Hardware wallets...

[o_e_l_e_o]

So download a copy of Electrum and keep it on a spare thumb (or micro SD etc.) drive with nothing but, better safe than sorry lol

There's no guarantee that would work either. Because of various bugs and vulnerabilities being found in the code, Electrum versions older than 3.3.0 no longer connect or sync. It's entirely possible (perhaps even likely) that a version of Electrum you download today will also not be able to connect 20 years in the future. It's also entirely possible that Electrum no longer exists 20 years in the future, and so there are no servers being run for old clients to connect to.

But that's I guess a bridge crossed if and when its approached since I assume, even if it's not too difficult, is a somewhat involved process.

After you set up your hardware wallet for the first time and write down your seed phrase, I would suggest taking a note of the first address generated, wiping your wallet, recovering from the seed phrase you wrote down, and checking the addresses match, as a way to verify the seed phrase you wrote down is correct. Too many people only discover they have made a mistake in writing down their seed when they need to restore from it, at which point it is obviously too late.

[1715548815]

1715548815

[1715548815]

1715548815

[1715548815]

1715548815

[1715548815]

1715548815

[1715548815]

1715548815

[1715548815]

1715548815

[NinjaMan35]

So download a copy of Electrum and keep it on a spare thumb (or micro SD etc.) drive with nothing but, better safe than sorry lol

There's no guarantee that would work either. Because of various bugs and vulnerabilities being found in the code, Electrum versions older than 3.3.0 no longer connect or sync. It's entirely possible (perhaps even likely) that a version of Electrum you download today will also not be able to connect 20 years in the future. It's also entirely possible that Electrum no longer exists 20 years in the future, and so there are no servers being run for old clients to connect to.

But that's I guess a bridge crossed if and when its approached since I assume, even if it's not too difficult, is a somewhat involved process.

After you set up your hardware wallet for the first time and write down your seed phrase, I would taking a note of the first address generated, wiping your wallet, recovering from the seed phrase you wrote down, and checking the addresses match, as a way to verify the seed phrase you wrote down is correct. Too many people only discover they have made a mistake in writing down their seed when they need to restore from it, at which point it is obviously too late.

Fair point about electrum.

I like to try and think ahead sometimes.

But that being said, I'm usually pretty good about not messing up sm electronics in any way. But it also probably wouldn't hurt to get something like a model one down the road and restore the seed on it. Keeping it as a protected backup with the Model T being the always used when needed device. Only using the model one incase of damage to the T or quickly needing to move coins due to damage or loss / theft if I take the Model T out with me for some reason.

As for testing the seed, I hadn't considered that... so TY... seriously !!!

All of that said. I did download and install electrum on the desktop just to check it out since i never have before. I noticed it had diff wallet features. Like watch only, which really any app or program can do that. Might keep it on my phone for that aspect (watch only).

Unless you know of something better that does watch only but can also say, notify me of incoming / outgoing transactions via something like a push notification like many games, banking apps do. But with at least btc and ltc addresses.

But it (electrum) also has a seed function it seems, among others like read from device.

But who in their right mind would use that (seed function) if they didn't need an emergency move for some reason ?

I only ask because from what I can tell. Restoring from seed would have to include private keys etc somehow or what good with it be if having to restore to let's say a new unit bec of damage or having to move coins bec of loss / theft.

So it would be like why have a hw wallet if someone is dumb enough to use a seed on electrum aside from needing an emergency move. Even though I suspect that might be the main if not only reason. But you never know with some people.

Anyway, do ppl actually opt for electrum on a daily basis vs say hw respective sites like ledger / trezor ?

I just don't see how it (electrum) can make a hw remain safe wether its trezor or ledger.

But I do like the idea of stand alone programs which currently it seems only ledger has but was obviously not a swaying consideration for me to get it instead of the model t.

Anyway, sorry for the run off there with all that. My mind speeds like I'm on coke when I dont sleep, and I didnt sleep last night. I at least hope I made sense lol

But the run offs aren't always a bad thing...

But I feel, based on trezor alone. I have everything i need to know known. Since this reply was mostly an electrum thing lmao

Ttyl and ty for humoring me.

Gonna try and go relax before this headache turns into something else.

[o_e_l_e_o]

I only ask because from what I can tell. Restoring from seed would have to include private keys etc somehow or what good with it be if having to restore to let's say a new unit bec of damage or having to move coins bec of loss / theft.

Not quite sure what you mean here in terms of "including private keys". All the private keys on your wallet are ultimately derived from your seed phrase. If you import your seed phrase to a new piece of software or hardware, it will generate all the same private keys, and therefore all the same addresses, as your old wallet, and therefore give you access to all the same coins. You don't have to back up your private keys or even look at them, provided you have your seed phrase backed up.

Anyway, do ppl actually opt for electrum on a daily basis vs say hw respective sites like ledger / trezor ?

I just don't see how it (electrum) can make a hw remain safe wether its trezor or ledger.

As I mentioned above, Electrum is simply the interface to communicate with your hardware wallet. Your hardware wallet will generate a seed and generate a wallet, Electrum just lets you navigate it in a user friendly way. Your private keys never actually leave the hardware wallet, and no transaction or signing can take place without you confirming it on the hardware wallet. Electrum is also open source.

[NinjaMan35]

I only ask because from what I can tell. Restoring from seed would have to include private keys etc somehow or what good with it be if having to restore to let's say a new unit bec of damage or having to move coins bec of loss / theft.

Not quite sure what you mean here in terms of "including private keys". All the private keys on your wallet are ultimately derived from your seed phrase. If you import your seed phrase to a new piece of software or hardware, it will generate all the same private keys, and therefore all the same addresses, as your old wallet, and therefore give you access to all the same coins. You don't have to back up your private keys or even look at them, provided you have your seed phrase backed up.

Anyway, do ppl actually opt for electrum on a daily basis vs say hw respective sites like ledger / trezor ?

I just don't see how it (electrum) can make a hw remain safe wether its trezor or ledger.

As I mentioned above, Electrum is simply the interface to communicate with your hardware wallet. Your hardware wallet will generate a seed and generate a wallet, Electrum just lets you navigate it in a user friendly way. Your private keys never actually leave the hardware wallet, and no transaction or signing can take place without you confirming it on the hardware wallet. Electrum is also open source.

Exactly that is what I mean... you said it yourself, derived from the seed phrase.

So any device that seed is used on, can send / receive funds this eliminating the use of why have a hw wallet.

Ex.

Electrum Setup > What Kind (Standard) > Creste New Seed or Restore One

So further the ex.

Not so smart guy walks in loving his new hw wallet. Wants to use electrum with it vs say the wallets main / normal interface, however that works. So he adds his seed to electrum. Since all addresses and keys generate from that as you pointed out and I not so clearly asked.

If his system is compromised, even if it's not. His wallet is now technically negated bec funds can now be sent using electrum since the seed his trezor or ledger generated was restored to it (electrum).

Not saying many if any would try this, but in terms of electrum and hw wallets. I assume this is why it has the read from device option, at least on desktop ? Assuming it just reads public shit asking you to confirm on the device to send.

Sorry if I wasnt so clear before. But I've gotten some sleep, so maybe I'm clearer now ? Lol

Eitherway, ty for humoring me.

[o_e_l_e_o]

-snip-

Ahh right, I see where the confusion lies.

So what you have written would be accurate in the case of someone restoring their wallet to Electrum by inputting their seed phrase. In such a case, as you say, the security of your hardware wallet would now be negated as your seed and private keys are now also stored in a "hot", internet connected wallet.

Using Electrum as an interface for your hardware wallet is different to that. You never need to input your seed phrase in to Electrum, and your private keys never leave the hardware wallet. In this situation, because Electrum doesn't have your seed or private keys, it is useless on it's own and can't sign any transactions unless your hardware wallet is also connected and unlocked. Electrum is only being used in this scenario as a user friendly way with a nice GUI to send instructions to your hardware wallet - your wallet, accounts, private keys, etc. never leave the hardware wallet and do not need to be imported anywhere else.

[NinjaMan35]

-snip-

Ahh right, I see where the confusion lies.

So what you have written would be accurate in the case of someone restoring their wallet to Electrum by inputting their seed phrase. In such a case, as you say, the security of your hardware wallet would now be negated as your seed and private keys are now also stored in a "hot", internet connected wallet.

Using Electrum as an interface for your hardware wallet is different to that. You never need to input your seed phrase in to Electrum, and your private keys never leave the hardware wallet. In this situation, because Electrum doesn't have your seed or private keys, it is useless on it's own and can't sign any transactions unless your hardware wallet is also connected and unlocked. Electrum is only being used in this scenario as a user friendly way with a nice GUI to send instructions to your hardware wallet - your wallet, accounts, private keys, etc. never leave the hardware wallet and do not need to be imported anywhere else.

Thought as much, ty.

My wallets processing now, so since they're in Russia. I'll probably see a ship notification early tomorrow. Guessing then that it's in my hands by Mon at the latest if rona isn't messing intl mail up too much still.

Might need to get a longer cable based on what they send with it. But usb extenders are cheap enough.

But I'll be watching this package like aHawk. We dont have issue with mail theft but not taking a chance with something so small !

[malevolent]

I have a Trezor 1 and a Ledger Nano S.

The Ledger has been abandoned. There's something about the way they operate I dislike. In this game you should be humble and open and they certainly are not. Trezor's attitude is better and more communicative so they're the ones I stick with.

I am starting to wonder about the future of hardware wallets, more holes are found every day, but since all current ones need physical access to exploit I'm not going to sweat it until that changes.

Ledger is a much bigger company which I think influences how it's ran compared to Satoshilabs.

If someone owns a lot of different altcoins Ledger supports more than Trezor.

Trezor T supports 1392 different coins and tokens: https://trezor.io/coins/

Couldn't find any up-to-date information regarding the number of supported assets by Ledger.

One of the negative points for Ledger is the Secure Element chip not open source

For now, Ledger is definitely at an advantage because there is no such vulnerability - if there was one, Trezor would surely make it public. But what some people don't like about Ledger is the fact that it's not open source, for which Ledger again gives somewhat logical reasons.

https://blog.trezor.io/introducing-tropic-square-why-transparency-matters-a895dab12dd3

[NinjaMan35]

https://blog.trezor.io/introducing-tropic-square-why-transparency-matters-a895dab12dd3

If and when something more secure is found, until it gets broke if it ever did. I would hope Trezor would offer some sort of discoint swap value for the more secure wallet. So like a 1-1... T for T etc. but at say a 60% or so reduced cost.

[arcade01game]

So I'm familiar with Trezor, by name only, as I saw them advertised a lot before launch. Been seeing some other ads on Facebook as of late for a diff hardware wallet called Ledger, looks more fancy, not that that really means anything.

That being said. Of all the currently available HW wallets, what do you use if any, and why ?

I do know the trezor is ~$55 while Ledger which comes with a nano ver or some such shit is ~$150.

Been contemplating getting one vs a locally stored wallet file / paper wallet etc. for moving some coins off of CB after making a few more trades.

Ty.

I personally like D'CENT biometric wallet. I've used Trezor before, switched to Ledger Nano S for more security, then finally settled on D'CENT biometric wallet.
I am no advocate of certain brand and purely based on my personal experience in using various wallets in the market. The latter is more convenient and easier to use by far.

Each brand has its ups and downs, that's for you to decide based on what your needs are.

https://youtu.be/zqEEQM5o4OU


 

[o_e_l_e_o]

Couldn't find any up-to-date information regarding the number of supported assets by Ledger.

This list (https://www.ledger.com/supported-crypto-assets) contains 1,355 entries, so pretty similar figures.

It really is a meaningless statistic though. Ignoring the fact that 99.9% of altcoins and tokens are completely pointless and/or an outright scam, according to https://etherscan.io/tokens, there are over 250 thousand different ERC20 tokens on Ethereum, all of which can be supported by any wallet which supports Ethereum. There are also a bunch of other platforms with thousands of their own tokens, so both wallets could honestly claim they support 250k+ assets.

I personally like D'CENT biometric wallet.

If it works for you, great, but you should be aware that fingerprint spoofing is surprisingly easy, and biometrics in general are not a good way to secure your data. You leave fingerprints which can be used to break in to your hardware wallet on everything you touch, including on the hardware wallet itself.

[NinjaMan35]

I'll read that later, but even if I personally had your drive. Unless I had whatever pass phrase is set up. I couldnt do anything with it. Unless I missed something, I would need your drive and the wallet / system its tied to, to steal your funds. But just the drive itself, last I knew, wasnt even close to enough.

Let’s take a hypothetical situation of someone coming into the physical possession of your hardware wallet, and that this wallet has some kind of vulnerability that can be exploited with the help of cheap equipment and little technical knowledge. This currently exists with Trezor models which are extremely vulnerable in case the user has not set up passphrase, the seed can be extracted within minutes. The conclusion is that all those who are not aware of this vulnerability and do nothing to insure themselves, have at least one additional risk when it comes to protecting their assets.

For now, Ledger is definitely at an advantage because there is no such vulnerability - if there was one, Trezor would surely make it public. But what some people don't like about Ledger is the fact that it's not open source, for which Ledger again gives somewhat logical reasons.

Every device has its weak points, it's only a matter of time before someone discovers them. What plays the biggest role in the case of hardware wallets are possible remote attacks, which have not been recorded so far (or at least no one has made it public).

Broke down, bit the bullet and bought the Trezor Model T using some of the LTC I have.

Congratulations on your purchase, although it didn't seem to me that you would choose the most expensive option at the moment. Just a week ago you could get Nano S for some 30+ EUR, and Trezor T is 180 EUR now (VAT included).

So it showed up yesterday, didn't know until today. Got into a weird loop on the setup when naming the Trezor. But I figured that out. That said, it asked me if I wanted to set a pin, which I did, options seemed to be 1 to 9 numbers. Anyway, maybe this is what you meant by pass phrase, I don't know. But if not, what am I missing here ?

Edit: NM, figured it out. Just did a wipe of the device, then going to restore seed to double check if the pass wallet address is the same as well as the normal one. Pass phrase isn't even secure, but its for a test so... not like I can't do a new one that from what little I know is always attached to the seed.

Edit: The trick is just remembering if I ever send coins to the "normal" address, to send them to the pass address.

But, seed restore confirmed...

I did also notice Electrum generates new address. Will probably just stick with the trezor site. Electrum seems like it might confuse things in some respect, Especially since it seems set passphrases would be typed via keyboard on a computer, which I have very few problems with if any, but still. But it definitely seems like a use one or the other but not both type of situation.

Edit: although now that I'm thinking about the passphrase thing while I'm working on dinner.

I guess it doesn't matter whether it's typed in to the computer or on the device itself. For the simple fact that it's probably one of the most unlikeliest of scenarios that somebody would get a hold of the physical device knowing that I've typed the passphrase onto the computer unless it was a close relative and or friend.

So I guess that much is technically a null point. But the inconsistencies with electrum using different addresses than what's on the trezor website is a little weird.

To rectify that I guess we should say, is that just entering the addresses given to me by trezor manually into electrum as a watch wallet? But then if you go to send from that, the secret key, is still stored on the device and never transferred to electrum?

But then what if it's a wallet with a passphrase I set on electrum but want to see that address on the trezor site. Same thing by just entering the pass. I guess think of it as a backwards compatibility type question.

Although I dont recall seeing an option to add an address into trezor except for legacy addresses, guessing that's what electrum generates ?

But ya. Def seems like trezor site or electrum but cant be both even though any address generated falls back to the seed so to speak.

I like the idea of using the Standalone software versus the trezor website. I just still have some concerns I guess you could say.

[Rath_]

I guess it doesn't matter whether it's typed in to the computer or on the device itself.

Technically, if you were ever to enter your seed on the same computer, which you shouldn't really do, it could be a threat.

But the inconsistencies with electrum using different addresses than what's on the trezor website is a little weird.

By default, Electrum generates native SegWit addresses (bc1...) while Trezor Wallet supports only legacy (1...) and nested SegWit (3...) addresses. The upcoming Trezor Suite (a desktop and mobile app) will introduce an official support for generating native SegWit addresses. However, it is still in early beta. If you want to use the same type of addresses as Trezor Wallet supports then you should take a closer look at the following screen which appears when adding a new wallet using a hardware device.



First, you have to select what type of address you want (p2sh-segwit would be the best choice if you need to be able to access your coins through Trezor Wallet for some reason). Then, you can modify the derivation path. The last number is the number of the account you want to access. Zero is the first account, one is the second and so on. I would leave it at native SegWit, though.

To rectify that I guess we should say, is that just entering the addresses given to me by trezor manually into electrum as a watch wallet?

If you enter your address manually into Electrum then you will get a watch-only wallet. However, in order to be able to spend coins using your hardware wallet, you have to choose another option ('Standard wallet -> Use a hardware device').

But then if you go to send from that, the secret key, is still stored on the device and never transferred to electrum?

Yes, your private keys never leave your device. Electrum only knows your Master Public Key from which new addresses are derived. If you disconnect your hardware wallet, Electrum will act as a watch-only wallet.

But then what if it's a wallet with a passphrase I set on electrum but want to see that address on the trezor site. Same thing by just entering the pass. I guess think of it as a backwards compatibility type question.

I hope that you don't confuse a passphrase with a password which encrypts Electrum wallet file. Once you enable passphrase support in the settings on Trezor Wallet, both Electrum and Trezor Wallet will prompt you to enter your passphrase every time you open your wallet. You should see the same addresses on both wallets using the same passphrase.

[NinjaMan35]

...

From Electrum Load, but first...

No I didn't not confuse wallet lock and passphrasing lol. I get the phrase is like an extra word to the seed.

But from Electrum Load...

default_wallet > Standard Wallet > Used a Hardware Device > Prompts for PassPhrase > Screenshot you shared (native segwit m/84'/2'/0'") > Deny file lock bec it's public and that I don't care about.

But the BTC address that shows is a bc1 address when I would like to see the one I initially got from Trezor / that Trezor shows if I log online using the same pass which is a 36x address.

Same for Electrum-LTC which shows me a ltc1 address but on the trezor site, using the same passphrase. Shows me a MEQ address.

Everything else I previously wrote I'm comfortable with and have learned some. So really it's this one minor inconvenience that has me slightly confused. Since between the Electrum wallets and the trezor site using the same passphrase. I am given two very diff addfresses when going to the respective "receive" tabs online and in the desktop wallets.

I'm sure I just overlooked something simple, I would hope, in Electrum. But given what I am currently seeing, even if I wanted to use addresses initially given to me by Electrum. The reverse would hold true that I wouldn't see them online via the trezor site.

So the easiest solution it seems would be to get the trezor addresses to show on Electrum by way of adjusting a particular setting or adding something. Which I sort of mentioned before in by maybe adding the addresses given to me by trezor, when using my passphrase, manually which would make it like a watch wallet on Trezor but still needing the device attached to be able to send from it ?!?

Edit: Reading back, I guess I could try it without waiting for a reply, but I'm guessing wipe the wallet file and redoing it all with the legacy option ticked ?

It seems with a passphrase set, legacy or not. The address are all the same secured in a WELL protected manor. I just want to / would prefer to see the same addresses between the two so I have the option to use the Electrum clients at home when needed but the trezor site when required. If I am away from home.

At least until the Trezor suite I'm now learning about thx to you is done. So I would have their client to show addresses in the way I am seeking and then their site when needed.

[joniboini]

default_wallet > Standard Wallet > Used a Hardware Device > Prompts for PassPhrase > Screenshot you shared (native segwit m/84'/2'/0'")

CMIW, seems like you choose the wrong script type. You should choose p2sh-segwit if you want to access the 3xxx address instead of native-segwit (bcxxx).

[NinjaMan35]

default_wallet > Standard Wallet > Used a Hardware Device > Prompts for PassPhrase > Screenshot you shared (native segwit m/84'/2'/0'")

CMIW, seems like you choose the wrong script type. You should choose p2sh-segwit if you want to access the 3xxx address instead of native-segwit (bcxxx).

Not sure how I get send-able merit, otherwise I would give this a +1. But that did the trick for both LTC & BTC. I can now see both addresses in their respective Electrum clients that were originally given to me on the Trezor website using the nTH seed word / passphrase..

Ty !

Also, CMIW ?

Correct me if I'm wrong ?

Lastly, if someone can send me any current publication links on the "beta" stuff for Trezor previously mentioned, that would be awesome... Ty.

[NinjaMan35]

One final thing I want to keep separate from the above reply, not that I guess I really need to... and this is purely out of curiosity. But how / or why is it that the trezor site and the Electrum clients generate diff QR codes for the same address ? Even though off the top of my head I would fathom a guess that's just because they used some sort of varying coding methods even though QR readers can read both.

[o_e_l_e_o]

But how / or why is it that the trezor site and the Electrum clients generate diff QR codes for the same address ?

There are different sizes of QR codes, different versions of QR codes, different ways to encode the data, different methods of error correction, different degrees of error correction, etc., meaning the same data can produce different QR codes.

In addition, it is possible to encode more information that just the address in a QR code. One code may also include a request for payment, an amount to be sent, or even additional information which will be read by your wallet (Example: Electrum contains a "description" field which can be encoded in the QR code).

As long as they both scan to the correct address, nothing to worry about.

[NinjaMan35]

But how / or why is it that the trezor site and the Electrum clients generate diff QR codes for the same address ?

There are different sizes of QR codes, different versions of QR codes, different ways to encode the data, different methods of error correction, different degrees of error correction, etc., meaning the same data can produce different QR codes.

In addition, it is possible to encode more information that just the address in a QR code. One code may also include a request for payment, an amount to be sent, or even additional information which will be read by your wallet (Example: Electrum contains a "description" field which can be encoded in the QR code).

As long as they both scan to the correct address, nothing to worry about.

lol... I didn't even thing of added info. That said, if the electrum QR's include a note field. I may incorporate it's QR codea into my sm peoject instead of those provided by trezor. I'll have to scan each with the coinbase app later to see what's what.

Cost will be approx $13, but a dual sided ID card. One with BTC logo, address typed and address QR. With the reverse being LTC . Size of a credit card, kept in the wallet. If needed to receive coin to the trezor addresses. Just gotta pull it out.

[Rath_]

Lastly, if someone can send me any current publication links on the "beta" stuff for Trezor previously mentioned, that would be awesome... Ty.

There isn't really much information about it because only few people got invited to the beta. You can become a beta tester by subscribing to the Trezor newsletter. Don't worry, they won't spam your e-mail. I haven't tested the new software, yet. I will give it a shot in the next few days.

[NinjaMan35]

Lastly, if someone can send me any current publication links on the "beta" stuff for Trezor previously mentioned, that would be awesome... Ty.

There isn't really much information about it because only few people got invited to the beta. You can become a beta tester by subscribing to the Trezor newsletter. Don't worry, they won't spam your e-mail. I haven't tested the new software, yet. I will give it a shot in the next few days.

Think that's what I signed up for during the initial Waller setup, but Ty.

Will do it again for good measure using thst link.