Trezor/mew safety

What are the risks of using a trezor on myetherwallet?
Seems pretty safe but what if mew was somehow compromised? Would I be safe since the private key doesn't leave the trezor?

Other urls found in this thread:

steemit.com/bitcoin/@tomshwom/lessons-from-the-trezor-hack
twitter.com/NSFWRedditImage

what would be the difference compared to having your private keys on a couple of USB sticks?

these hardware wallets seem to be for suckers

the biggest benefit is the locking mechanism

it uses a JSON API to connect to coinbase and The Blockchain Company and locks in your BTC at the current price. it's irreversible and it's awesome

Don't mislead the kid with this garbage meme.

>json api

only if you have the original FW. The newer versions use an XML api, it's way easier to use

They form a secure connection to the app that you're using. It's a low IQ tax for normies.

You're trusting the software to never be hacked and the hardware that it's built from to never be hacked. It's a very high profile target considering most people pick between this thing and Ledger devices.

I just use a dedicated raspberry pi to do my transactions. It's a whole $30 and I just turn it on, punch in the info and the key, plug it in to my lan to send the transaction and then turn it back off.

One can be plugged into a computer with malware and still not have the keys stolen...

You mean that a keylogger can't record keystrokes or a program can't monitor keys sent to an app.

Malware on a computer designed to fuck with the device's software can definitely steal your keys and its happened before.

the keys don't get sent to the app, tx are signed on the device

no pins are input in the device, or an order specified on the device, and not ahown on the acreen, so no keylogging or recording.

The entire point of a hardware wallet is that your private key never leaves the device. You couldn't get it out if you tried. So yeah there's nothing a compromised MEW could do.

>trusting your coin's security with proprietary servces that could vanish one day

Crypto isn't for you if you cannot into computer.

fucking lulz

No it hasn't happened before, you're just pulling psuedo-intellectual shit out of your ass because you have a mild knowledge of technology. The fact that you think a hardware wallet is a "low IQ tax for normies" while you think your shitberry pi is any safer just proves that you severely overestimate your intelligence.

>tfw wanna make a diy hardware wallet.
>tfw scared storing my private keys on an SD card in a Pi it arduino is asking for it to be lost.

If they can hack a ledger or trezor they can hack your $30 open source gayberry pi

sounds good if you type in the password using the buttons on the hardware itself, though the one in OP's image doesn't seem to have any buttons?

if you still have to enter the password on your computer's keyboard it seems useless

Sit down, be humble.
steemit.com/bitcoin/@tomshwom/lessons-from-the-trezor-hack

see
Maybe, but they won't have a very easy time considering my device is connected to the internet for a few minutes at a time.

Most of these autists use their main browsing computer for everything and just plug their meme key in for transactions and don't give it a second thought until it's too late.

You need physical access to the wallet for that hack. Keyloggers are completely useless like saying

The pin/pass brotecting your memephrase is an essential promise of HW. If a technically sound attacker can just steal your physical wallet and hack it, that like having your private key laying around the house in clear text.

What would happen if somehow trezor goes out of business or stops supporting the wallet for whatever reason (government mandate or something)

>If a technically sound attacker can just steal your physical wallet and hack it, that like having your private key laying around the house in clear text
1) That hack only applies to outdated Trezors, not Nanos which you should be using
2) Even the outdated trezor is safer than a plaintext private key, because that is vulnerable to keyloggers while the trezor isn't.

Sure but now on top of physically stealing it the attacker now needs to be technically sound. I'm not trying to say these things are bulletproof, they just offer extra security over a standard USB key or a paper wallet if you need to transact with them

you import your phrase somewhere else and move your coins. Its supported by a myriad of wallets

nothing relating to mew in particular.

the risks of trezor are that anyone who comes into contact with it can easily backdoor the hardware, and you have no way of knowing, because the geniuses at trezor used off the shelf hardware, AND welded it shut so you cant even check yourself.

using a trezor is basically an exercise in trust.

yea but that firmware update just addressed that one hack demonstrated at defcon. I'm sure the patched version could be attacked some other way simply due to the hardware which is being used

There is very little risk using a hardware wallet to send eth because you can verify the address on the device.

Signing smart contracts can theoretically be hacked I guess because the device probably doesn't have anyway to confirm the parameters of what its signing.

The key never leaves the device. Keeping your keys on a USB stick is good for long term storage but no safer than a hot wallet when you actually want to use them.

yeah i got that, i just wanna know if i need to type my password on the hardware wallet itself or if i still need to use the PC i connect it to in order to sign the transaction.

if i dont need to use buttons on the hardware wallet itself i dont see the point, it would be fake protection.

>i dont see the point
keylogger or screengrab.

any hw wallet that makes you type in pin codes or passphrases on the computer is a product of terrible design

You have to physically press the button on the hardware wallet to confirm the signing of any transaction. In case of simple coin transactions the address is displayed on the screen for confirmation.

That hack requires physical access to the device. And it's already patched with the latest firmware.

To me, the BEST selling point is that you can use it ANYWHERE and not worry about viruses and malware stealing your keys.

e.g. if you are on vacation in the middle of buttfuck-nowhere, and run out of money, you can safely carry like a BTC or two (probably a small % of your cold storage stash) on a HW wallet, connect it to any internet cafe computer filled with viruses, and send your coins reliably to another address from there.

(e.g. to a bitcoin address from a bitcoin ATM where you have a companion doing a cash out, or to a fixed address that you know will refill your crypto debit card, or to pay a localbitcoins meetup who will cash you out, etc.)

But if you're just using it as cold-storage, then yeah, there are much better options.

You're directing me to look at my earlier comment.

It's clear you didn't read the link.

in which case buy a ledger. there's no reason to buy a less secure device.

Yes, it no longer exists, but it proves the types of vulnerabilities that the device has.

If you're going to carry around a device though, most foreigners are going to know exactly what the fuck that device is. And then they'll dispose of your body after they get your public keys out of you.

Or you can just fucking carry one of these around and nobody understand what it's intended for.

nobodys getting your "public" keys our of you anyway. the kind of filth that would even try wouldn't know a decoy wallet from a real one anyway.

Yes, I'm sure drug cartels are terrible with currency tech originally used to buy and sell drugs.

Enjoy your time in Tijuana.

they're not all as stupid as you, that's for sure, but all hardware wallets have that bulletproof feature built in anyway.

You're not grasping the scenario.

>see gringo in internet cafe plugging in crypto device
>get Juan and Esteban to give him a ride
>take the key off him
>pull off fingernails until he tells us his public key is in his wallet
>install electrum back at the office
>find balances and transfer them out
>call J&E and have them finish off gringo and bury him in the desert

Fucking hell, I'm buying a gun and never leaving my house when I make it

Well, just don't got to shithole countries man.

that's why you say loud and clear that you'll send over some coins from your DOGE wallet so that any criminals seeing your hardware wallet will leave you alone