Re: NEWS FLASH! Hardware wallets still aren't secure, and they never will be.
This is insane.
I agree. Idk why people still trust these manufacturers when they're clearly incompetent.
When using a paper wallet:
Please tell me what part of the computer these "portions of private keys" remain on. Is it the CPU? The mobo? Oh it's the BIOS isn't it. - You must use a(n) (offline) computer to generate the private key to a paper wallet, and the portions of the private key may remain on the computer long after the fact.
I'm not turning my wifi off on windows 10 and hoping for the best. I'm using an air-gapped system.
You must use a printer to print the private key for a paper wallet, and portions of this image may remain on the printer long after the fact. This is not a risk with HW wallets
Really? I haven't used a printer for paper wallets in about a year now. You do know that "paper wallet" is just a loose term people use, right? Imagine anything more durable than paper. Use that instead of paper.
- You must transfer the private key of your paper wallet onto a(n) (offline) computer to spend any of your coin, risking the private key remains on your computer long after the fact, and risking that someone will take a picture of your private key/paper wallet. Neither of these are a risk with a HW wallet
Again, sounds like you don't understand what an air-gapped system is. Also, who the hell is generating private keys in a public park where a stranger can take a picture of their screen? Wtf? Go in the corner of your house if you're really paranoid (which of course I am).
- An attacker may be able to compromise your paper wallet by being in possession of it temporarily for only a few seconds via taking a picture of your paper wallet. For a HW wallet to be compromised, the attacker must be in continuous possession of your HW wallet for a longer time, and must be in proximity of special electronic equipment. An attacker could stumble across a paper wallet, and compromise it without your knowledge, while a HW wallet being compromised without your knowledge would require a more targeted attack.
How did said attacker guess my BIP38 passphrase so quickly? They must have seen when I typed it out at the public park I generated my keys at I guess.
With a HW wallet, you can use multiple passphrases, including a passphrase that is easy to crack with nominal amounts of coin. You can monitor the coin in the easy to crack passphrase, and if coins are moved from addresses associated with that passphrase, you will know you need to quickly move the coin in addresses associated with a more complex passphrase. An attacker will also not know how much coin you have secured by your HW wallet, so if they find a single passphrase that can be used to generate private keys to spend coin, it may not be a good use of resources to look for additional passphrases that can be used to spend additional coin.
Better yet, set a great passphrase on everything and don't worry about it. Add a watch-only address to whatever wallet you choose and get on with your life knowing you're actually secure. No need to look out for the next vulnerability from your hardware wallet manufacturer.
Guys, I know it sucks that you wasted $100 on a glorified USB but there's no reason to start making up BS and FUD about paper wallets. I'm just trying to teach you how to secure your funds better - without relying on a third party.
Again, user error is not a vulnerability. If you shut your wifi off and think you have an air-gapped system you're going to have a bad time.[/list]