Some questions about Cold wallet

[n0nce]

They're highly unlikely to happen, but they're not impossible.

I don't follow the point you are trying to make. First you say to focus on the attack which is more probable, then you highlight uncommon but "not impossible" attack vectors.

I'm saying that yes, absolutely focus on the attack vectors which are more likely first, but if you have protected yourself as much as you can against common attack vectors, then it is only logical to start considering uncommon ones. All these attacks are possible, and the risk they pose to each individual user will depend on your threat model and the steps you have already taken to mitigate against. The list of vulnerabilities or potential attack vectors against you, ranked by likelihood, is not universal nor static. Perhaps the most likely way for you to lose your coins is by someone finding your seed phrase, which is written on a post-it note and stuck on your monitor. It absolutely makes sense for you to focus on this issue first. But since my coins are in a passphrased wallet with the seed phrase and passphrase stored encrypted and in two separate safes in two separate cities (for example), then this attack vector is much further down my list, and so it makes sense for me to focus on different attack vectors.

I think he's trying to say that at a certain point you don't really need to continue 'focusing on different attack vectors', since the ones that remain are so unlikely that you'll be better of enjoying your free time instead of continuing to pursue the goal of the perfectly secure Bitcoin storage.. At least this is my interpretation and I'd agree in a way. At a certain point you just want to sleep in peace and stop worrying about every last possible way of how someone could steal your coins that you might have missed.

[1714639055]

1714639055

[BlackHatCoiner]

I don't follow the point you are trying to make. First you say to focus on the attack which is more probable, then you highlight uncommon but "not impossible" attack vectors.

I'm highlighting the latter to be more persuasive about the former. There are specific, common attack vectors, which can be mitigated in a human manner, and an endless list of uncommon, such that even if they happen, you're likely affected one way or another.

For example, if, say, it was found that all Windows OS's had a vulnerability which weakens the RNG (or whatever), it can harm everybody - including you who're not using Windows - because of the market upheaval.

I don't know, I might be wrong.

At a certain point you just want to sleep in peace and stop worrying about every last possible way of how someone could steal your coins that you might have missed.

It's just that you're usually not so concerned in other things in life, which are much more likely to happen, but you're going to exaggerate it with the cold storage. Don't know, again, but I feel it's purposeless.

[garlonicon]

I don't understand what's the deal with you 'self-censoring' the word 'trust', though?

In the past I found a page that described pretty much the same as I did, and they also focused on the word "trust" and replacing that with "tr*st". I really like this text, but I cannot find it again (also because that star character is a special one and search engines cannot handle it well).

[BlackHatCoiner]

[...]

I thought you used asterisk, because "trust" is taken as a bad word in here. 

[n0nce]

[...]

I thought you used asterisk, because "trust" is taken as a bad word in here. 

This diabolization of the word 'trust' is overblown in my opinion. The people who do it, act as if their whole life, or at least their whole Bitcoin setup was trustless, yet they trust the hardware, the OS, ....
Since I often notice that even very technical people here can't (read or write) code, I am certain they haven't verified the Linux kernel they're running or the software they use or tested it for bugs and security vulnerabilities.

But my point is: they don't have to. It's totally normal to have a certain level of trust in the systems, the code and the cryptography & maths you use on a daily basis. It's not good to try to hide the fact you trust something; instead it should be encouraged to talk about and discuss how much trust you're willing to give to a certain part of your system. To think about trust / time & effort tradeoffs, and maybe even about how to quantify trust.

But ignoring it, or even censoring it, is not the way to go, in my opinion. It will result in people being uncomfortable to admit they use a mobile wallet for daily usage and could lead to a newbie running around with his life savings on his hardware wallet when going on a jog to the grocery store because someone online made it seem like any coins deposited into a hot wallet will be immediately stolen.