Are these things like dedicated offline computers?

Are these things like dedicated offline computers?
Is that how they're so safe?

Other urls found in this thread:

youtube.com/watch?v=4AdlmNxEk9U
youtube.com/watch?v=z5UXvxVjXzs&t=63s
twitter.com/NSFWRedditGif

bumb

Yes

Yes. It's basically a little pc that generates the private key and never shares it with other devices.

The pc send the unsigned tx to the ledger, the ledger signs the tx with it's internal private key, then sends the signed tx back to your pc, and the pc sends it to the network.

It's like a cold storage but automated.

What happens if it breaks?

The only thing that bothers me about nano ledger s, myetherwallet offline, and that Iancoleman bip39 site run offline is how do we know that they have rigged it so it generates predictable keys?

I think you get a recovery seed, write it on paper, drop it off in a safety deposit box.

Rational self interest.

Ledger Nano S has a reputation which allows it to be the market leader which is a VERY good business to be in, guaranteed profit for the next several decades.

If they abuse this position, so many wallets would be compromised that not only would Ledger basically go out of business, all the bitcoins they would have stolen would be basically worthless. Seriously something of that skill would genuinely kill crypto.

All of it is open source as far as I know.

>how do we know that they have rigged it so it generates predictable keys?

We don't. That's why i wouldn't use a ledger. If it isn't open source it can always be rigged.

Ledger is closed source. Trezor is open but it only supports a few coins.

This is also true. Open source is always the better option though. (if possible)

What about Trezor?

Even if it's open source how do we know that the open source code is actually in the devices? They could still install whatever they want in the factory.

>Ledger is closed source.
Yeah, I think the firmware itself is. It's the wallets etc for it that are open source.

I would think by now that any neckbeard tinkerers and hackers would have discovered any issues with it if there were any security concerns. Especially when big bux are involved.

Nothing guarantees that Trezors aren't messed with even if they are open source. You can't see the code of a specific Trezor so you don't know if the source code they shared is what is actually on the device you use.

The main benefit with open source is that you can rest assured that it has been scrutinized by white hat hackers for possible security weaknesses. If Trezor the company wants to fuck you over they still very much can regardless of open source or not, though.

That's true, I'm a brainlet but couldn't someone with the know-how analyze the keys that Ledgrs produce to determine if they are truly random?

Probably someone with good programming and electrical engineering knowledge - yeah. I don't know much about hardware itself, but I know that generally random numbers are generated by a "seed". If it has been proven that the seed is truly non-deterministic (in the "we didn't mess with it in the factory" sense) then I doubt there would be any security concerns. Like said too, it is literally in their best interest to keep their wallets going, keep adding support for more crpyto etc. This is going to be a fucking huge industry in a couple of years, and they will be making millions alone just from hardware wallet sales - they don't need to risk their name by doing dodgy shit.

Fuck sake i bought a ledger so i wouldnt lose sleep anymore and now i read this thread. FUCK.
Ok so plan B. What if we use the known dictionary of words and generate our own 24 word seed randomly? Is the dictionary the ledger uses published?

>they don't need to risk their name by doing dodgy shit.
Not to mention, they are based on france and would very much go to jail in some way if they scammed people with a device like this.

Does france have some kind of strict laws for this? I know most western countries would, but why france specifically?

Don't fucking do this shit, humans are not good at generating truly random strings of words. Brain wallets can be hacked.

Ok then. Assuming you have the dictionary of words assign a number to each then use a random number generator to pick each one. Do this to pick say 1000 words. From this new set reassign each a number and again random generator to select the 24 words. Add additional culling steps / rearrange order steps if neccessary. Hows that?

You can always make paperwallets with offline pc and live linux cd. Print them out with dumb printer. There is plenty of guides how to make this right way.

Then store them at your banks safe deposit box.

If you want to get into the nitty gritty of random number generation - it would depend on what you used as the seed for your random numbers.

Encrpyt a USB stick. Download a key generator for crypto to it. Airgap your computer and then generate the key. And store offline. Save money and concerns.

How do you use that key to sign transactions with out it being compromised?

>not just importing a crypto library and using its rng
devlets get out

What you just said is not secure for a lot of reasons.

Not France specifically afaik, just the west.

Ahh ok.

That thing is useless. Just make a paper wallet.

But how do you sign transactions?

>Having to autistically deal with your crumpled up paper every time you want to do a transaction

Ever heard of QR codes and QR code readers you dense fuck?

Where is the security flaw in what he said? Just curious.

The most hardcore setup I've seen of the airgapped USB is this one, pic related.

Yes, and it's still retarded - QR readers are prone to error.

what is it printed on you dunce, the air?

Yan-Chan trusts it so it must be good enough. Trust in Yan.

youtube.com/watch?v=4AdlmNxEk9U

youtube.com/watch?v=z5UXvxVjXzs&t=63s

Can someone explain to me how these things are marketed as unhackable? Can't someone specifically design a virus to target these devices?

The same reason Paypal doesn't randomly steal money from people, long term profits and credibility are better than a quick cashgrab

Supposedly there's a safe chip thing that is never in contact with any internet connection when you plug the thing in.
Not sure how that works though.

Basically the same thing

Transactions (being sent) need to be physically confirmed on the device with a button on the side of it. So even if they get on your computer and try to "send" a transaction, unless you actually have the device plugged in, entered your pin number and then confirmed the transaction - your funds aren't going anywhere. Plus the private key never actually leaves the device.

i think i'll put my coins in a paper wallet and buy a safe. seems to me pretty much everything gets hacked eventually. even wpa2 implementations damnit

>pick up a dictionary
>close eyes and open a random page, put finger on random section of page

Gratz you have a random word, repeat 11 times.

If you're this paranoid you can generate your own key and import it into the ledger

>t. doesn't understand memetics

But what stops a virus from changing the address (while still displaying the correct address you're sending the transaction to) right before you physically press the button? You'll essentially be confirming the transaction for what you believe to be valid when in fact you're confirming a transaction that is being sent elsewhere

The "to" address is also displayed on the Ledger's LED screen before you confirm the transaction

>but why france specifically?
>Not France specifically afaik, just the west.
I'd replace west with Europe.
we actually have consumer protection, so a clause like
>lol, all you're coin belong to us
in the TOS/EULA would be deemed invalid by court, if the product is marketed as a wallet for the owners coins.
In the US you are fucked in such a case, and you have loads of scammers in this field, like Bittrex

but that defeaths the purpose of the fucking ledger in the first place