Which one is better?

you do realize you can use a block explorer to check your balance from any computer without using your hardware wallet?

Ledger

Which one do you use

Why can't you just use an encrypted USB? Why this meme shit?

You don't have to connect your Ledger to receive coins to the address. Only to authorize their release at the hardware level.

Dubs confirm

First time - jochen-hoenicke.de/trezor-power-analysis/

Second time - wired.com/story/i-forgot-my-pin-an-epic-tale-of-losing-dollar30000-in-bitcoin/

And when you want to access your crypto to send or spend, what do you do? You unencrypt it and expose your private key to the system.

>trusts third party hardware wallets made by gooks

yeah no, i'll take a regular paper wallets over those scam drives anyday desu

etherscan.

just get a permanently offline computer you destroy after writing down your mnemonic passphrase words and public address. Then if you never sell just send your shit there and eventually if you need to sell get a new permantly offline computer and sign a transaction offline

then destroy that computer after you've signed the transaction. And remember to keep your words encoded and stored in two places using a key stored in a seperate location with no clues as to what it is.

So then how do you send or spend with your hardware wallet?

how about you simply use an malware free botnet free linux distro that you just installed on a new cheap leptop?

Also who the fuck encrypts his wallet and dont sell anything right away?

If my ETH has his the target price I want, I will encrypt it and sell it right away.

>wired.com/story/i-forgot-my-pin-an-epic-tale-of-losing-dollar30000-in-bitcoin/

the second one the guy was just retarded. So i'm assuming the first one is too.

What do you do when you want to spend your coins? You have to get your key off the USB and unencrypt it on your computer. Then you have to paste it into a website to open your wallet. What happens if your PC is compromised? What happens if you are on the road and you don't have your PC and must use a public computer?

With hardware wallets, you go to the same website, but instead of pasting your keys in, the website imports a transaction into the hardware wallet, it is signed internally, and then spit back out. Private key never leaves the device and is always encrypted.

I guess if you never plan to move your coins ever, and you have good computer security, an encrypted USB is ok.

Unsigned transactions go into the hardware wallet, private key signs it without ever being exposed to system - signed transactions comes out and is broadcasted to the blockchain.

newfag here, is paper wallet some fancy teminology or is it literally paper?

At the bottom of the first one he says:
>I own two TREZORs myself and I am still thinking hardware wallets are the best way to protect against most attack vectors. Problems like this are to be expected in any new product and TREZOR is barely a year old now. It is more important that these things get fixed in a timely manner.

The fact that this was discovered is a good thing, and it's been fixed for years.

Literally a piece of paper with your private key on it. Good for long term storage, bad if you want to actually use it.

It is literally your private key written down on some paper

but you literally can't just generate a private key on your regular laptop. You must do it on a device that will never go on the internet again and that you must destroy after generating the key.

You can get one here by the way: ebay.com/itm/Paper-Wallet-Bitcoin-dash-Monero-Pivx-any-ALTCOIN/182928668397?epid=17010434812&hash=item2a9765f6ed:g:H70AAOSwOA1aGjsd

;^)

if my hardware wallet got stolen even if the odds are quite small that the thief had the technical sophistication to do get around the pin, I'd just assume my private keys were compromised and access my mnemonic phrase and transfer all of my shit

its even worse than you think, the ledger is made by the french

Now you have an option of using a password too. The password is not stored on the wallet, but rather acts as one of the words used to generate the private key, so this is not something that is even possible to hack.

Ledger is closed source, which means even if there was a security audit it was most likely done by a single individual/organization which is pretty fucking ridiculous for something this important. A post on redit by the ledger CTO from two years ago says: "We've not run a security audit yet". Nuff said.

>He doesn't have his private key in his head on a completely stripped down system that is only allowed to access the IP address of MEW (after manually plugging and unplugging the shielded ethernet cable every time) for making transactions, on a computer with 6 different keyboards with a portion of the key typed in on 4 of them (2 of them are dummy keyboards and any keys pressed on them will make the private key invalid), has no monitor so psychics can't remote view me, in a room surrounded by a faraday cage

THEN IT'S NOT FUCKING PAPER NOW IS IT

Where you can download your bitcoins

which untrusted computer did you use to generate the keys?

literally paper.
bitcoinpaperwallet.com/

So why couldn't I just use a software wallet hosted on the encrypted USB?

To access the wallet you would need to decrypt the USB, and then potentially exposing your private key to the system.

How are you planning to use it if it's encrypted?

So ledgers would be better if a 3rd party were to audit, thereby creating vulnerability profile data that otherwise wouldn't exist?

They'd be better if open source?

They're doing it right already. 3rd party auditing and open sourcing would bring them a handful of new business via buzzwords at the cost of security. If they hadn't sold any ledgers yet then I'd be game for an audit, but fuck open source for HSMs... that's just dumb.

>security by obscurity
How many times do we have to go over this?

22 sold. Jesus

Look up HSM and let me know how many are open source.

>same amount of temper proofing
nope, not even close
trezor has a shitty run of the mill microcontroller inside
ledged has an actual security enhanced microcontroller that is used for these sorts of security-oriented applications

t. electronics engineer

> Security is my top concern when creating these wallets!
Mah sides

The USBs private key, not my wallet's software private key.

This is perfectly legal, right? I mean he's just giving people his own wallets, it's not his fault if they are dumb enough to put their money into them.

I decrypt the USB as needed and fire up the software sitting on it.

But the wallets private key can't be accessed until you decrypt the USB. When you decrypt the USB, it's then that your wallet private key too becomes decrypted and then exposed to the system.

Decrypting my USB != decrypting my wallet private key. Unless they were both set up to have the same key for some reason.

Yeah it is legal. And they're not getting his wallet, but rather he's probably copying the secret key. Sneaky bastard.

wtf you going to do with an encrypted private key nigga?

If I had thousands of btc then I'd give you part of one to reward your display of patience.

Same topic, is the term unencrypt used in europe or something?

Tell the OS to load it into protected memory where it will be very carefully handled as well as it can be without secure RAM.

And there's probably a gorillion different ways to exploit that - if you have investments in crypto over $500 just get a hardware wallet

Agreed

I bought a 64gb USB and installed Ubuntu on it and installed Electron Cash on that.

Whenever I want to access my savings I just boot Ubuntu on the USB, connect to the internet and do the transaction, seems pretty secure right?

How are these better than an airgapped laptop? They're not.

These are pretty good for starters

> what is Intel Management Engine
Glow in dark CIAniggers may steal your coins, but it should work against most common adversaries.
> vape and a hw wallet in one device
> (fedora not included)

Everything.

>the absolute level of autism

use QR codes and webcams to transfer the signing between the computers instead of typing it all out

Will I be able to store LINK on Ledger?

What is their policy if device broke when still on warranty? Will they give back my money worth of coins on it?

keep two separate addresses in two different containers: one for hodling, another for spending. that way, if you get hacked you only lose some of your coins. I wouldn't use usd drives either. diskets are much better, if all you're doing is keeping notes.

>Will I be able to store LINK on Ledger?
LINK is an ERC20 token so you can just use your Ledger's Ethereum address.

>What is their policy if device broke when still on warranty? Will they give back my money worth of coins on it?
You're given a word phrase to write down when you first set up the device. That is your "back up" in case your device gets lost or destroyed. If you manage to lose both at the same time well then basically don't be so dumb.

Isn't this just as safe as a paper wallet then if you still have to use a backup seed on a piece of paper?