Thread replies: 26
Thread images: 1
Thread images: 1
File: hw.jpg (9KB, 301x207px)
9KB, 301x207px
For the rich or paranoid:
What hardware wallet do you use? Do you keep all your coins on there or some on paper/web wallets/mobile wallets/exchanges too?
Which hardware wallet do you think is the safest/best to use?
>>
Trezor. All the other ones just stole its code lol
>>
>>2747185
Nano ledger S
>>
good old fashioned usb stick
>>
>>
tattooed the QR codes on my ass, but part of it is only revealed under blacklight
>>
>>2747194
You're an idiot. Trezor was the only one you could do timing attacks on with a stopwatch and the only one that won't even turn on without running some random Chrome app (which is not only a shitload of local code you have to audit and trust, but these are going away anyway).
I use a Ledger Nano S. btchip is much more friendly and reasonable than the Trezor devs, plus his code is consistently high quality, and you can set up the device without any Chrome apps. I wrote my own code but the more sensible thing is probably to just use Electrum.
>>
>>2747446
How do you write your own code for it? im leaning towards the ledger because they seem like they will have monero support out before trezor.
>>
>>2747618
https://ledgerhq.github.io/btchip-doc/bitcoin-technical-beta.html
and study Electrum/python-btchip, and also go on the Ledger developer slack and ask questions.
Basically every message is at most 256 bytes, it's wrapped in this weird "APDU" layer that pokes 64 bytes at a time down the USB bus, copy that code from python-btchip and the rest is reasonably straightforward. Some guy also did a Rust implementation https://github.com/apoelstra/icebox which you can also copy from.
>>
>>2747704
Thanks. Do you think the device hardware itself is secure enough to store a decent amount of money on? I know its not fully open source, but it does use a secure chip. I don't think I know enough to know what the attack vectors would be, apart from a rogue secure chip that's not actually secure and signs your transactions in a way that they can be broken with some other private key?
>>
>>2747951
I trust it with well over $100k BTC. I would move it immediately if the device were stolen, but I do trust it against side-channels and against the device attacking my computer.
It is impossible to make a signature that "can be broken with some other private key". It is possible to make weak signatures if the nonce is chosen incorrectly, but the Ledger uses RFC6979 which prevents this form of attack. Unfortunately to verify that it's doing so every time requires you to use your secret keys, which are dangerous to generate and play with outside of the device, plus it's a PITA getting them from the master seed. But I trust btchip that the code actually does this.
>>
>>2748052
Thanks for answering my questions. That's my only fear, that some vulnerability in the signing leaks information, but I assume it does the correct thing and never reuses an address which should only leak the now empty private key, right? There should be no way to get the master seed no matter how many child address private keys get leaked I think.
>>
>>2748255
Private keys are never ever leaked under any circumstances, regardless of address reuse, if the device is working correctly.
Further, it is true that the master seed will never be leaked even if address private keys are revealed, but again this should never happen.
>>
>>2747446
You don't need a Chrome app you dumb fuck.
Go shill your shit hardware somewhere else faggot
>>
>>2748355
Ok, a random website then. I plugged it in and it said "go to mytrezor.com" or some shit like that. I threw it away and got a Ledger, no interaction with any remote servers needed.
>>
>>2748393
>shilling this hard
>wrong on multiple things
you're clearly a reddit faggot
kys
>>
>>2748393
you're still wrong, faggot
>>
>>2748393
This
>>
>>
>>2748418
I'm not the other poster, nor am I a shill or a Ledger dev, and I absolutely did plug in a new trezor and it told me to go to a website. The Ledger did no such thing.
>>
>>2748438
>shilling
You seriously think someone is wasting their time trying to shill their hardware to me on 4chan? Give me a break. At least this guy's being helpful instead of your typical autistic screeching.
>>
>>2749457
he's being helpful by lying about Trezor?
>>
>>2749462
https://www.youtube.com/watch?v=FC1Kte0vf00 1:37 you can see exactly the message I'm talking about.
The first Google hit for "trezor setup" gives me
https://doc.satoshilabs.com/trezor-user/settingup.html
which is from the Trezor website and instructs me to install some Chrome extension.
>>
>>2749520
installing google chrome extension is not your only option though.
>>
Paper wallets are bad. Rather use a hardware wallet.
>>
>>2747185
ledger nano s
Thread posts: 26
Thread images: 1
Thread images: 1