HARDWARE WALLETS

Question

HARDWARE WALLETS

Brayden Ramirez

For the rich or paranoid:

What hardware wallet do you use? Do you keep all your coins on there or some on paper/web wallets/mobile wallets/exchanges too?

Which hardware wallet do you think is the safest/best to use?

July 9, 2017 - 21:59

Other urls found in this thread:

ledgerhq.github.io/btchip-doc/bitcoin-technical-beta.html
github.com/apoelstra/icebox
youtube.com/watch?v=FC1Kte0vf00
doc.satoshilabs.com/trezor-user/settingup.html
twitter.com/AnonBabble

Charles Ortiz

Trezor. All the other ones just stole its code lol

July 9, 2017 - 22:00

Aaron Cook

Nano ledger S

July 9, 2017 - 22:04

Brandon Diaz

good old fashioned usb stick

July 9, 2017 - 22:16

Ryder Price

Well that's 1 for 1.

But then you need to expose your secret to make a transaction.

July 9, 2017 - 22:35

Oliver Morris

tattooed the QR codes on my ass, but part of it is only revealed under blacklight

July 9, 2017 - 22:56

Jaxson Phillips

You're an idiot. Trezor was the only one you could do timing attacks on with a stopwatch and the only one that won't even turn on without running some random Chrome app (which is not only a shitload of local code you have to audit and trust, but these are going away anyway).

I use a Ledger Nano S. btchip is much more friendly and reasonable than the Trezor devs, plus his code is consistently high quality, and you can set up the device without any Chrome apps. I wrote my own code but the more sensible thing is probably to just use Electrum.

July 9, 2017 - 22:59

Robert Thomas

How do you write your own code for it? im leaning towards the ledger because they seem like they will have monero support out before trezor.

July 9, 2017 - 23:34

Christian Miller

ledgerhq.github.io/btchip-doc/bitcoin-technical-beta.html
and study Electrum/python-btchip, and also go on the Ledger developer slack and ask questions.

Basically every message is at most 256 bytes, it's wrapped in this weird "APDU" layer that pokes 64 bytes at a time down the USB bus, copy that code from python-btchip and the rest is reasonably straightforward. Some guy also did a Rust implementation github.com/apoelstra/icebox which you can also copy from.

July 9, 2017 - 23:50

John Morales

Thanks. Do you think the device hardware itself is secure enough to store a decent amount of money on? I know its not fully open source, but it does use a secure chip. I don't think I know enough to know what the attack vectors would be, apart from a rogue secure chip that's not actually secure and signs your transactions in a way that they can be broken with some other private key?

July 10, 2017 - 00:24

Wyatt Rivera

I trust it with well over $100k BTC. I would move it immediately if the device were stolen, but I do trust it against side-channels and against the device attacking my computer.

It is impossible to make a signature that "can be broken with some other private key". It is possible to make weak signatures if the nonce is chosen incorrectly, but the Ledger uses RFC6979 which prevents this form of attack. Unfortunately to verify that it's doing so every time requires you to use your secret keys, which are dangerous to generate and play with outside of the device, plus it's a PITA getting them from the master seed. But I trust btchip that the code actually does this.

July 10, 2017 - 00:35

Jace Reyes

Thanks for answering my questions. That's my only fear, that some vulnerability in the signing leaks information, but I assume it does the correct thing and never reuses an address which should only leak the now empty private key, right? There should be no way to get the master seed no matter how many child address private keys get leaked I think.

July 10, 2017 - 01:02

Carson Adams

Private keys are never ever leaked under any circumstances, regardless of address reuse, if the device is working correctly.

Further, it is true that the master seed will never be leaked even if address private keys are revealed, but again this should never happen.

July 10, 2017 - 01:08

Joshua Price

You don't need a Chrome app you dumb fuck.

Go shill your shit hardware somewhere else faggot

July 10, 2017 - 01:13

Chase Edwards

Ok, a random website then. I plugged it in and it said "go to mytrezor.com" or some shit like that. I threw it away and got a Ledger, no interaction with any remote servers needed.

July 10, 2017 - 01:17

Robert Cox

>shilling this hard
>wrong on multiple things

you're clearly a reddit faggot

kys

July 10, 2017 - 01:20

Jaxon Walker

you're still wrong, faggot

July 10, 2017 - 01:20

Josiah Hill

This

July 10, 2017 - 01:21

Mason Phillips

>gets on proxy to help support his lies
>actually shilling this hard

so you're a dev? send me some so i can sell your junk on amazon to other retarded reddit faggots

July 10, 2017 - 01:23

Wyatt Hughes

I'm not the other poster, nor am I a shill or a Ledger dev, and I absolutely did plug in a new trezor and it told me to go to a website. The Ledger did no such thing.

July 10, 2017 - 01:52

Leo Powell

>shilling
You seriously think someone is wasting their time trying to shill their hardware to me on Veeky Forums? Give me a break. At least this guy's being helpful instead of your typical autistic screeching.

July 10, 2017 - 03:23

Parker Cook

he's being helpful by lying about Trezor?

July 10, 2017 - 03:24

Owen King

youtube.com/watch?v=FC1Kte0vf00 1:37 you can see exactly the message I'm talking about.

The first Google hit for "trezor setup" gives me
doc.satoshilabs.com/trezor-user/settingup.html
which is from the Trezor website and instructs me to install some Chrome extension.

July 10, 2017 - 03:31

James Brooks

installing google chrome extension is not your only option though.

July 10, 2017 - 03:33

Caleb Foster

Paper wallets are bad. Rather use a hardware wallet.

July 10, 2017 - 05:05

Luke Foster

ledger nano s

July 10, 2017 - 06:42

1 2 3 Next

HARDWARE WALLETS

Last threads