Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Hardware wallets
Re: It is NOT secure to use hardware wallets (and it never was)
by
AGD
on 22/03/2018, 20:03:38 UTC
Quote from: achow101 on March 22, 2018, 07:02:31 PM
Just because there are vulnerabilities found does not mean that they are inherently insecure. Do you say the same things about software wallets too (many of which have had vulnerabilities found and patched, just like with these hardware wallets)? Do you say the same thing about the general purpose computer you use which you don't even know how it works? Every piece of software and many pieces of hardware will have some vulnerability found in them; given enough time, it's almost inevitable.

Quote from: AGD on March 22, 2018, 07:32:02 AM
Worth mentioning, that the guy who found this exploit is 15 ys young.
That's slightly misleading. This 15 year old has dedicated a lot of time into working on hardware wallets, particularly in their firmware. He's been involved in numerous other vulnerability discoveries in the past with Trezors (and possibly Ledgers). The kid is very smart, probably smarter than you when it comes to hardware wallets. He's not just some random 15 year old who found this; he actually dedicated a lot of time into learning about how hardware wallets work and has been working with them for years.

...

Yes, I think hardware wallets are indeed inherently insecure, just like any SPV wallet. I also call every cryptocurrency exchange inherently insecure even though it might not have been hacked until now.

I don't know how you come to the conclusion, that I don't know how a computer works, but anyway ... just the knowledge about how it works, might still not be enough to trust it 100%, but I guess we have not much of choice until we see open source chip production. One good example is the latest Intel issue and I am sure there will be more to follow. Btw I have addressed this one already a few postings before in this topic:

Quote from: AGD on March 22, 2018, 02:08:59 PM
....
Of course, the fact that we have to use closed source computers to run Bitcoin Core, makes it impossible to be 100% safe esp. against state actors.



Quote from: bob123 on March 22, 2018, 06:27:15 PM
...
Quote from: AGD on March 22, 2018, 02:08:59 PM
Of course, the fact that we have to use closed source computers to run Bitcoin Core, makes it impossible to be 100% safe esp. against state actors.

You don't have to use a closed source OS. You have decided for yourself to use closed source software.
Everyone is free to use the software he wants. There are a lot of open source linux distributions available on the internet.

I didn't say 'closed source OS' but 'closed source computers'. No problem. Misreading can happen.