Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: NEWS FLASH! Hardware wallets still aren't secure, and they never will be.
by
Chris!
on 06/07/2019, 19:52:37 UTC
Quote from: o_e_l_e_o on July 06, 2019, 02:42:08 PM
Quote from: Chris! on July 06, 2019, 01:52:21 PM
Quote from: o_e_l_e_o on July 06, 2019, 08:21:03 AM
Quote from: Chris! on July 06, 2019, 03:59:43 AM
but my paper wallets are substantially more secure than hardware wallets.
That's not accurate though.
FTFY
Sure, but the fact we are even discussing this means your technical knowledge is more advanced than probably 99% of crypto users. Most users would not be able to generate a paper wallet in a secure manner.

I consider myself pretty average with tech and I managed to figure it out over time. It's all about the effort you're willing to out into it I guess.

Quote from: o_e_l_e_o on July 06, 2019, 02:42:08 PM
There is always trust involved somewhere. Unless you built it yourself, you are trusting the manufacturers of your computer hardware, and the shippers who delivered it to you. Unless you designed it yourself, you are trusting the people who wrote your OS and software. It's probably also worth mentioning that Trezor device is fully open source, and hardware wallets in general are subjected to far more independent auditing and attempted hacking than the vast majority of other hardware or software.

That's not necessarily true. The only thing I really need to trust is the RAM on my laptop or desktop when I boot up a live USB. If I have no Wifi card in the computer and no ethernet cable plugged in then I've removed the internet attack vector entirely. A cold boot attack is probably my biggest concern, unless I'm told otherwise.

Quote from: Chris! on July 06, 2019, 01:52:21 PM
I've seen many issues come up with hardware wallets over the years
Quote from: o_e_l_e_o on July 06, 2019, 02:42:08 PM
True, but the majority of issues are from people using them incorrectly. There have also been plenty of issues with paper (or otherwise self-generated) wallets, again, usually from people using them incorrectly. Any method is only as good as the person using it.

I don't agree with that logic at all. Let's test this out in a real world scenerio:

The safest car in the world and the least safe car in he world are driven off a 200ft cliff. User error was to blame. Everyone inside both cars dies instantly. Should both cars be considered just as safe now?

Quote from: Chris! on July 06, 2019, 01:52:21 PM
Paper wallets can be extremely secure if you do it right.
Quote from: o_e_l_e_o on July 06, 2019, 02:42:08 PM
I agree with you, but the vast majority of users do not have the ability to do it right. I'm also not claiming hardware wallets are infallible, but they can be just as good as paper wallets if also used correctly.

There's a great answer to this question from Andreas Antonopoulos which I think pretty much summarizes my argument: https://www.youtube.com/watch?v=4fsL5XWsTJ4&t=402

I watched it. He basically said you have to have some level of trust, meaning I won't bother with one. I just have to trust my RAM manufacturer not to add something onto it that could send off something remotely.

One car is safer than the other when both are used properly.

I'm tired of people saying paper wallets aren't secure or hardware wallets are just as secure. The only issue with them is user error. That's clearly not a paper wallet issue. It's user error.