Tibu]

For those who are looking at OpenDime because of the good price and the low form factor, you can have a nice alternative with Satochip card.
Which are also cheap compare to other well know hardware wallet and offer a real "hardware" alternative because keys are stored within a secured chip and never leave it!


This is the LTC version of the hardware wallet... Nice looking and fit in your purse.


------------------------------------ Useful links ------------------------------------
Official BTCTalk thread: https://bitcointalk.org/index.php?topic=5181719.msg52357835#msg52357835
On Twitter: https://twitter.com/SatochipWallet
On Telegram: https://t.me/Satochip
Website: https://satochip.io

[1715508727]

1715508727

[Zicadis]

For those who are looking at OpenDime because of the good price and the low form factor, you can have a nice alternative with Satochip card.
Which are also cheap compare to other well know hardware wallet and offer a real "hardware" alternative because keys are stored within a secured chip and never leave it!

Not really sure how you can market this as an alternative to OpenDime considering the OpenDime is $14 each and single use, whereas your wallet is $27 and multi-use?

They clearly serve two different audiences, one for absolute noobs whereas yours appears to be for intermediate users...

Maybe you could compete with OpenDime if you sold yours in packs of three for a slightly lower price, maybe $50 or so?

[o_e_l_e_o]

The Satoship isn't a direct competitor to the OpenDime as it is not designed to be physically handed from one person to another. It is more of a competitor to the "standard" hardware wallets like Ledger or Trezor devices. Although inexpensive and sleek looking, the big downside is that you have to buy and carry around a bulky card reader as well, so it doesn't exactly fit in your wallet as you would expect.

[DaveF]

The Satoship isn't a direct competitor to the OpenDime as it is not designed to be physically handed from one person to another. It is more of a competitor to the "standard" hardware wallets like Ledger or Trezor devices. Although inexpensive and sleek looking, the big downside is that you have to buy and carry around a bulky card reader as well, so it doesn't exactly fit in your wallet as you would expect.

But it does look cool.
American Express tried something like this years ago when they launched the blue card.
Plug a usb reader into your computer to make online purchases. Was supposed to be more secure.
Don't know if it was or not, but it never was that popular.


https://web.archive.org/web/20081207004902/http://bits.blogs.nytimes.com/2008/12/05/a-credit-card-loses-its-high-tech-cred/

-Dave

[o_e_l_e_o]

But it does look cool.

Totally, and I've actually been meaning to pick one up for a while just to play around with it. I've got no issue plugging a card reader in to my desktop at home, or even carrying one around in my laptop bag. I am not, however, going to carry one around in my pocket for transacting on the move. The whole point of a wallet shaped like a credit card, in my opinion, is that it can be carried around inside your fiat wallet like a credit card. If Satochip incorporated bluetooth, RFID, NFC, or some other secure wireless transmission capabilities, I would almost certainly use one for my day to day crypto spending rather than a mobile wallet or a different hardware wallet.

[Abiky]

I wouldn't say so. If you are willing to pay $15 for an OpenDime which you can use once, then paying $40-$60 for a Ledger Nano S (depending on what deals they have on at the time) which you can use as many times as you want for years on years hardly seems expensive to me.

Exactly. A hardware wallet can be re-used for as long as you like, while a bearer instrument like the Tangem Card or the OpenDime are one-time-use. They have their unique purposes for different situations in life. I already own a hardware wallet, but I'd love to get an OpenDime as a souvenir or collector's item. It's a great little device that I could use to send money to my friends personally if the need arises. Both the OpenDime and the Tangem Card are a great way to treat Bitcoin as "physical cash". I think they're much better than an ordinary paper wallet since the private keys are not exposed to prying eyes. Despite this, you're prone to losing your Bitcoin if the device gets lost/stolen while in a paper wallet it's much easier to make a backup of the keys.

Absolutely not. Whoever has possession of the card has possession of the funds. There is no way to back up a seed phrase or private key, and there is no way to apply a password or PIN. It is definitely less secure than a password protected mobile wallet. It is essentially the same as carrying cash. I don't carry much cash around with me either, but I still think it would be cool to be able to be able to physically hand someone $20 worth of BTC, for example, rather than make an on-chain transaction.

Yes. It's only great for small amounts of Bitcoin than anything else. One would treat these devices as you would with physical cash. But the true winner is the hardware wallet because of its greater degree of security (not to mention that it's also reusable). I'd say that both the Trezor One and the Ledger Nano X are neck-and-neck when it comes to providing unparalleled security with a wide-array of cryptocurrencies to choose from. Still, I doubt how secure the Ledger Nano X would be considering that it relies on Bluetooth connection for interacting with it. It's the reason why I've kept my Ledger Nano S for a long time. Which is why, I'm not planning to switch to another hardware wallet until my good-old hardware wallet dies for good.

[o_e_l_e_o]

I think they're much better than an ordinary paper wallet since the private keys are not exposed to prying eyes. Despite this, you're prone to losing your Bitcoin if the device gets lost/stolen while in a paper wallet it's much easier to make a backup of the keys.

Yeah, although these devices are closer to a paper wallet in similarities than they are to classical hardware wallets, they still don't fulfill the same purpose. I have a couple of paper wallets I use for long-term cold storage, because they are very secure and easy to back up by creating multiple copies. This isn't possible with an OpenDime or Tangem card. Similarly, you can't really use paper wallets as cash, since the receiving party has absolutely no way to know whether you created the paper wallet securely, or whether you have another copy of the wallet which you can use to then rip them off.

I'd say that both the Trezor One and the Ledger Nano X are neck-and-neck when it comes to providing unparalleled security with a wide-array of cryptocurrencies to choose from.

That certainly used to be the case, but since the security flaws in the Trezor discovered by Ledger and Kraken, I have stopped using my Trezor devices. Ledger certainly has the lead with the current devices on the market.

Still, I doubt how secure the Ledger Nano X would be considering that it relies on Bluetooth connection for interacting with it.

It doesn't rely on Bluetooth, as you can disable it entirely and use a USB-C cable instead if you want. Only public data is transmitted via Bluetooth anyway - an unsigned transaction from phone to wallet, and a signed transaction back from wallet to phone - and even then it is encrypted. As far as I know, no one has demonstrated any potential security risk from using Bluetooth. There's more info here: https://www.ledger.com/ledger-nano-x-bluetooth-security-model-of-a-wireless-hardware-wallet/

[Abiky]

Yeah, although these devices are closer to a paper wallet in similarities than they are to classical hardware wallets, they still don't fulfill the same purpose. I have a couple of paper wallets I use for long-term cold storage, because they are very secure and easy to back up by creating multiple copies. This isn't possible with an OpenDime or Tangem card. Similarly, you can't really use paper wallets as cash, since the receiving party has absolutely no way to know whether you created the paper wallet securely, or whether you have another copy of the wallet which you can use to then rip them off.

Yes. I've figured that the real deal about the OpenDime or the Tangem Card is making a backup of their private keys. Considering the way they've been designed, it's practically impossible to do this without "breaking the seal". In this regard, paper wallets are a winner. By all means, I'd treat bearer instruments as they were physical cash. That's because if you lose them, there's no way to recover your funds unlike a hardware wallet. For different situations/scenarios, you'd choose one type of wallet from the other. As for me, I'd choose both a bearer instrument like the OpenDime and a hardware wallet like the Ledger Nano S for added convenience.

That certainly used to be the case, but since the security flaws in the Trezor discovered by Ledger and Kraken, I have stopped using my Trezor devices. Ledger certainly has the lead with the current devices on the market.

I wonder if Trezor managed to address those flaws already? If it wants to stay in the competition, I'd need to focus on securing its devices against external attacks. But if they haven't mitigated the issue yet, then I believe that the "Ledger" company will prevail in the long run. I believe that "Ledger" is the most trusted hardware wallet manufacturer in existence, with a proven track record of security and reliability. I like its hardware wallets the most as they're much more compact than the Trezor. Both are neck-and-neck in terms of providing a wide-array of cryptocurrencies to choose from. But the Ledger will always be a winner in my book.

It doesn't rely on Bluetooth, as you can disable it entirely and use a USB-C cable instead if you want. Only public data is transmitted via Bluetooth anyway - an unsigned transaction from phone to wallet, and a signed transaction back from wallet to phone - and even then it is encrypted. As far as I know, no one has demonstrated any potential security risk from using Bluetooth. There's more info here: https://www.ledger.com/ledger-nano-x-bluetooth-security-model-of-a-wireless-hardware-wallet/

I did not know about that earlier. Thanks for clarifying. If that's the case, then it would be worth doing the upgrade from the Nano S to the newly-released Nano X. After all, the new version has greater capacity for installing various crypto apps at the same time. As an avid crypto user, I often use more than one cryptocurrency for trading and long-term storage. The Nano S is very limited compared to the Nano X as you cannot install more than 3-4 apps at the same time because of its memory limitations.

Despite this, there's no denying that hardware wallets are better than bearer instruments like the ones mentioned previously. As it's said in the real world, "you get what you pay for". Bearer instruments like the OpenDime and the Tangem Card may be cheaper than hardware wallets like the Ledger or the Trezor but they're not "bulletproof". They're only great for sending small amounts of crypto to friends and family in a physical manner. Even though they're inferior than hardware wallets, I'd certainly love to own an OpenDime and Tangem Card as a sort of "souvenir" or "collector's item".

[o_e_l_e_o]

I wonder if Trezor managed to address those flaws already?

They haven't, unfortunately. There was a discussion about this on another thread while back. Essentially the attack is at a hardware level, so isn't fixable/patchable with a software update - it will take an entire redesign and new model being released to fix it. The attack is mitigated by using a long, random passphrase. Essentially, the seed is still at risk of being stolen, but if you are also using a passphrase then at least your coins won't be stolen. However, Trezor's response to the whole thing has been wholly unsatisfactory in my opinion. They have released a couple of blog posts which essentially say "Meh, use a passphrase", but do nothing to address the underlying concerns of their users. They don't mention the requirement to use a passphrase to new users in any of the documentation, they haven't made any attempt to contact existing users about the vulnerability, and there is no mention of it on their main website. They seem to be trying to just sweep it under the rug, and hoping nothing bad comes from it.

I stopped using my Trezor devices partly because of the vulnerability, but also partly because of their attitude to it. I no longer trust them.

[Pmalek]

They seem to be trying to just sweep it under the rug, and hoping nothing bad comes from it.

That is exactly what they are doing. Hoping that with enough time people will simply forget about it. Until the Ledger team revealed the problem to them they either didnt know about it or didn't care to mention it to the public. New users probably don't know about the issues, unless they did extensive research on the product, and lets be honest, most probably they didn't. 

[o_e_l_e_o]

Hoping that with enough time people will simply forget about it.

They might get lucky, and no one will have their coins stolen by this method before their next model is designed, released, and becomes widespread (I am assuming of course they will fix the issue in question when they inevitably do release a new model - it would be crazy not to). Having said that, however, they only need a single user to lose a significant amount of coins via this method for it to explode all over Twitter, Medium, Reddit, this forum, etc., and cause significant damage to their reputation and their profits. It's a very large risk they are taking, especially when it can be mitigated quite easily.

If it were me, I would send an email to all the customer addresses they have, explaining the vulnerability and stating how to protect against it. I would put an announcement on their social media channels, on their web page, and I would include a section in their set-up guide explaining that it is highly recommended for all users to use a (complex) passphrase. Anything short of that is highly irresponsible on their part.

[DaveF]

I have said it in other posts here but since it came up I will say it again.
It's the attitude in general of Slush.
Problems with the pool back in the day, sweep it under the rug and ignore it.
More issues with payouts from the pool and other things, ignore it.
Trezor security issues, ignore it.

It's just the way they do things.

-Dave

[DireWolfM14]

I'm no expert, but I think that the security issues with Trezor (and similar wallets like KeepKey) are over-hyped.  It's my opinion that no hardware wallet should be used without a Bip39 pass phrase, and that includes the Ledger.  By simply using a Bip39 pass phrase, your seed alone becomes worthless.  Unless the hacker knows your pass phrase your bitcoin is safe, at least for a brief period of time, depending on the complexity of the pass phrase.  Hopefully this will provide you enough time to notice your wallet has been lost or stolen.

It's my understanding that in order to hack the Trezor to obtain the seed-phrase the hacker needs to have the wallet in hand (i.e. physical attack,) and he must know the PIN.  Even the strongest PINs are vulnerable to brute force, being composed of numbers only.  Like Ledger models, both Trezor wallets have a security feature that wipes the device if the wrong PIN is entered three times.

According to the Kraken Labs article:

We then crack the encrypted seed, which is protected by a 1-9 digit PIN, but is trivial to brute force.

So, one can reason that if the PIN on a Trezor is trivial to brute-force, then why would the PIN on a Ledger be any more secure?  In fact, I would suggest that if one can brute-force your Ledger PINs then your coins are more at risk.  I'm assuming that anyone who has set up a Bip39 pass phrase on their Ledger has also attached it to a secondary PIN (which should also be "trivial" to brute force.)  The secondary PIN is a pretty cool feature that the Ledger offers, and helps to save time when accessing your wallet, but wouldn't that compromise the added security of having a strong pass phrase?

Again, I'm only hypothesizing about something of which I have limited understanding.

[DaveF]

By simply using a Bip39 pass phrase

No you need a stupid long passphrase.

Take a look at this discussion:

https://bitcointalk.org/index.php?topic=5222188.0;all

-Dave

[DireWolfM14]

No you need a stupid long passphrase.

Of course the longer and more complex of a pass phrase you use the harder it is to crack, but even an eight-character pass phrase with unusual characters, numbers, upper, and lower case letters would take many years to crack. 

But that's not addressing my other concern about the Ledger and the use of a secondary PIN.  Regardless of how stupid-long your pass phrase is, hiding it behind a 9-digit numeric PIN would defeat the purpose, no?

[o_e_l_e_o]

It's my understanding that in order to hack the Trezor to obtain the seed-phrase the hacker needs to have the wallet in hand (i.e. physical attack,) and he must know the PIN.  Even the strongest PINs are vulnerable to brute force, being composed of numbers only.  Like Ledger models, both Trezor wallets have a security feature that wipes the device if the wrong PIN is entered three times.

An attacker must have physical access to the wallet, yes. However, in the attack as detailed by the Ledger Donjon team here (https://donjon.ledger.com/Unfixable-Key-Extraction-Attack-on-Trezor/), the PIN is bruteforced at a hardware level, meaning the security features of a prolonged delay between attempts or locking the device if too many wrong attempts are made are bypassed. The PIN is brute forcible in a matter of minutes.

So, one can reason that if the PIN on a Trezor is trivial to brute-force, then why would the PIN on a Ledger be any more secure?

There has been no similar attack demonstrated on a Ledger device in which the 3-strikes-and-you're-out PIN protection system has been able to be bypassed.

I'm assuming that anyone who has set up a Bip39 pass phrase on their Ledger has also attached it to a secondary PIN (which should also be "trivial" to brute force.)

I've never used the "attach to secondary PIN" feature, but it would still be secure unless a similar attack was demonstrated as above.

[Abiky]

They haven't, unfortunately. There was a discussion about this on another thread while back. Essentially the attack is at a hardware level, so isn't fixable/patchable with a software update - it will take an entire redesign and new model being released to fix it. The attack is mitigated by using a long, random passphrase. Essentially, the seed is still at risk of being stolen, but if you are also using a passphrase then at least your coins won't be stolen. However, Trezor's response to the whole thing has been wholly unsatisfactory in my opinion. They have released a couple of blog posts which essentially say "Meh, use a passphrase", but do nothing to address the underlying concerns of their users. They don't mention the requirement to use a passphrase to new users in any of the documentation, they haven't made any attempt to contact existing users about the vulnerability, and there is no mention of it on their main website. They seem to be trying to just sweep it under the rug, and hoping nothing bad comes from it.

I stopped using my Trezor devices partly because of the vulnerability, but also partly because of their attitude to it. I no longer trust them.

If they don't care about fixing the issue, then they don't care about their customers at all. I detest businesses with such malpractices. That's why I'm better off using Ledger's hardware wallets since they're tried-and-tested over the years. Not to mention, Ledger is very trusted in crypto land. Trezor could lose its business if sometime in the future, someone gets its funds hacked from the hardware wallet itself. The customer could sue the Trezor company by not taking due responsibility in patching/fixing the device's vulnerabilities. Then, it'll be the end of the road for Trezor as we know it. As long as no one has experienced an undesired situation with Trezor's hardware wallets, the company will not care about fixing the situation beforehand.

Besides, there are many other hardware wallet manufacturers out there in the crypto/Blockchain industry. Apart from Ledger, other companies like KeepKey, and ColdWallet provide hardware wallet solutions for crypto users. The more hardware wallet manufacturers there are, the greater the competition (which tends to be good news for the end user).

I'll stick with my Ledger Nano S hardware wallet until it dies. I've noticed that the screen is becoming dimmer (or fading) over time. This might be an indication that the device needs to be replaced soon. It has lasted for quite a few years now, so I'd say it's worth every penny.

That is exactly what they are doing. Hoping that with enough time people will simply forget about it. Until the Ledger team revealed the problem to them they either didnt know about it or didn't care to mention it to the public. New users probably don't know about the issues, unless they did extensive research on the product, and lets be honest, most probably they didn't. 

The real problem will be newcomers into cryptocurrency as they're not aware of how everything works in the space. They'd simply use the Trezor normally without doing their own research. Rest assured that if any of these noobs lose their funds because of Trezor's negligence, things will start taking up heat. I wouldn't be surprise to see a class-action lawsuit sometime in the future, if many people start losing their hard-earned crypto funds as a result of company mismanagement. As long as nobody loses their coins, the company won't care about mitigating said vulnerabilities on its devices. Luckily, there are many other alternatives out there on the market which gives us peace of mind.

So far, Ledger hardware wallets are #1 in terms of security and reliability. It's the best thing around when you want to enjoy the convenience of a hot wallet and a cold wallet. I'd highly recommend it over bearer instruments like the OpenDime or the Tangem Card for large amounts of crypto. If you just want to send crypto to another person in a physical manner, then these bearer instruments are an affordable way to do it. I'd personally use both a hardware wallet and a bearer instrument for added convenience.

[o_e_l_e_o]

The customer could sue the Trezor company by not taking due responsibility in patching/fixing the device's vulnerabilities.

Well, that's the issue. It's a hardware fault, not a software one, so there is no way to patch or fix it. They will have to design and release a whole new device.

Apart from Ledger, other companies like KeepKey, and ColdWallet provide hardware wallet solutions for crypto users.

Be aware that since KeepKey is based upon the Trezor, they also suffer from the same vulnerability.

I've noticed that the screen is becoming dimmer (or fading) over time.

I've seen a couple of users on here saying the same thing. I've also had my original Ledger device for years and not noticed any fade, but I've since added to my collection with several more as back ups, so if it does eventually fail then no harm done. As you say, $40 for several years of use is not unreasonable by any means.

[Abiky]

Well, that's the issue. It's a hardware fault, not a software one, so there is no way to patch or fix it. They will have to design and release a whole new device.

Designing a new hardware device with the purpose of addressing certain vulnerabilities may not be cost-effective for the company. But if it wants to stay in business, this is the way to go. I'm admired by how Ledger quickly addresses issues within its devices. It's no wonder why it's trusted by many people worldwide. While the Trezor One has all the bells and whistles (like a Touchscreen), it's not as popular as the Ledger Nano S or the Nano X. I'd definitely upgrade my Nano S to the newest version once it dies. For a couple of years since I've bought it, I'd say that it's a long-lasting device that's worth every penny.

The Nano S has been reduced in price over time as a result of the Nano X's release on the market. For only $40, you can safely and securely store your crypto for piece of mind. It's better than a paper wallet, and much more versatile than a bearer instrument like the OpenDime or the Tangem Card. Still, each device has its own use cases for the mainstream world. At least, prices are affordable which allows the "unbanked" to get access to the world of crypto in an easy way.

Be aware that since KeepKey is based upon the Trezor, they also suffer from the same vulnerability.

I was not aware about that. Thanks for letting me know. For some time, I was considering to buy this device for a friend. I've thought that it was battle-tested like the Ledger, but now you've proved me wrong. I have to say that no other hardware wallet out there on the market matches the Ledger. Its unmatched security and durability, its what has kept it on the top for so many years. I wouldn't be surprised to see its competitors losing ground in the future as a result of Ledger's success.

I've seen a couple of users on here saying the same thing. I've also had my original Ledger device for years and not noticed any fade, but I've since added to my collection with several more as back ups, so if it does eventually fail then no harm done. As you say, $40 for several years of use is not unreasonable by any means.

It's a good thing to have more than one Ledger device that would serve as a backup in times of need. You can still get access to your crypto even if your Ledger dies if you've preserved your recovery seed/mnemonic. Even though my Ledger Nano S' LCD screen is fading, I can still see the on-screen text by putting it on the light. It's somewhat inconvenient, but at least the device is usable. If the screen fades completely, I'll be sure to grab a new Ledger Nano S as replacement. I'm tempted to get the Nano X, but it's somewhat expensive right now. It'll continue to use the Nano S model until the Nano X gets reduced in price over time.

I've been considering buying both an OpenDime and a Tangem Card for safekeeping. I'll fill them up with small amounts of Bitcoin to use them for paying in a P2P manner when there's no Internet connection. They make a great collector's item or souvenir for any crypto enthusiast. I personally like the Tangem Card as it has a wide-variety of cryptos to choose from. There's a card for Ethereum, and Bitcoin which are my most favorite cryptocurrencies right now. They'll go great with my ever-growing collection of crypto items.

[malevolent]

The real problem will be newcomers into cryptocurrency as they're not aware of how everything works in the space. They'd simply use the Trezor normally without doing their own research. Rest assured that if any of these noobs lose their funds because of Trezor's negligence, things will start taking up heat. I wouldn't be surprise to see a class-action lawsuit sometime in the future, if many people start losing their hard-earned crypto funds as a result of company mismanagement. As long as nobody loses their coins, the company won't care about mitigating said vulnerabilities on its devices. Luckily, there are many other alternatives out there on the market which gives us peace of mind.

Hasn't happened so far so I doubt we will be seeing 'many' users losing their money due to this. Not a single person has shown up to say they lost anything because someone stole their Trezor and they had no passphrase or too weak a passphrase. I'm sure most people who keep a large amount of money on their Trezor use a secure passphrase anyway.

Satoshi Labs should have done more to inform their customers about the security of their Trezors but the risk is overstated.