/biz/ - Business & Finance

>>52461668
same question personal army, except i don't own any i wanna secure my gf's shit

coinbase is as trusted as you can get but if you have over $10k or want to do defi then would definitely recommend one
for backing up the passphrases steel plates are the way to go. cheap and simple

you're better off using an old laptop as a "hardware wallet" tbqh. wipe it, install linux, and use it only for crypto

>>52461748
doesnt seem anus sized, what if i need to flee ukraine

>>52461668
it’s a waste of money if you’ve been in the game longer than a year. it is a toy for your mind to transition from “real” money in physical dollars, to completely virtual money that has consequences if you fail to remember or lose a physical key

>>52461765
backup on something that will fit in your ass, restore on other side

>>52461772
you have no idea what you're talking about and you're certainly a poorfag with less than 100k in crypto. Ledgers are absolutely worth it

>>52461668
No
Get a multi-sig
Much safer + free

>>52461778
should it be "ledger"^tm or can it be something else

You can buy a cheap USB stick and encrypt it. You dont HAVE to have a ledger.

>>52461765
Wipe data,
Store the seed,
Buy a new disposable laptop

>>52461791
closed source firmware. even if it was open source it comes preinstalled so you don't know if the published software is what's running. there's no way to know for sure that the keys it generates aren't in some kind of deterministic way which would allow them to steal everyone's funds. also ledger uses a secure element basically a black box. I'm not saying it's a guarantee that you'll get rugged, or even likely. but why take chances with your life's savings? Use generic hardware and open source software that you install.

There are ways to turn any USB stick into a hardware wallet. Buying a ledger is fine too if you got the money. Or make your own from a USB.

>>52461825
any recommendation? absolute minimum requirements

>>52461791
post your ledger balance then, with your post in the screenshot

yawn how many times can you ask the same question every day

Yes it's worth it

>>52461841
ok, so just use your own generated keys?

>>52461815
>>52461842
Never thought of that, i thought ledger was secure, I'll probably just make my own with a usb and coinami. Thanks for the advice

>>52461967
sure that's an option. but how many people who buy a ledger do that or would think to do that? all sorts of other possible exploits with HW wallets like supply chain attacks, closed source firmware and secure element black boxes. i still say you're adding unnecessary risk (however small it might be) with hw wallets and the security they provide is security theater.

>>52461748
This. Make an air-gapped wallet with electrum. If you need to send, use psbt. That way your keys never touch the internet. Anyone know if other cryptos have something like psbt?

>>52461668
Am I a retard for using trust wallet?

>>52462261
No but an air-gapped wallet is much more secure.

>>52461841
You think a USB Memory Stick doesn't also have closed-source firmware?
Because it does.
If you trust whatever company in Shenzhen or Hangzhou that's supplying the Flash memory to be honest, then great.
But it's not any less risky than trusting Ledger.

>>52461855
you must think I am an absolute baboon nigger if you think I would post my balance here

>>52462534
the diff is that 100% of ledgers purchased will be used for crypto. what % of USB drives sold are used for crypto keys? There's a single point of attack with hardware wallets. if you're gonna install malicious firmware on a device you'd do it on something you know will be used for crypto

>>52461668
>Nay
It's nay for me, thou I have frens who use it, I love Trustwallet and sylo smart wallet, it's Xtz in-app staking caught my attention.

>>52462534
If it's air-gapped and never touches the internet, it's good.

>>52461668
Your ledger is insolvent!

>>52461668
what's the difference between one of these and a USB stick with a software wallet portable executable on it?

These are obvious shill threads

>>52462236
Sad there's no electrum for ETH/ERC-20. All the Ethereum wallets are either browser plugins, hardware wallets or custodial shit.

>>52461748
That's the only way you don\t have to trust anyone, provided it never touches the internet.

There was a thread earlier about updating Ledgers/Trezors [>>52458230], and it shows how many don't want to believe they have to trust their hardware wallet manufacturer. Ultimately you are at their mercy, because unlike a normal computer everyone in the world knows the exact software and exact data you'll be storing on it,

>>52461825
Malware can good in recovery partitions and survive a format

>>52464339
myetherwallet?

*hide

>>52464518
It's a computer specifically for hodlang your crypto, Where's the virus supposed to come from?
Also multi-sig.

>>52461847
You could also get a Linux mobile like the pinephone. I'm sure that'll fit in your backpack or cargo pants.

i have multiple ledgers, but let me tell you about two events that made me lose faith in it as the "best" storage option after paper wallets

1. when the ledger network goes down due to traffic, you can't send anything from your addresses using your ledger. you have to restore each individual coin/wallet using your recovery phrase. if you deliberately store your recovery phrase somewhere that isn't readily accessible, and you dont have it memorized, you cant send during downtime

2. i soft-bricked my old ledger while updating the firmware in 2020, when link was just starting to climb. i hadnt used it in three years. the old ledger barely has any space on it. i didnt have many apps installed, but it was still mostly filled.

i couldn't use the ledger app without updating the firmware, so i did it. there was no warning in regards to needing to free up space on the device before updating. there was the standard "make sure you have your recovery phrase before updating" message. since there wasn't enough space, the firmware update didn't finish, and i was soft-bricked. i got my recovery phrase a week later, but i would have been FUCKED if i had lost it

anyways i guess my point is memorize your ledger recovery phrase

>>52461668
Ledger is the best in security, no one, even FBI can extract the seedphrase from the ledger device. Trezor has unfixable seed extraction bug.

If Ledger device is hacked, then I'm sure sim card, credit card etc will be hacked too because they're using the same secure element technology.

>>52464753
Pls elaborate on the Trezor bug

>>52464518
If you're doing it properly your laptop won't have a hard drive in the first place.

>>52464718
Yeah everyone I know who bought a Ledger device of some kind always talks about how janky the software is or how they had to wipe the device at least once because an update just failed.

You don't need to memorize your recovery just write it down. Secure element devices like Ledgers are good for "carrying" your seed in a secure way (the PIN is always needed) but they exist only temporarily. Your recovery IS your wallet.

>>52464753
The hardware is one of the better ones, but the entire concept of crypto-specific hardware is fundamentally flawed unless you simply want a more secure desktop wallet.

>>52464963
Any device that doesn't use a secure element or secure chip like the one in a credit or SIM card or most new laptops has the data saved in a format that can be read out with only moderate difficulty if you have the physical hardware. It's not designed to protect against physical attacks, but secure hardware is.

The only fix is to either remember a password you don't store with your device, or use some hacky solution like that Blockstream wallet does where it's encrypted with a password a remote server has, and will only give to you under similar conditions secure chips use.

>>52464963
https://blog.ledger.com/Unfixable-Key-Extraction-Attack-on-Trezor/

https://blog.ledger.com/Breaking-Trezor-One-with-SCA/

Also, don't ever type your seed phrase on the website / internet / app / anything except on ledger device itself. Many people get "hacked" that way.

>>52465008
Or use the handy pre-filled recovery mnemonic that came in the box you bought on eBay.

Ledger is shit, the had data leaks in the past and even tried to cover it up, their privacy policy is worse than PRISM and that coupled with the ledger network/software that you apparantly NEED to make transactions, that logs everything and sends it to their server where its stored for 4 YEARS (see privacy policy)

Anyone using a ledger might as well use a Facebook™ crypto wallet

im looking for a paper wallet next option to store my cryptos securely. Here's XRP as an example
bithomp xrp wallet generator

https://bithomp.com/paperwallet/

There's multiple sites if you google "XRP paper wallet" where you could generate your own seeds offline via browser or github.

How the F i can know if those keys which are generated are really new adresses and not some ungenerated ones which seeds are in the hands of the wallet-generator website maker. waiting for being robbed after they get deposit

im little bit worried for my ledger aswell adter i read that its has closed source code and all the fud from the thread >>52458230

I just want safe paper wallet generator but how the fuck i know which or them are safe or not??

>>52464524
browser plugin

>>52461668
God forbid you spend 100€ for something that will keep your investments safe from hackers and fraud. Not worth it at all OP. Kys

>>52463130
The transaction is signed on the device. The private key never leaves the stick. Even on virus infected computers it’s safe.

Trezor is open source, if you don’t trust Ledger. I got both, sleeping very well.

>>52465148
You can use it with almost any wallet that supports hardware wallets. The problem is Ledger doesn't let you update the firmware or software without using their propriety software which creates an internet connection directly to your device and issues it commands from their black-box un-auditable HSMs.

That alone discounts Ledger for anything other than casual low-value use.

>>52465210
No FUD in that thread, there are ways to check your seed hasn't leaked through tweaked transaction signatures, but your hardware wallet needs to support that "anti-klepto" feature. There's no way to know if the generated seed is compromised, for that you need to generate it physically and have a wallet like ColdCard that supports dice/coin seed generation; or you need to use a air-gapped computer to generate your seed you can import into a wallet later (but at that point you might as well just use the computer as it's already more secure).

>>52465282
You still have to trust Trezor the company though, because they could hide extra firmware on the device you wouldn't know about without breaking it open and doing complicated expensive diagnostics on it. In fact anyone could give you a compromised Trezor that did the same by intercepting your delivery.

>>52461842
is it possible to make 2 or more backups ? Imagine your only USB stick dying taking the only backup of the keys with it...

>>52465321
k thnax for the info

but what do you mean "generate it physically?"

if i use offline PC to generate lets say like using the bithomp XRP wallet generator is that safe? is that what you mean by physically?

>>52465455
Physically like what the schizos used to do in the early days with Bitcoin. Roll a dice 100 times and hash the numbers together into a key, or flip a coin 256 times and do the same.

If you have a computer that hasn't been online and won't be online ever again you can be sure what you generate won't "leak" online but you can never be 100% sure the key isn't somehow less than random without using those above methods.

Hilarious that people still debate whether it's worth it. You must have less than $500 in crypto.

>>52461772
You have a recovery phrase, it’s your responsibility not to lose it. It’s protected with a pin so if someone steals it they would need to know the pin.

>>52465496
okay, but after you made that dice rolling maneuver where do you type the hashed keys? If i want to make XRP paper wallet how to do that?

for now I am using Ledger but seems that its not safe at all, no?

I thought the seed is offline stored in a secure chip but how anybody could know if that chip is backdoored as the code behind it is closed source. It has to be connected to the device somehow because the device can verify that your seed is right. So can some evil entity see your seed through ledger app etc. somehow?

like what the fuck i dont know what to believe anymore. I just want an secure paper wallet but even i generate my seeds from airgapped pc i cant tell if the generator service is safe...

>>52465612
I don't know, I haven't owned any XRP since 2018. If it's like anything else you just download the official wallet or a conversion tool that can turn your hash into the right fomat the wallet expects, like WIF in the case of Bitcoin.

>>52465612
>midwit paranoia

>>52465651
It's worth being paranoid for some things, but I'd say it's more likely something like XRP drops to zero or close to it in the next 5 years than Ledger has some bug or hack that leaks everyone's keys.

>>52465612
the answer is there is this bip generator script online which is open source and contained in 1 file written in javascript
you have to run it on airgapped computer and to understand every single line of the generator code
what you want is magical thing, meaning you refuse to understand the technology but also refuse to trust the technology
hypothetically how can you trust something without knowing the thing full well?
it doesn't exist, this makes you a midwit

Why not just use a normal thumbdrive with an encrypted container? You can even have multiples of them in case of loss/failure.

>>52465710
well i "apologize" that im not an tech guru. i just want to know is my ledger safe at all without being called idiot for buying usb-drive for a hundred bucks.

i already made paper wallet(s) with generator offline but then i was wondering that if the generator is compromised then the "generated" keys isn't safe.

so i should use that big generator and not trust those generator services as safe.

ledger is safe and convenient, that's all there is to it.
the main issue with non-streamlined options is that you might get sloppy or not use them and keep your money on an exchange like a retard because you're too lazy

>>52465781
If you use a thumbdrive the private key has to leave it to sign a tx, temporarily going to pc memory and exposed to potential attacks. A HW wallet does the signing itself and doesn't use the pc connected to it for the computing.

>>52461668
I use a trezor and I love it, easy to backup/restore, safe, and just recently found out I can use it to encrypt/decrypt/gpg sign documents on my computer. Maybe soon there will be support for veracrypt encrypted volumes to use the trezor as a key.

You can also use the trezor (not sure about ledger but most likely yes) as a security key, to authenticate to google/github/binance using password and trezor. Too bad there s not much development around trezor as it is open source but I think in the future a hardware wallet will be more than just a place to store coins. It can be a digital identity, easily recoverable (just keep the fucking seed phrase somewhere safe it's not that hard newfags)

>>52465893
And also to the people saying "hurrdurr just encrypt a thumbstick": the moment you decrypt the thumbs tick to sign a message, you are potentially compromised. The private key NEVER leaves the hardware wallet. That s the whole point.

wew everybody a millionaire in this thread

>>52462551
I don’t think you’re dumb, but you are a coward
run it through photoshop and delete the exif data, will only take you 10 minutes

>>52461668
>I'm considering buying this overpriced usb stick, should I do it?
Good timing. Might be a better timing after Railgun supports privacy on it next month

>>52465838
>Safety
How safe can it be if I can easily draw out your financial history on it.
>Convenient
Big plus on the convenience. At the end of the day, convenience is what led people to trust their keys with frauds in the first place

>52461668
This how you were supposed to use cryptos, if you use all of these centralized exchanges it's not different than use regulars banks(even worse be cuz those exchange has barely any regulation )

>>52461668
Why it won't make you a better trader and you'll probably mistype your pin and send all your bags to a shitskin

>day trade
>don't dca don't hodl
>cash out what you earn to your bank account
>buy the fud sell rhe fud pump
I'll "hodl" in a bull market thank you very much

>>52461668
If you have any serious holdings, yes, and get a billfodl too.

>>52461668
Ledger is cool, all my funds are currently in ledger, only the ones I'm trading with are on Takepile perpdex, enough of the fucking cex

>>52461668
yes although I would recommend trezor model t unless you are doing a lot of on chain trading/nfts/defi stuff. ledger is better for that and trezor better for cold storage imo, but also check both if you hold any obscure shitcoins to make sure they support it because that can also be a deciding factor

>>52467517
If you can't hold, you can't be rich

>>52461714
the absolute state of ameri*ans

truly the most revolting "nation" on earth

>>52468459
What's takepile about anon?
I'm hearing it for the first time

>>52465893
This is great, really like these applications

What software does the security key authentication?

>>52470307
It's a perpetual-decentralized exchange, where you can trade derivatives and future options

>>52465806
That isn't what you should be worried about anon. He worried about how you will interact with a chain without exposing your seed key.

>>52470248
rent free yuropoor, rent free

>>52470887
Both are important, but confirming transactions aren't being modified to leak secrets is something there are standardized solutions for. There's no way to know how good your random number is.

>>52461668

Absolutely, the price lock feature alone is worth it. I still have over 50 ETH locked at $4k. Feels sweet as hell knowing I can sell them anytime for full price.