/biz/ - Business & Finance

>>8929728
>paper wallets are more secure than hardware wallets
>da jooz

Real talk guys, I've been thinking of sending the majority of my funds off ledger and onto an airgapped wallet. Reason being is that if ledger had some type of backdoor, we would all be fucked in an instant. Thoughts?

>>8929728
I don't understand how to securely set up a paper wallet. Also, I don't understand (or care about) the tech behind cryptos. I pumped a ton of money into Bitcoin 2 years ago because some nerd told me it was the future. You're fucking poor if you can't afford to spend 200 dollars on a wallet. Go get a job instead of worrying about saving pocket change.

>>8929728
if you hold alts, then this makes life simpler. Imagine writing a seed for every alt you own.

If you know what you're smart, and are a bitcoin maximalist, just get a paper wallet

>>8929809
>implying a brainlet LARPing Chad knows best

Fcuk off back to ":the front page of the internet"

>>8929808
you're a fucking retard and shouldn't be investing in this space.

the only way hardware wallets could all be cracked without having physical access would be to break sha-256 encryption. At this point, all crypto would probably be fucked anyways if they were't quantum proof.

>>8929808
you're a dumb nigger, send me your shitcoins and off yourself

>>8929808
if you already own a ledger you're fine, if someone were to buy one with a backdoor then they are fucked.
t. read the firmware patch notes

>>8929728
>he hasn’t locked in his price at $17200

>>8929844
>>8929859
Why you guys so hostile? What if all ledgers only generate seeds from a relatively small pool, meaning the creators have all of our private keys and are just waiting?

>wallet and address
>same thing

>>8929842
I know how to make money and caring about 200 bucks is not how. I'm sure you know more about crypto currencies than I do, but I don't give a fuck. If you're lucky you might work for guys like me in the future.

>not just buying a raberrypi
>or a fucking usb
its funny how people think the adjews arent working on them, brainlets

>>8929892
>What if all ledgers only generate seeds from a relatively small pool
they don't
it is provably secure

>Why you guys so hostile?
I'm being hostile because you're advocating for a paper wallet when you have no idea what technology and mechanisms hardware wallets employ.

>>8929892
Firmware is open source, read it and find the backdoors.

>go into btc convention
>bring a homemade emp device
>?????????
>profit
kek

>>8929808

Ledger protects you from keylogged computers and phishing sites.

Paperwallets don't.

Not don't be retarded

>>8930058
Don't airgapped computers protect you as well?

>>8930087
good luck making transactions.. hardware wallets provide the same security and make moving funds very simple

>being so poor you can't afford a nice ledger nano
Bitches flock to me when I flash it around the room

>>8930052

>>8930052
>literally has no idea how this shit works
>thinks he's some kind of evil genius but is actually retarded
kek

>>8930143
im sure they do

>>8929844
Sure, if you're trying to break in the front door, that sha-256 is impossible to deal with.

But backdoors circumvent that shit entirely. Chipset vulnerabilities, software flaws, mitm exploits.

>>8930052
>Assuming people carry their hardware wallets to it
>Too stupid to know hardware wallets have seeds
>Thinks that firing off an EMP ANYWHERE wouldn't get him vanned in burgerland or executed in some other places.

>>8930087
depends, does it have intel management engine? physical wireless switch? no secondary wireless capability? do you FEEL in control?

>>8929808
If the Ledgers firmwares bugged, it will not connect to the server and it will not be able to authenticate device. Its as safe as it can be

>>8929777

>Thinks these ledgers don't call home to China.

>>8929808
You're absolutely correct anon.

Ledger and Trezor are the highest profile devices in crypto. You bet your ass that hackers are working on exploits just because the jackpot is so high.

That's why I just run a security oriented OS on an airgapped raspberry pi. I keep a few copies of my seed phrases stamped in steel plates and hidden in a few locations at relatives houses in two different countries.

>>8930263
>thinks his microwave transmits recordings to the bilderberg group

>>8930223

Physical access.

Physical access.

Physical access.

Guess what else fails due to physical access?

A paper wallet.

>>8930052
I stamp my seed phrases in metal, anon.

>>8930263
you can literally make your own trezor from their schematic and firmware from parts you order form electronics suppliers and even make your own circuit board.
if you aren't retarded, you can go read the datasheets of the components, and audit the firmware and you will realize there is nothing even remotely capable of that in them.

>>8930289
Getting assfucked for the password is also physical access.

>>8930289
All things that can be done remotely under the right conditions. The Ledger meme only gives the illusion of security, especially since you have such a recognizable item.

Even if someone does find my paper wallet, they wouldn't know what to do with it. It could be hidden in a painting hung on my wall, it could be circled characters in the eleventh chapter of a book on my shelf, or two halves or a seed phrase I keep in safe deposit boxes in two different banks.

>>8930349
Yes anon, take up electronics and custom hardware development rather than just buying a $40 device that can run Linux.

>>8929777
>unironically comparing closed source meme box with a provably secure paper wallet
>I'm such a techie look at all these gadgetz

>>8930349
Yes, but the brainlets ITT are shilling ledger, not trezor.

>>8930276
So your relatives can very easily Rob you...

>>8930416
I'm just saying its possible and people have done it.
you're way less likely to be fucked over by a simple electronic device with simple hardware than you are an actual computer no matter what operating system you think you're safe using.
the vast majority of people have no idea what linux even is, let alone how to keep their shit safe while using it.

>download electrum
>get usb stick
>encrypt usb stick with luks or truecrypt
>mount to /some_mount_point
>save electrum wallet file onto that usb


I just saved anyone wanting to buy a hardware wallet 200 dollars you are welcome

>>8930611
you can't do that, ledger is a HID dongle not a USB mounted filesystem

>>8930456
Trezor is better, open source. I have both I trust the trezor not the ledger

>>8930645
What the fuck are you talking about you literally can do that.

Just unmount your drive when done. When you want to use again, decrypt, mount, and open electrum to the decrypted and unmounted wallet file. They will do the secondary electrum deception on the wallet file if you choose to password protect it and you are good.

>>8930058
only reason I bought mine.
>>8929728
If you have over 5k in crypto, just buy it.

>>8930679
>What the fuck are you talking about you literally can do that.
you can't mount/unmount a drive if its not even mounted to begin with tard
can you mount a USB keyboard and mouse and install linux on it?

>>8930611
>Want to spend a transaction
>Have to transfer private key from usb to wallet software

If you have a ledger ur private key doesn't leave the ledger

>>8929859
rude

>>8930696
Are you retarded? What the fuck are you talking about? I am explaining a secure way to have a usb act as your “hardware wallet”. You mount the fucking usb then you have access to the files. What are you trying to get at now? Why do you keep talking about HID? What the fuck does HID have to do with what I am saying? I am talking about a USB not an HID

>>8929728
>buy ledger hardware wallet
>it arrives. get it all set up
>download all of my bitcoins to my ledger
>disconnect from the internet
>open "My Computer"
>find the ledger file
>open it
>find all of my bitcoins
>select all of my bitcoins
>copy+paste
>do this 100 more times
>reconnect to the internet
>upload my new bitcoins to the network
>free 100x money
>mfw

>>8930730
You don’t have to “transfer” it. All wallet and key info is stored on the usb. You just open it using the software and interact with it. It really is as easy as plugging in the usb, mounting it, and then opening the software. The encryption using luks/trueencrypt just allows you to keep it with you or anywhere without someone being able to steal your shit if they have the USB

>>8930754
>i don't know what a HID dongle is or how its different than a normal USB drive

>>8930784
Am HID dongle will act like a keyboard or mouse or some other device that interact with a human. What I don’t get is why you are bringing HID dongles up in response to what I said. Is it autism? Some other form of mental retardation? Probably not autism

Nano Ledger S is much more than just a wallet. It supports all major asymmetric encryption protocols (Mostly RSA and ECDSA). You can encrypt your mails using OpenPGP, sign important stuff or just use it as 2 factor key (FIDO U2F).

It also protects you from keyloggers - only a paperwallet plus an airgapped pc offers a higher level of security.

A paperwallet alone does not!

>>8930784
I am talking about a USB and you are bringing up HID dongles. What is wrong with you?

>>8930838
he's saying that what you said is nowhere near equivalent to a hardware wallet.

>>8930892
Why would you need a hardware wallet though when the combo of encrypted USB + electrum serves the same purpose?

>>8930838
>>8930864
>>8930918
the ledger wallet is a HID dongle, not a USB drive
thats my fucking point

>>8930918
Because that way you do not have an airgap!

Does nobody understand how hardware wallets work here?

>>8930939
And do one is arguing that you are fucking wrong my fucking god lol

What is the purpose of you making that point is what I am trying to get at.

I wasnt claiming my solution is the same as a ledger. I was trying to say (obviously not clearly enough) that my solution accomplishes the same thing as a ledger. Was that where this misunderstanding stems from?

>>8930918
because that combo does not serve the same purpose.
it is nowhere near as simple to keep it secure

>>8930918
What happens when you want to spend from your USB stick? You expose your private key to your computer. A virus or trojan will be able to steal it. With a Ledger/Trezor, you can literally safely spend your crypto on a pc thats infested with all the trojans and viruses in the world.

>>8930754
>Are you retarded? What the fuck are you talking about? I am explaining a secure way to have a usb act as your “hardware wallet”. You mount the fucking usb then you have access to the files. What are you trying to get at now? Why do you keep talking about HID? What the fuck does HID have to do with what I am saying? I am talking about a USB not an HID

>>8930980
>And do one is arguing that you are fucking wrong my fucking god lol

okay dude

>>8930955
How do you not have an airgap? The wallet is only accessible and online for a brief period of time while you interact with the software

Let me firmly explain the difference between an encrypted drive and a HW Wallet:

When you make a transaction with the encrypted drive you have to unencrypt your private key on you pc (even if just for a very short time) - UNSAFE!

When you make a transaction using a HW Wallet, you create the transaction on the PC but do not sign it. You then send it to the HW Wallet and confirm it. The microprocessor of the HW Wallet signs it and sends the signed transaction back. Your PC never touches the private key - hence airgap.

Huge difference!

>>8930664
The manufacturing of the actual device is not open source so there could be any firmware on there.

>>8931019
Read my last comment. (>>8931033)

You do not have an airgap because as soon as you want to use it you plug it in and the airgap is gone.

That never happens with a HW Wallet.

>>8931019
Wow, retards on both sides.

>>8929728
I keep everything in a meta mask MEW and keep my key written down and locked in a lock box with my guns. Isn’t that good enough?

>>8931118
No because you have to enter it at some point to make transaction. There is tons of maleware specialized on reading your key unnoticed.

>>8931054
you can just have a separate device that has it's wifi disabled via bios, you can make offline transactions that way. has no one heard of offline transactions in MEW?
>couldve just bought a nano
it was out of stock and i wanted to get my stinkies out of the way already

>>8931193
Yes you could do that. I just don't see in what way that is superior to a HW wallet.

>>8931216
idk, for people who don't trust ledger/trezor for some reason. there are some in this thread. or if it was out of stock like what happened to me. maybe that shit isn't available where they are. or maybe it's not having a single piece of hardware that would make you a target. laptops are ubiquitous anyway so who the fuck cares. idk just brainstorming. in my case i just bought some cheap laptop and did all this. the dude you were talking to has no idea what airgapped means btw

>>8931193
Make sure you buy a new usb stick for every transaction.

>>8931019
would you feel comfortable using that usb stick wallet on a computer you are 100% certain has a keylogger or even a RAT or something?
I would feel a little uneasy about it, but I would be confident there would be no problem using a hardware wallet on it.
no way in hell would I plug a usb stick wallet into that computer and try to use it.

>>8931264
i already stockpiled usb sticks like a dumb autist for this. didn't want to "infect" shit obv

>>8931278
Valid points, no question. I think the vulnerabilities just shift in some way.

Commericial HW wallets for sure are more profitable targets than a single custom built HW wallet.

The disadvantage is that the custom built system is not supported by 10+ fulltime security experts.

>>8931293
If you are using a proper operating system (not windows) you can disable any changes in the OS as well as the execution of any software on USB sticks.

Buying tons of USB sticks is the brute force way.

>>8929918
>>>8929842
>I know how to make money and caring about 200 bucks is not how. I'm sure you know more about crypto currencies than I do, but I don't give a fuck. If you're lucky you might work for guys like me in the future.

Guys like u r angry cause ur dick stopped working an ur wife is sleeping with the poolboy

>>8930611
tails os has electrum preinstalled

>all this talk about security
>no one mentions that EOS will solve this problem with a customizable time delay withdraw feature + freezing wallet + arbirtration

you can't get hacked with EOS and you dont need paper or hardware wallets

>>8929918
>I dont understand what Im invested in but maybe you can work for me

absolute maximum brainlet

You fags are fucking retarded.
Hardware wallets are useful because they make possible to air gap private keys while still being able to make transactions easily.
Paper wallet are fucking useless because to use them you have to enter the seed into a software running on a device that is intrinsically insecure (e.g. a fucking PC).
Are hardware wallets the panacea of all evils? No they are not, but at the same time they are a big fucking step in securing your funds.

>>8931033
just do this http://docs.electrum.org/en/latest/coldstorage.html

>>8931293
lmao wow. I was almost just kidding. You really did go full autist.

>>8931402
this is already coming to bitcoin

>>8931293
But yeah I guess you should treat the usb stick like a gay man's used condom after it touches the internet.

>>8931308
idk anon, trezor is like $55 now.
it's such a simple device and its so well designed that it's pretty unlikely anyone will come up with any new exploit you would need to worry about.
even past exploits needed physical access and weren't easy to do by any means.
its also so much easier to use than these dumb ass airgaped computers or raspberry pis or a bunch of usb sticks... and you can't fuck it up even if you're 85 and senile.

>>8931491
This is a good answer.

>>8930262
server? authentication? what the fuck, if I wanted centralized services I wouldn't use crypto

>>8930262
also it means it's not safe at all since the company can get easily compromised

>>8931326
maybe if i can be bothered ill look it up for curiosities sake but i already have an exit plan in mind for my stinkies, at what price points, like sell this much at $5, $10, $20, etc. so i have as many usbs plus some extra in case of emergencies. don't think ill need it anymore
>>8931454
>>8931482
>like a gay man's used condom after it touches the internet.
how it definitely should be. i dont think i would care about looking like or feeling like an autist if i can have peace of mind regarding my money.. definitely inconvenient if you would be using it many times however, instead of treating it as cold storage.

>>8931013

Everyone saying paper wallets for ignorant.

This is the reason ledger is the safest method to store crypto.

>>8931482
Why should I suck on my usb stick? That's fucking retarded.

Do i need to update the firmware on my ledger?

>>8931590
are you saying the company has my privatekeys/24 word recovery phrase?

>>8929728
>Having over 20k in crypto
>Not spending $70 on a hardware wallet
>Using paper wallets
Yes goyim
Tap your private key into my logger

>>8930759
Fucking idiot. Coins are never locally stored no matter what format you use. They are always stored on the blockchain and the formats are just your fucking password to access that shit. Making duplicate keys to your house doesnt buy you more fucking houses does it? Dumb cunt

>>8931880
>he doesn’t know about the hardware wallet exploit where you unplug your Ledger during sync and end up with double your balance

How do you make a paper wallet without accessing a computer? If you generate an address, even offline, it is still susceptible to an attack.

>>8931896
The whole design concept of blockchain is to avoid the double spend problem, dont act like an aspergers u fucking twat.

>>8931900
pen and paper math, are you a brainlet?

>>8929835
I do. 4 seeds on 4 pieces of paper. Costed me nothing. Boo hoo

>>8929728
Ledger is only worth it bc you can lock prices and therefore theorically short crypto without fees.

>>8931880
>>8931937
trolled softly

>>8931880
>>8931937
Except that it literally worked for me. Here's another one of my favorite ways to get free money

>download bitcoins to ledger
>go to "My Computer"
>open the ledger folder
>find the text file containing my bitcoins
>open in notepad
>find "Current Balance: 0.00001111 BTC" and change it to "Current Balance: 1,000.00 BTC"
>click "Save"
>upload new bitcoins to the network

You're welcome. Don't do it too much, though, or they'll find you

>>8932198
Go fuck yourself

>>8932198
i actually think you are entertaining anon, even though you aren't exactly innovative or creative

>>8931254
The whole point of a hw wallet is that your seed is never revealed. Having a JSON file on a laptop is inferior in the case of a website like mew being hacked.
Also, in the case of a ledger/trezor hack, you would be fucked anyway as the price of your coins will go to 0. Think of how many of the big guys store their shit on one and how that'd all just be gone, every whale/early adopter I know uses one. It'd be worse than mtgoxx

>>8932198
Fine, I'll let them know exactly how to do it.
>download a hex editor
>open your wallet.dat in the hex editor
>look for 0xFF38 string, the number of bitcoins will be follow in the next four byte number.
>SInce most people don't own even a single bitcoin its usually 0000 and there is a fractional number after it.
>Modify the 0000 number, but don't make it too high, e.g. FFFF OR THEY WILL FIND YOU
>Make it 000A, just ten bitcoins
>Save
>Sync back to the network
>Voila, you now got 10 bitcoins!

>ledger leaves exploit into device
>uses exploit to take user funds
>woah guys looks like we got 'hacked'
>nobody can prove a thing

The day will come and it'll be hilarious.

>>8932430
Wtf I accidently added 100. I am literally shaking right now
Who is "they"?

>>8929981
>implying anyone actually fucking does this for themselves

>>8932430
I'm getting RS vibes right now lol

>>8930611
>being a poorfag that gives a shit about $200

do you wipe your ass with your hand to save money on toilet paper too?

One thing i dont understand is that I have all my alts in mew but where I need private key? It seems that I can transfer coins where I want by just using mews own password?

>>8930772
>he still doesn't get it
the whole point is to not have to mount the device, dipshit. if the host pc is compromised and you mount the device to use it to sign a transaction, that's where you fuck up

if you want something remotely comparable to a ledger you need to look into offline transaction processing. the host pc wallet has to support it too
>online pc generates transaction
>copy the unsigned transaction to an offline pc (many ways to do this, some safer than others, if you're really autistic, copy it by hand)
>sign the transaction on the offline pc
>copy the signed transaction back to the online pc and broacast it
This way your key is never ever exposed to the host pc ever. This is how ledger works

finally let's just put things in perspective here, my ledger cost me $70 USD
that's the price of a tank of gas and a bottle of cheap liquor.

>>8933607
Answer this

i legit have no clue how wallets work. i just keep the tokens on an exchange.

>>8932231
Fucking kek, all this salt because his IQ is too low to be able to modify ledger.txt

OK anon, here's an alternative exploit, I used to do this but stopped because I was worried about being noticed if I did it too often

>go to ledger website
>click login
>username : bogdanoff88
>password : stinkylinky
>click 'create new bitcoins' and enter the amount you want (don't put too many)

listen here brainlets
ledger signs your transactions ON the ledger so your privatekey is NEVER sent to your PC

with MEW you must enter your privatekey OR the password to your keystore on your PC

>>8932198
"computers do the beep-boop thing"
- you

whatever you do, just dont buy a trezor. they literally have to weld the device shut because its so trivially backdoored in hardware.

for all you know the trezor you got in the post is completely owned, and while like ledger you have to trust the company making the software itself, with trezor you have to trust that nobody along the way to you replaced the device with a backdoored version (which you have no way of checking for without breaking it open) or opening it up and resealing it.

>>8929844
>>8930223
uh
sha-256 is broken
sha-3 is the new standard

>>8934797
sha 1 is broken, sha 2 is fine you moron

> get hit by car

> ur paper wallet gets in the bin with lots of other papers and junk when your relatives rummage through your things
or
> your relatives find a usb stick
> try to plug it in
> wtf?
> find out bout ledger
> learn how to use
> search for clues on bip or pin or try an easy combination hoping you picked it so they could crack it open
> u ded, but at least your parents got some cash from ur crypto games and learned a new technology

>>8930276
>I keep a few copies of my seed phrases stamped in steel plates and hidden in a few locations at relatives houses in two different countries.
who are you, James Bond international man of mystery?

>>8930399
>Even if someone does find my paper wallet, they wouldn't know what to do with it. It could be hidden in a painting hung on my wall.
make sure you use that fireproof paper anon

>>8931336
I'm young faggot. I make money and enjoy life while all you nerds do all the work. Loving it.

>>8929808
Smart choice.
https://techcrunch.com/2018/03/21/a-15-year-old-hacked-the-secure-ledger-crypto-wallet/
https://www.wired.com/story/i-forgot-my-pin-an-epic-tale-of-losing-dollar30000-in-bitcoin/

In the past 6 months a single arab teen found exploits in the two popular scamware wallets, ledger and trezor.

He probably wants to make a career in cyber security but imagine someone who didn't give a fuck about that?

>>8929860
Are you referring to the lad who found a back door in it and then ledger built a new update to protect against it?

>>8936458
the only way for the exploit to work was for someone to have physical access to your wallet and it got patched. The chances of you being robbed by someone for your ledger that is autistic enough to figure out how to do it was 0% it was a basically non issue

>>8930399

Clearly you have a limited understanding of what a ledger does.

A ledger does nothing but add security. You still backup a paper key like you're irrelevant examples, but you also have a self destructing USB that allows you to access funds without ever putting tourists key on the computer.

A ledger would literally do nothing but make your examples MORE SECURE.

But I don't care anymore. Hopefully your funds get stolen because you went on a fake MEW site and you'll learn the hard way.

>>8936669

Putting private keys* on the computer

>>8936306

The thing is..you need physical access to the ledger for any of those types of exploits.

If you store your ledger securely this doesn't even matter.

Never mind the fact an airgapped PC or a paper wallet would fail even faster than a ledger with physical access..because the theif would also need to be an amazing hacker...

>>8930276
Also have plates, but brass instead of steel.
Cant find a decent steel plate and it might be too bothersome to stamp it.

I am concerned if the prints will be still inteeligible after a fire.

But not keeping any raspi. I dont see why I should make one. It will lack any compatibility with online services, which are ledgers selling points.
And as for security: plates are fine.

WHAT HAPPENS IF YOU CONNECT 2 LEDGERS TOGETHER?