/biz/ - Business & Finance

>>25270866
Guys please. I wrote “Serious question” in the title

If it’s airgapped, not much. The trezor would be more portable and could connect to your android phone

https://twitter.com/aantonop/status/1343629646865133568

>>25270866
probably easier to hack into a laptop if someone has physical access than to hack into a trezor with a long PIN. you would likely have a long passphrase as well to protect the wallet in both cases regardless, though. if my mind Trezor wins by a hair just because of that + portability - taking it through an airport vs. taking a laptop, i think there'd be less chance airport security questions you about it and less chance they'd be able to break into it. they could take the device from you permanently and you wouldn't need to worry, whereas if they take your laptop you better hope you can get home and set up new wallet quick to transfer the funds.

>>25270866
your private key is exposed when you boot up the laptop to sign a transaction. with hardware wallets, it's never exposed

>>25271845
Does Exodus lock after too many failed password attempts?

>>25270866
i think even better/cheaper is just an airgapped older smartphone.

What stops Trezor themselves scamming everyone? Imagine they inserted something into the wallet which just drains them all in 10 years or something? Is that possible? I dont like the idea of trusting a company with something which was designed for me to be my own bank in the first place.

>>25271981
yes it is very possible and very likely which is why I have stayed away from both ledger and trezor. they could literally have all the keys stored, just waiting and we wouldn't know. How d we know somone doesn't boot every device, get the seedphrases, wipe them, and put the antitamper stickers on. What is to stop them? there's no reason to believe them at all. Especially Ledger.

Private key is never exposed when sending crypto, It requires physical interaction with the device to send funds which is why it's superior to metamask. Metamask a hacker can get your shit and then send all the funds out in one go fucking you over. You don't even need to have the trezor T, Just buy trezor one it's super simple and cheap as fuck at like $50, stop being a poorfag and risking your crypto investments.

Also buy it off amazon, from their official store page, It's actually like $65 after tax but still.

I dont understand this whole "offline" or "airgapped" thing. At some point, the computer or the software needs to communicatie with the blockchain via internet right? How else would a transaction work?

>>25270866
Trust me 1k$ worth LINK drained from my metamask wallet somehow, that's when I bought Trezor
Was using Macbook Air with Bitdefender Total security

>>25271981
How do you know Metamask won't steal your coins? Or any other wallet creator? At least Trezor's code is open source, and even if you don't review it yourself you know there're tons of nerds that do and would go nuts on Twitter or whatever if they found something suspicious. Plus these are public people working for a legit company in Europe, they'd go to jail forever if they pulled some shit like that. I guess it is still a risk but a very minor one. I'm pretty sure you don't have to use a seed phrase generated by the Trezor wallet, either. So roll some dice or something to generate your own 24-word seed and there you go.

>>25272200
The reason why trezor is safe is because they don't store any of your information pertaining to the wallet. All the data, pin to log in once its connected is all contained and encrypted on the wallet in the software. There's also the fact that to move any of the funds it has to be plugged in and you have to confirm the transaction physically to access the private key with the software.

Okay thanks a lot guys!
I’ll take one.
Why the private keys get exposed when signing a transaction with metamask?

>>25272631
because it's open and available on the machine. with a hardware wallet, the private key is in a separate secure element that is never exposed. you could connect a hardware wallet to the most fucked up malware infested machine and the private keys would still be safe

https://justaskthales.com/us/what-is-a-secure-element/#:~:text=A%20Secure%20Element%20(SE)%20is,i.e.%20the%20device%20operating%20system).

>>25270866

Hey bro, let me help you out.

>create offline wallet on computer that never connects to internet
>create encrypted container using veracrypt. Put wallet inside
>make a million copies of the container and upload to cloud

Just be sure to have a really strong, long password, and this is objectively the best way to secure a cold wallet.

(If you plan to make frequent outgoing transactions from this wallet, a hardware wallet will be more convenient.)

>>25272140
I'm wondering the same thing

>>25272048
> anti tamper stickers

So Trezor Model T or Ledger Nano S/X?

>>25271981
Create you’re own seed word. Unless you think trezors a key logger aswell

>>25270866
i dont trust hardware wallets too much

>wrench attack (unlikely but non-zero)
>safety of your backup seed phase
>unknown ledger/tezor future exploits (unlikely but non-zero)

better to use an onchain smart contract wallet, such as squirrel.finance
>delayed whitelisting
>daily limits
can offer unmatchable security if setup smartly

>>25273045
look at this post >>25272114

>>25270866
The hardware wallet is just easier dude

>>25271964
doesn't matter. the encrypted keys can still be extracted and sent to the supercluster for bruteforcing. however, if a secure passphrase is used the proper way, it is basically unhackable with publicly known method and technology.

>>25272140
>>25272698
correct, but only the signed transaction has to be sent to the network, not the private key/seed itself. the signed tx can not be modified without the private key. please get some basic knowledge about this stuff before gambling away your money.

>>25272048
new seed is generated on the device itself, but that doesnt protect you from the company riggind the seed generation algorithm. simple solution would be to generate your own seed in a secure way >>25272200 and restore the device with it.

>>25273600
nothing is protecting you from a wrench attack other then /k/
seed safety is unrelated to hardware wallet security, same applies to any wallet
smart contract wallet is not an equivalent wallet solution and has added risk and inconveniences, also you will still have to secure your keys for withdrawal, it just adds complexity and introduces more attack vectors.

>>25271848
/thread

>>25272048
trezor is open source you fucckwit

>>25272136
no, buy from them directly, amazon is sketch af for this product

>>25274797
I don't know about Trezor, but you can buy a Ledger on Amazon (the one sold by Ledger of course), then check that the device has not been tampered with through their online application.
I don't know however if Amazon provide Ledger/Trezor with your personal info (mail, name, address etc.)

>>25274953
They obviously do not. Amazon customers aren't in the data breach.

>>25274797
>no, buy from them directly,
and get your address leaked?

>>25275201
trezor wasn't so stupid anon. trezor also knows enough to not store that data in a massive plaintext database and they regularly purge their info. aazon is a fucking disaster with this kind of shit. you have ZERO guarantee that you receive the product that any particular seller put up, and people get scammed with Amazon-sold hardware wallets from sketchy sellers and low-info users like OP.

>>25275201
also, all amazon sellers get every address along with phone #'s for each customer order. that info is NOT confidental and is downloadable in bulk for sellers

Amazon is great but for hw wallets buy direct. that said, i would never order from ledger after their display of reckless incompetence with all that customer info

>>25275739
Wrong; I just looked into it and FBA sellers (Fulfillment by Amazon) do not have access to your personal info since 2019.
So if you buy something noted "Ships from Amazon Sold by Ledger Official", your personal info is safe.

>>25274743
may sound stupid but how safe is a software wallet on iPhone? I only use it for small amounts but it's definitely more safe than my windows machine that got hacked some time ago...

Trezor T is the ultimate chad hardware wallet because it generates 12 word seed phrase (instead of 24 words like the virgin Ledger) that you can easily memorize.

>>25276408
>it's less secure so it's better

>>25276545
both are unbreakable so it doesn't really matter

TREZOR IS THE BEST
COME ON PARTY LIKE DA REST
TREZOR IS THE BEST
COME ON PARTY LIKE DA REST
TREZOR IS THE BEST
COME ON PARTY LIKE DA REST
TREZOR IS THE BEST
COME ON PARTY LIKE DA REST
TREZOR IS THE BEST
COME ON PARTY LIKE DA REST
TREZOR IS THE BEST
COME ON PARTY LIKE DA REST
TREZOR IS THE BEST
COME ON PARTY LIKE DA REST
TREZOR IS THE BEST
COME ON PARTY LIKE DA REST
TREZOR IS THE BEST
COME ON PARTY LIKE DA REST

>>25276656
not if you generate it yourself from that totally obscure Afrikaans poem no one has ever heard of except you

>>25275704
ledger data leak is very bad but I don't think anyone is safe in this regard. online databases will get hacked eventually and thinking this couldnt happen to trezor or anyone else is pretty naive. it just demonstrates how important it is to protect your personal data by using throwaway emails, debit cards and po boxes.

>>25276375
You are basically trusting the dev of the app, as it is all closed source. in terms of hackers, I consider an iphone as far more secure than any windows machine (however there are vulnerabilities and exploits "jailbreaks" on ios as well). I'm using brd wallet on iphone myself for small amounts. Amounts that you aren't comfortable to lose belong on a cold wallet.

>>25276408
few people are capable of reliably memorizing even a 12 word phrase long term. also what happens to your crypto if you hit your head or just unexpectedly die. not having backups is bad advice. also, if you got anything in crypto you would not want to be lost in case you get struck by lightning, take some precautions. memory and life are pretty fragile things.

>>25276728
any words or combinations already existing in some way are lacking entropy and are orders of magnitude less secure than pseudo-random generated seeds. unironically use algorithms or dice to generate seeds or passphrases.

You can do that? Shit, I should do that.

>generated my address based on the intervals of my farts
>literal ass security

>>25274743
>nothing is protecting you from a wrench attack other then /k/
as i said in original, delayed whitelisting & daily limits protect you. if you store 100k in your smart contract & it has 1k daily limit, what is wrencher gonna do attack you for 100 days?

>seed safety is unrelated to hardware wallet security, same applies to any wallet
daily limit again solves seed safety. lose 100% of your ledger or minimal amount of your smart contract.

>has added risk and inconveniences
inconveniences yes, but less than you think. i'd much prefer the inconvenience of a daily limit than a leaked seed losing 100% of my funds.

>secure your keys for withdrawal
correct, but you can always just use binance/coinbase as your withdrawal methods. also again to reiterate: daily limits to mitigate worst case scenario