OVERVIEW: BITCOIN HARDWARE WALLETS █████████████████ Secure your Coins

[Realpra]

ANNOUNCEMENT:
Since October 2015 my sold cards are now free of any fees. These cards cost only 20 EUR a piece and come with a paper wallet backup.
Perfect for those without too much time for hassle using Bitcoin.

This move was made in order to bring the pricing structure closer to the standard of other hardware wallets.


I have also begun distributing FREE cards in the Copenhagen area to improve localized Bitcoin adoption.
These free cards have a 1.8% fee - except for merchants who get normal cards scot-free.

Yes that is right, the 0$ Bitcoin wallet is HERE!

Read more at www.BlochsTech.com


PS.: I would be very happy if LiteCoinGuy would include my finished, open protocol, community developed product equally alongside the "jpegs only" products or explain why it will not be listed

[btchip]

Can please somebody fix the link for 10. HW1 Wallet
It seems that the link is broken and it is redirecting me to another website.

it's ok, it redirects you to Ledger website on which you can buy HW.1 - both shops have been merged some time ago.

[kkurtmann]

Looks like Coolwallet is finally for sale $119 http://shop.coolbitx.com

I would read the review at http://cointelegraph.com/news/115837/coolwallet-the-bitcoin-wallet-that-fits-right-into-your-wallet before buying one.

Quite a short "review" that left a lot of blanks. Fortunately replies to that article filled in some of them.

[LiteCoinGuy]

Is Bitcoin Happening?

https://www.youtube.com/watch?v=ZAiuprYK5bc&feature=youtu.be

[Xmaseven]

where I can buy by hand in Italy? only online selling?

[LiteCoinGuy]

KeepKey Review:

http://object2212.com/?p=405

[Indianacoin]

KeepKey Review:

http://object2212.com/?p=405

Nice and detailed review.

But the price of one KeepKey = price of 14 Ledger HW.1 wallets. In fact both of them are secure and are having the same functionality of 2 factor authentication.

I think KeepKeys' price is bit of an overkill for just the addition of display feature. What opinions do you have OP?

[BitcoinNewsMagazine]

Security from most secure to least: KeepKey > Trezor > Ledger

KeepKey edges out Trezor only because the recovery process for KeepKey is more secure than the method used by Trezor. If you read the references you will note that Trezor is still "uncrackable for all but well funded governments."

The KeepKey developer notes "On KeepKey, you don't even need to store your private key on the device. The recovery process is secure enough, that you can use it only as a transactional device for your paper (recovery sentence) wallet. Then just wipe the device after each use."

If you read the references Ledger is criticized for lack of security during initialization (corrected by Ledger Starter) and transaction authorization. The security card and phone pairing app are also not considered safe from malware.

References:

https://www.reddit.com/r/btc/comments/3w81k1/securitywise_is_there_really_any_difference/
https://www.reddit.com/r/Bitcoin/comments/3e6ir3/eli5_how_devices_like_trezor_legder_keepkey_can/

[blo8i]

I am looking at the Mycelium card, i was i not sure one one thing.

Can i only use the card to send BTC and other fudns form card to card? or cna i also send btc from my card to other normal wallets? it seems like they are going to work like a closed money/banking network.

[BitcoinNewsMagazine]

I am looking at the Mycelium card, i was i not sure one one thing.

Can i only use the card to send BTC and other fudns form card to card? or cna i also send btc from my card to other normal wallets? it seems like they are going to work like a closed money/banking network.

As I read it is a closed system. You use the Mycelium card to pay at a merchant who has one of the Mycelium Hubs set up or to another Mycelium card holder. The system is based on Colored Coins called IoUs. You have to convert fiat to IoUs to load your card. I can find no information on how to exchange fiat to their Colored Coin or back. The Mycelium Card is not really a hardware wallet and I do not think the system is even in beta yet.

[blo8i]

I am looking at the Mycelium card, i was i not sure one one thing.

Can i only use the card to send BTC and other fudns form card to card? or cna i also send btc from my card to other normal wallets? it seems like they are going to work like a closed money/banking network.

As I read it is a closed system. You use the Mycelium card to pay at a merchant who has one of the Mycelium Hubs set up or to another Mycelium card holder. The system is based on Colored Coins called IoUs. You have to convert fiat to IoUs to load your card. I can find no information on how to exchange fiat to their Colored Coin or back. The Mycelium Card is not really a hardware wallet and I do not think the system is even in beta yet.

Thanks for the fast help, Right now i am using the ledger nano as my cold storrage, to store all the bitcoins i am saving and not planing on using in the near future (atleast 3 years) and i am looking for a hardware wallet to use for "everyday uses" i just lost around 0.8 btc on my tablet (mycelium wallet) beacouse my tablet went black a few moments before i got the chance to write down the 12 backup words. all the Phone/tablet repairshops says they cant get my data back.

so i am looking for a hardware wallet that i can use on a for my everyday uses, i would prefer if it was a standalone wallet, like the ledger blue but it seems like it will take a few months before that comes out.

so i am thinking about getting the Ledger Unplugged, and just use that until the Ledger blue comes out. or do you guys know of any other HW wallet that are good for holding and spending?

(sorry if this does not fit in here)

[BitcoinNewsMagazine]

I am looking at the Mycelium card, i was i not sure one one thing.

Can i only use the card to send BTC and other fudns form card to card? or cna i also send btc from my card to other normal wallets? it seems like they are going to work like a closed money/banking network.

As I read it is a closed system. You use the Mycelium card to pay at a merchant who has one of the Mycelium Hubs set up or to another Mycelium card holder. The system is based on Colored Coins called IoUs. You have to convert fiat to IoUs to load your card. I can find no information on how to exchange fiat to their Colored Coin or back. The Mycelium Card is not really a hardware wallet and I do not think the system is even in beta yet.

Thanks for the fast help, Right now i am using the ledger nano as my cold storrage, to store all the bitcoins i am saving and not planing on using in the near future (atleast 3 years) and i am looking for a hardware wallet to use for "everyday uses" i just lost around 0.8 btc on my tablet (mycelium wallet) beacouse my tablet went black a few moments before i got the chance to write down the 12 backup words. all the Phone/tablet repairshops says they cant get my data back.

so i am looking for a hardware wallet that i can use on a for my everyday uses, i would prefer if it was a standalone wallet, like the ledger blue but it seems like it will take a few months before that comes out.

so i am thinking about getting the Ledger Unplugged, and just use that until the Ledger blue comes out. or do you guys know of any other HW wallet that are good for holding and spending?

(sorry if this does not fit in here)

I have a Ledger Unplugged card and it works OK with Mycelium on my Android phone. Realize if you get one you will have to use the security card to authorize transactions. No way around that. Case hardware wallet is out of stock but I think they will be selling more soon.

[blo8i]

I have a Ledger Unplugged card and it works OK with Mycelium on my Android phone. Realize if you get one you will have to use the security card to authorize transactions. No way around that. Case hardware wallet is out of stock but I think they will be selling more soon.

i have have had a look at the Case, but i have hard time to see if they have the 12-24 word recovery (bip 32??) option, so i am not sure on how you would recover your wallet if your case is lost or something els happens. Also you cant see you balance on the case itself, so you would need to sync it with a third party to see that. or you would need to keep track of it by youself.

[BitcoinNewsMagazine]

I have a Ledger Unplugged card and it works OK with Mycelium on my Android phone. Realize if you get one you will have to use the security card to authorize transactions. No way around that. Case hardware wallet is out of stock but I think they will be selling more soon.

i have have had a look at the Case, but i have hard time to see if they have the 12-24 word recovery (bip 32??) option, so i am not sure on how you would recover your wallet if your case is lost or something els happens. Also you cant see you balance on the case itself, so you would need to sync it with a third party to see that. or you would need to keep track of it by youself.

I think Case prefers not to show bitcoin balance on device itself for privacy. You can keep a running tally in your head or check your balance at the Case owners website. If you lose your Case you can recover your bitcoin using an online process for $75 per their FAQ.

[blo8i]

I have a Ledger Unplugged card and it works OK with Mycelium on my Android phone. Realize if you get one you will have to use the security card to authorize transactions. No way around that. Case hardware wallet is out of stock but I think they will be selling more soon.

i have have had a look at the Case, but i have hard time to see if they have the 12-24 word recovery (bip 32??) option, so i am not sure on how you would recover your wallet if your case is lost or something els happens. Also you cant see you balance on the case itself, so you would need to sync it with a third party to see that. or you would need to keep track of it by youself.

I think Case prefers not to show bitcoin balance on device itself for privacy. You can keep a running tally in your head or check your balance at the Case owners website. If you lose your Case you can recover your bitcoin using an online process for $75 per their FAQ.

yeah i saw that on their FAQ page, i just dont like the fackt that i need to rely on them to restore my BTC if i lose my case. but on the other hand, i dont see the happening. but that also means that they can get to my coins, if they turn "dark"

[BitcoinNewsMagazine]

I have read the arguments about the Case wallet multisig architecture and am OK with the security. Once you use a Case you find out it is the easiest way to send bitcoin, very cool device. They even sold out the first production run of 1000.

[AussieHash]

KeepKey edges out Trezor only because the recovery process for KeepKey is more secure than the method used by Trezor. If you read the references you will note that Trezor is still "uncrackable for all but well funded governments."

The KeepKey developer notes "On KeepKey, you don't even need to store your private key on the device. The recovery process is secure enough, that you can use it only as a transactional device for your paper (recovery sentence) wallet. Then just wipe the device after each use."

Extracting secrets from Trezor + KeepKey is fairly trivial - there are companies you can find via google in Russia and China which will enable JTAG or extract secrets from a ST Microcontroller for under 5 btc

Both devices store the mnemonic seed in plaintext in the storage sector.
https://www.reddit.com/r/Bitcoin/comments/3v2fq4/just_got_a_trezor_in_the_mail_i_love_it_but/cxjsdf8

stick discussed the JTAG attack vector in the 2013 Q&A session
https://www.reddit.com/r/Bitcoin/comments/2cj620/trezor_is_an_isolated_environment_for_offline/cjg18bj

[Bridgewater]

As far as I know, both the Trezor and the Ledger have the same disadvantage of storing the seed (Ledger) or mnemonics (Trezor) UNENCRYPTED on the device.

This means that if someone gets physical possession of the device, they might be able to use tricks such as partially dissolving the security chip in acid and extracting the plaintext seed/mnemonic.

However, this is where I think the Trezor is actually more secure than the Ledger.  The option to require a passphrase in combination with the mnemonics means that even if someone in is able to physically get the mnemonics off the Trezor, they still need the passphrase to reconstitute the seed.

We (Ledger) actually use smartcards for two reasons : cost at scale, and because they're specifically designed to withstand physical attacks - if you store secrets on a generic purpose microcontroller and are worried about physical attacks, you shall use a good passphrase in my opinon. It's not an option. Physical attacks against generic purpose microcontrollers are not widespread yet, but the more people use them to store secrets the more common it will be, and we'll be looking at physical kits to dump their memory in a couple of seconds / minutes, similar to old console modchips.

btchip, AussieHash

Is it fair to categorize the two options like this?

Trezor/Keepkey = 100% open source, but more vulnerable to physical attacks on its generic controller to extract plaintext mnemonic. (mitigated by use of passphrase)

Ledger Nano/HW.1 = partially closed-source smartcard element to store plaintext seed (no passphrase option), on which physical attacks are much more difficult than on a generic controller, but possibly backdoored?

Also, btchip can you explain more details about how the mobile phone second-factor works?  Is the pairing with the Security Card performed only once, or for each transaction?  I assume it is not actual multi-sig, but rather an internal security function built into the chrome app?  If the Ledger chrome app gets compromised, couldn't it then display the same malicious transaction details on your computer and on the phone app?

[btchip]

Trezor/Keepkey = 100% open source, but more vulnerable to physical attacks on its generic controller to extract plaintext mnemonic. (mitigated by use of passphrase)

Ledger Nano/HW.1 = partially closed-source smartcard element to store plaintext seed (no passphrase option), on which physical attacks are much more difficult than on a generic controller, but possibly backdoored?

that's about right - just consider that the STM32 could also be backdoored at a lower level. That's a common issue with hardware, you have no way to be sure unless you build it yourself, which is not possible to achieve.

Also, btchip can you explain more details about how the mobile phone second-factor works?  Is the pairing with the Security Card performed only once, or for each transaction? 

The pairing is performed once when the firmware is initialized.

I assume it is not actual multi-sig, but rather an internal security function built into the chrome app? If the Ledger chrome app gets compromised, couldn't it then display the same malicious transaction details on your computer and on the phone app?

The algorithm is described here  - the chrome app just forwards the encrypted transaction details to the phone, which decrypts it.

So a malware would need to compromise both and keep synchronized to display the same information on the desktop computer and the phone.

[Bridgewater]

I assume it is not actual multi-sig, but rather an internal security function built into the chrome app? If the Ledger chrome app gets compromised, couldn't it then display the same malicious transaction details on your computer and on the phone app?

The algorithm is described here  - the chrome app just forwards the encrypted transaction details to the phone, which decrypts it.

So a malware would need to compromise both and keep synchronized to display the same information on the desktop computer and the phone.

Thank you very much for the information.

It is good to know that the hardware wallet is in charge of the secure screen validation. With the use of this function, it seems Ledger has the same level of transaction security as Trezor, but with a smaller form-factor (not counting the mobile phone, which you already carry around).

I have an older HW.1, which did not come with a Security Card.  This means I can never use the secure screen user validation option with it, right?