Oshosondy (OP)
Legendary
Offline
Activity: 1638
Merit: 1207
Gamble responsibly
|
|
January 10, 2021, 11:38:31 PM |
|
Hardware wallets have been one of the best ways to safely save bitcoin offline and yet in a convenient way that can be easily used by beginners. As for me I prefer open source wallets, this makes me to prefer open source hardware wallets but I am thinking if it is possible there is any hardware wallet that is open source in a way it will not be partially open source and partially close source but completely open source. I know three common hardware wallets now:
1. Trezor 2. Ledger nano 3. Coldcard.
Which hardware wallet is completely open source out of the three? Which one is more recommendable?
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
January 11, 2021, 12:20:34 AM |
|
Trezor is completely open source. Ledger has a closed source security chip. And I'm not sure about cold card? I thought it just had a micro sd with the private keys on it so I suppose they generate them for you...
I think there are people who have used the trezor firmware and got it to run on a raspberry pi before now and there was a circuit board git repository circulating somewhere that seemed to be by them.
|
|
|
|
bitadelco
Newbie
Offline
Activity: 16
Merit: 5
|
|
January 11, 2021, 02:01:57 AM |
|
Coldcard is open source
|
|
|
|
mk4
Legendary
Offline
Activity: 2926
Merit: 3881
📟 t3rminal.xyz
|
|
January 11, 2021, 03:59:48 AM |
|
And I'm not sure about cold card? I thought it just had a micro sd with the private keys on it so I suppose they generate them for you...
Coldcard also seems to be completely open source. They even published information on how to build your own Coldcard hardware wallet if you're THAT technically proficient: https://blog.coinkite.com/coldcard-hardware-shared/
|
|
|
|
lovesmayfamilis
Legendary
Offline
Activity: 2282
Merit: 4545
✿♥‿♥✿
|
|
January 11, 2021, 05:23:57 AM |
|
for me I prefer open source wallets, this makes me to prefer open source hardware wallets but I am thinking if it is possible there is any hardware wallet that is open source in a way it will not be partially open source and partially close source but completely open source. I know three common hardware wallets now:
Only it seems to me that there are too many open source wallets in one proposal? I think you will be interested in this topic. Since it fully describes all the advantages and disadvantages of wallets that interest you. It is enough to search the forum a little. Open Source Hardware Wallets
|
|
|
|
ranochigo
Legendary
Offline
Activity: 3038
Merit: 4420
Crypto Swap Exchange
|
Trezor is completely open source. Ledger has a closed source security chip. And I'm not sure about cold card? I thought it just had a micro sd with the private keys on it so I suppose they generate them for you...
I think there are people who have used the trezor firmware and got it to run on a raspberry pi before now and there was a circuit board git repository circulating somewhere that seemed to be by them.
If any hardware wallet stores any sensitive information on SD cards, throw it away. You're paying some hefty sum for a hardware wallet and it shouldn't be that easy to access private keys or seeds. ColdCard is like an airgapped wallet and the SD card is used as a method to transfer PSBT files to and from the device. That being said, no it stores the seeds and the keys within it's secure element. You can actually build your own Trezor though that'll require some technical expertise. If you're doing that with a Raspberry Pi, I believe airgapped storage would be much more straightforward for you. It doesn't have a secure element anyways so it makes no difference.
Open Source does not necessarily determine it's level of security. People can't seem to get it inside their head. There is still some level of trust when you're buying a hardware wallet, be it the personal information stored when purchasing or trusting them to not have intentionally included any backdoors (not very plausible but of course still a possibility). You have to make your own judgement based on the price of the device and/or the track record of the company.
|
|
|
|
DdmrDdmr
Legendary
Offline
Activity: 2506
Merit: 11062
There are lies, damned lies and statistics. MTwain
|
|
January 11, 2021, 07:41:23 AM Merited by dbshck (4), Coin-1 (1) |
|
I was reading yesterday a bit about the new kid on the block: Jade. It’s open source, and cheap (pre-reserves are priced at 40$, with roughly 10$ transport feed, varying by country), but limited in features compare to current top used hardware wallets: The wallet manages Bitcoin and some other Liquid Network coins, but does not come close to the most commonly known hardware wallets. It will only work with Android for now, although their roadmap will extend it’s use to other platforms, and I’m not sure how likely it is to connect to Electrum from the start (obviously it connect to their software wallet manager, which requires 2FA). There’s a reddit thread where some of its developers have pitched in to answer the questions made on the thread, which provides some insights that are not available on their website. For example: > How does the security model compare to Trezor, Ledger, Coldcard?
Jade doesn't have a secure element so there's that. However it has secure boot + encrypted flash and as per prior answer it has a blind oracle enforced PIN. This acts almost as a remote 'secure element'.
https://www.reddit.com/r/Bitcoin/comments/kqgehd/were_the_blockstream_team_and_we_just_announced/It’s still early to evaluate properly, as the product has not been released, but just as important as seeing what you get for your bucks, is seeing what you don't get.
|
|
|
|
Oshosondy (OP)
Legendary
Offline
Activity: 1638
Merit: 1207
Gamble responsibly
|
|
January 11, 2021, 07:51:51 AM |
|
Open Source does not necessarily determine it's level of security.
If I can take trezor and ledger nano as an example, there have been vulnerabilities found on these wallets, there were bugs and other vulnerabilities that were later fixed. But open source wallets are far better than close sources. Users can not know what is happening while they are using close source wallets (users do not know if the wallet can do some monitoring or have some vulnerabilities that was coded into close source wallets), also what tells us the developers of close source can not later create a backdoor to steal from people. Bitcoin is money, I can not keep my bitcoin in a safe that I do not know the inside because I do not know what is running inside, that is why close source wallet should be discouraged even if good. Everything about bitcoin should be decentralized and open source by nature because bitcoin is money, anything we will use to keep bitcoin should be completely known to bitcoin users, to know what is running under the wallet as its source codes.
|
|
|
|
ranochigo
Legendary
Offline
Activity: 3038
Merit: 4420
Crypto Swap Exchange
|
|
January 11, 2021, 08:28:46 AM |
|
If I can take trezor and ledger nano as an example, there have been vulnerabilities found on these wallets, there were bugs and other vulnerabilities that were later fixed. But open source wallets are far better than close sources. Users can not know what is happening while they are using close source wallets (users do not know if the wallet can do some monitoring or have some vulnerabilities that was coded into close source wallets), also what tells us the developers of close source can not later create a backdoor to steal from people. Bitcoin is money, I can not keep my bitcoin in a safe that I do not know the inside because I do not know what is running inside, that is why close source wallet should be discouraged even if good. Everything about bitcoin should be decentralized and open source by nature because bitcoin is money, anything we will use to keep bitcoin should be completely known to bitcoin users, to know what is running under the wallet as its source codes.
Do you read and review the source code? Don't get me wrong. I also prefer open source codes over closed source ones but its a stretch to assume that just because something is open source that means it's completely safe. That's the same sense of security that phishing attacks has evolved to exploit. Some users were tricked to install fake versions of Electrum that were hosted on github. Some users assume that just because it's hosted on github and having the source code visible (albeit modified with small malicious codes), it is safe. The point I'm trying to make here is that just because something is open source doesn't mean it is superior over another that is closed source. Ledger has a NDA which means their secure element cannot be open source. Some prefer Ledger and some prefer Trezor but most don't consider the fact that Ledger doesn't have an open source secure element firmware. Hardware wallets are for-profit companies and they have to keep certain proprietary contents secret.
|
|
|
|
KaratX
Member
Offline
Activity: 252
Merit: 29
Sovryn - Brings DeFi to Bitcoin
|
|
January 11, 2021, 10:19:37 AM |
|
I've used both open source and closed source wallets but not hardware wallets, still can't tell the difference, security wise I believe open source is better but keeping my asset safe is all that matters to me, if I lose my private key the open source part won't get it back for me, same as closed source too, all that matters is keeping your keys, I've used coinomi wallet to store thousands of dollars assets since 2018 and it's never lost
|
|
|
|
Yogee
|
|
January 11, 2021, 12:21:08 PM |
|
.... all that matters is keeping your keys, I've used coinomi wallet to store thousands of dollars assets since 2018 and it's never lost
The problem with that kind of thinking is you are putting your complete trust to the developers that they won't fuck up the wallet and steal your assets worth thousands of dollars. Why? Unlike open source wallets that can be reviewed by anyone for bugs, nobody else can review the Coinomi wallet other thatn their own developers. In short, your seed phrase or private keys won't matter if these closed source wallet developers decides to lock you out of your funds.
|
|
|
|
20kevin20
Legendary
Offline
Activity: 1134
Merit: 1598
|
|
January 11, 2021, 05:46:23 PM |
|
I've used both open source and closed source wallets but not hardware wallets, still can't tell the difference, security wise I believe open source is better but keeping my asset safe is all that matters to me, if I lose my private key the open source part won't get it back for me, same as closed source too, all that matters is keeping your keys, I've used coinomi wallet to store thousands of dollars assets since 2018 and it's never lost
Open sourced means you can inspect all the lines of code behind the said software or can fully inspect the hardware components themselves. For example, all customer-end GPUs have closed-source components in them. If you downloaded a mainstream videogame right now, you wouldn't be able to see the lines of code behind it. That's closed-source. Coinomi has been a good wallet until they decided to go closed-source. Right now, they could simply make it so that they own every single seed that's generated through their wallet by their own customers - and you'd have no idea about it! Open-source may not "get it back" for you, but closed-source might give it to someone else without your knowledge and consent.
|
|
|
|
FatFork
Legendary
Offline
Activity: 1778
Merit: 2671
Crypto Swap Exchange
|
|
January 11, 2021, 09:50:35 PM |
|
@Oshosondy, there is already a sub-board dedicated to Hardware Wallets on this forum. I suggest you check it out. At the top of the list of topics you will find (list) Open Source Hardware Wallets where dkbit98 wrote a nice overview of all currently known open source hardware wallets. You can ask any additional questions in that thread since it is in a more appropriate board than this one. It is always smarter to spend a little time browsing the forum than just starting new topics.
|
|
|
|
Apostlekin$$$
Member
Offline
Activity: 238
Merit: 17
Sovryn - Brings DeFi to Bitcoin
|
|
January 14, 2021, 08:13:54 AM |
|
I've used both open source and closed source wallets but not hardware wallets, still can't tell the difference, security wise I believe open source is better but keeping my asset safe is all that matters to me, if I lose my private key the open source part won't get it back for me, same as closed source too, all that matters is keeping your keys, I've used coinomi wallet to store thousands of dollars assets since 2018 and it's never lost
Closed source wallets are not fully transparent, it means the team can still do nasty things behind your back, serious I don't see any reasons why wallet developers won't make thier wallets fully open source unless they have something they are hiding, it's why we can never trust any closed source wallet, I still use coinomi wallet till this day but I dare not leave huge amount of money on the wallet, I prefer using trust wallet more
|
|
|
|
JHORN
Member
Offline
Activity: 252
Merit: 15
Sovryn - Brings DeFi to Bitcoin
|
|
January 14, 2021, 08:29:08 AM |
|
I've used both open source and closed source wallets but not hardware wallets, still can't tell the difference, security wise I believe open source is better but keeping my asset safe is all that matters to me, if I lose my private key the open source part won't get it back for me, same as closed source too, all that matters is keeping your keys, I've used coinomi wallet to store thousands of dollars assets since 2018 and it's never lost
Closed source wallets are not fully transparent, it means the team can still do nasty things behind your back, serious I don't see any reasons why wallet developers won't make thier wallets fully open source unless they have something they are hiding, it's why we can never trust any closed source wallet, I still use coinomi wallet till this day but I dare not leave huge amount of money on the wallet, I prefer using trust wallet more How can you confirmed that trust wallet is open source too? Some said it's a half open source, I don't know what they mean by the word half, trust wallet is from Binance exchange that's why I trust this wallet, even if it's closed source I will still trust the wallet
|
|
|
|
Welsh
Staff
Legendary
Offline
Activity: 3318
Merit: 4116
|
|
January 14, 2021, 11:55:01 PM |
|
If you really want to go the open source route, you should probably look at hosting the Trezor software which is open source on a single board computer such as the Raspberry Pi. AFAIK, there's no issues with doing so, and you might trust the hardware you choose rather than the hardware which comes presupplied with Trezor. Its extra effort for sure, and would require a lot of testing before actually committing to it, but if you are storing a large amount of Bitcoin, and care a lot about using open source software then its probably worth the effort.
|
|
|
|
FatFork
Legendary
Offline
Activity: 1778
Merit: 2671
Crypto Swap Exchange
|
|
January 17, 2021, 08:57:11 PM |
|
If you really want to go the open source route, you should probably look at hosting the Trezor software which is open source on a single board computer such as the Raspberry Pi. AFAIK, there's no issues with doing so, and you might trust the hardware you choose rather than the hardware which comes presupplied with Trezor. Its extra effort for sure, and would require a lot of testing before actually committing to it, but if you are storing a large amount of Bitcoin, and care a lot about using open source software then its probably worth the effort.
There is a DIY Bowser Hardware Wallet project described by dkbit98 here. It is based on a 32-bit microcontroller board (M5Stack, TTGO, stm32, Adafruit) and the uBitcoin Bitcoin library for 32-bit microcontrollers. Needless to say, all the code used for making the Bowser hardware wallet is open source and available on github.
|
|
|
|
DaveF
Legendary
Offline
Activity: 3654
Merit: 6671
Crypto Swap Exchange
|
|
January 18, 2021, 12:34:23 PM |
|
I have posted it elsewhere around here but this point still need to be made. Open Source only works to a point. You are still at the mercy of the manufacturer of hardware components / secure element. Even if it IS 100% open source and documented that does not mean what you are getting is what they told you. You can only test what you can see.
If Input "A" is supposed to give you Output "B" and it does, and all other functions act the way they are supposed to you can only ASSUME that all is good. Not that they didn't shove in 1k of nvram to record the last 1000 bits of data going in and out, and that it can only be accessed in a special way. Yeah, you can X-Ray the chip and do some other things but....
Also, you can only hope that there are no other bugs that everyone missed, yeah 1000s and 1000s of people looking at the code will probably find it. But only IF those 1000s and 1000s of people know what they are looking at and catch the problem. Open source things get missed all the time. Heartbleed comes to mind...
-Dave
|
|
|
|
ranochigo
Legendary
Offline
Activity: 3038
Merit: 4420
Crypto Swap Exchange
|
|
January 18, 2021, 12:58:46 PM |
|
Open Source only works to a point. You are still at the mercy of the manufacturer of hardware components / secure element. Even if it IS 100% open source and documented that does not mean what you are getting is what they told you. You can only test what you can see.
If Input "A" is supposed to give you Output "B" and it does, and all other functions act the way they are supposed to you can only ASSUME that all is good. Not that they didn't shove in 1k of nvram to record the last 1000 bits of data going in and out, and that it can only be accessed in a special way. Yeah, you can X-Ray the chip and do some other things but....
Also, you can only hope that there are no other bugs that everyone missed, yeah 1000s and 1000s of people looking at the code will probably find it. But only IF those 1000s and 1000s of people know what they are looking at and catch the problem. Open source things get missed all the time. Heartbleed comes to mind...
That is correct. I feel that game theory plays a huge part in the legitimacy of hardware wallets as well. They are bound to be audited fairly frequently and sometimes by the community to try to find exploits or bugs. If there are any serious vulnerabilities found within the hardware wallets, then their reputation would be tarnished. I don't consider this as being overly paranoid but there wouldn't be anything that you can do if you don't have the expertise to read codes/equipment to inspect the hardware. Same goes for wallet builds, if you don't understand the code and you're instead validating your copy against someone else's, you are just trusting another person/a group of people and for them to be honest. I feel like the benefit of open source codes has been blown out of proportion. I find it helpful to be able to read and inspect the codes myself but I think that the normal users would be fazed by the lines and lines of code and wouldn't even try to read it, if at all. Sure, open source projects removes the corporate aspect of the software but it by no means guarantee that an open source software will be better than a proprietary one.
|
|
|
|
Tibu
Full Member
Offline
Activity: 310
Merit: 151
Hardware and open source software solutions.
|
|
January 18, 2021, 02:36:46 PM |
|
Hardware wallets have been one of the best ways to safely save bitcoin offline and yet in a convenient way that can be easily used by beginners. As for me I prefer open source wallets, this makes me to prefer open source hardware wallets but I am thinking if it is possible there is any hardware wallet that is open source in a way it will not be partially open source and partially close source but completely open source. I know three common hardware wallets now:
1. Trezor 2. Ledger nano 3. Coldcard.
Which hardware wallet is completely open source out of the three? Which one is more recommendable?
Satochip is fully open source. You can even buy a blank (compatible) smart card and load the applet yourself. Check out our GitHub : https://github.com/ToporinAnd blank card : https://satochip.io/product/satochip-diy-and-developer-card/This is by far the only hardware wallet on the market that is fully open source and very affordable. Security for everyone.
|
|
|
|
|