Attached: images.jpg (272x185, 6K)
Fight!
Luke Perez
Robert Howard
Trezor is open source and ledger is not.
/thread
Austin Morgan
trezor wallet is a webpage while ledger live is stand alone
Oliver Allen
Real niggas use trezor
Juan Hernandez
imagine giving a fuck about storing crypto in 2019, if ur not instaselling ur a retard
Bentley Wright
Jose Morales
Skywallet will be ~$30 and will support the major coins, along Skycoin, of course.
Anyway, if you're storing more than what you'd normally carry as fiat on your person, you're doing it wrong.
Ryder Barnes
Binance funds are SAFU, free to use, and insured
Dylan Bailey
t. pranjeet
Lucas Hernandez
>"instaselling"
>long term hodl
cuck
Liam Turner
short it.
Henry Robinson
LOL at the gif.
Camden White
>hodl as your bags evaporate into thin air
>calling anyone a cuck
yikes
Robert Lee
kek i remember this from kevin rose showing it on diggnation, those were the days
Mason Flores
i dont see a hardware keypad
domt tell me you type in the password that unlocks the pks in it on a possibly compromised pc!!
Ian Williams
Blake Miller
serious question if anyone can steal these things after confirming their location and logging the password via malware then its fucking shit
Nathaniel Turner
Ledger has very very (cant stress that enough) nice software now with „ledger live“.
Hardware is ok, you just need to get used to it. I own 2 ledger nano S. I can only recommend them, never had any serious issues.
Especially now that they are down from a 100,- usd to around 50,- usd you should get one IF you own crypto in 5 digits+.
Supports a fuckton of coins as well. Only downside is that you cannot manage TOO MANY coins as the space for apps on the ledger is limited. But if you hold only three assets like btc,eth and ltc like i do, its fine. I think limit per ledger is around 5 currencies per stick but thats nota hundred percent correct answer.
Nolan Scott
ledger nano s looks much better and professional
Benjamin Cooper
how is the private key secured on ledger?
Logan Murphy
So as far as i get it (!) ledger uses the recovery words as basis. Meaning it generates these random 24 (?~) words at the first setup. So from these it consequentially generates all follow-up private keys of all currencies. So there‘s only one „key“ ever that all others are derived from (=this seed phrase/the words).
you only need that phrase to get access to all of your crypto. It some sort of standard, BIP XXX, ( Propably 30secs google).
Tyler Peterson
not what i was asking about
traditionally you encrypt pks with a passphrase and need to provide this phrase to sign a transaction
yhis is different from seed which is just init vector for deterministic key derivation.
in ledgers case they rely on a tamper proof chip but these usually need a pin and getting this pin is trivial if you input on a pc.
David Parker
you input the pin in the ledger not in pc
Levi Ross
- you need to enter your ledgers pin at start
- manual confirmation of each transaction on the ledger
So there‘s a 2way mechanism, you need to operate the ledger and the computer. It‘s not the way that you just plug it in and thats it: You need to actively interact with the hardware wallet to confirm operations on your account.
That shit has been thought through and you notice that, there‘s no easy or obvious attack vector.
Noah Collins
Is that a raccoon? What a beast
Dylan Flores
I’m quite happy with my tremor. I can generate the address list in python if the wallet ever goes down.
Henry Williams
I have a ledger and I wiped my phone with duo on it.
90 ETH guys
John Sanders
how?
Nolan Perry
Ledger has 2 little buttons left and right, with them you select (up/down) the numbers. If you want to confirm a number you hit them both at the same time. Same for confirminh transactions.
The software only displays the info on accounts etc.
You do the confirmation solely with the hardware itself.
Levi Anderson
i cam see pretty obvious attack vectors unles the key eprom is encrypted ie reliance on a soft pin on a hard pin the question still stand how do you unlock the keys? also a simple pin may not even be secure enough for private keys too easy to iterate through once you get the eprom copywhich is trivial for a determined attacker dealing with secure chips
Angel Sullivan
i see what is the pin size?
Grayson Mitchell
This. In 3 years time, the average person will only have $300-$500 in crypto. Imagine they spend $80 on a wallet, lmao
Xavier Mitchell
Quote:
Ledger was launched in 2014 by eight experts with complementary backgrounds in embedded security, cryptocurrencies and entrepreneurship, united around the idea of creating secure solutions for blockchain applications. We now have over 130 employees in Paris, Vierzon and San Francisco.
I think you can safely assume that there‘s „at least“ a couple of guys on the same level as you in IT/Electronics who have thought about any sort of exotic and obvious attack vector you might come up with not only for 30minutes but from all angels for 40h/week for 5 years straight. Especially when you run a company which core and sole product is security.
Evan Morris
up to 8 digits
Elijah Powell
Minimum 4 digits, and up to 8 iirc. And it locks completely down if you enter it three times wrong in a row.
Juan Williams
soft security is irrelevant to an attack
the question is if it has hard pin lock on the private keys with some key derivation mechanism or not, if not then you are fucked with no effort so let's assume it has. let's assume it can't use scrypt because no ram, you get at best 10^8 tries say they use aes to encrypt most laptop can do a 1000 per sec roughly at least, so around 1 days to break the keys. not counting the disassembly of the secure chip.
Evan Peterson
oh and that doesn't mention the whole jamal can just find your "recovery sheet" issue. even if you put it in a safe it's the most retarded idea ever. i mean sure it is protected against remote hacks and malware pretty well which is why i always say these things are good for a hot wallet it you like trinkets. but as secure long term cold storage i fucking hate them.
Austin Sanchez
There‘s nothing a 100% safe idiot. I‘m sorry you have to live with a 0,0000000001% chance that your ledger can get hacked „someway“ if you are too retarded to lock both hardware and recovery sheet in a secure place. Now gtfo
Tyler Peterson
>There‘s nothing a 100% safe idiot.
paper wallets, cheap secure
>0,0000000001% chance that your ledger can get hacked
i would give it 100% the method of clearing the chip and putting it in a testbed are well documented and easy to do even at home for a hobbyist.
Dominic Brown
>not counting the disassembly of the secure chip.
the whole point of a secure chip is to make physical access to data hard.
Trezor however is completely vulnerable to physical attacks.
>oh and that doesn't mention the whole jamal can just find your "recovery sheet" issue
this is true, I wish they added an option to generate a seed from a password.
Carson Jackson
>is to make physical access to data hard
maybe for you, but someone that will do this for a living it will be easy as pie. these vaporware shits focus too much on the side channel attacks (which is not badd to have protection from) but can still be simply dismantled. once you read the eprom it's yours if password protected with weak key then within a day if not immediately.
yes plain text seeds are retarded and the physical device will cost you with each redundancy for location which does not actually strengthen your security but weakens it against theft of course it increases security disaster proofing wise. but placing the plain text seeds at multiple locations is borderline insanity.
now on the other hand i can place my private keys on pastebin in my google drive or mailbox post them on Jow Forums and find in archives, give copies to each family member, and it still did not decrease my security.
Justin Williams
Holy shit you‘re just fucking retarded
Jaxson Clark
nice argument very technical
Luis Sanchez
and this is my final argument
this wallet is all yours if you have 900 quintillion years with the total hashing power of nicehash
the cost of the attack is more than all the wealth ever in existence past and future included. even with a quantum computer of sufficient size (fuck expensive even in the far future) it would take longer than how long the universe exists.
as opposed to hardware wallets where depending on the security model and sepcifics the cost of an attack could be as low as $100 the security model is unclear and full of questions. but we can still put a few thousand dollars cap on the cost of an attack on the secure element chip worst case.
please for fucks sake, do not use hardware wallets as cold storage! use them as your monthly budget hot wallet sure why not?
Juan Hernandez
>place my private key on pastebin is secure
what
>hardware wallets are not the safest storage option
what
Jeremiah Perry
see
Jordan Scott
Seriously, this guy completely glosses over the 25th word part of the seed...
Jacob Powell
so what that's like 10^5 security?
Robert Anderson
No clue, but it busts your argument about someone finding the seed phases....
Bentley Barnes
3 hours tops
Tyler Powell
Wat? in English please...
Blake Moore
3 hours tops to get your btc protected by a single word
thats not security its bullshit
Henry Adams
oh, that paper. but who generates it ?
Robert Hughes
...
Nicholas Powell
nice mockup bro except that the mockup is actually shit
>doing transactions with 2 buttons
skycoin will forever be a shitcoin i guess
Benjamin Diaz
But that's bullshit without some big set up! You know the 25th word can have letters, numbers & symbols right...they have to find the seed first also
Josiah Gomez
that's a password not a word then be more specific!
alright then it can take a day unless you use a really strong password in which case what is the point to the other 24 words? whatever, it's all crap.
i was talking about how stupid it is to leave the seed in the open. if they don't find it it's obviously not an issue.
you generate it yourself, using a good random pool on an offline computer with mint live os.
Gabriel Green
Ledger has been open source for a while now.
Get with the times.
Daniel Adams
opensource is a must not a guarantee for good security model. i am so fucking far from convinced that mars is next doors compared.
Tyler Lewis
>an offline computer with mint live os.
That's what a ledger is.
Gabriel Russell
>you generate it yourself, using a good random pool on an offline computer with mint live os.
why not using a ledger then?
Evan Phillips
>a day unless you use a really strong password in which case what is the point to the other 24 words
>A day
Sorry dude, I don't belive you...you don't seem to know much about HW...but hate them
Lucas Moore
I think Ledger supports a wider range of cryptos, including Monero.
James Cook
sure but you never leave said os running you fucking reboot after key generation and never persist any secret on any drive
Liam Murphy
because its shit?
Jaxon Watson
Wasted
Nicholas Rodriguez
>you don't seem to know much about HW...but hate them
exactly untried security model gimmicky snakeoil handwaveium shit in reliance on hardware instead of good mathematical model and it fucking costs you money.
as opposed to paper wallets.
Lincoln Barnes
no it's perfect
Jackson Barnes
have you ever used a HW? Its easy to use! Paper wallets not as easy
HW uses the same math as your private key!!!!!
>Cost you money
You can't spend a bit of funds to secure your financial future & make it easy in the process. OR NOT
Thinkin you were the one that was arguing with my safe idea...I'm the locksmith
How can you be smart but not figure out something simple like a safe?
>Printers have memory, can be hacked
>Intel has a backdoor into you computer...who knows what they can do
Why do you think these are secure?
My point NO MATTER WHAT you have to trust some hardware unless you use a pre '08 computer...your way is your way...it DEFIANTLY is not the simplest, a HW is. & a HW offers the same security if not better ON MY OPINION.
The reality is you think your way is the best & everyone else is dumb...shame you think you know what your talking about. You will argue with this b/c you're arrogant. You don't even know about the 25th word/passphase, as my original statement said.
Have fun basement dweller
Brandon Peterson
Yubikey wins
Mason Thomas
Did you back up your seed phrase? That's the MOST important part of your account.
Robert White
>HW uses the same math as your private key!!!!!
evidently not
>How can you be smart but not figure out something simple like a safe?
i can break most safes in about 3 hours with basic power tools. they are not safe.
>Printers have memory, can be hacked
>Intel has a backdoor into you computer...who knows what they can do
bip38 private keys can be published printer remembering anything is not an issue. backdoors don't really worth shit offline then you reboot and it's all gone (you can't write to hdd from an online os)
>My point NO MATTER WHAT you have to trust some hardware unless you use a pre '08 computer...
yeah, no
>it DEFIANTLY is not the simplest
i agree, but it is at least tried and true, it's security is based on verified math not some convoluted piece of vaporware hardware.
>The reality is you think your way is the best & everyone else is dumb...
until proven otherwise (i was shitting on paper wallets too until i dug into them) so far however hardware wallets are "saying" all the wrong things about their security.
Joshua Jenkins
*from a live os
sorry
Juan Hill
>using the word yikes unironically
Ouch
Jaxon Davis
>i can break most safes in about 3 hours with basic power tools. they are not safe.
You sure can, you have to find it first! FYI floor safes/concrete surround safes are the best.
>bip38 private keys can be published printer remembering anything is not an issue. backdoors don't really worth shit offline then you reboot and it's all gone (you can't write to hdd from an online os)
don't pretend too know what intel can do...you don't know.
>yeah, no
post '08 intels are backdoored, thought you were smart...
>until proven otherwise
You already have in posts in this /thread & others
>(i was shitting on paper wallets too until i dug into them
yea...you need to dig deeper into HW! as i said you didn't know about he 25th word...you don't know what your on about!
Don't keep letting your arrogance get in the way of learning!
best of luck
Samuel Miller
I bought one of those. But I was never able to figure out a useful purpose for it, or even the right way to use it. It's just garbage to me.
Brody Ramirez
>don't pretend too know what intel can do...you don't know.
we know the theoretical limits to information density and their power requirements and thermal productivity. it would be known if a cpu or motherboard could (and routinely would) store gigabytes of data unpowered. you can't rape physics for conspiracy theories sake.
>post '08 intels are backdoored, thought you were smart...
assuming you are talking about intel me, it's not a concern here.
>You already have in posts in this /thread & others
negative on that
>yea...you need to dig deeper into HW! as i said you didn't know about he 25th word...you don't know what your on about!
it's not like it matters and i have explained why it's not good security.
i'm not gonna start lecturing you about locks maybe you shouldn't try lecturing me on software and cryptography. or go ahead but raise the bar a bit on the technical details cause i feel like i'm arguing with a toddler.
James Morris
Look I can see you work in the theoretical, show me a HW that people report got hacked...that wasn't for some dumbass reason!
Now back to your very real basement!
Nolan Lee
This guy is a fucking idiot sperglord and knows jack shit about hardware wallets. Don't listen to him.
Brandon Martinez
Thats what I have been trying to tell him!
Eli Martinez
this is some nice read about why secure chips are not so secure
break-ic.com
imagine if they get widespread every thiefor crackfiend knowing these ledger thingies fetch a few hundred bucks at a fence who know who to call for a cut...
Kayden Peterson
go ahead explain why im wrong
Thomas Smith
exactly what i meant by placing your faith in trinkets with unproveable security model
some people like to do this i like to warn against it
900 quintillion years vs quiet possibly max a day worst case less than an hour or two
also i put my money where my mouth is which one of you is willing to give out his hardware wallet with funds to try how unhackable it is?
Sebastian Price
this is all so retarded, this is part of the reason crytocurrency will never be..theres literally no safe way to keep your shit safe unless you code your own private key on an offline computer thats 3 basements deep running a virtual linux inside another linux using command line and fuck this shit for real
James Bell
i dont feel like reading the whole thread. give me a TLDR on what you would recommend for cold storage
Connor Walker
Trezor
Ledger
Maybe Yubikey
Kayden Thompson
Read the /thread, then you will realise you shouldn't listen to him!
Just get a Hardware Wallet!
Brayden Adams
Thanks for the private keys bro
Josiah Powell
Keepkey masterrace reporting in
David Harris
Trezor looks like it's used for situations where "I've fallen and I can't get up!" fucking lmfao I've never actually seen one.
Ryan Reed
tldr bip38 paper wallets with 20+ char passphrase 0.1 btc each generated offline on a live os. 3 copies at 3 different locations multiple digital copies (print to pdf).
Liam Morris
Ignore this samefaggin basement dweller
Aiden Howard
Dont waste your breath. Anyone with half a brain would automatically know paper is the safer option.
Lincoln Gomez
Cameron Campbell
See
Jeremiah Allen
yeah and you know why i dont buy a ledger or trezor for a hot wallet? because next yeae every fucking phome will have one built in.
Christopher Hughes
This might of been an extremely rare bug/ issue whatever but one of my 2 ledgers only gave me 22 of the 24 recovery words. I didn't realize until i had to actually restore my device. I wrote them on a plain paper and not the one that's numbered that they send you. Again, this might of just happened to me and no one ekse but this is no larp its 100% truth. I asked ledger for help but they gave me a generic response nothing helpful whatsoever. I will never buy a ledger simply because they just didn't even bother asking me or even tried to help the slightest. Maybe this happened to others but they don't want to acknowledge it. Most of you would say it's impossible but my thing is if man created it anything is possible. And no brute force is taking too long and im getting way too many possibilities. Anyhow at least bitcoin is going up.
Owen Cruz
22 words is plenty
unless you write it down then its not