Made in China, not France

you're missing the point. everyone assumes that ledger is made in France when they apparently aren't

i'd avoid anything modern like chrome because its harder to isolate wireless.

its a tried and tested way of doing things but it only solves half of the problem. now you have to deal with this second laptop every time you sign a transaction and for normal people it isn't worth it.

and im surprised government contractors are fucking around making bitcoin wallets to. that sounds like the kind of thing they should be subcontracting to coinbase.

lol. nobody is assuming anything, ledger themselves have explained where they're made, which is some factory in eurpoe.

if you're going to be a conspiracy theorist idiot at least do you're research instead of spamming dumb shit here.

That is what that reviewer says but why would you trust one random Japanese user.

He means that's what we do in general when doing Secure Things.
- t. other DoD contractor

>and im surprised government contractors are fucking around making bitcoin wallets to.

No,what said
I'm DoD as well.

someone explain to me the most secure way to store this pretend money?

paper wallet?

thanks sorry yes I am new only started gambling in November

makes sense. it's just standard security practice. until intel starts putting little antennas in their chips anyway.

it looks like the message is by EarthShip, not some reviewer

t. French

Why are people even buying those? Just fucking coldstorage your Keys, Seed or wallet.dat on some encrypted USB?

Brainlet here, can somebody help me understand a ledger?
Does it just let you interact with the blockchain the same way the MEW website does? So you can send transactions from the ledger? Why does it need to be connected to a PC?
Thanks

already explained
you really dont have any real options today, bespoke hardware is already inherently risky but at some point it's going to cross over, where the surface area to test/secure in dedicated hardware makes it more secure to use than a piece of generic hardware that's getting more and more untrusted as time goes on.

you still need a secure machine to interact with or generate those keys though. people don't understand that that's the core point of these devices. it's all about creating the keys or more importantly importing them, then being able to use them.

storing the seed or key in and of itself is not the difficult part.

You're fucking retarded. If you have a hardware wallet, the private key never leaves the device. If you have a paper wallet, you have to import it on a computer that is connected to the internet. Alternatively, you could import it on an airgapped computer, sign the transaction, then transfer the signed transaction to an internet-enabled computer but that's essentially what the hardware wallet does anyway, instead now you're using a computer instead of the hardware wallet.

These shits are at least $100, why can't I just put my portfolio on a flashdrive or SD card and save money I could spend on more alt coins?

why can't you just read the thread?

it needs to be connected to a pc so that chinese can download your private keys

I'm not convinced by the agurments.

You seem like you're not as stupid as the rest of the thread, can you tell me how Trezor is flawed?

idgaf, its not an argument.

what about trezor?

ledger is for non tech-savvy people
you can just buy flashdrive (or better two for copy) and encrypt it

At what price point should you consider buying these at?
I mean how much invested in crypto should you have before you consider buying it?

Linux lets you do this with style points.

I keep several partitions with LUKS encryption so I can open them anywhere even in a liveCD.
Small is for the coin wallets.
F2FS for very quick unmounts and transfers in case I need to yank it.

The first partition is a FAT32 in case I lose it (I have it all backed up anyway), with return information and a reward. Windows isn't able to use multiple partitions on a USB so it only sees the first one.
The wallet files are encrypted separately in case they leak and proper permissiveness only for my user.

Id say 5000$+ ledger
40000$+ glacial cold storage

it's open source hardware, but the only advantage of that is if you build it yourself, otherwise you have to trust everyone because there's no chain of trust between you and trezor itself. they even welded it shut so you can't even see inside to see if it's been tampered with without sawing it open, you can with the ledger because you can't do anything to the hardware itself to "backdoor it", whereas it's theoretically possible with the trezors.

but importantly the keys are stored out in the open on a normal chip, whereas the ledger uses a secure element. because all trezor's are the same, someone only has to make one hardware or software attack against it to make extracting keys a job that only takes a few seconds. now obviously you can see if someone's fucked with the hardware because it's been sawed open, but by that point all your shit is gone.

this all applies to the ledger too, but they use secure chips which mean you need some seriously expensive hardware and a long time to carefully de-cap the chip, and try and read the memory with electron microscopes or whatever state of the art shit they use. this gives you time to move your coins if you notice your ledger is gone.

oh and the trezor has had at least 2 major security issues so far, with the ledger none, although the ledger front-end wallets/software is generally more buggy than the trezor's.

does it even matter? pretty sure a tampered ledger won't work with the chrome apps

i keep my coins on an exchange

it wont, although there's always the risk that because the ledger is so high profile, there might be an active effort in trying to extracting one of the batch's private key on the ledger devices.

i think this would give them the ability to pretend to be a valid ledger device, but not to actually create signed official software for it.

reasonable if you dont trust your hardware, but unless that exchange is coinbase +2fa not linked to a phone number i'd trust myself more.

>HUUUR DUUUURRRRR MUH China government installing backdoors
>Meanwhile we have Meltdown/spectre problems to deal with.

how do you encrypt USB drives efficiently?

you would just create an encrypted file on the drive. but you would have to do that on a secure computer

If you're worried about this I would recommend compiling your wallet software with the reptoline fixes checked on.
It will prevent your userspace from peeping.
The latest firefox has clock fixes for spectre but other than that everything is still fucked and there are lots of closed source programs that will never get recompiled for security to address this.

Get the fuck out of windows.

Look into LUKS
You can use gnome-disk-utility that comes stock with any linux install for a clean encryption method with 2MBs of headers you should back up.
It can have up to 8 different keys/ passwords you can change on the fly too.

Ledger is for retards who think the coins are stored in the wallet.

Lol poorfag. Enjoy losing your private keys.

good luck hacking into the machine where I prepare the transaction messages offline.

How durable is the ledger nano s? I have had flash drives fail after a couple of years of them being in my desk with occasional use. Not hat I store my long term coins there and in 3 years this shit is broken.

I don't have to worry about the NSA stealing my money since they print all the money anyway.
Chink jews will steal everything they can.

>Meltdown
>Running a Team Israel CPU

Veracrypt for windows should work?

they're just made of generic plastic, nothing special.

you dont store your keys on them anyway, just use it for spending/generating/importing. you would still have to store keys on paper/metal/whatever for long term.

I just keep all my coins on cornbase and finance :)

"This product is made in China. It is not made in France. It is also stated as such in the product catalogue (Ledger's catalogue I assume?). Please confirm before ordering."

-Ledger Japan Distributor EarthShip"

Its an eeprom drive not a flash drive.

... and the balls of steel award goes to 4wUWCRP9.

the attacks work for any device with speculative execution and branch prediction. amd isn't as affected but it's in no way immune

It will work to encrypt them.
But usually security holes circumvent encryption, walk around it, and get the keys while its decrypted.

I'd still be wary as the patches prevent meltdown from peeping at your kernel space and just cloning your disk over the internet but they do nothing to stop your web browser from peeping on your private key in your wallet's memory.

Get a nice laptop that serves one purpose:
Trading and coin.
Put your wallets on it and encrypt them separately.
Certain Intel atom CPUs are unaffected.
Trust your coins to a closed source OS like you'd trust your coins to a closed source ledger nano.

explained where sorry?

>trading and coin
you lose all security by allowing it to connect to the internet in any way, you're much better off keeping wallets on one and still using your main computer for connecting to exchanges.

the post i linked to.

Thanks

might get a cheap ass old ass dell computer then

locking in prices
mommy they posted the meme again

this

to be safe, you must make sure it is fully thawed from cold storage

protip* google "Icehotel" for the best place to keep you ledger over night, while you sleep

Go to /g/ and ask around thinkpad general for a good laptop for security.
They will recommend you something unbreakable.

Ledger

With a paper wallet you cant lock in the price

With AMD, to use the one spectre variant that works, you need to actually run a program in order to be able to read one more step than you're supposed to be able to. If you can do that, you might as well install a backdoor and take everything. With an unpatched Intel, you can read kernel memory through a ukranian porn ad with javascript, or whatever really. There's a difference, and no AMD isn't immune, but it's nowhere near as bad as Intel.

Don't you still need to use your private key to send?

Yes.

If you chain/ wallet is any good you can generate a transaction from the cold PC and then forward it to the network on a hot one.

from what we know anyway. i wouldn't trust amd any more than intel when it comes to hardware security. everything is completely broken at this point.

and yes you need your pk, why is the whole point of offline computers or hw wallets, so you can sign securely or generate keys and turn them into addresses to send to securely.

So help a newfag out. Why can't I just make paper wallets and store them in my safe? I must be missing something because this seems way more complicated.

how do you generate the seed and turn it into an address you can _trust_ is the correct one? so you know how to send it to the right address.

you need a trusted secure computer or hw wallet at some point.

how do i lock in the price on my ledger???

But if paper wallets have both keys, why can't they be stored somewhere and scanned when the time comes to spend them? Are you saying the key generators themselves are suspect? Then how do you get keys when not using a paper wallet?

you need to cool it down to freezing point and keep it there. dont let it get above 0c or you'll lose your lock

i'm saying you can't trust the key generator on a non secure never internet connected computer, generally. thats one point of a hw wallet, it generates keys not even connected to a computer in ledger case. and you can import keys into it in the same way when you come to spend your paper wallet

you can try booting into a live cd or something, but generating the key is important, if its compromised from the start how you secure it later doesnt mean shit.

I bought mine right when I deposited my 1500 euros... it's worth the sleep you're saving. Was funny because about 3 days later etherdelta got hacked

>i wouldn't trust amd any more than intel
MADE IN ISRAEL

>when it comes to hardware security. everything is completely broken at this point.
Yeah, fair enough. Motherboard, CPU, anything could be.

Eventually someone with a quantum computer will just run a side-program to move all of the money in the entire blockchain into one account for fun, anyway, so it's not a very future-proof thing anyway. I don't see the need to go to such extreme lengths to keep it isolated, but if you can get a used older computer that you can make completely isolated (no bluetooth, network, or just keep it in a faraday cage at all times - certain Intel CPUs were said to have 3G chips in them for "security" tracking/remote shutdown).

>Lock in the price
You plug the USB in with your wallet, and then after it has the right price, you say "Satoshi" three times, and on the third, yank it out. It's imperative that you do it on the third, with no safe-remove thing, or it'll steal some of the value on the way out.

Candleja-

Linux actually specifically opts not to use the hw rand in favor of collecting entropy from other sources and seeding it into something larger from /dev/random to /dev/urandom.

Intel added it and there was huge drama over it years back so it never got utilized at the kernel level.

theregister.co.uk/2013/09/10/torvalds_on_rrrand_nsa_gchq/

>but if you can
HUrrrr, unfinished sentences.

Then go ahead, I guess.

quantum computing can make factoring private keys easier but you need the public key. if you make a cold wallet and use bitcoin as intended you will be secure because you only leak your public key when spending, and every major wallet uses a new address after every spend.

getting entropy is the least of your concerns, it's about malware or inherent flaws in the generation

Doesn't the majority confirm transactions? A quantum computer of even a moderate number of qubits would almost immediately break the encryption the whole thing is based on and simply say "Nope, you didn't transfer your coins there, you transferred them here", for every address.

What do I know anyway. Pretty sure they have working quantum computers with a resonable number of bits (what they show/let companies use publicly is probably just a show), so the only reason they wouldn't do it is because they don't want to kill cryptocurrencies for some reason.

that's not how bitcoin works. all they can do is try to crack private keys based on public keys, so they have the time it takes for the original tx to be published until it gets included in a block to break the private key from the pubkey and then sign a competing transaction sending funds elsewhere.

qc has a very limited scope in how it can effect something like bitcoin.

how close are they to that point? Is it best practice to never keep funds at an address you've spent from or is this still decades away and extremely hypothetical? I don't care about privacy for now.

why is trezor fundamentally broken

The hardware actually does the generation, hence why it isn't used.
Entropy is pulled from pretty much everything under /dev/* and mixed up in a pot using a free and open generator to provide non pozzed random sequences.

You're full of shit, nothing wrong with trezor. Sometimes I think there's literal ledger shills on this board

its been best practice for years, and qx isn't close to that point. re-using addresses just loses one layer of protection bitcoin offers.

already explained

unless you're doing all of this manually you still have to trust the hardware you're on, is the point. thats why people recommend separate new machines or specialized devices.

>its been best practice for years, and qx isn't close to that point. re-using addresses just loses one layer of protection bitcoin offers.

Is it the same with ethereum? I've searched long and hard but haven't really been able to figure it out.

This, just lock your backdoors retard

>he doesn't roll dice to determine his private key,
memorize the hex string, then generate his address on an air-gapped gentoo thinkpad (in a faraday cage)