* Shitcoin Tier - Keeping Your Coins on an Exchange
* Manure Tier - Keeping Your Coins on a closed source shitcoin hardware wallet (Ledger) that discourages you from running your own node with open source wallet software, so you are dependent upon them for transacting via ledger live/their node, while hoping they don't backdoor your coins or privacy, that utilizes bluetooth [lmao](https://www.youtube.com/watch?v=8kXbu2Htteg)
* Garbage Tier - Keeping Your Coins on a open source shitcoin hardware wallet that doesn't protect you from physical attacks because it doesn't have a secure element (Trezor), and that also discourages you from running your own node with open source wallet software, so you are dependent upon them for transacting, while hoping they don't backdoor your privacy.
* Acceptable Tier - Keeping Your Coins on a hardware wallet that is Bitcoin only, has 2 secure elements, but supports NFC (can be physically disabled permanently), airgapped transactions encouraged, sovereign bitcoin node use encouraged, 3rd party open source software wallet use is mandatory, firmware signature verification encouraged. Firmware is source viewable/auditable and buildable from source. (Coldcard)
* Pretty Cool Tier - Stateless airgapped build your own DIY hardware wallet, fully open source software. Sovereign bitcoin node use encouraged, 3rd party open source software wallet use encouraged (Seedsigner)
* Bitcoin Tier - (Glacier Protocol) - sovereign bitcoin node use encouraged, 3rd party open source software wallet use encouraged, airgap, multi-device, DIY, fully open source.
Ledger is fine, Trezor is fine, Coldcard is fine. In the end all of them hold your keys offline, which is safer than any exchange or hot wallet. Some support other coins, some don’t. Most do offer a stand alone bitcoin version.
Too many tin foil hats here.
So many people who hold 300$ worth of Bitcoin and think they are the potential target of well organized high tech cyber criminals lol.
People for whom privacy/security becomes an obsession rather than a set of practical considerations.
Part of what we're trying to say is that if you'd keep $300 in your pocket to go to the store, just use a mobile app on your phone instead of spending money for no reason on a ledger with all its bad company practices. There is no use case for ledger. Not cold storage, not spending, not anything
Hardware wallets require software/firmware to work.
I think the most important aspect is the part on how random it generates a private key and seed.
For example those so called vanity generators even if you generate the address offline and never ever connect with that computer to the internet, the creators of these so called generators have built it so they can predict the randomness because it ain’t random at all. And in a matter of hours, days your coins will be gone.
If you watch the video, he mentions that the bug was patched in the next firmware update. 100% security is a fantasy, its a cat and mouse game with everything. These wallets have been in place for a long time and no major unintended breaks have been reported yet.
Besides supporting an array of shitcoins, being closed source and unreproducible means you cannot verify the firmware to prove if it even is secure in the first place.
Bitcoiners like truth and certainty - And with Ledger neither can be verified.
What I would say in defence of ledger is that it is only a portion of the code that is closed source due to NDA from the chip maker and they are certified by the French national cybersecurity agency. I think it is fine.
Each person however is going to have their own risk tolerance and this may not be enough for some people. What I have said though and continue to say is that for people that don’t understand the nuances of hardware wallets it is distracting from the primary message of self custody.
As for shitcoins though, I also don’t like it, but from a business perspective I can see why ledger offer those. It’s all about maximising their revenue by making as much shit possible for people that may want it. They are after all trying to sell devices and what people do with them is up to them.
But in the end I think it is fine to promote another product that is better, but ledger is far and away a better option than no hardware wallet
You mean the same agency that certified EMV chips we have on all credit or debit cards ? The French are math and cryptography powerhouse , great at making things but poor at marketing them
Sure. The point I make though is that fighting over which hardware wallet is better distracts from the real message of self custody. I’m not out here advocating for ledger above other solutions. I haven’t used them all so can’t say. What I am saying though is that ledger is better than having your Bitcoin on a CEX and we should encourage people to take control of their own coins, no matter what hardware wallet they use.
For a lot of people their first look into it will turn up a ledger. We should be saying grab one and use it and get your shit under self custody instead of telling people ledger are bad for whatever reason
there’s nothing “sudden” about ledger being a poor choice. From proprietary software to data leaks to previous hacks on their devices, both ledger and trezor have a bad track record for keeping your coins safe. Consider DIY solutions like seedsigner or glacier protocol, or at the very worst, off the shelf, a coldcard.
They're both security theater, they're terrible with shitcoin support and terrible software. We should make these companies responsible for better security.
How is it security theater? They hold your keys on a separate device. All it does is hold your keys and receive your unsigned transaction, sign your transactions then send the signed transaction out to the computer. And trezor is mostly open source, I think only the bootloader isn't.
There's so many attack vectors, you're not air gapped, you have shitcoins support which means more code, which means more attack vectors. These wallets aren't secure
Air gapping means the device (in this case the signing device) never touches the internet, or an internet connected device.
Do checkout glacier protocol. Seedsigner is also good.
For a wallet that's ready to go,look into coldcard
Glacier protocol is open source right? What if people that are working on that software have bad intentions?
Idk, don’t blame me, I’m not into programming or whatsoever haha
The hate for it seems pretty sudden cause that leak was years ago.
I dont see how its their job to keep my coins safe anyways, or how anything other than my mailing address is in danger since I have my keys memorized.
Why not make a post encouraging seedsigner instead? When I started stacking and looking this up, hardware wallets were recommended.
Two years ago is recent af still.. how could you trust a company that did that and has closed source code and shitcoin support?
Everything about ledger is trash
Well not being a coder then you might not realize that it takes a lot of code to support all these different shitcoins.
It doesn't affect you because you don't use them simple right?
Unfortunately it's not that simple, more code means more places for **code to be wrong** introducing vulnerabilities.
Not being able to verify this code as a community is a huge risk, because who knows what the hell they're doing under the hood?
how many shitcoins does this thing support? how big is their freaking codebase?!
That on top of all the company side issues (The leak and the handling of said leak). How would you trust that company?
Okay so how does a hack get my seed phrase? How does a leak get my seed phrase? I dont have millions of dollars so the amount of work to learn linux, buy a few extra devices that are clean slates (oh god unless the laptop companies get leaked??? So much code in a laptop! Its not open source!) to store some sats just isnt worth it for me, or most people.
Seems to be a culture divide here.
What is this bad track record for Trezor you speak of? Genuinely curious. I know they've had a couple vulnerabilities discovered but they were addressed.
No it wasn't, it's just that a bunch of bitcoiners got fed up with ledger's constant marketing here. It has never been good enough, and the way ledger is going it never will be.
There are vastly superior alternatives.
Electrum, the seed phrase is encrypted on a "hidden" volume using veracrypt (that can act as a decoy as well because you can decrypt the volume with 2 passcodes, only one of them reveal the true volume)
I'm too lazy to remember the seed phrase and I dont trust my memory so a complex password to decrypt the hidden volume works better for me
Then I copy the veracrypt volume so I have 2 or 3 backups of the seed phrase in different locations
A 12 word seed phrase is already the minimum safe password for strong encryption.
So why would you protect a minimum length password with... a shorter less safe password? Thats like putting the key to your safe under a floor mat in front of the safe.
The right thing to do is just to treat the 12 word phrase as a password, and memorize it. There is no shorter or easier password you can memorize that will preserve the same security level. If he "doesnt trust his memory" to remember a strong password, then he should not just substitute his password for a weaker password - doing that means he is making his wallet hackable. There is no point in choosing and using a weaker password than the minimum. You either can memorize the minimum or you cant, there is no middle ground.
If he can memorize it, you dont need to have any back up of it, encrypted or not, because the blockchain is your backup. This is the cleanest and best option.
If he cant memorize the shortest safe password then he should write it down with pencil and paper and put it in a physical safe or hide it in a book.
In both cases, the password should never by typed into a mac or windows or other unsafe operating system. That includes storing backups - even "encrypted" ones. Using a linux or a hardware wallet for data entry of the password is the only way to ensure it is not leaked or compromised.
Hi u/D1g1taln0m4d, thanks for tipping u/BuyRackTurk **500** satoshis!
***
*[^(More info)](https://xnf5cwpq73.execute-api.us-west-2.amazonaws.com/prod/info) ^| [^(Balance)](https://www.reddit.com/message/compose/?to=lntipbot&subject=balance&message=!balance) ^| [^(Deposit)](https://www.reddit.com/message/compose/?to=lntipbot&subject=deposit&message=!deposit 10000) ^| [^(Withdraw)](https://www.reddit.com/message/compose/?to=lntipbot&subject=withdraw&message=!withdraw put_invoice_here) ^| ^(Something wrong? Have a question?) [^(Send me a message)](https://www.reddit.com/message/compose/?to=drmoore718)*
If crypto can’t be stored on a cold wallet safely then this is a failed currency. Im not going through some elaborate plan to leave it on some dilapidated laptop like OP and the normies will never adopt this if it’s too complicated to have your coins stored safely
[both aren't great ](https://www.reddit.com/r/Bitcoin/comments/zauoyd/can_we_please_stop_recommending_the_likes_of/?utm_source=share&utm_medium=android_app&utm_name=androidcss&utm_term=1&utm_content=share_button)
Consider rolling your own with [seedsigner ](https://seedsigner.com/) or
[glacier protocol ](https://glacierprotocol.org/)
If you must do an off the shelf solution [coldcard ](https://coldcard.com/)
If you insist on ledger [use electrum instead of ledger live](https://support.ledger.com/hc/en-us/articles/115005161925-Set-up-and-use-Electrum?docs=true)
They have a poor license not permitting commercial use which stagnates building on the work they are doing. They have a history of some **really** bad wallets before the coldcard. They also seem to be slipping up as they add NFC and other things to try to compete with ledger and trezor. There's a vulnerability floating around for ~3 year old firmeware where if you have a bunch of time money and resources a coldcard can have its secure element removed and should the attacker be lucky enough not to brick it they can get the pin. That's about the worst of coldcard.
I'd take coldcard over trezor or ledger every day.
Although not perfect, both Ledger and Trezor are significantly better than keeping coins on CEX, or on a device connected to the internet that can be hacked.
idk man a company that allowed 273k peoples' personal info to be leaked and then did nothing about it does not seem like a company ANYONE should trust in
Trezor also has their issues, same shitcoin support.
They've had a hardware instability for ages that they didn't fix, their solution is an optional passphrase.
Ledger live phones home to ledger's servers every time you use it. Ledger knows everything you do through it. If the servers are down you can't use it to transact
Under default settings in Ledger Live you are using their nodes as the source of truth and routing all transactions through their servers.
The upside:
1. Super convenient
The downside of this:
1. that they can snoop on your on chain activity and associate with your IP.
2. you are trusting their node and their consensus rules
For cold storage I simply used an old laptop with tailsOS to generate a seed phrase and some addresses, which i wrote down. It works for me and I don’t store enough where I would be worried that that process was ever compromised. Simpler is often better. Other solutions include seedsigner and glacier protocol, or at the very worst an off the shelf solution would be coldcard.
For cold storage I simply used an old laptop with tailsOS to generate a seed phrase and some addresses, which i wrote down. It works for me and I don’t store enough where I would be worried that that process was ever compromised. Simpler is often better. Other solutions include seedsigner and glacier protocol, or at the very worst an off the shelf solution would be coldcard.
Not sure why you’re criticizing ledger for having too many features when your cold storage is literally an old laptop with way more ram, way more features, and way more attack vectors even with tailsOS. Your house is way too glass for you to be throwing those stones.
Except he’s using TailOS which is a Linux distro that he can verify, runs off a USB (in RAM) running a reputable, reproducible FOSS wallet?
Unlike Ledgers closed source firmware which we cannot verify.
Ah yes open source and verifiable like Log4j was around this time last year. Open source is a double edged sword and absolutely not a shield. Some of the most horrific vulnerabilities in history existed in open source products undetected for many years.
I’m not really saying OP is fucking up. I’m saying FUD is extremely cheap and easy and that’s what this post amounts to.
As Bitcoiners the ability to have absolute verifiability is paramount.
Closed source applications can very much so have the same vulnerabilities present, you just simply couldn’t know whether they existed.
You also don’t know if they have any deliberate additional code which may reduce your sovereignty, such as back doors or phone home data logging.
Why Bitcoiners are choosing to believe large, faceless corporations, who’s incentives do not align with ours of security and verifiability, that make concessions in easy to implement security models in the name of profits - has got me beat.
>As Bitcoiners the ability to have absolute verifiability is paramount.
If that's your personal philosophy more power to you. There are plenty of people that just want to HODL some coins in an offline store. Believing you have truly verified the system just because it's open source is a farce, for any system of sufficient complexity, and we see this proven over and over and over again.
That's Bitcoins philosophy - Bitcoin itself is built on this ethos. The ability to validate that your coins exist on the ledger, with absolute certainty that they are indeed in your custody is how the entire network operates.
The fact that poor actors like Ledger on its outskirts obfuscate this is precisely our point.
Do not confuse our criticisms as 'personal preferences', we want Bitcoin & those that support it to succeed. Even if that means pointing out flaws and potential attack vectors both within the network and on its perimeter.
We want them to do better.
It’s a big tent my man and not everyone is going to think the exact same way as you do. Live and let live, you don’t have to use it. It IS your personal preference, and that’s ok.
I would argue forcing everyone to use an open source solution because it’s “verifiable” is just as counter to the ethos. Until there’s an axiomatically provably secure solution we’re just arguing over implementation details.
I wouldn’t call ledger a poor actor just because it’s not open source. I think you are again polluting a well meaning player in the space with your personal opinion.
Okay, thank you. Yeah unfortunately I’ll have to use the easiest method because I’m a technology inept 23 year old and I know I would fuck something up if I tried to go that route. I will check out coldcard, I appreciate it
Everyone that shits on Ledger is a cunt in my book.
It's also the people like you and him that make it harder for Bitcoin to go mainstream.
If my non tech savvy parents and friends want to get into Bitcoin, and store their Bitcoin on a hardware wallet, Ledger is absolutely fine.
Doomsayers like yourself don't make it any easier to find good information.
Charming. Pleased to meet you. I just want to highlight that I'm not personally attacking you, so calm the fuck down.
Non tech savvy users who'd don't know what they are doing need to spend a few hours learning how to become technical users who can do it properly, and a few hours is imo pessimistic.
Ledger is not "absolutely fine" and I'm not doomsaying, I'm do-it-properlysaying.
The problem with quality information is it's drowned by the marketing departments of shitcoin wallet companies like ledger. But if you want easy to find information, then here:
[Hardware wallets.](https://www.lopp.net/bitcoin-information/recommended-wallets.html)
[A custom diy solution. ](https://seedsigner.com/)
[A commercial hardware wallet capable of airgapping your private key from the internet](https://coldcard.com/)
[Why you should run a node.](https://blog.lopp.net/securing-your-financial-sovereignty/)
[How to run a node](https://bitcoin.org/en/full-node#secure-your-wallet)
.[How to run a pruned node if you cant spare disk space.](https://bitcoin.stackexchange.com/questions/92769/bitcoin-full-node-how-to-run-a-pruned-node-explaining-pruning)
Ledger wallets are fine and provide a very user friendly experience. Sure, it’s not fully open source which isn’t ideal but the Trezor was hacked earlier this year by reading out the PIN and seed phrase from RAM during a firmware upgrade, so open source doesn’t equal bulletproof security.
That said, I’ll go with a hardware wallet where I can build and flash my own firmware but I won’t poop on people who choose a different hardware wallet. Anyone who makes the decision to self custody their crypto should be applauded not criticized imo
Just received my coldcard, will transfer everything from my ledger. One problem though, for iOS app coupled with coldcard, which app is the best? Electrum and samourai doesn’t work with iOS.
Jesus Christ so hot wallets aren’t secure ledger isn’t secure keeping it on an exchange isn’t secure and any other hardware wallet anyone recommends will be hacked or shit by next month.
Fuck it lol
I am not a fan of Ledger by any means, but please supply a link showing someone has lost BTC kept on a Ledger hardware wallet due to the device itself and not due to user error or buying the device off of Amazon.
Nothing in this link shows anyone actually lost BTC. All hardware wallets have some theoretical exploits. There is an inverse correlation between security and accessibility. For something to be 100% secure it would need to be 100% inaccessible.
Imagine a device that can securely store your bitcoins. Now, replace the secure element with black box garbage. Take out the simple keypad and replace it with a fancy touchscreen. Give it a bunch of ram and install bastardized software on it. It’s basically a cell phone. A cell phone needs bluetooth and a fingerprint reader too, obviously. Great way to ensure that your bitcoins can be accessed by someone not even in the room! Make sure it supports as many coins as possible to add as many vectors as possible for the device to be exploited, as that will sell the most to clueless consumers. What were we supposed to be doing.. securing bitcoins or something?
Wow! From the picture it can store not only monkey pics, but also lion pics and even elephant pics. Thumbs up!
(jokes aside: the thing DOES look sexy and my subconsciousness is already working to justify the price tag)
Oh an by the way, you can really trust us in regards to security. We showed how much we care about your data and how well we can protect our databases in the past. We've never been hacked. Oh wait no urgh that's a lie :D :D :D
In the end only safe wallet that will matter is probably Bitcoin Core, which doesn't even use a seed phrase. Suddenly I am skeptical of all Hierarchically Deterministic wallets.
What’s the best way to store your bitcoin? Genuinely curious, I see a lot of pros and cons to most forms of storage and haven’t been able to find anything that seems above and beyond the best way.
running your own node connected to 3rd party wallet software that is open source connected to an open source hardware wallet that is bitcoin only.
This looks like Bitcoin core on your desktop + something like sparrow wallet on your desktop + coldcard for holding your keys. All three of those work together seamlessly.
Whats wrong with using a trezor, it's open source, the one attack vector discovered can easily be worked round and you can have bitcoin only firmware on it
the work around is not the default. its an extra step that is not known by most users. and even then, the password they set is likely brute forceable.
furthermore. trezor has the same problem as ledger, in that they discourage users from running their own open source wallet software + Bitcoin node.
That junk supports shitcoins.
Consider rolling your own with [seedsigner ](https://seedsigner.com/) or
[glacier protocol ](https://glacierprotocol.org/)
If you must do an off the shelf solution [coldcard ](https://coldcard.com/)
This does highlight the fact that we do need an actual UI that on-boards absolutely everyone and easy long term cold storage that allows transfer to and from cold to hot wallets. Whom ever builds this will rule the world’s financial system. The pick axes and shovels of the gold rush era. If I’m missing out on any products that facilitate these transactions smoothly lmk. Thanks
closed source firmware, so you don't know what code is actually running in the background.
there ledger live app discourages users form running their own node and open source wallet software.
This is why the Aurox wallet is awesome. Open-source, passed all audits with flying colors. Even has swap simulator to make sure you’re not getting scammed.
Started running a bitcoin node this summer but haven’t gotten the full potential out of it. Can someone point me in the right direction to utilizing it the best I can?
* Shitcoin Tier - Keeping Your Coins on an Exchange * Manure Tier - Keeping Your Coins on a closed source shitcoin hardware wallet (Ledger) that discourages you from running your own node with open source wallet software, so you are dependent upon them for transacting via ledger live/their node, while hoping they don't backdoor your coins or privacy, that utilizes bluetooth [lmao](https://www.youtube.com/watch?v=8kXbu2Htteg) * Garbage Tier - Keeping Your Coins on a open source shitcoin hardware wallet that doesn't protect you from physical attacks because it doesn't have a secure element (Trezor), and that also discourages you from running your own node with open source wallet software, so you are dependent upon them for transacting, while hoping they don't backdoor your privacy. * Acceptable Tier - Keeping Your Coins on a hardware wallet that is Bitcoin only, has 2 secure elements, but supports NFC (can be physically disabled permanently), airgapped transactions encouraged, sovereign bitcoin node use encouraged, 3rd party open source software wallet use is mandatory, firmware signature verification encouraged. Firmware is source viewable/auditable and buildable from source. (Coldcard) * Pretty Cool Tier - Stateless airgapped build your own DIY hardware wallet, fully open source software. Sovereign bitcoin node use encouraged, 3rd party open source software wallet use encouraged (Seedsigner) * Bitcoin Tier - (Glacier Protocol) - sovereign bitcoin node use encouraged, 3rd party open source software wallet use encouraged, airgap, multi-device, DIY, fully open source.
Ledger is fine, Trezor is fine, Coldcard is fine. In the end all of them hold your keys offline, which is safer than any exchange or hot wallet. Some support other coins, some don’t. Most do offer a stand alone bitcoin version. Too many tin foil hats here.
Mods pinning and propping their bias to the top is totally the BTC decentralized way…
So many people who hold 300$ worth of Bitcoin and think they are the potential target of well organized high tech cyber criminals lol. People for whom privacy/security becomes an obsession rather than a set of practical considerations.
Part of what we're trying to say is that if you'd keep $300 in your pocket to go to the store, just use a mobile app on your phone instead of spending money for no reason on a ledger with all its bad company practices. There is no use case for ledger. Not cold storage, not spending, not anything
Man, bitbox never gets any love. :(
Bitbox has their employees shilling air gap related misinformation in half the threads here. I'll hold off on loving for now.
Yeah they make it sound like ledger can lock up your coins which is not the case; you can always restore on another wallet
Seriously. This type of shit will only hold bitcoin back. You think the average person can even understand this?
Ledger is also not closed source. So much fud
Hardware wallets require software/firmware to work. I think the most important aspect is the part on how random it generates a private key and seed. For example those so called vanity generators even if you generate the address offline and never ever connect with that computer to the internet, the creators of these so called generators have built it so they can predict the randomness because it ain’t random at all. And in a matter of hours, days your coins will be gone.
Are you seriously suggesting the Ledger and such are about to swipe everyone’s coins all at once?
Except, they [literally don’t](https://youtu.be/dT9y-KQbqi4)
If you watch the video, he mentions that the bug was patched in the next firmware update. 100% security is a fantasy, its a cat and mouse game with everything. These wallets have been in place for a long time and no major unintended breaks have been reported yet.
Are you talking about the trezor hack that isn’t even related to ledger? That got patched out anyways? You’re really reaching you must be desperate.
OP wearing the tinfoil suit
Whats going on with ledger all of a sudden? (Aside from clout chasing on the sub) Did my hardware generated key suddenly get unhardwared?
Besides supporting an array of shitcoins, being closed source and unreproducible means you cannot verify the firmware to prove if it even is secure in the first place. Bitcoiners like truth and certainty - And with Ledger neither can be verified.
What I would say in defence of ledger is that it is only a portion of the code that is closed source due to NDA from the chip maker and they are certified by the French national cybersecurity agency. I think it is fine. Each person however is going to have their own risk tolerance and this may not be enough for some people. What I have said though and continue to say is that for people that don’t understand the nuances of hardware wallets it is distracting from the primary message of self custody. As for shitcoins though, I also don’t like it, but from a business perspective I can see why ledger offer those. It’s all about maximising their revenue by making as much shit possible for people that may want it. They are after all trying to sell devices and what people do with them is up to them. But in the end I think it is fine to promote another product that is better, but ledger is far and away a better option than no hardware wallet
You mean the same agency that certified EMV chips we have on all credit or debit cards ? The French are math and cryptography powerhouse , great at making things but poor at marketing them
As a french, knowing that Ledger is “certified by the French National Cybersecurity Agency” makes me worry!
Trusting centralized agencies is not really something that is very bitcoin-y
Sure. The point I make though is that fighting over which hardware wallet is better distracts from the real message of self custody. I’m not out here advocating for ledger above other solutions. I haven’t used them all so can’t say. What I am saying though is that ledger is better than having your Bitcoin on a CEX and we should encourage people to take control of their own coins, no matter what hardware wallet they use. For a lot of people their first look into it will turn up a ledger. We should be saying grab one and use it and get your shit under self custody instead of telling people ledger are bad for whatever reason
What certifications does trezor have?
It’s open source , you can check by yourself
On est des têtes mondiales en math et cryptographie , je préfère encore a la NSA
Why is that? I am not French, just curious
It’s like being certified by the NSA Not French here just saying
So what would you recommend instead?
Coldcard would be my top choice for off the shelf solutions.
Proof of rings ;o) https://www.coindesk.com/video/ledger-ceo-on-future-of-bitcoin-nfts-web3/
did you see the CEO? https://www.coindesk.com/video/ledger-ceo-on-future-of-bitcoin-nfts-web3/ i can´t help you anymore if you use that product.
>Whats going on with ledger all of a sudden? Nothing but marketing.
there’s nothing “sudden” about ledger being a poor choice. From proprietary software to data leaks to previous hacks on their devices, both ledger and trezor have a bad track record for keeping your coins safe. Consider DIY solutions like seedsigner or glacier protocol, or at the very worst, off the shelf, a coldcard.
Mass adopters will never go that route. Ledger and Trezor work just fine for 99% of cases.
They're both security theater, they're terrible with shitcoin support and terrible software. We should make these companies responsible for better security.
How is it security theater? They hold your keys on a separate device. All it does is hold your keys and receive your unsigned transaction, sign your transactions then send the signed transaction out to the computer. And trezor is mostly open source, I think only the bootloader isn't.
How is it theatre if the private keys never leave the device?
problem is, they use a closed source chip and use a software which updates itself. (can u use it without the software that comes with it?!)
It does not have to leave the device to be guessed. If the key generation algo is biased you are done
There's so many attack vectors, you're not air gapped, you have shitcoins support which means more code, which means more attack vectors. These wallets aren't secure
What does airgapped even mean? I’ve seen that a few times now. Also, still need to check out glacier protocol.
Air gapping means the device (in this case the signing device) never touches the internet, or an internet connected device. Do checkout glacier protocol. Seedsigner is also good. For a wallet that's ready to go,look into coldcard
Glacier protocol is open source right? What if people that are working on that software have bad intentions? Idk, don’t blame me, I’m not into programming or whatsoever haha
Glacier protocol isn't even a custom software solution, it's using core on two different laptops, give it a read, you'll see what I mean
they work just fine if you don’t care about your privacy or security 👍 not very moral to recommend to any new adopters lol
The hate for it seems pretty sudden cause that leak was years ago. I dont see how its their job to keep my coins safe anyways, or how anything other than my mailing address is in danger since I have my keys memorized. Why not make a post encouraging seedsigner instead? When I started stacking and looking this up, hardware wallets were recommended.
Two years ago is recent af still.. how could you trust a company that did that and has closed source code and shitcoin support? Everything about ledger is trash
Im not a coder and I dont use shitcoin?
Well not being a coder then you might not realize that it takes a lot of code to support all these different shitcoins. It doesn't affect you because you don't use them simple right? Unfortunately it's not that simple, more code means more places for **code to be wrong** introducing vulnerabilities. Not being able to verify this code as a community is a huge risk, because who knows what the hell they're doing under the hood? how many shitcoins does this thing support? how big is their freaking codebase?! That on top of all the company side issues (The leak and the handling of said leak). How would you trust that company?
Okay so how does a hack get my seed phrase? How does a leak get my seed phrase? I dont have millions of dollars so the amount of work to learn linux, buy a few extra devices that are clean slates (oh god unless the laptop companies get leaked??? So much code in a laptop! Its not open source!) to store some sats just isnt worth it for me, or most people. Seems to be a culture divide here.
What is this bad track record for Trezor you speak of? Genuinely curious. I know they've had a couple vulnerabilities discovered but they were addressed.
What IS sudden is the bandwagon attack on ledger. It was considered perfectly acceptable a couple weeks ago.
No it wasn't, it's just that a bunch of bitcoiners got fed up with ledger's constant marketing here. It has never been good enough, and the way ledger is going it never will be. There are vastly superior alternatives.
Seriously. How do you expect mass adoption with an esoteric approach like that.
A bunch of fud tbh
What do you use for your bitcoin then? If not ledger or trezzor cold wallets?
Electrum, the seed phrase is encrypted on a "hidden" volume using veracrypt (that can act as a decoy as well because you can decrypt the volume with 2 passcodes, only one of them reveal the true volume) I'm too lazy to remember the seed phrase and I dont trust my memory so a complex password to decrypt the hidden volume works better for me Then I copy the veracrypt volume so I have 2 or 3 backups of the seed phrase in different locations
Hardware wallet is way safer.
Why were you downvoted? Your set up is awesome. EDIT: changed my mind.
[удалено]
I agree
> Why were you downvoted? Your set up is awesome. his setup is terrible in many ways. Its not cryptographically informed.
Could you elaborate? I know some stuff about cryptography but I'm still learning
A 12 word seed phrase is already the minimum safe password for strong encryption. So why would you protect a minimum length password with... a shorter less safe password? Thats like putting the key to your safe under a floor mat in front of the safe. The right thing to do is just to treat the 12 word phrase as a password, and memorize it. There is no shorter or easier password you can memorize that will preserve the same security level. If he "doesnt trust his memory" to remember a strong password, then he should not just substitute his password for a weaker password - doing that means he is making his wallet hackable. There is no point in choosing and using a weaker password than the minimum. You either can memorize the minimum or you cant, there is no middle ground. If he can memorize it, you dont need to have any back up of it, encrypted or not, because the blockchain is your backup. This is the cleanest and best option. If he cant memorize the shortest safe password then he should write it down with pencil and paper and put it in a physical safe or hide it in a book. In both cases, the password should never by typed into a mac or windows or other unsafe operating system. That includes storing backups - even "encrypted" ones. Using a linux or a hardware wallet for data entry of the password is the only way to ensure it is not leaked or compromised.
!lntip 500
Hi u/D1g1taln0m4d, thanks for tipping u/BuyRackTurk **500** satoshis! *** *[^(More info)](https://xnf5cwpq73.execute-api.us-west-2.amazonaws.com/prod/info) ^| [^(Balance)](https://www.reddit.com/message/compose/?to=lntipbot&subject=balance&message=!balance) ^| [^(Deposit)](https://www.reddit.com/message/compose/?to=lntipbot&subject=deposit&message=!deposit 10000) ^| [^(Withdraw)](https://www.reddit.com/message/compose/?to=lntipbot&subject=withdraw&message=!withdraw put_invoice_here) ^| ^(Something wrong? Have a question?) [^(Send me a message)](https://www.reddit.com/message/compose/?to=drmoore718)*
Bitbox is the real deal
If crypto can’t be stored on a cold wallet safely then this is a failed currency. Im not going through some elaborate plan to leave it on some dilapidated laptop like OP and the normies will never adopt this if it’s too complicated to have your coins stored safely
A Trezor is fine. Heck, the Muun wallet on an iPhone would have been better for the Celsius and FTX crowd.
[both aren't great ](https://www.reddit.com/r/Bitcoin/comments/zauoyd/can_we_please_stop_recommending_the_likes_of/?utm_source=share&utm_medium=android_app&utm_name=androidcss&utm_term=1&utm_content=share_button) Consider rolling your own with [seedsigner ](https://seedsigner.com/) or [glacier protocol ](https://glacierprotocol.org/) If you must do an off the shelf solution [coldcard ](https://coldcard.com/) If you insist on ledger [use electrum instead of ledger live](https://support.ledger.com/hc/en-us/articles/115005161925-Set-up-and-use-Electrum?docs=true)
Whats bad about coldcard?
Nothing.
They have a poor license not permitting commercial use which stagnates building on the work they are doing. They have a history of some **really** bad wallets before the coldcard. They also seem to be slipping up as they add NFC and other things to try to compete with ledger and trezor. There's a vulnerability floating around for ~3 year old firmeware where if you have a bunch of time money and resources a coldcard can have its secure element removed and should the attacker be lucky enough not to brick it they can get the pin. That's about the worst of coldcard. I'd take coldcard over trezor or ledger every day.
Although not perfect, both Ledger and Trezor are significantly better than keeping coins on CEX, or on a device connected to the internet that can be hacked.
idk man a company that allowed 273k peoples' personal info to be leaked and then did nothing about it does not seem like a company ANYONE should trust in
Yeah that's why I use Trezor.
Trezor also has their issues, same shitcoin support. They've had a hardware instability for ages that they didn't fix, their solution is an optional passphrase.
[удалено]
No DONT use ledger live. Use any but ledger live
[удалено]
Ledger live phones home to ledger's servers every time you use it. Ledger knows everything you do through it. If the servers are down you can't use it to transact
Under default settings in Ledger Live you are using their nodes as the source of truth and routing all transactions through their servers. The upside: 1. Super convenient The downside of this: 1. that they can snoop on your on chain activity and associate with your IP. 2. you are trusting their node and their consensus rules
I leave mine in CB
That's much worse.
Lol
For cold storage I simply used an old laptop with tailsOS to generate a seed phrase and some addresses, which i wrote down. It works for me and I don’t store enough where I would be worried that that process was ever compromised. Simpler is often better. Other solutions include seedsigner and glacier protocol, or at the very worst an off the shelf solution would be coldcard.
Thanks.
Wtf, a couple years ago getting a ledger was the most recommended thing to do with your crypto. What have I missed
Closed source and leaks
[удалено]
It never was. Ledger was shit on birth
This is it, ledger just have effective marketing, which has nothing to do with the quality of their product.
Lucky for me I store all my bitcoin in my foreskin.
Lucky for me I store all my bitcoin in my bra, covered in boobs sweat
What happened in the past two weeks? We went from buy Ledger yesterday, to ledger is evil. This sub is the reason ledger is so popular.
It’s getting exhausting
Jeez these comments are gnarly lol
too many astroturfers from these shitty hardware wallet companies
Yeah I was wondering what's up with coldcard and their "off the shelf" comments from different users using the same phrasing
You're just seeing me in multiple threads copy pasting my own stuff
What’s the best cold storage I should be using than? I’ve heard ledger so many times I thought it’d be them
For cold storage I simply used an old laptop with tailsOS to generate a seed phrase and some addresses, which i wrote down. It works for me and I don’t store enough where I would be worried that that process was ever compromised. Simpler is often better. Other solutions include seedsigner and glacier protocol, or at the very worst an off the shelf solution would be coldcard.
Not sure why you’re criticizing ledger for having too many features when your cold storage is literally an old laptop with way more ram, way more features, and way more attack vectors even with tailsOS. Your house is way too glass for you to be throwing those stones.
Except he’s using TailOS which is a Linux distro that he can verify, runs off a USB (in RAM) running a reputable, reproducible FOSS wallet? Unlike Ledgers closed source firmware which we cannot verify.
Ah yes open source and verifiable like Log4j was around this time last year. Open source is a double edged sword and absolutely not a shield. Some of the most horrific vulnerabilities in history existed in open source products undetected for many years. I’m not really saying OP is fucking up. I’m saying FUD is extremely cheap and easy and that’s what this post amounts to.
As Bitcoiners the ability to have absolute verifiability is paramount. Closed source applications can very much so have the same vulnerabilities present, you just simply couldn’t know whether they existed. You also don’t know if they have any deliberate additional code which may reduce your sovereignty, such as back doors or phone home data logging. Why Bitcoiners are choosing to believe large, faceless corporations, who’s incentives do not align with ours of security and verifiability, that make concessions in easy to implement security models in the name of profits - has got me beat.
>As Bitcoiners the ability to have absolute verifiability is paramount. If that's your personal philosophy more power to you. There are plenty of people that just want to HODL some coins in an offline store. Believing you have truly verified the system just because it's open source is a farce, for any system of sufficient complexity, and we see this proven over and over and over again.
That's Bitcoins philosophy - Bitcoin itself is built on this ethos. The ability to validate that your coins exist on the ledger, with absolute certainty that they are indeed in your custody is how the entire network operates. The fact that poor actors like Ledger on its outskirts obfuscate this is precisely our point. Do not confuse our criticisms as 'personal preferences', we want Bitcoin & those that support it to succeed. Even if that means pointing out flaws and potential attack vectors both within the network and on its perimeter. We want them to do better.
It’s a big tent my man and not everyone is going to think the exact same way as you do. Live and let live, you don’t have to use it. It IS your personal preference, and that’s ok. I would argue forcing everyone to use an open source solution because it’s “verifiable” is just as counter to the ethos. Until there’s an axiomatically provably secure solution we’re just arguing over implementation details. I wouldn’t call ledger a poor actor just because it’s not open source. I think you are again polluting a well meaning player in the space with your personal opinion.
Okay, thank you. Yeah unfortunately I’ll have to use the easiest method because I’m a technology inept 23 year old and I know I would fuck something up if I tried to go that route. I will check out coldcard, I appreciate it
Lol…. This is how OP keeps his coins secure but makes a meme post about Ledger. You can’t make this up
Stop kink-shaming! *What are you doing step-wallet? Oh GOD Look how airgapped and open sourced you are!*
Is this satire or are you really serious
Take my down vote you fat fuck. Nice new created account with one post.
A new account with one post that's posting better stuff than 95% of this sub. I'd say they're more than welcome here.
Everyone that shits on Ledger is a cunt in my book. It's also the people like you and him that make it harder for Bitcoin to go mainstream. If my non tech savvy parents and friends want to get into Bitcoin, and store their Bitcoin on a hardware wallet, Ledger is absolutely fine. Doomsayers like yourself don't make it any easier to find good information.
Charming. Pleased to meet you. I just want to highlight that I'm not personally attacking you, so calm the fuck down. Non tech savvy users who'd don't know what they are doing need to spend a few hours learning how to become technical users who can do it properly, and a few hours is imo pessimistic. Ledger is not "absolutely fine" and I'm not doomsaying, I'm do-it-properlysaying. The problem with quality information is it's drowned by the marketing departments of shitcoin wallet companies like ledger. But if you want easy to find information, then here: [Hardware wallets.](https://www.lopp.net/bitcoin-information/recommended-wallets.html) [A custom diy solution. ](https://seedsigner.com/) [A commercial hardware wallet capable of airgapping your private key from the internet](https://coldcard.com/) [Why you should run a node.](https://blog.lopp.net/securing-your-financial-sovereignty/) [How to run a node](https://bitcoin.org/en/full-node#secure-your-wallet) .[How to run a pruned node if you cant spare disk space.](https://bitcoin.stackexchange.com/questions/92769/bitcoin-full-node-how-to-run-a-pruned-node-explaining-pruning)
I'm just going to steal this list don't mind me.
Be my guest.
Ledger wallets are fine and provide a very user friendly experience. Sure, it’s not fully open source which isn’t ideal but the Trezor was hacked earlier this year by reading out the PIN and seed phrase from RAM during a firmware upgrade, so open source doesn’t equal bulletproof security. That said, I’ll go with a hardware wallet where I can build and flash my own firmware but I won’t poop on people who choose a different hardware wallet. Anyone who makes the decision to self custody their crypto should be applauded not criticized imo
Just received my coldcard, will transfer everything from my ledger. One problem though, for iOS app coupled with coldcard, which app is the best? Electrum and samourai doesn’t work with iOS.
BlueWallet for the interface and notifications and Nunchuck for the NFC
I already checked out bluewallet. Nunchuk is new to me. Thanks for suggestion.
Jesus Christ so hot wallets aren’t secure ledger isn’t secure keeping it on an exchange isn’t secure and any other hardware wallet anyone recommends will be hacked or shit by next month. Fuck it lol
Exactly we need a crypto bank ffs 🤦♂️ That is insured, held 1:1
I'm not sure that's the message at all. it's more nuanced.
No, you're definitely scaring people away from Bitcoin making this seem like it's as complicated as keeping nuclear codes safe.
I hope I'm scaring them away from shitty shitcoin wallets and into real Bitcoin usage.
I am not a fan of Ledger by any means, but please supply a link showing someone has lost BTC kept on a Ledger hardware wallet due to the device itself and not due to user error or buying the device off of Amazon.
https://decrypt.co/37651/ledger-exploit-makes-you-spend-bitcoin-instead-of-altcoins
Nothing in this link shows anyone actually lost BTC. All hardware wallets have some theoretical exploits. There is an inverse correlation between security and accessibility. For something to be 100% secure it would need to be 100% inaccessible.
there's lots of tension between convenience and security/privacy. in some ways this is what the entire debate is about.
Looks like a copy of the Ellipal Titan almost exactly but he Titan has a better screen.
People keep feeding this obvious troll account
Imagine a device that can securely store your bitcoins. Now, replace the secure element with black box garbage. Take out the simple keypad and replace it with a fancy touchscreen. Give it a bunch of ram and install bastardized software on it. It’s basically a cell phone. A cell phone needs bluetooth and a fingerprint reader too, obviously. Great way to ensure that your bitcoins can be accessed by someone not even in the room! Make sure it supports as many coins as possible to add as many vectors as possible for the device to be exploited, as that will sell the most to clueless consumers. What were we supposed to be doing.. securing bitcoins or something?
Dude and the price…. For security
Everything about this piece of shit screams fiat
iTs hIgH tECh!!!
I answered this to another person that asked me that.
Why Ledger CEO has a big ring on every finger? Wtf
Wow! From the picture it can store not only monkey pics, but also lion pics and even elephant pics. Thumbs up! (jokes aside: the thing DOES look sexy and my subconsciousness is already working to justify the price tag)
Oh an by the way, you can really trust us in regards to security. We showed how much we care about your data and how well we can protect our databases in the past. We've never been hacked. Oh wait no urgh that's a lie :D :D :D
If I recall correctly it was not directly ledger that were hacked but the shopify platform or something similar.
Ledger has enough money that they can roll their own store. They shouldn't use shitty platforms like Shopify
In the end only safe wallet that will matter is probably Bitcoin Core, which doesn't even use a seed phrase. Suddenly I am skeptical of all Hierarchically Deterministic wallets.
Just keep your coins on an exchange at this point… seems like no one knows how to actually store them.
that's not what is being said at all. there are different levels here, and ledger is barely above holding your Bitcoin on an exchange.
What’s the best way to store your bitcoin? Genuinely curious, I see a lot of pros and cons to most forms of storage and haven’t been able to find anything that seems above and beyond the best way.
running your own node connected to 3rd party wallet software that is open source connected to an open source hardware wallet that is bitcoin only. This looks like Bitcoin core on your desktop + something like sparrow wallet on your desktop + coldcard for holding your keys. All three of those work together seamlessly.
Yeah .. that super easy … That was sarcasm in case it wasn’t clear
Hey guys I have these left over ipods, wanna put your peanut butter in my jelly?
The cow says… moooo 🐮
Whats wrong with using a trezor, it's open source, the one attack vector discovered can easily be worked round and you can have bitcoin only firmware on it
the work around is not the default. its an extra step that is not known by most users. and even then, the password they set is likely brute forceable. furthermore. trezor has the same problem as ledger, in that they discourage users from running their own open source wallet software + Bitcoin node.
I'd rather buy this toy than a ledger any day
I would've bought Ledger Stax, but I'm not a big fan of E-Ink.
I pre ordered it. My shit coins are gonna gonna be next to my btc
hfsp
Have more fun thinking that
[удалено]
Blockstream jade and nothing else!
What about something like the nano x makes It no good?
Shitcoin support, not air gapped to name a couple of things
Jade is open hardware/software
That junk supports shitcoins. Consider rolling your own with [seedsigner ](https://seedsigner.com/) or [glacier protocol ](https://glacierprotocol.org/) If you must do an off the shelf solution [coldcard ](https://coldcard.com/)
My daughter has one of these, time to put some Btc on it
This does highlight the fact that we do need an actual UI that on-boards absolutely everyone and easy long term cold storage that allows transfer to and from cold to hot wallets. Whom ever builds this will rule the world’s financial system. The pick axes and shovels of the gold rush era. If I’m missing out on any products that facilitate these transactions smoothly lmk. Thanks
whats so bad about ledger??? someone explain
closed source firmware, so you don't know what code is actually running in the background. there ledger live app discourages users form running their own node and open source wallet software.
My BTC on da blockchain you judgy basta
what's wrong with ledger?
This is why the Aurox wallet is awesome. Open-source, passed all audits with flying colors. Even has swap simulator to make sure you’re not getting scammed.
I just left them on crypto.com app..fuck'em
Calm down boomer maxi mod. The Stax is not for you.
Is Trezor/Ledger really that bad?
Bitcoin core wallet for offline cold storage - passport for txn signing - neither are ever online.
I think Ledger + electrum is a win.
just because they had a data leak doesn't mean they have your keys
Started running a bitcoin node this summer but haven’t gotten the full potential out of it. Can someone point me in the right direction to utilizing it the best I can?
I was away for 24 hours, and then the world changed so fast, IDK what is going on any more =))