dkbit98 (OP)
Legendary
Offline
Activity: 2408
Merit: 7548
|
|
October 14, 2020, 10:37:56 AM |
|
https://www.gate.io/en/article/17919Some of you may already know that I am always hunting for interesting new hardware and software wallets used for storing Bitcoins. One of those new devices is Wallet S1 hardware wallet made by Gate.io and wallet.io, and initially it will be released only for customers in China before worldwide distribution. Device is powered by the flagship SOC chip and dual-CPU and can be connected to web computer and to smartphones, and it will have fingerprinting tech (I am not big fan of that as it can be faked very easy) with connection to their wallet.io wallet. Size: 60mm x 20mm x 6mm Predicted price should be around $50 ( BTC0.00438 today), and that is in range with current hardware wallets like Ledger and Trezor. Looking at pictures we can see it is made from plastic and I don't see anything special they offer (fingerprinting is nothing special for me) that would make me buy it, but I would need to test it first before making more comments about it. Website: https://pro.wallet.io/hardware
|
|
|
|
naska21
|
|
October 14, 2020, 12:06:43 PM |
|
snip
I don't think its sales all around the globe will be matched with those pertaining to Ledger and Trezor. Wallet S1 seems to be designed to work as HW add-on to their wallet.io Pro app. HW dongles like Ledger and Trezor are still preferable to use as they are connectable to almost all trouble-proof soft and web wallets. However Chinese market itself may have zigzag response due to relatively low price of $50.
|
|
|
|
bitmover
Legendary
Offline
Activity: 2478
Merit: 6305
bitcoindata.science
|
|
October 14, 2020, 06:54:51 PM |
|
It is a good Some of you may already know that I am always hunting for interesting new hardware and software wallets used for storing Bitcoins. One of those new devices is Wallet S1 hardware wallet made by Gate.io and wallet.io, and initially it will be released only for customers in China before worldwide distribution.
Certainly that is a very healthy practice for the ecosystem. But isn't it risky to use new and untested software to store your money? I would trust just small amounts in those wallets, and I wouldn't trust them as I trust ledger or trezor (highly tested and old hardware wallets) Sadly, security favors oligopolies and monopolies. I tested razor wallet from China as well (bitpie) and it was very beautiful. You can see my review here. https://bitcointalk.org/index.php?topic=5259327.0
|
|
|
|
dkbit98 (OP)
Legendary
Offline
Activity: 2408
Merit: 7548
|
|
October 14, 2020, 08:02:18 PM |
|
Razor wallet is open source and has same software like Trezor wallet, so I would feel much safer using that, but I am not so sure about Wallet S1, judging by their website I don't think it is open source and I can't find any license information so far. Let's wait for official release.
|
|
|
|
The Sceptical Chymist
Legendary
Offline
Activity: 3514
Merit: 6985
Top Crypto Casino
|
|
October 14, 2020, 09:11:23 PM |
|
and it will have fingerprinting tech (I am not big fan of that as it can be faked very easy).
Really? I know next to nothing about the reliability of fingerprint tech as a means of using it as a "password" and your statement kind of surprised me. I would expect that if a device could recognize only your fingerprint, it'd be on point. Do you know what the problems are? Is it that fingerprint identification devices recognize other fingerprints than those it should be recognizing (like false positives)? But isn't it risky to use new and untested software to store your money?
That's the main reason I wouldn't buy one of these things. A secondary reason would be that I don't particularly care for the design of it. I am a big fan of shape and symmetry in design, and that includes hardware wallets. That's one of the reasons why I chose to buy a Ledger instead of a Trezor. It's the reason why I love the design of the Keepkey. This Wallet S1 device lacks symmetry and frankly looks kind of cheaply-made. Unless it offers significant advantages over the established HWs on the market, I don't think it'll be in production for very long. It's super tough to break into the HW market, because having a track record of safety and reliability is so important, and you don't have any reputation when you're creating a new device. If anyone tries this one out, I'd love to read a review of it.
|
|
|
|
dkbit98 (OP)
Legendary
Offline
Activity: 2408
Merit: 7548
|
|
October 15, 2020, 08:45:09 AM |
|
Really? I know next to nothing about the reliability of fingerprint tech as a means of using it as a "password" and your statement kind of surprised me. I would expect that if a device could recognize only your fingerprint, it'd be on point. Do you know what the problems are? Is it that fingerprint identification devices recognize other fingerprints than those it should be recognizing (like false positives)?
In theory it looks good and your fingerprint can only open your wallet, but it is so easy to clone and make fake fingerprint with a bit of clay, paper printer or any similar material or technique. Imagine how much you use your hands during the day and how many things you touch with your hands and fingers Here is just one from many video examples: https://www.youtube.com/watch?v=tU9-EBxUcVs
|
|
|
|
joniboini
Legendary
Offline
Activity: 2366
Merit: 1805
|
|
October 15, 2020, 02:23:38 PM |
|
Based on the official repo of the developer ( https://github.com/wallet-io), the only "open-source" code are the integration module and some APIs (not even sure if its' related to the HW). So yeah, safe to assume it is closed source.
|
| CHIPS.GG | | | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀░▄░▀▀▀▀▀░▄░▀███▄ ▄███░▄▀░░░░░░░░░▀▄░███▄ ▄███░▄░░░▄█████▄░░░▄░███▄ ███░▄▀░░░███████░░░▀▄░███ ███░█░░░▀▀▀▀▀░░░▀░░░█░███ ███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░███ ▀███░▀░▀▄██▀░▀██▄▀░▀░███▀ ▀███░▀▄░░░░░░░░░▄▀░███▀ ▀███▄░▀░▄▄▄▄▄░▀░▄███▀ ▀████▄▄▄▄▄▄▄████▀ █████████████████████████ | | ▄▄███████▄▄ ▄███████████████▄ ▄█▀▀▀▄█████████▄▀▀▀█▄ ▄██████▀▄█▄▄▄█▄▀██████▄ ▄████████▄█████▄████████▄ ████████▄███████▄████████ ███████▄█████████▄███████ ███▄▄▀▀█▀▀█████▀▀█▀▀▄▄███ ▀█████████▀▀██▀█████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀████▄▄███▄▄████▀ ████████████████████████ | | 3000+ UNIQUE GAMES | | | 12+ CURRENCIES ACCEPTED | | | VIP REWARD PROGRAM | | ◥ | Play Now |
|
|
|
sheenshane
Legendary
Offline
Activity: 2492
Merit: 1232
|
|
October 15, 2020, 02:59:45 PM |
|
So, if that is a close source wallet there's no way to trust them, I don't think if people will trust with that new HW. Most commonly in HW's are open source or it's fully open-source wallet just like Trezor and Ledger Nano. I don't see an interesting moment or something new with that HW that could compete with the other Hardware wallets.
Since they had planned on it to be launched anytime at this moment. They might already aware of the concern of the most crypto holders, open-source will bring too much attraction, and probably they will also follow those steps and become a fully open-source soon. For now, we can't judge them yet since isn't launched and nobody tested yet.
|
|
|
|
bitmover
Legendary
Offline
Activity: 2478
Merit: 6305
bitcoindata.science
|
|
October 15, 2020, 03:43:59 PM Last edit: October 15, 2020, 03:55:45 PM by bitmover |
|
But isn't it risky to use new and untested software to store your money?
That's the main reason I wouldn't buy one of these things. A secondary reason would be that I don't particularly care for the design of it. I am a big fan of shape and symmetry in design, and that includes hardware wallets. That's one of the reasons why I chose to buy a Ledger instead of a Trezor. It's the reason why I love the design of the Keepkey. This Wallet S1 device lacks symmetry and frankly looks kind of cheaply-made. Unless it offers significant advantages over the established HWs on the market, I don't think it'll be in production for very long. It's super tough to break into the HW market, because having a track record of safety and reliability is so important, and you don't have any reputation when you're creating a new device. If anyone tries this one out, I'd love to read a review of it. I dont care much about design. My main concern is safety. Few time ago a guy lost his coins because the wallet made an invalid address https://bitcointalk.org/index.php?topic=5192454.msg54168914#msg54168914It is very hard to predict a problem like that because we trust the software I know this will never happen to me using ledger. But it may happen to me using untested software. Edit: Thais problem makes me , and most people, keep using the same software from the same companies... like a centralization of wallets . Overall its terrible for the ecosystem.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18746
|
Is it that fingerprint identification devices recognize other fingerprints than those it should be recognizing (like false positives)?
To add on to what dkbit98 has said above, take a look at this link: https://imgur.com/gallery/8aGqsSuMost fingerprint scanners simply scan the fingerprint in 2D. These are easily fooled by a simple print out of your fingerprint, which can easily be lifted from almost anything you have touched, including the device itself which the fingerprint scanner is meant to protect. Some of the most high end devices on the market at the moment use ultrasonic "3D" scanners, which boast that they are harder to fool. However, in the link above, the person 3D printed a model of the fingerprint which unlocked the phone. What's more, is he didn't even have to lift the fingerprint directly - he simply took a photograph of it. He said he can do the whole process in under 3 minutes. Biometrics are, at least for the time being, incredibly insecure.
|
|
|
|
dkbit98 (OP)
Legendary
Offline
Activity: 2408
Merit: 7548
|
|
October 17, 2020, 09:14:20 AM |
|
So, if that is a close source wallet there's no way to trust them, I don't think if people will trust with that new HW. Most commonly in HW's are open source or it's fully open-source wallet just like Trezor and Ledger Nano.
Yes, but Open Source does not mean that software is trusted, and Ledger software is not fully open source like Trezor. I know this will never happen to me using ledger.
After hearing and seeing so much problems with Ledger Live app I can't say that Ledger is doing a great work. How long until they potentially screw something with some new firmware update... Biometrics are, at least for the time being, incredibly insecure.
They are totally insecure, and anyone can test how easy is to break biometrics if they have smartphone with that feature. Having that thing on hardware wallet is no advantage at all for me.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18746
|
|
October 17, 2020, 10:17:21 AM |
|
How long until they potentially screw something with some new firmware update... They already have in the past, as have most companies. There were minor inconveniences such as reducing the number of apps which could fit on the device, to much more serious ones such as the device resetting when updated, with a handful of reports of users losing coins because of this. Now obviously, the user is also to blame here for not having their seed phrase backed up, but it is undeniable that the Ledger update process leaves much to be desired. I still love the physical Ledger devices, and I still absolutely hate Ledger Live. Having that thing on hardware wallet is no advantage at all for me. Not only is it not an advantage, but it is a real disadvantage. I would actively avoid any devices which rely on biometrics. If the device has optional biometrics which can be disabled, that's fine, but using biometrics as the only unlocking mechanism is incredibly risky. Looking at the device, there is no other way to unlock the device other than your fingerprint. Doesn't matter if the rest of the wallet is the best in the industry - for this reason alone it should be avoided.
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
October 18, 2020, 02:37:22 PM |
|
I know next to nothing about the reliability of fingerprint tech as a means of using it as a "password" and your statement kind of surprised me. I would expect that if a device could recognize only your fingerprint, it'd be on point. Do you know what the problems are? Is it that fingerprint identification devices recognize other fingerprints than those it should be recognizing (like false positives)?
The problem is, that proper devices to detect fingerprints with an extremely low false positive rate cost lots of money (multiple thousands to tens of thousands of dollars). A hardware wallet for 50$ or a smartphone only have an extremely weak fingerprint sensor built in. There are already some blueprints available which can unlock a pretty nice percentage of fingerprint locked devices (smartphones). If i am not mistaken something between 70 and 90%, and that with a generic blueprint without any additional work involved.
|
|
|
|
bitmover
Legendary
Offline
Activity: 2478
Merit: 6305
bitcoindata.science
|
|
October 18, 2020, 08:15:15 PM |
|
They already have in the past, as have most companies. There were minor inconveniences such as reducing the number of apps which could fit on the device, to much more serious ones such as the device resetting when updated, with a handful of reports of users losing coins because of this. Now obviously, the user is also to blame here for not having their seed phrase backed up, but it is undeniable that the Ledger update process leaves much to be desired.
Reset updates are really a problem imo. It happened to me a few times, not a pleasure experience. But as I had my seeds, no worries. I still love the physical Ledger devices, and I still absolutely hate Ledger Live. This is the best thing about ledger devices. you don't need ledger live (unless you want to hold all those supported shitcoins). I use almost only in electrum. I don't update often, and I think (i am not 100% sure) that we can skip some small firmware updates if we are only using electrum. Ledger live is ok, but I need coin control and some other electrum features.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18746
|
|
October 18, 2020, 08:35:55 PM |
|
I use almost only in electrum. I don't update often, and I think (i am not 100% sure) that we can skip some small firmware updates if we are only using electrum. I always check the firmware changelog/release notes before I install it, and I don't bother if it is only minor cosmetic or altcoin changes which I have no need for. 1.6.0 was an important update, which included a bunch of bug fixes as well as security enhancements to how the PIN was entered. 1.6.1 on the other hand had no security improvements, and simply added some stuff relevant for altcoins (BLS12-381 curve, faster uninstalling/installing of apps). Therefore, I have not bothered to upgrade to 1.6.1. I would have to retrieve my devices from their secure locations, and then fire up a VM and install Ledger Live on it, and I can't be bothered doing all of that for an update which means nothing to me.
There are already some blueprints available which can unlock a pretty nice percentage of fingerprint locked devices (smartphones). If i am not mistaken something between 70 and 90%, and that with a generic blueprint without any additional work involved. Do you have a link for this? I can't find anything on a (admittedly very cursory) internet search. All the stuff I have read before is in regard to lifting a target fingerprint and creating a copy, as opposed to a "generic" fingerprint.
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
October 20, 2020, 08:38:12 AM |
|
Do you have a link for this? I can't find anything on a (admittedly very cursory) internet search. All the stuff I have read before is in regard to lifting a target fingerprint and creating a copy, as opposed to a "generic" fingerprint.
A 2 minute search didn't yield the expected result. I will look into it and report back. I remember looking over the paper, just don't know where it was. Should have been sometime within the last 3 years, but not absolutely sure about that.
|
|
|
|
|