Crypto Hacking Security

Why is it not safe if I have my coins on blockchain wallet with 2FA?

In saying this, i trust my own shit...
USB JSON, paper wallet, brainlet passes.
If you can't make your own encrypted passes in your head you shouldn't be in this game...

Explain to me brainlet: how is Trezor / Ledger more comfy than like myetherwallet for ETH tokens when your house could just burn down with it or get stolen?

And when you all get arrested by the IRS your fucked

centralized
they gonna steal it :I

my ether wallet is a website bro. hardware wallet is a special purpose computer made by smart hackers specially for bitcoin. I mean I know who I'm trusting in this case

> what is an off-site backup?

Where would you securely store your hardware wallet then? I mean if you guys, as you describe it, just have it ready all the time to "check balances", move coins to exchanges or whatever reason, it is pretty much as secure as hoarding cash at home.

Fire burns it. Robbers take it.

after GOX people do not trust exchanges anymore.

its protected by passphrase and pin number. I only hide my seed

I am not talking exchanges.

So having your passphrase / pin (in your head) would make it recoverable even in case of losing the hardware wallet?

(Yes, I am obviously a moron.)

Both are shit

Buy a librebooted T400, run Bitcoin Core on it. Buy an additional cheap laptop like an x200 for offline keys in Armory or something that has no wifi hard or anything (airgapped).

Everything else is a scam. Lol at trusted ((((specialized devices))))

Right, but if you lose the device, then do you have a way of recovering the coins?

no the seed makes it recoverable if lost. pin/passphrase make the device useless to anyone but yourself

no, you need the seed for that

Well that was the answer I was looking for. I am well aware that no robber could do anything with it, but the device would still be gone.

Seed it is.

ledger and trezor are opensource you know ?
more than your hardware-backdoored memepad

In the end both are the same, as long as nothing can access the private keys, and that they are generated by the device, you're ok.

You can also check your balance online without a trezor. you know that right? Keep the trezor safely hidden somewhere not so accessible.

if you use a computer that gets connected to the internet, or your network has a printer that is connected at some point, you might get hacked.

Do you have your private key?. 2FA might help YOUR account, but not their servers being hacked (or a malicious employee)

You can have (at least in the trezor) hidden wallets. It will ask you for a passphrase, if you don't input one, you get the default wallet (leave some BTC in it)
but then if you input a passphrase, then it will open a completely different wallet with different addresses. You can even have second and third wallets

you are making the mistake of thinking the coins live only on the wallet which is not how it works at all. your coins are on the chain, your key is what allows you to access that location on the chain. the hardware wallet, roughly speaking, is like a secure way to access the key(which is the important thing).

The key can be recreated with a passphrase you create when you start the wallet the first time.

the actual wallet can be thrown in the trash, crushed, burned, whatever.

When make the wallet you will generate a 24 word passphrase.

That passphrase allows you to recreate your key to access your coins on the blockchain with ANY BIP39/44 compatible wallet.

So really, that 24 word passphrase is the thing you want to never forget/store someplace extremely secure. There are ways you can even store it on the open if you want by obfuscication, etc..

most people that have alot of coins have the passphrase committed to memory...

If I decide to go full tinfoil hat, I'll just generate payments from a separate computer and put them to the network with another one.

Currently my wallets are PGP-encrypted on 3 USB sticks, use em normally from my computer.

dont get a keep key, their software support is shit.

>most people that have alot of coins have the passphrase committed to memory...
I could never trust my memory with so many words.
Even if I practiced every day for a year, then you ask me a month later, I would probably forget.

And what type of obfuscation do people use?

Is your computer connected to the internet?
Did the private keys/seed words ever show up on your screen? did they get in memory somehow?
Then you're vulnerable, and if you have >0.1BTC you should get yourself a hardware wallet, or take more precautions and use a live ubuntu CD to generate the keys in an online system and use them as cold storage

all of you are retards. generate paper wallet from offline computer. paper cannot be hacked. always do proper backups and practice opsec and you'll sleep easy

you could just use the last 26 words of an email or something, you always have the email but nobody would know it's your key.

exept NSA, they'll take all your data and feed a black magic program that'll tell them your private key

no
the seed words are from a list of 1024 words.
And my e-mail provider could suddenly decide to delete that e-mail.

github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md

Any hacker worth his salt would use bots to look for a high concentration of those words in hacked e-mails. And e-mails can be hacked pretty easily in most cases (users use the same account and password in other services that got hacked, etc).

A friend had his keys in a txt file in his google drive, but not obfuscated.
Yeah, he's that stupid.

Yes, yes, yes. I also used a remote node when doing transactions cause I don't feel like downloading the entire blockchain.

Just don't be an idiot on the internet, use noscript, block ads and don't run things that aren't supposed to be run as root as root. If I had over a BTC I might consider doing those things, but not as of right now.

is it worth getting a hardware wallet if I'm a newfag and could only put in a few hundred bucks into crypto?

or could I just set up a USB wallet instead

this is so dumb. never ever use anything that has been or will be online to generate a seed or address. you're asking to have your coins stolen

>>most people that have alot of coins have the passphrase committed to memory...
>I could never trust my memory with so many words.
>Even if I practiced every day for a year, then you ask me a month later, I would probably forget.
>And what type of obfuscation do people use?

me too, i don't trust my mem either.

as far as obfuscation, you can google. There are a bunch of techniques for doing this....

you just need the right 24 words, so consider how could you write down, say for example, 48 words, such that you would know what the right 24 words are.

hardware wallets sign the transactions in the device itself, so they can send transactions too. Without compromising your private keys.

> I can't be hacked because I use noscript

a hardware wallet costs like $80, so not worth it. You'd end up paying too much for the hardware wallet

for that amount, i would learn how to do offline paper wallets. you can practice with small amounts and then when you get a lot of coins you'll be comfortable sending those large amounts to your cold storage. learn it now before you need it

i know it's open source, but i don't trust someone else's software since i cannot code. i try to eliminate all variables

Do you know if i can store LINK or REQ on this thing?

Waiting for a Monero hw wallet

You actually do use myetherwallet with the trezor and ledger, the difference is the device generates and stores the keys and they never leave the device. That makes it impossible for any kind of infection on any computer you use to do anything at all, unlike when you make a wallet yourself.

dude if it's opensource you do not need to know code to trust it, you can be sure there are hundred of people that already read it and would tell everyone if something is suspect, you know just for the street-credibility

Give me possible vulnerabilities on Linux that don't involve a browser that are accessible from outside the network. Closing wireless access from my router is probably the next thing that I could consider with WPA2 being cracked and all, but unless you act like a pensioner on the Internet and don't check your fucking URLs, you aren't gonna get hacked.

i understand that. i may get one and put a few coins on it just to see if i like it.

Yes

hardware vulnerability

when the USD will fall down the gouv will try to stole your bitcoins and monero

Even with physical access to the device cracking it is not that straightforward. Using your private keys you transfer your shekels to another wallet.

see, now why wouldn't that be the case with a a hardware wallet?

Ledger can shove in your ass easier than the trezor.

user what a pain in the ass when you could just use a $80 thing that just fucking works and you literally don't even have to worry about it even if you're an actual real life retard.
One fuckup with the 6 computer airgap fuckin paper master wallet method, and you're fucked. OR you could plug your hardware wallet into any computer on earth and not even worry a little bit.

see
:P

looking at this whole conversation makes me think how normies will ever feel secure with their coins, once they know the possible risks of theft

I need to get either hardware or paper wallet. Which is safer? I need to read up on this.

Alright, thanks for the answers. I'll buy one. Can't hurt to have one.

I have a ledger nano S and I can tell it didn't works OOB with Linux, you need to run a script that you can found on ledger site that'll make some udev rules

for paper wallet you need to know what you're doing, and you just keep it, can't do much with except save it (which is fine)
Hardware wallet can be used for sending transactions too, and you don't need a PC (possibly compromised) to generate your private keys

I have like 3 useless laptops right here that I'm doing jack shit with.

What makes you think I'd like to spend my hard earned fiat for something made for people who are technologically handicapped? So that some Silicon Valley cucks can buy more BTC with MY fiat?

Ok, which of the two handle ethereum best?

here
ledger.zendesk.com/hc/en-us/articles/115005165269-What-if-Ledger-Wallet-is-not-recognized-on-Linux-

If it is possible, nobody has found out how yet aside from what has already happened to and been fixed on the trezor.
Either way every single past vulnerability needed physical access, and even still if you use password protected wallets on the trezor, the password becomes the 25th word of the seed and absolutely nobody but you can get the money out unless they know your password.
They don't even have any way to know that the wallets exist even if they cracked your trezor.

I have no idea about that, sorry.
But I know trezor one works. I guess Ledger too

Ledger devs are French

What happens if the device dies?

you aren't helping your case

Ledger seem less politically charged so I'm much more interested in their products on that basis alone.

I don't like companies becoming politically involved, especially with regards to my money so Trezor can fuck right off.

I know Ledger's nano wallet has been out for ages and I've been thinking of buying one but I'm expecting their next generation hardware wallet to be shipped soon, how long do you think before they announce a new device?

>implying normies know how to use a ledger

I had a bunch of normie friends ask me how to fucking use coinbase when btc hit 8000.

I was like hey dumbass dont forget to activate 2fa.

They're all like, what's 2fa?

If you only have pocket money to invest so that 80$ is "hard earned" money, then clearly it is not for you.

their next device is the Ledger Blue, wich is a nano S with a touchscreen

they plan to add Monero on nano S and blue

That 80 dollars is better spent on half a Monero.

Do they both have a lot of altcoin support?
I've been using Exodus but I'm getting tired of it not supporting coins until they're already post-moon

if you think that's a good idea, then you go for it. It's not for people who are technologically handicapped you brainlet, its to make it convenient to use crypto and impossible to lose your money...

you still have your seed words (generated by the device, offline) somewhere safe in your house or wherever

Somehow I still trust PGP with a good 30+ letter password rather than these things.

What political involvement do trezor guys have?

ledger have a lot of altcoin support, check on google

and if you use it with myetherwallet, you can use it with all the ERC20 etherum token (like OMG)

Just don't keep the seed in the same building as the hardware. If the building burns down or anything stupid like that, and you are shit out of luck.

>Ledger Blue

Looks like it's been out for almost a year now. I think I'll just wait another 6 months and see how things go... it'll probably be cheaper for me to purchase too as crypto continues to rise.

ty

just keep in mind that you can't have all the supported wallet installed at once (because of the limited memorie of the ledger), but you can have something like 4-5
and you can use it, remove it, and reinstall a wallet you'll loose your monney

...

*without losing ur money (sorry)

how do they make sure they're not generating a used address if it's offline?

You try generating a used address by chance, see how long it takes.

The chance of that occurring is so infinitesimally small that it's not considered a risk.

>usury isn't theft
>normies don't willingly partake in usury

true

you would need all computers on earth generating addresses all day long for a collision to happen maybe in 1,000,000,000,000,000,000,000 years. Or something like that really absurdly high

So just to sum up, LEdger with MEW can support ANY erc20 tokens + btc?

>I only hide my seed
From girls, presumably

yep and more

I think trezor does it too?

yep but :

that's true, and who knows if you will have to in the future?
- police knocks on your door
- have to take it through airport security
- roadtrip accross the country
- zombie apocalypse

better preparing your anus... literally