/biz/ - Business & Finance

Trezor is open source and ledger is not.
/thread

trezor wallet is a webpage while ledger live is stand alone

Real niggas use trezor

>>13673958
imagine giving a fuck about storing crypto in 2019, if ur not instaselling ur a retard

>>13673958
>>13673963
>>13674797

https://www.youtube.com/watch?v=cNOP2t9FObw

Skywallet will be ~$30 and will support the major coins, along Skycoin, of course.

Anyway, if you're storing more than what you'd normally carry as fiat on your person, you're doing it wrong.

>>13673958
Binance funds are SAFU, free to use, and insured

>>13674813
t. pranjeet

>>13674813
>"instaselling"
>long term hodl
cuck

>>13674813
short it.

>>13674815
LOL at the gif.

>>13674875
>hodl as your bags evaporate into thin air
>calling anyone a cuck
yikes

>>13674815
kek i remember this from kevin rose showing it on diggnation, those were the days

>>13673958
i dont see a hardware keypad
domt tell me you type in the password that unlocks the pks in it on a possibly compromised pc!!

>>13675886

>>13675893
serious question if anyone can steal these things after confirming their location and logging the password via malware then its fucking shit

>>13673958
Ledger has very very (cant stress that enough) nice software now with „ledger live“.

Hardware is ok, you just need to get used to it. I own 2 ledger nano S. I can only recommend them, never had any serious issues.

Especially now that they are down from a 100,- usd to around 50,- usd you should get one IF you own crypto in 5 digits+.

Supports a fuckton of coins as well. Only downside is that you cannot manage TOO MANY coins as the space for apps on the ledger is limited. But if you hold only three assets like btc,eth and ltc like i do, its fine. I think limit per ledger is around 5 currencies per stick but thats nota hundred percent correct answer.

>>13673958
ledger nano s looks much better and professional

>>13675973
how is the private key secured on ledger?

>>13676001
So as far as i get it (!) ledger uses the recovery words as basis. Meaning it generates these random 24 (?~) words at the first setup. So from these it consequentially generates all follow-up private keys of all currencies. So there‘s only one „key“ ever that all others are derived from (=this seed phrase/the words).
you only need that phrase to get access to all of your crypto. It some sort of standard, BIP XXX, ( Propably 30secs google).

>>13676084
not what i was asking about
traditionally you encrypt pks with a passphrase and need to provide this phrase to sign a transaction
yhis is different from seed which is just init vector for deterministic key derivation.
in ledgers case they rely on a tamper proof chip but these usually need a pin and getting this pin is trivial if you input on a pc.

>>13676152
you input the pin in the ledger not in pc

>>13676152
- you need to enter your ledgers pin at start
- manual confirmation of each transaction on the ledger

So there‘s a 2way mechanism, you need to operate the ledger and the computer. It‘s not the way that you just plug it in and thats it: You need to actively interact with the hardware wallet to confirm operations on your account.

That shit has been thought through and you notice that, there‘s no easy or obvious attack vector.

>>13674815
Is that a raccoon? What a beast

I’m quite happy with my tremor. I can generate the address list in python if the wallet ever goes down.

>>13673958
I have a ledger and I wiped my phone with duo on it.

90 ETH guys

>>13676201
how?

>>13676234
Ledger has 2 little buttons left and right, with them you select (up/down) the numbers. If you want to confirm a number you hit them both at the same time. Same for confirminh transactions.

The software only displays the info on accounts etc.
You do the confirmation solely with the hardware itself.

>>13676207
i cam see pretty obvious attack vectors unles the key eprom is encrypted ie reliance on a soft pin on a hard pin the question still stand how do you unlock the keys? also a simple pin may not even be secure enough for private keys too easy to iterate through once you get the eprom copywhich is trivial for a determined attacker dealing with secure chips

>>13676253
i see what is the pin size?

>>13674844
This. In 3 years time, the average person will only have $300-$500 in crypto. Imagine they spend $80 on a wallet, lmao

>>13676258
Quote:

Ledger was launched in 2014 by eight experts with complementary backgrounds in embedded security, cryptocurrencies and entrepreneurship, united around the idea of creating secure solutions for blockchain applications. We now have over 130 employees in Paris, Vierzon and San Francisco.


I think you can safely assume that there‘s „at least“ a couple of guys on the same level as you in IT/Electronics who have thought about any sort of exotic and obvious attack vector you might come up with not only for 30minutes but from all angels for 40h/week for 5 years straight. Especially when you run a company which core and sole product is security.

>>13676271

up to 8 digits

>>13676271
Minimum 4 digits, and up to 8 iirc. And it locks completely down if you enter it three times wrong in a row.

>>13676334
soft security is irrelevant to an attack
the question is if it has hard pin lock on the private keys with some key derivation mechanism or not, if not then you are fucked with no effort so let's assume it has. let's assume it can't use scrypt because no ram, you get at best 10^8 tries say they use aes to encrypt most laptop can do a 1000 per sec roughly at least, so around 1 days to break the keys. not counting the disassembly of the secure chip.

>>13676384
oh and that doesn't mention the whole jamal can just find your "recovery sheet" issue. even if you put it in a safe it's the most retarded idea ever. i mean sure it is protected against remote hacks and malware pretty well which is why i always say these things are good for a hot wallet it you like trinkets. but as secure long term cold storage i fucking hate them.

>>13676435
There‘s nothing a 100% safe idiot. I‘m sorry you have to live with a 0,0000000001% chance that your ledger can get hacked „someway“ if you are too retarded to lock both hardware and recovery sheet in a secure place. Now gtfo

>>13676463
>There‘s nothing a 100% safe idiot.
paper wallets, cheap secure
>0,0000000001% chance that your ledger can get hacked
i would give it 100% the method of clearing the chip and putting it in a testbed are well documented and easy to do even at home for a hobbyist.

>>13676384
>not counting the disassembly of the secure chip.
the whole point of a secure chip is to make physical access to data hard.
Trezor however is completely vulnerable to physical attacks.
>>13676435
>oh and that doesn't mention the whole jamal can just find your "recovery sheet" issue
this is true, I wish they added an option to generate a seed from a password.

>>13676534
>is to make physical access to data hard
maybe for you, but someone that will do this for a living it will be easy as pie. these vaporware shits focus too much on the side channel attacks (which is not badd to have protection from) but can still be simply dismantled. once you read the eprom it's yours if password protected with weak key then within a day if not immediately.

yes plain text seeds are retarded and the physical device will cost you with each redundancy for location which does not actually strengthen your security but weakens it against theft of course it increases security disaster proofing wise. but placing the plain text seeds at multiple locations is borderline insanity.

now on the other hand i can place my private keys on pastebin in my google drive or mailbox post them on 4chan and find in archives, give copies to each family member, and it still did not decrease my security.

>>13676506
Holy shit you‘re just fucking retarded

>>13676586
nice argument very technical

and this is my final argument
this wallet is all yours if you have 900 quintillion years with the total hashing power of nicehash
the cost of the attack is more than all the wealth ever in existence past and future included. even with a quantum computer of sufficient size (fuck expensive even in the far future) it would take longer than how long the universe exists.

as opposed to hardware wallets where depending on the security model and sepcifics the cost of an attack could be as low as $100 the security model is unclear and full of questions. but we can still put a few thousand dollars cap on the cost of an attack on the secure element chip worst case.

please for fucks sake, do not use hardware wallets as cold storage! use them as your monthly budget hot wallet sure why not?

>>13676568
>place my private key on pastebin is secure

what

>>13676701
>hardware wallets are not the safest storage option

what

>>13676725
see >>13676701

Seriously, this guy completely glosses over the 25th word part of the seed...

>>13676760
so what that's like 10^5 security?

>>13676791
No clue, but it busts your argument about someone finding the seed phases....

>>13676827
3 hours tops

>>13676865
Wat? in English please...

>>13676895
3 hours tops to get your btc protected by a single word
thats not security its bullshit

>>13676725
oh, that paper. but who generates it ?

>>13677220
>>13676701
>>13676751

>>13674844
nice mockup bro except that the mockup is actually shit
>doing transactions with 2 buttons
skycoin will forever be a shitcoin i guess

>>13677102
But that's bullshit without some big set up! You know the 25th word can have letters, numbers & symbols right...they have to find the seed first also

>>13677360
that's a password not a word then be more specific!
alright then it can take a day unless you use a really strong password in which case what is the point to the other 24 words? whatever, it's all crap.

i was talking about how stupid it is to leave the seed in the open. if they don't find it it's obviously not an issue.

>>13677220
you generate it yourself, using a good random pool on an offline computer with mint live os.

>>13673963
Ledger has been open source for a while now.
Get with the times.

>>13677610
opensource is a must not a guarantee for good security model. i am so fucking far from convinced that mars is next doors compared.

>>13677568
>an offline computer with mint live os.
That's what a ledger is.

>>13677568
>you generate it yourself, using a good random pool on an offline computer with mint live os.

why not using a ledger then?

>>13677568
>a day unless you use a really strong password in which case what is the point to the other 24 words
>A day
Sorry dude, I don't belive you...you don't seem to know much about HW...but hate them

>>13673958
I think Ledger supports a wider range of cryptos, including Monero.

>>13677673
sure but you never leave said os running you fucking reboot after key generation and never persist any secret on any drive

>>13677729
because its shit?

>>13677777
Wasted

>>13677737
>you don't seem to know much about HW...but hate them
exactly untried security model gimmicky snakeoil handwaveium shit in reliance on hardware instead of good mathematical model and it fucking costs you money.

as opposed to paper wallets.

>>13677806
no it's perfect

>>13677809
have you ever used a HW? Its easy to use! Paper wallets not as easy
HW uses the same math as your private key!!!!!
>Cost you money
You can't spend a bit of funds to secure your financial future & make it easy in the process. OR NOT

Thinkin you were the one that was arguing with my safe idea...I'm the locksmith

How can you be smart but not figure out something simple like a safe?

>Printers have memory, can be hacked
>Intel has a backdoor into you computer...who knows what they can do
Why do you think these are secure?

My point NO MATTER WHAT you have to trust some hardware unless you use a pre '08 computer...your way is your way...it DEFIANTLY is not the simplest, a HW is. & a HW offers the same security if not better ON MY OPINION.

The reality is you think your way is the best & everyone else is dumb...shame you think you know what your talking about. You will argue with this b/c you're arrogant. You don't even know about the 25th word/passphase, as my original statement said.

Have fun basement dweller

>>13673958
Yubikey wins

>>13676226
Did you back up your seed phrase? That's the MOST important part of your account.

>>13678097
>HW uses the same math as your private key!!!!!
evidently not
>How can you be smart but not figure out something simple like a safe?
i can break most safes in about 3 hours with basic power tools. they are not safe.

>Printers have memory, can be hacked
>Intel has a backdoor into you computer...who knows what they can do
bip38 private keys can be published printer remembering anything is not an issue. backdoors don't really worth shit offline then you reboot and it's all gone (you can't write to hdd from an online os)

>My point NO MATTER WHAT you have to trust some hardware unless you use a pre '08 computer...
yeah, no

>it DEFIANTLY is not the simplest
i agree, but it is at least tried and true, it's security is based on verified math not some convoluted piece of vaporware hardware.

>The reality is you think your way is the best & everyone else is dumb...
until proven otherwise (i was shitting on paper wallets too until i dug into them) so far however hardware wallets are "saying" all the wrong things about their security.

>>13678841
*from a live os
sorry

>>13675333
>using the word yikes unironically
Ouch

>>13678841
>i can break most safes in about 3 hours with basic power tools. they are not safe.
You sure can, you have to find it first! FYI floor safes/concrete surround safes are the best.
>bip38 private keys can be published printer remembering anything is not an issue. backdoors don't really worth shit offline then you reboot and it's all gone (you can't write to hdd from an online os)
don't pretend too know what intel can do...you don't know.
>yeah, no
post '08 intels are backdoored, thought you were smart...
>until proven otherwise
You already have in posts in this /thread & others
>(i was shitting on paper wallets too until i dug into them
yea...you need to dig deeper into HW! as i said you didn't know about he 25th word...you don't know what your on about!

Don't keep letting your arrogance get in the way of learning!

best of luck

>>13678113
I bought one of those. But I was never able to figure out a useful purpose for it, or even the right way to use it. It's just garbage to me.

>>13679083
>don't pretend too know what intel can do...you don't know.
we know the theoretical limits to information density and their power requirements and thermal productivity. it would be known if a cpu or motherboard could (and routinely would) store gigabytes of data unpowered. you can't rape physics for conspiracy theories sake.
>post '08 intels are backdoored, thought you were smart...
assuming you are talking about intel me, it's not a concern here.
>You already have in posts in this /thread & others
negative on that
>yea...you need to dig deeper into HW! as i said you didn't know about he 25th word...you don't know what your on about!
it's not like it matters and i have explained why it's not good security.

i'm not gonna start lecturing you about locks maybe you shouldn't try lecturing me on software and cryptography. or go ahead but raise the bar a bit on the technical details cause i feel like i'm arguing with a toddler.

>>13679603
Look I can see you work in the theoretical, show me a HW that people report got hacked...that wasn't for some dumbass reason!

Now back to your very real basement!

>>13678841
>>13678855
>>13679603
This guy is a fucking idiot sperglord and knows jack shit about hardware wallets. Don't listen to him.

>>13679902
Thats what I have been trying to tell him!

this is some nice read about why secure chips are not so secure
http://www.break-ic.com/topics/crack-ic.asp
imagine if they get widespread every thiefor crackfiend knowing these ledger thingies fetch a few hundred bucks at a fence who know who to call for a cut...

>>13679902
go ahead explain why im wrong

>>13679760
exactly what i meant by placing your faith in trinkets with unproveable security model

some people like to do this i like to warn against it
900 quintillion years vs quiet possibly max a day worst case less than an hour or two

also i put my money where my mouth is which one of you is willing to give out his hardware wallet with funds to try how unhackable it is?

this is all so retarded, this is part of the reason crytocurrency will never be..theres literally no safe way to keep your shit safe unless you code your own private key on an offline computer thats 3 basements deep running a virtual linux inside another linux using command line and fuck this shit for real

>>13680115
i dont feel like reading the whole thread. give me a TLDR on what you would recommend for cold storage

>>13680172
Trezor
Ledger
Maybe Yubikey

>>13680172
Read the /thread, then you will realise you shouldn't listen to him!
Just get a Hardware Wallet!

>>13676701
Thanks for the private keys bro

>>13673958
>>13680244
>>13680172

Keepkey masterrace reporting in

>>13673958
Trezor looks like it's used for situations where "I've fallen and I can't get up!" fucking lmfao I've never actually seen one.

>>13680172
tldr bip38 paper wallets with 20+ char passphrase 0.1 btc each generated offline on a live os. 3 copies at 3 different locations multiple digital copies (print to pdf).

>>13680346
Ignore this samefaggin basement dweller

>>13680025
Dont waste your breath. Anyone with half a brain would automatically know paper is the safer option.

>>13680300
https://www.blockchain.com/btc/address/1Bz8gDNtwdVWNjsHkXc16JoHucJxrqpPW
sent;)

>>13680446
See >>13680375

>>13680446
yeah and you know why i dont buy a ledger or trezor for a hot wallet? because next yeae every fucking phome will have one built in.

This might of been an extremely rare bug/ issue whatever but one of my 2 ledgers only gave me 22 of the 24 recovery words. I didn't realize until i had to actually restore my device. I wrote them on a plain paper and not the one that's numbered that they send you. Again, this might of just happened to me and no one ekse but this is no larp its 100% truth. I asked ledger for help but they gave me a generic response nothing helpful whatsoever. I will never buy a ledger simply because they just didn't even bother asking me or even tried to help the slightest. Maybe this happened to others but they don't want to acknowledge it. Most of you would say it's impossible but my thing is if man created it anything is possible. And no brute force is taking too long and im getting way too many possibilities. Anyhow at least bitcoin is going up.

>>13680541
22 words is plenty
unless you write it down then its not