Bitcoin Forum
May 28, 2022, 07:45:40 PM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Offline Transaction vs hardware wallet, which is safest?  (Read 237 times)
Pmalek
Legendary
*
Offline Offline

Activity: 2044
Merit: 4228


100% Deposit Match UP TO €5000!


View Profile
August 14, 2021, 08:26:37 AM
 #21

Hardware wallets are designed to be easy to use and safe. You won't make a mistake using a hardware wallet. You will be fine.
But OP should still be careful. A hardware wallet won't warn you when you are about to make a serious mistake like sending funds to the wrong address, if you have a clipboard malware, if you are overpaying on the network fees, or making a mistake on the amounts being transacted. Doublecheck and then triplecheck if you are not sure.

this is, in my opinion, the most proven method and the safest than all the others.
I am a hardware wallet user myself, but I wouldn't claim that a hardware wallet is safer or provides a higher level of security than a properly configured airgapped computer. it's certainly easier to use and more user-friendly. 

Hardware wallet is secure and easy too use, but has some vulnerability and database hack.
The database hack doesn't affect the security of your funds and private keys. It affects the privacy of those whose data got leaked though. In terms of vulnerabilities, what exactly do you mean? Trezor has an unfixable problem that could result in your seed being extracted. But that can be mitigated with a strong passphrase or a unique code saved on a SD card. Ledger has certain closed-source elements in its code related to the Secure Element. Although an issue, I wouldn't call it a vulnerability.   

Every time a block is mined, a certain amount of BTC (called the subsidy) is created out of thin air and given to the miner. The subsidy halves every four years and will reach 0 in about 130 years.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1653767140
Hero Member
*
Offline Offline

Posts: 1653767140

View Profile Personal Message (Offline)

Ignore
1653767140
Reply with quote  #2

1653767140
Report to moderator
1653767140
Hero Member
*
Offline Offline

Posts: 1653767140

View Profile Personal Message (Offline)

Ignore
1653767140
Reply with quote  #2

1653767140
Report to moderator
1653767140
Hero Member
*
Offline Offline

Posts: 1653767140

View Profile Personal Message (Offline)

Ignore
1653767140
Reply with quote  #2

1653767140
Report to moderator
xenon131
Hero Member
*****
Offline Offline

Activity: 606
Merit: 1248



View Profile
August 15, 2021, 05:17:48 AM
 #22

Lets say i want to transact a very important huge amount of btc transation of my life. Which one should i chose between Offline signing transaction via Electrum(gpgverified) or trezor bought from official site.

This is a hypothetical question. i want some expert opinion to confirm my bias that offline transaction on airgaped pc is more secure than a trezor.


Yeah, you are correct. The use of offline transactions signed on airgaped  machine is more secure than a trezor. Despite the fact that trezor is hardware wallet the funds hold there are still open for a few attacks.
I will refrain from mentioning the side-channels attacks as they are too  sophisticated  and o'er costly to be applied to ordinary user but would like to focus your attention on ransom attack  that could be possible in the case your  PC (to which Trezor were connected ) were compromised.

B cepдцe кaждoгo yкpaинцa вмecтo cтpaxa яpocть и жaждa мecти pycнe. Instead of fear there are a rage  in the heart of every Ukrainian   and a furiousness  for revenge to ruska kurva aka rusnya.
HCP
Legendary
*
Offline Offline

Activity: 1932
Merit: 4210

<insert witty quote here>


View Profile
August 19, 2021, 07:44:19 AM
 #23

... but would like to focus your attention on ransom a.ttack  that could be possible in the case your  PC (to which Trezor were connected ) were compromised.
Is this even still a thing? I thought that Trezor patched that vulnerability after it was initially announced? Huh

refer release notes from Sept 2020: https://blog.trezor.io/firmware-updates-for-trezor-model-t-version-2-3-3-and-trezor-model-one-version-1-9-3-c94f7a3b6fea

20kevin20
Legendary
*
Offline Offline

Activity: 1078
Merit: 1475


Powerful promotion strategy https://bit.ly/3cRVjFi


View Profile
August 19, 2021, 12:56:12 PM
Merited by NeuroticFish (3), BlackHatCoiner (2), dkbit98 (1)
 #24

It depends if privacy is part of your definition of security or not. Airgapped is good if you want to broadcast txs through an amnesic Tor-enabled system like Tails. Sign the transaction on your airgapped PC, put it on a stick (or even better: use a webcam and only scan the signed transaction QR code), broadcast it on Tails and shut it down. Done - everything is now erased as if your tx never happened.

Hardware wallets are just more convenient. Plug it in and it's ready to go.

For me, the reason I prefer airgapped is because you can use an airgapped PC without ever connecting it to the online one and safely broadcast txs without ever interacting with each other. If I use 3 devices (airgapped for signing, offline phone for QR code scanning and online for broadcasting) chances of infecting the airgapped PC are close to zero. And by using an offline phone to scan QR codes, what you're doing is making sure the code does not contain anything malicious.

Moreover, you can download, install and use on an airgapped PC only what you like and want. If you want a free as in freedom OS with fully open-source apps like Bitcoin Core, you can easily do that. With HWs, it's harder.

For example, Ledger requires Ledger Live (or ledgerctl, which I never got fully functional without proprietary stuff or exchange of information through various servers) to install and uninstall apps. That sucks for me because although I can use BTC with Wasabi for example, I first have to go through Ledger Live to install the BTC app on my hardware wallet. And Ledger Live communicates with various servers again.. and so on. Airgapped is 100% offline at all times. If you want to check the balance of an address, you can boot Tails on a separate online PC, open up Electrum and check the balance of a single address. Now the nodes don't know what other balances you possibly own.

Security flaws are present in all devices, be it airgapped PCs or hardware wallets. The only thing is, airgapped PCs are more obvious than hardware wallets are due to their sizes. It truly depends on what you're looking for.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!