Just bought one of these

just bought one of these
what am i in for?

Attached: ledger.png (1024x536, 113K)

Other urls found in this thread:

youtube.com/watch?v=hAtoRrxFBWs
twitter.com/SFWRedditGifs

even though the cryptlets are going to tell you how special and secure those things are, they're really just a fancy USB stick that's jailbroken in an afternoon by a capable attacker.

>you wasted money

>bluetooth on a hardware wallet
That sounds fucking terrible

yep user im sure you already claimed the $100,000 bounty for breaking ledgers hardware level security
can you post screenshots of ledger depositing this bounty into your bank account?

i was thinking that
i can always return it easily

please explain

litterally why take 100k when the exploit is worth far more

>inb4 muh usb is the same. i can put my wallet there and hurr durr dont need to spend the money
It's called a hardware wallet for a reason. It uses seperate hardware to run wallet calculations. Meaning, if you have a virus on your computer, the virus wont be able to get your private key because it's on a seperate device. If you used a software wallets, your private key is put into the computer's ram, which could be read by another program.

youtube.com/watch?v=hAtoRrxFBWs

there you go retards. If you think the newer versions are magically less shit you're just fucking stupid (hint: all computer security is shit due to defender's disadvantage)

again, still more secure than using a software wallet. When you use a software wallet, your keys are exposed to your computer when signing keys.

The security vulnerabilities you posted require physical access to the hardware device. It's not something you can do over usb having the device plugged into the computer. You have to physically modify the device.

also not to mention, ledger has a way to verify you have authentic firmware installed, so as long as you check that you should be fine

>buy ledger wallet
>write down seed, use shamir secret sharing
>transfer all coins onto ledger
>reset ledger
>add however much you want to the new hot wallet

congrats your first wallet with all of your coins on it is literally unhackable, unless they also find all the various written down components of your seed.

or you know just boot a secure OS from an USB stick offline, make a transaction and publish that from anywhere else. That would have the distinct advantage of not running around with a piece of harware with your private key on it like a retard asking to get mugged

The iPhone Xs Max is great i have the gold one

>shamir secret sharing
>”hey Shamir did u know i actually used toilet 1 time???”
>”i did not like it”

Attached: 920984C9-5789-43EE-BB36-D203127F9C8C.jpg (645x475, 35K)

ignoring transfer all your coins to your ledger
write down the seed, use your favorite secret encryption method
reset the ledger

congrats your ledger does not have your private key anymore, even with an electron microscope the attacker gets nothing.

yeah you could do that and it would probably be more secure, but your average user isn't going to do that. It's much easier for someone to just buy an already secure hardware wallet, than for someone to try to make their own with an offline computer. The ledger at least allows you to use your wallet on unsecured computers.

that's literally what is except you paid a lot of money for it

$80 isn't a lot of money senpai

Does the bluetooth actually negatively impact the security of the device, or would they still need to obtain is physically to hack it?

>$60
>a lot of money
absolute kek

the difference, obviously, is that at the end of either process you are going to HAVE to plug into a computer connected to the internet
with a ledger, even if that computer is infected with malware you are safe
with a USB if that computer is infected with malware you are vulnerable. maybe not on that specific transaction, but on the next one when the malware lies dormant and logs everything, waiting to broadcast it until its been reconnected to a device with internet access.

>the difference, obviously, is that at the end of either process you are going to HAVE to plug into a computer connected to the internet
no that's not true.
An offline computer generating a transaction is basically no different from a ledger (an offline usb-sized single-board computer that creates a transaction). You can broadcast the transaction from anywhere you like without the need for a private key after it's been signed offline.

it's about trezor, not ledger.
Ledger wallets are actually secure.

I think they still would need to physically hack it. It's equivalent to connecting over USB. The device has only a limited set of instructions, such as sign a message or transaction. Once those instructions are sent to the device, it acts as a black box and only sends back the result.

by the magic of fairy dust I assume. Nah dude they're basically the same and claiming anything related to computers is secure is just delusion

and when you plug that USB into a computer that contains malware, and the USB then gets infected with malware that logs all events and waits until an active internet connection to send this info back to the guy who made the malware?
you can say its extremely unlikely all you want, but the fact remains that this is a tangible risk using a non hardware level secured USB device

>when you plug that USB into a computer that contains malware
what part of "boot a secure OS from USB" did you not understand?

what part of connecting to the internet gives you the chance of being infected by malware do you not understand?
tell me right now that there is a single OS that has 0 vulnerabilities and i will personally piss my pants laughing at how retarded you are

they have a secure element, a chip specifically designed to thwart physical attacks.
Yes, it can still be broken if you have the right tools, but it's orders of magnitude more expensive than breaking a trezor, which uses a normal arm mcu. In particular, secure element is designed to be completely immune to sidechain attacks (undervoltage, temperature differences, etc).

>sidechain
sidechannel*, lol.

listen man hardware wallets are secure. And they are convenient. I'm not dissing offline software wallets. They are also very secure if done properly. The problem is, you sound like a neckbeard Jow Forumstard who thinks everyone has the time and knowledge to set up a complicated system for securing their money. Newsflash, they don't. Hardware wallets are great for mass adoption because they give you near the same security (if not more) of an offline software wallet, while being smaller and easy for normies.

sure they might have a lot more effort put into being secure, but at the end of the day it's always just a matter of how motivated the attacker is (as literally with all hard or software)

And with a cryptocurrency wallet I wouldn't rule it out that the attacker is VERY motivated

>boot a secure OS from USB
Yea because viruses cannot have access to the USB ports. Also no such thing as a secure is. When I pentest a client's system I never reveal unknown hacks that I discovered. Only ones in the CVE DB so if they screw me I can wipe the data off their disks
Retard

Yeah using an offline OS to sign transactions and then publishing them on another OS is a good method.
As far as I am aware for both methods the only viable attack vector is for the attacker to have physical access to your device, then the last safeguard is the encryption you use for your offline OS or the pin code on the hardware wallet. I know there have been attacks on the ledger by trying to boot fake firmware, but that also requires physical access to activate the bootloader, exception is if you receive an already compromised ledger.
Security wise I guess both methods are pretty close. The only real advantage a hardware wallet has is convenience.

then just unplug the usb?

>2019
>low iq autists (retards) still arguing over hardware wallets vs offline compooter
listen faggots, buy a trezor for 60$, write the seed in many places, use a passphrase, keep your linkies safe.