UPDATE: I was contacted by a board member of the Bitcoin Cash Fund and they wanted to clarify this issue I had with the fees, so mostly full email here. I used BTCmarket.net BTW. "I'm a board member of the Bitcoin Cash Fund, a charity we created to help Bitcoin Cash adoption worldwide. We, the board members, and the sponsors, are some of the biggest name in the Bitcoin ecosystem. I have been involved with Bitcoin since December 2009 and have been mining ever since. I would like to take the opportunity to clarify the bitcoin cash fees you said that you paid on your latest video (review of Ledger nano S). I don't know which wallet you used to send yourself some BCH but there is no limitation to how small your transaction can be on the network. Also, in your video you states the fees where .001 BCH, or about 3.43$. Fees on Bitcoin Cash are usually in the order of a fraction of a cents. There is absolutely no reason to pay such an absurd high fee, low fees are the point of Bitcoin Cash after all. I took the liberty to check your transaction and it was literally the highest fee for a transaction in more than 7 days. I'm sorry you had such a bad user experience, if you let me know which wallet you used to make your transactions, I will contact the maker of the wallet so they correct their software."
EEVblog Yet there you were, paying fees. When are you going to elucidate the feasibility of bootstrapping solar cell production so we can get off fossil fuels?
EEVblog The proof that solar panels cannot manufacture themselves with even phes as the energy storage at the factory. That they are a derivative of fossil fuels and nothing more. That no solar panel can be, or will ever be, the product of solar power. That whenever one includes all of the necessary and sufficient material acquisition and refinement of the materials, the eroei is in fact negative downstream of the initial energy needed to manufacture them. My entire generation is heading into the myth that green tech will supplant the energy supply of fossil fuels, but there is no evidence that this is feasible even using much more efficient storage than Musk's bullshit battery tech. What EE can honestly say there is a future in tech when we are already observing declining returns in, and yet the sourcing of, fossil fuels that return a fraction of previously sourced fuels without a working bootstrapped solar powered facility? The gen pop is going to lose its collective mind when it is forced to endure a lower quality of life and it has been fed nothing but fantasy green tech future. If solar eroei is greater than unity, then the facility can grow production indefinitely creating exponential growth. Where is the solar powered factory that makes solar panels?
skeetorkiftwon, correct me if I'm reading your comment wrong, but are you stating that a solar panel over its entire lifetime would not produce enough power to "pay" for its construction?
Maybe he hasn't addressed that because it's based on bad assumptions. 1) Factories have different power-density needs than other applications. 2) The idea that a solar panel will never generate enough more energy than that used for its production is simply not accurate. It's just not. Don't. 3) Mixed production to offset use of fossil fuels would create immediate drops in carbon emission, especially in decentralized systems. So, your made-up gauntlet of "solar powered solar factories" doesn't represent reality. It represents an argument against switching to solar completely and immediately. Good thing zero people are arguing for that.
How about swapping the whole hardware wallet? It would be equal to swapping the PCB, right? But you would notice that during your first transaction, because the unit wouldn't be working as expected. On the other hand, installing a key logger to get your PIN and then stealing the hardware wallet might be a vulnerability.
In theory it's possible, I always recommend buying from an authorised source. Tamper evident stickers aren't enough though. If someone is wants to hack hardware and software like that then they have the means to fake the stickers too. What's really needed in that case is a barcode you can verify on the official website
I wasn't even thinking of purchasing a tampered device. Let's assume I buy from an authorized source. Is there any vulnerability? Why would I need to secure the chassis? With that secure chip, the only option would be to protect from a key logger and than stealing a device. Unlikely, but not impossible. A coworker or a family member could have access to a device and do such a thing. But then they could probably steal the seed card as well. So in my opinion, not protecting the chassis is not a vulnerability.
Oh, saw you meant tamper evident *casing*. Yes, silly to just have the lid pop off. Also, many people actually mark their device in a unique way to make sure it hasn't been swapped.
I would love for you to do an update on your crypto. Not your holdings, of course, but your thoughts on the state of the scene as well as any updates on hardware you think relevant. Granted, maybe the lack of an update says it all. Nothing new enough to be cool enough to talk about :D Have a good day, Dave!
I think it has more to do with the constant voltage regulation for the secure crypto processor than the tiny OLED, that looks like a very low voltage display, the Trezor looks twice as large but did not need one... not sure.
Hang on a minute... The security chip is using versions of *DES* in 2017??!! People figured out that DES wasn't secure enough to be trusted in the late 90s and created the multi-key versions of it as a stopgap before AES was standardized. Today you may as well just use plaintext instead of DES-based encryption. Also not impressed with the use of 128 and 192 bit AES, thou that's more of a near future concern than something as alarming as using DES-based encryption in 2017.
I feel like they should have put a couple hardware suicide triggers in there, most ATM keypads have a few hardware kills, if you open an ATM keypad, or even an EFT pad, they will wipe the memory and if you dig too deep and break a physical run in the potting or glass run, it's over. Also some have suicide capacitors that are always powered up, and when a tamper is triggered it will brute force send two redundancy capacitors directly to the core and kill it by intentionally overpowering the core by 1,200%. They also lose volatile memory, pretty much resetting to factory if light tamper is detected, so by the time the brain is fried, it's already been reset to factory, then wiped to nothing, then finally fried with a few hundred times it's maximum operating voltage.
Since you can build your own Trezor, you should make a video where you actually do that with perf board or something, just to see how easy or difficult it is.
Your BCH send may have failed if you were using the BTC app (on the device itself) to send since it signs the transaction slightly differently. You have to install the Bitcoin Cash app and use that. (They both can be used interchangeably to view wallets). There are some UI issues to be addressed there.
It's a shame ledger choose for by security by obscurity as the problem with it is that there's always someone smarter than yourself. And there and also as you've said the it isn't potted, ultrasonically welded.
Ledger works great with the Ethereum wallet. No need to use the basic software provided by Ledger. Factoms new wallet supports it too. The idea is, you use it with whatever the defacto wallet is for each coin.
I love your clear and easy to follow explanation. One quick question though. Can the hardware wallet support new coins that come out in the future or do you have to buy a new hardware wallet for coins that aren't here today? (assuming that the company implement the support for the new coins)
problem with the Nano is that it has a very limited amount of memory for the apps. (only about 5 apps are supported at the same time) So you need to uninstall / install apps if you have a lot of different coins.
It's not really a dealbreaker, but its a stupid design decision for a wallet that claims to support the most alt coins. it just takes 10s more to open the manager, uninstall an app, reinstall an app.
One of the things one would learn the hard way. Not really advertised on the site for the ledger S. I purchased the Ledger S as it supports many Alt coins, but was disappointed when I had to choose 4 or 5 of them. Nice to have all coins in one place, but it seems to have many issues. I have noticed issues with some USB cables as well. I need to use specific cables for the Ledger to be found.
Hi, MrHighvolt you are right ... I also have faced many issues with ledger but now I found another amazing hardware wallet which is walahala hardware wallet.. in this hardware wallet we don't need to install different apps for different coins. Check their website: walahala.com/ and also try a demo account: walahala.com/downloadDemoWallet
@@tomassjostrom6434 Hi buddy then try walahala hardware wallet ... we don't need any USB cables for walahala hardware wallet.. and also it is a secure wallet... I have been using this wallet for sometimes and no issues found. Check their website: walahala.com/ and also try a demo account: walahala.com/downloadDemoWallet
Thanks for another great video. You should try adding more wallets on the Ledger. You'll find that you are already at or near the limit. I had the same wallets installed as you did and was unable to add a Litecoin wallet. Not enough room on device.
@eevblog 1. ledger may have the best crypto chip, but you can get it open and there is a plenty of space to make a chip between the main board and the screen, de facto creating a extreamly easy "hardware Man in the Middle ". There, anyone with physical access for less than a couple of minute to your wallet can screw you up your experience, or even worse if well organzed 2. you choose the transaction to pay for everything 3. please cite a source about the story of BTC would continusly split if faster, never heard of that
Why does the thing cost about 50% more on amazon that you linked through the kit . com website compared to the ledger website? (70.18 € on ledgerwallet website compared to 120€ on amazon)
Unnecessary to advice to buy only from manufacturer, Ledger wallet is only one that uses cryptographic proof to verify the integrity of the firmware. So you can freely use any ledger wallet, the software will alert you if the firmware is not official. It has nothing to do with an unique ID as you stated. edit: you can see the address you send to if you click the icon.
displaying the full address on the LCD doesn't mean anything!!!!! You have to trust the HW as a whole anyway because a malicious firmware may instruct the LCD to display the "correct" address and then send the funds to another one... the LCD itself doesn't constitute proof of a correct address. The partial address is well enough to spot errors originating from the legit user. That's a basic software security principle
Without a factory seal there is no way to know if someone replaced the innards with a fake circuit or firmware that doesn't use the secure element, only pretends. Or they could add a keylogging circuit. Decades ago, the KGB did this to typewriters being shipped to the US embassy, it's a real attack.
I don´t think the Secure chip in it cost much more then a SIM-card. Even simcards have its own Secure processor, Hardware Cryptografy, Scrambled EEPROM, Uniqe ID and are seald by metal-vapor-deposition with only exclude the 6/8 bondpads. I even have found some time ago sim´s on Amazon, in SOP-8 package. C007G11 Logo is Philips and they work like normal SIM´s in a reader. But i have no idea whats inside...
Just one question, do they glue or pod the chip on your credit card, or your SIM card on the cell phone? I’ve never seen this, why because the chip it’s self has been secure enough with proper and proprietary protection to meet regulations. So what would glueing a polycarbonate/abs mix plastic case do for protection. Nothing, just like you proved with the last one a Dremel opened it up. It didn’t even have a switch to deny a kill and wipe command to the chip holding your key once it was opened. And that was stored on a chip that it could have been extracted from if it was acid died, and frozen and other hardware hacking techniques. So in my opinion the glueing would only increase the cost of manufacturing and harder to replace the battery or OLED if it was cracked. The only benefit of gluing it might be water resistance, but nothing with security. But this level of water resistance could have also been achieved by a conformal coating as well. Yes, the best security is the one you do not have physical access to, but if you loose this it’s more secure then the other one you did before this. Best bet, don’t loose it.
Paper wallets are much safer and better than software or hardware wallets. Having to keep a 24 word card is basically using a paper wallet with blinky lights.
I like how the Ledger looks. I actually got my Dad the Gold Litecoin Edition for Christmas. Only with cryptocurrency can a 14 year make over 20 grand lol
Trezor already had a hack via malware on your pc!! They did patch the firmware fix relatively fast. But I'd much rather the nano s with the separate secure chip... There is also a reason why nano s makes you enter the pin on the screen. Nano s also supports a hidden wallet. Does suck to have to swap out apps on the device. Wish they could improve that aspect. But the secure chip memory where they are stored is limited.
Oh and I totally agree with you. That they should have epoxied it. Even with their claim of being able to verify the hardware. Someone could add a mini controller that records the lcd screen when you create the phrase, and then send it some how over usb? Idk. It would be a far stretch. But where $$$$$ money is involved anything possible. Oh and I also wouldnt even order mine from Amazon. Direct OEM only.. oh and last thing. I heard that IBM and ledger are teaming up to possibly add their secure chip tech to PC motherboards... I know enterprise PCs already can have TPM chips. Dont know the end game there.
I highly recommend taking a digital photo of your key words, zipping it up with 256bit encryption, and making multiple usb stick copies including on your cloud drive. Then destroy your paper records when you feel confident that the encrypted photos and their password are securely stored.
if I have my coin in a hardware wallet, will I be able to profit from the splits? Like I had btc in a blockchain wallet and they automatically gave me the same amount in bitcoin cash. Would this happen as well, if I have the coin in a hardware wallet?
I heard they use 2 chips for securing device, 1 will store only private key and the other one will secure device itself like display and button controls and firmware. Is true you can hack second chip to trick display to show another public addresses when you sign transactions?
There was an interesting episode of Radiolab's podcast entitled "The Ceremony" where they go about creating the super secret sauce that goes into creating a new digital currency. Reminds me of how the Fed was created (another good podcast NPR Planet episode 505). There was also a good After On episode (#17) that talks about all things crypto-currency, including how the block-chain* science can used to move a society towards a greater well being! *Distributed Autonomous Organizations to be exact.. see Ralph Merkle tree video 'Revolutionizing Democracy Using DAOs'! BTW, what do you think of those low-cost money transfer places that use crypto-currencies.. ex. Cashaa, OmiseGo, etc ?
Why do all security tokens, wallets look naff. Was looking at U2F keys, and all seem little bits of plastic. Someone should try to replace the USB drive in a Victorinox Slim Alox USB with a U2FZero
I tried to setup my Ledger nano S recently and it went as described till after going through twenty four recovery words and marking them down. After that I expected to confirm all twenty four words, but after second word confirmed, display showed that it is "processing" and then "your device is now ready". I expected all twenty four words have to be confirmed. Is it normal, or is there a technical issue? I tried to set it up as new device second time, but same happened again. Thanks for your help.
warning newby question alert ! Can I clone one of these digital wallets so there is a backup ? I'm assuming if there's a fire in my house I lose all the bit coin? would like to buy some but not really sure how I make a backup of the wallet without printing a price of paper with the codes. then that's the same as leaving a bundle of cash on the kitchen table ? I could also be struck by lightning but just trying to figure out how to have a backup.
Hey Dave, I had none of the issues you experienced and quite like the ledger. (maybe some combatibility issues). As others have discussed it has limited memory which is a shame. You can have 3 or 4 coin apps on it after which you have use the manager to delete and install. The keys never leave the device and it's possible to do very quickly so only a minor inconvenience. I know how much you hate fan boys so I'm not even going to go into it other than saying you could have demo'd a less controversial coin 😉
What's actually the deal with these Chrome extensions? Since Chrome isn't the most private browser and still on your PC, I don't see any advantages over a classic desktop application for all wallets or one for each wallet. Classic programs, installed or even portable would be much more comfortable in my opinion. But I'm no specialist, maybe there's a reason they chose extensions?
Could a hacker with your Ledger wallet just remove the secure chip and put it in their Ledger woth a different pin? Or is the Pin also stored on the secure chip?
What's this pin number of which you speak, Dave? ;-) BTW: Easier than trying to reverse engineer the secure PIN or passphrase is to replace the guts of the device with a custom jobbie that fakes the real one but records the interaction. The "target" returns with the faulty device and ... That's why you cannot completely trust hardware that's been out of you physical control. P.S. using a proprietary chip for security can backfire. KeyLoq. Lots of cars cracked, 100 million vulnerable.
what is the risk of the ledger just dying or corrupting on its own? I'd hate to have a large savings on this little flimsy drive and then it just didnt boot up one day then I've just lost all my coins or is there some recovery method?
Be careful with the Ledger Nano S. Ledger does not hold itself responsible for any crypto currency lost by bad tested software updates. It started with a bad LTC Segwit update in August 2017. Even sending a new Ledger nano S did not return the LTC balance but in the end the loss of the LTC was never addressed.
Hi Neocham, you are absolutely right I have also lost my LTC... then I found another secure wallet and it is very easy to use that is walahala hardware wallet .in this wallet I do not need to install different apps for different coins and now I have no fear of losing my coins. check their website:walahala.com/ and also try a demo account: walahala.com/downloadDemoWallet
My favorite part of the video: @26:11 he has taken that irritating, flip-y, spin-y piece of metal off. We've had widely used, mainstream, pocket-able electronics for well over a decade. Why do manufacturers still insist upon having movable parts which don't close and then stay ABSOLUTELY secure?!? Also, why in the hell do they still insist upon using caps which vanish faster than half of a pair of socks? And finally, if somebody is making a product which will go into somebody's pants pocket, for the love of God please make certain all of the edges and corners have large NON POKE-Y radii.
I don't know. I makes sense if you have a couple of thousand bucks on these things. Otherwise....?? Wouldn't it be cheaper and also just a solution to dump some paper wallet on .pdf on a encrypted USB stick and open it only when you're offline on some kind of secured Linux system?
Sure it's safe and cheaper. But hardware wallets allow you to spend directly and check your balance faster. I can't say if that actually does justify the price, it probably comes down to the person. For just a little crypto portfolio I think a paper wallet as image or text encrypted on at least two HDD's in safe locations is just fine. However, I wouldn't go with any USB sticks because of flash storage. It's fast but flash storage could just have a failure without any chance of data recovery while HDD data can be recovered easier and it's even better if you replace the drives after 3 years. I think it's obvious that nobody should ever rely on just one storage device while doing something like that, so I'd go with at least 2 or 3 at different locations. Some people say paper wallets are useless because anybody can use them if he or she finds it. I agree but it's just as bad if somebody steals the recovery sheet of your hardware wallet. Because of my paranoia and the comfort I might still get a hardware wallet.
As soon as you write down the seed phrases it's no better than the usual "paper" wallet. Anyway bootable linux and an off-line computer: you get the same level of security, unless your hardware is backdoored.
True if you just buy and don't operate with them. False if you do, with hw wallets your private keys are not exposed in a computer. As for doing offline with usb, your computer device could still be backdored even if you later boot from an usb, so you should dedicate a offline device instead. but it doesn't even matter, this option is by far not as convenient as hw wallet.
HW wallet is a computer, but true, it is much more convenient. Anyway the point is: as soon as you write down the seed, it's game over. Both scenarios have the same weak link.
They do not have the same weak link, as dreyer already points out. When spending from a paper wallet, you have to plainly enter the private keys on a computer each time again, which makes them vulnerable for attacks. With a hardware wallet, the whole transaction is processed inside the Ledger, and only the end result leaves the Ledger. Nobody sees your private keys, not even you! This makes it impossible to hack your private keys, even when used on an infected computer.
Dragan Milivojević You're right, we can never be 100% sure that a hack is impossible. Still, I think it's the safest option for a wallet that you'll use for trades every now and then.
Another great video Dave! And riding the Bitcoin wave :) My brother owns a Ledger, I forwarded him this video which I find "atypical" amongst your series ! Like this anyway ! Ciao from Switzerland ! HB3YOE Max
Hey EEVBlog, I know Power Ledger is not related to Ledger Wallet but the name just reminded me of it. Have you heard of / looked at it yet? web.powerledger.io/ The idea is that people with solar panels can get better prices on their feed-in tariff than what electric companies are willing to pay, which it does using their own in-house crypto-currency to handle the money transfer from consumer to producer. The trouble is I haven't yet been able to find out how the electricity gets from producer to consumer. If it just goes over the existing electricity network, how do they handle paying all the middle-men involved in running that? And how else could it work if not over the existing grid? I'd love to see you dig in to how it actually works.
No water resistance? Really. For what it is and how much it costs it does not make any sense. Just for a buck they could make a water resistant version.
The thing that annoys me about cryptocurrencies and that makes me not want to invest is this: *Convenience Factor,* or the lack thereof. No cryptocurrency I've found has managed to overcome this problem yet. Bitcoin is becoming more usable for the public with machines where you can buy "coins", but they still don't have the same ease of usability as things like contactless debit/credit cards. As soon as someone creates a secure cryptocurrency that is stable, has a fast transaction speed and is very user-friendly, I'll invest most of my money straight away. That'll be the winner.
the point of crypto is you control it... and you control it with a very secure method... you can spend bitcoin (and maybe other coins) with plastic wallets with magnetic strips... but at that point you dont control it... like having your money in the bank. in the current wild west we have do you want your money in the bank?
Saing " I want a cryptocurrency that is user friendly " is like saying "I wan't a TCP/IP that is user friendly" Ethereum recently broke a million transactions per day. Using Ethereum with the Metamask chrome extension seems very simple to me but maybe I just spent too much time using it so idk
You are very deluded. It already is unprecedented in quality; what bank has not seen one service interruption in a decade? What bank does not need second factor auth. when using internet banking? Don't compare with paypal, they piggyback on the banking system.
Mentioning how much better the Trezor is at certain times, I at least expected the Trezor to be included in this video. "Look Ledger Nano S guys, this is how you should do it" while showing how much better the Trezor actually is. Again a mildly interesting video.
You don't have to, you have a full open source option in the Trezor. But to answer the question, it's trust in ST and the certification agencies, and that many banks and others use the same chip.
The vulnerability with the Trezor is entering the pin through the computer, this one is all contained within the unit. The Trezor has already been hacked.
UPDATE:
I was contacted by a board member of the Bitcoin Cash Fund and they wanted to clarify this issue I had with the fees, so mostly full email here. I used BTCmarket.net BTW.
"I'm a board member of the Bitcoin Cash Fund, a charity we created to help Bitcoin Cash adoption worldwide. We, the board members, and the sponsors, are some of the biggest name in the Bitcoin ecosystem. I have been involved with Bitcoin since December 2009 and have been mining ever since.
I would like to take the opportunity to clarify the bitcoin cash fees you said that you paid on your latest video (review of Ledger nano S). I don't know which wallet you used to send yourself some BCH but there is no limitation to how small your transaction can be on the network.
Also, in your video you states the fees where .001 BCH, or about 3.43$. Fees on Bitcoin Cash are usually in the order of a fraction of a cents. There is absolutely no reason to pay such an absurd high fee, low fees are the point of Bitcoin Cash after all.
I took the liberty to check your transaction and it was literally the highest fee for a transaction in more than 7 days. I'm sorry you had such a bad user experience, if you let me know which wallet you used to make your transactions, I will contact the maker of the wallet so they correct their software."
EEVblog
Yet there you were, paying fees.
When are you going to elucidate the feasibility of bootstrapping solar cell production so we can get off fossil fuels?
skeetorkiftwon I've done many videos on solar energy, what more do you want?
EEVblog
The proof that solar panels cannot manufacture themselves with even phes as the energy storage at the factory. That they are a derivative of fossil fuels and nothing more. That no solar panel can be, or will ever be, the product of solar power. That whenever one includes all of the necessary and sufficient material acquisition and refinement of the materials, the eroei is in fact negative downstream of the initial energy needed to manufacture them.
My entire generation is heading into the myth that green tech will supplant the energy supply of fossil fuels, but there is no evidence that this is feasible even using much more efficient storage than Musk's bullshit battery tech. What EE can honestly say there is a future in tech when we are already observing declining returns in, and yet the sourcing of, fossil fuels that return a fraction of previously sourced fuels without a working bootstrapped solar powered facility?
The gen pop is going to lose its collective mind when it is forced to endure a lower quality of life and it has been fed nothing but fantasy green tech future.
If solar eroei is greater than unity, then the facility can grow production indefinitely creating exponential growth. Where is the solar powered factory that makes solar panels?
skeetorkiftwon, correct me if I'm reading your comment wrong, but are you stating that a solar panel over its entire lifetime would not produce enough power to "pay" for its construction?
Maybe he hasn't addressed that because it's based on bad assumptions. 1) Factories have different power-density needs than other applications. 2) The idea that a solar panel will never generate enough more energy than that used for its production is simply not accurate. It's just not. Don't. 3) Mixed production to offset use of fossil fuels would create immediate drops in carbon emission, especially in decentralized systems.
So, your made-up gauntlet of "solar powered solar factories" doesn't represent reality. It represents an argument against switching to solar completely and immediately. Good thing zero people are arguing for that.
Surely at the very least you need tamper evident-casing to ensure someone hasn't installed a hardware logger or swapped out the whole PCB.
How about swapping the whole hardware wallet? It would be equal to swapping the PCB, right? But you would notice that during your first transaction, because the unit wouldn't be working as expected. On the other hand, installing a key logger to get your PIN and then stealing the hardware wallet might be a vulnerability.
In theory it's possible, I always recommend buying from an authorised source.
Tamper evident stickers aren't enough though. If someone is wants to hack hardware and software like that then they have the means to fake the stickers too. What's really needed in that case is a barcode you can verify on the official website
Karol Murawski It's easier to just steal your seed card!
I wasn't even thinking of purchasing a tampered device. Let's assume I buy from an authorized source. Is there any vulnerability? Why would I need to secure the chassis? With that secure chip, the only option would be to protect from a key logger and than stealing a device. Unlikely, but not impossible. A coworker or a family member could have access to a device and do such a thing. But then they could probably steal the seed card as well. So in my opinion, not protecting the chassis is not a vulnerability.
Oh, saw you meant tamper evident *casing*. Yes, silly to just have the lid pop off.
Also, many people actually mark their device in a unique way to make sure it hasn't been swapped.
7:28: “Smart phones are horribly unsecue!” - nice speeling Dave
I would love for you to do an update on your crypto. Not your holdings, of course, but your thoughts on the state of the scene as well as any updates on hardware you think relevant. Granted, maybe the lack of an update says it all. Nothing new enough to be cool enough to talk about :D Have a good day, Dave!
OLEDs need about 12v, hence boost converter
I have one that runs off 5v for Arduino
I think it has more to do with the constant voltage regulation for the secure crypto processor than the tiny OLED, that looks like a very low voltage display, the Trezor looks twice as large but did not need one... not sure.
Even the small OLEDs need 12V. Some have a boost converter on the flat-flex
I remember reading that some proper random number generators (not thermal noise amplifiers) require ~12V.
Thanks for the review. Im happy with my Trezor even more now.
Hang on a minute... The security chip is using versions of *DES* in 2017??!! People figured out that DES wasn't secure enough to be trusted in the late 90s and created the multi-key versions of it as a stopgap before AES was standardized. Today you may as well just use plaintext instead of DES-based encryption.
Also not impressed with the use of 128 and 192 bit AES, thou that's more of a near future concern than something as alarming as using DES-based encryption in 2017.
As I understand it, Google recently announced that they will be discontinuing the support of Chrome apps. Back to supporting 3 different platforms.
Highly recommend Keepkey. Bigger display and same randomized pin input like the Trezor.
*To you and your family, Happy Holidays & Best Wishes for the New Year.* CHEERS 73
I feel like they should have put a couple hardware suicide triggers in there, most ATM keypads have a few hardware kills, if you open an ATM keypad, or even an EFT pad, they will wipe the memory and if you dig too deep and break a physical run in the potting or glass run, it's over. Also some have suicide capacitors that are always powered up, and when a tamper is triggered it will brute force send two redundancy capacitors directly to the core and kill it by intentionally overpowering the core by 1,200%.
They also lose volatile memory, pretty much resetting to factory if light tamper is detected, so by the time the brain is fried, it's already been reset to factory, then wiped to nothing, then finally fried with a few hundred times it's maximum operating voltage.
Since you can build your own Trezor, you should make a video where you actually do that with perf board or something, just to see how easy or difficult it is.
Really nice video, thanks ! The unique sad part is that delay to talk about Bitcoin (cryptocurrencies), wallets etc.
you should know that Trezor's pin was hacked some time ago. But I haven't heard of a ledger being hacked yet.
I would recommend two step Authentication for any software wallet
Trezor pin panel has not the zero "0" , it means it reduce the number of possible combinations ....
Your BCH send may have failed if you were using the BTC app (on the device itself) to send since it signs the transaction slightly differently. You have to install the Bitcoin Cash app and use that. (They both can be used interchangeably to view wallets). There are some UI issues to be addressed there.
It's a shame ledger choose for by security by obscurity as the problem with it is that there's always someone smarter than yourself. And there and also as you've said the it isn't potted, ultrasonically welded.
Ledger works great with the Ethereum wallet. No need to use the basic software provided by Ledger. Factoms new wallet supports it too. The idea is, you use it with whatever the defacto wallet is for each coin.
Dave, chrome apps are dead btw, so you will see apps for different OS either way :)
Great review. That thing looks like a hassle. I wish the Trezor supported Ripple and other coins.
I love your clear and easy to follow explanation. One quick question though. Can the hardware wallet support new coins that come out in the future or do you have to buy a new hardware wallet for coins that aren't here today? (assuming that the company implement the support for the new coins)
problem with the Nano is that it has a very limited amount of memory for the apps. (only about 5 apps are supported at the same time)
So you need to uninstall / install apps if you have a lot of different coins.
Really? Didn't know that. That completely sucks if so!
It's not really a dealbreaker, but its a stupid design decision for a wallet that claims to support the most alt coins.
it just takes 10s more to open the manager, uninstall an app, reinstall an app.
One of the things one would learn the hard way. Not really advertised on the site for the ledger S.
I purchased the Ledger S as it supports many Alt coins, but was disappointed when I had to choose 4 or 5 of them.
Nice to have all coins in one place, but it seems to have many issues.
I have noticed issues with some USB cables as well. I need to use specific cables for the Ledger to be found.
Hi, MrHighvolt you are right ... I also have faced many issues with ledger but now I found another amazing hardware wallet which is walahala hardware wallet.. in this hardware wallet we don't need to install different apps for different coins. Check their website: walahala.com/ and also try a demo account: walahala.com/downloadDemoWallet
@@tomassjostrom6434 Hi buddy then try walahala hardware wallet ... we don't need any USB cables for walahala hardware wallet.. and also it is a secure wallet... I have been using this wallet for sometimes and no issues found. Check their website: walahala.com/ and also try a demo account: walahala.com/downloadDemoWallet
I would've liked to have seen a comparison with the physical security features of the EFTPOS pin pad teardown from a few years ago.
Thanks for another great video. You should try adding more wallets on the Ledger. You'll find that you are already at or near the limit. I had the same wallets installed as you did and was unable to add a Litecoin wallet. Not enough room on device.
crypto crypto crypto of course Dave you want to be in the hype too ;-)
@eevblog
1. ledger may have the best crypto chip, but you can get it open and there is a plenty of space to make a chip between the main board and the screen, de facto creating a extreamly easy "hardware Man in the Middle ". There, anyone with physical access for less than a couple of minute to your wallet can screw you up your experience, or even worse if well organzed
2. you choose the transaction to pay for everything
3. please cite a source about the story of BTC would continusly split if faster, never heard of that
Why does the thing cost about 50% more on amazon that you linked through the kit . com website compared to the ledger website? (70.18 € on ledgerwallet website compared to 120€ on amazon)
I don't see the advantage of this usb stick? Is it used for the login process to their app, and that's it?
Thanks for the amazing review!! suddenly felt like watching Llamas with hats...
Unnecessary to advice to buy only from manufacturer, Ledger wallet is only one that uses cryptographic proof to verify the integrity of the firmware. So you can freely use any ledger wallet, the software will alert you if the firmware is not official.
It has nothing to do with an unique ID as you stated.
edit: you can see the address you send to if you click the icon.
displaying the full address on the LCD doesn't mean anything!!!!! You have to trust the HW as a whole anyway because a malicious firmware may instruct the LCD to display the "correct" address and then send the funds to another one... the LCD itself doesn't constitute proof of a correct address. The partial address is well enough to spot errors originating from the legit user. That's a basic software security principle
Merry Christmas and happy new year.
Without a factory seal there is no way to know if someone replaced the innards with a fake circuit or firmware that doesn't use the secure element, only pretends. Or they could add a keylogging circuit. Decades ago, the KGB did this to typewriters being shipped to the US embassy, it's a real attack.
I wonder where the pin code is stored. If on the STM32, it's a fail.
Remco Stoutjesdijk
The PIN code is useless without the seed
Really? When I hold your device in my hands and I extract the pin code, then I can use the device just like you.
Have to assume it's stored hashed and salted, though.
Remco Stoutjesdijk A pin code has so few valid values, once you have any kind of checksum or hash, brute force trying all possible values is trivial.
I don´t think the Secure chip in it cost much more then a SIM-card. Even simcards have its own Secure processor, Hardware Cryptografy, Scrambled EEPROM, Uniqe ID and are seald by metal-vapor-deposition with only exclude the 6/8 bondpads. I even have found some time ago sim´s on Amazon, in SOP-8 package. C007G11 Logo is Philips and they work like normal SIM´s in a reader. But i have no idea whats inside...
My tinfoil hat isn't for keeping things out. It's for keeping my thoughts in.....;-)
hey nice video. i have a question.
i read, that chrome app's will go away in some months. what you make now? just wait or store it somewhere else?
Bitcoin is ONLY 33$ to send any amount. So you can't just move your bitcoins around like you could a month ago.
Just one question, do they glue or pod the chip on your credit card, or your SIM card on the cell phone? I’ve never seen this, why because the chip it’s self has been secure enough with proper and proprietary protection to meet regulations. So what would glueing a polycarbonate/abs mix plastic case do for protection. Nothing, just like you proved with the last one a Dremel opened it up. It didn’t even have a switch to deny a kill and wipe command to the chip holding your key once it was opened. And that was stored on a chip that it could have been extracted from if it was acid died, and frozen and other hardware hacking techniques. So in my opinion the glueing would only increase the cost of manufacturing and harder to replace the battery or OLED if it was cracked.
The only benefit of gluing it might be water resistance, but nothing with security. But this level of water resistance could have also been achieved by a conformal coating as well.
Yes, the best security is the one you do not have physical access to, but if you loose this it’s more secure then the other one you did before this.
Best bet, don’t loose it.
Now I'm conflicted. Should I waste my money on "Solar Road" or "Crypto Currency"?
Great review,on point, just at 18:45 ledger supports larger number of altcoins,you said it the other way around,anotatate pls :)
Oops, youtube doesn't allow annotations any more. I said it multiple times anyway.
EEVblog2 ah,ok,no biggie :)
The coins aren't actually being stored *on* these hardware wallets, right?
The wallets only hold the private keys. The coins are all stored on-chain.
You should review a KeepKey hardware wallet next!
So the crypto chip is secured by security through obscurity? That is never a good method to secure something...
Paper wallets are much safer and better than software or hardware wallets. Having to keep a 24 word card is basically using a paper wallet with blinky lights.
I'm thinking of making my own version of the Trezor, with anodized aluminium case (Apple style), and a physical keypad.
What happens when Ledger goes out of business? Does the 24-word recovery process still work?
Let me know how the model T turns out. I'll be picking within the next year which hard wallet to put coins into
Did they fix the LedgerNano receive address hack?! I'm not buying it until they do.
I like how the Ledger looks. I actually got my Dad the Gold Litecoin Edition for Christmas. Only with cryptocurrency can a 14 year make over 20 grand lol
Well, there are actually lots of ways a 14 year old can make over 20k (something, baht? rand?). Lol.
Paul Howard lol well I could always sell all my crypto and start selling drugs I guess (obviously a joke don't lecture me lol)
Trezor already had a hack via malware on your pc!! They did patch the firmware fix relatively fast. But I'd much rather the nano s with the separate secure chip... There is also a reason why nano s makes you enter the pin on the screen. Nano s also supports a hidden wallet. Does suck to have to swap out apps on the device. Wish they could improve that aspect. But the secure chip memory where they are stored is limited.
Oh and I totally agree with you. That they should have epoxied it. Even with their claim of being able to verify the hardware. Someone could add a mini controller that records the lcd screen when you create the phrase, and then send it some how over usb? Idk. It would be a far stretch. But where $$$$$ money is involved anything possible. Oh and I also wouldnt even order mine from Amazon. Direct OEM only.. oh and last thing. I heard that IBM and ledger are teaming up to possibly add their secure chip tech to PC motherboards... I know enterprise PCs already can have TPM chips. Dont know the end game there.
In theory such a hardware mod is possible to export the seed keys to the USB, but you'd have to have matching malware in the PC active.
what a nightmare, if kyc documents were included on your coins ,would it stop them from being stolen, or make them trackable,,
Get a magnetic micro usb connecting cable so you don't wear out the port.
I highly recommend taking a digital photo of your key words, zipping it up with 256bit encryption, and making multiple usb stick copies including on your cloud drive. Then destroy your paper records when you feel confident that the encrypted photos and their password are securely stored.
if I have my coin in a hardware wallet, will I be able to profit from the splits? Like I had btc in a blockchain wallet and they automatically gave me the same amount in bitcoin cash. Would this happen as well, if I have the coin in a hardware wallet?
I heard they use 2 chips for securing device, 1 will store only private key and the other one will secure device itself like display and button controls and firmware. Is true you can hack second chip to trick display to show another public addresses when you sign transactions?
There was an interesting episode of Radiolab's podcast entitled "The Ceremony" where they go about creating the super secret sauce that goes into creating a new digital currency. Reminds me of how the Fed was created (another good podcast NPR Planet episode 505).
There was also a good After On episode (#17) that talks about all things crypto-currency, including how the block-chain* science can used to move a society towards a greater well being!
*Distributed Autonomous Organizations to be exact.. see Ralph Merkle tree video 'Revolutionizing Democracy Using DAOs'!
BTW, what do you think of those low-cost money transfer places that use crypto-currencies.. ex. Cashaa, OmiseGo, etc ?
Hey great videos!
Question, is there anyway to increase the storage of the ledger nano, to be able to use more then 5 apps installed at a time?
Thanks
Why do all security tokens, wallets look naff. Was looking at U2F keys, and all seem little bits of plastic.
Someone should try to replace the USB drive in a Victorinox Slim Alox USB with a U2FZero
I tried to setup my Ledger nano S recently and it went as described till after going through twenty four recovery words and marking them down. After that I expected to confirm all twenty four words, but after second word confirmed, display showed that it is "processing" and then "your device is now ready". I expected all twenty four words have to be confirmed. Is it normal, or is there a technical issue? I tried to set it up as new device second time, but same happened again. Thanks for your help.
warning newby question alert ! Can I clone one of these digital wallets so there is a backup ? I'm assuming if there's a fire in my house I lose all the bit coin? would like to buy some but not really sure how I make a backup of the wallet without printing a price of paper with the codes. then that's the same as leaving a bundle of cash on the kitchen table ? I could also be struck by lightning but just trying to figure out how to have a backup.
Dave if you payed that high fee for a Bitcoin Cash transaction the wallet/service that you used are broken and needs fixing of it's fee calculations.
See pinned comment above.
Please except IOTAs, if you have time to look into the nonprofit IOTA Foundation in Germany, you would love it I'm sure!
Trezor has an internal.battery. the ledger runs off tye power of the connected device. Batteries do fail it cause problems.
Hey Dave, I had none of the issues you experienced and quite like the ledger. (maybe some combatibility issues).
As others have discussed it has limited memory which is a shame. You can have 3 or 4 coin apps on it after which you have use the manager to delete and install. The keys never leave the device and it's possible to do very quickly so only a minor inconvenience.
I know how much you hate fan boys so I'm not even going to go into it other than saying you could have demo'd a less controversial coin 😉
What's actually the deal with these Chrome extensions? Since Chrome isn't the most private browser and still on your PC, I don't see any advantages over a classic desktop application for all wallets or one for each wallet. Classic programs, installed or even portable would be much more comfortable in my opinion. But I'm no specialist, maybe there's a reason they chose extensions?
Reckon the keepKey feels much more robust than these two.
Isn't the support for Chrome apps being discontinued by Google? I think I read something like that.
Could a hacker with your Ledger wallet just remove the secure chip and put it in their Ledger woth a different pin? Or is the Pin also stored on the secure chip?
you think cell phones are "horribly insecure?" I would argue that they are the most secure devices we use on a day to day basis.....
What's this pin number of which you speak, Dave? ;-)
BTW: Easier than trying to reverse engineer the secure PIN or passphrase is to replace the guts of the device with a custom jobbie that fakes the real one but records the interaction. The "target" returns with the faulty device and ... That's why you cannot completely trust hardware that's been out of you physical control.
P.S. using a proprietary chip for security can backfire. KeyLoq. Lots of cars cracked, 100 million vulnerable.
If you build your own Trezor, would you still use a microUSB socket or opt for a full sized one?
USB B, man...
Chaos Corner My feelings also. I've had too many failures of microUSB sockets on devices.
Bluetooth might be a reasonable way to go but then you need a power source too.
what is the risk of the ledger just dying or corrupting on its own? I'd hate to have a large savings on this little flimsy drive and then it just didnt boot up one day then I've just lost all my coins or is there some recovery method?
the coins arent stored in the wallet, it's just the private key used to access the coins.
There is enough room in there to fit another (malicious) PCB. That's the attack I would play on a device like this.
Be careful with the Ledger Nano S. Ledger does not hold itself responsible for any crypto currency lost by bad tested software updates. It started with a bad LTC Segwit update in August 2017. Even sending a new Ledger nano S did not return the LTC balance but in the end the loss of the LTC was never addressed.
Hi Neocham, you are absolutely right I have also lost my LTC... then I found another secure wallet and it is very easy to use that is walahala hardware wallet .in this wallet I do not need to install different apps for different coins and now I have no fear of losing my coins. check their website:walahala.com/ and also try a demo account: walahala.com/downloadDemoWallet
You have to make sure you have all other Ledger apps closed
Chrome web extension is deprecated - google is dropping support for them
My favorite part of the video: @26:11 he has taken that irritating, flip-y, spin-y piece of metal off. We've had widely used, mainstream, pocket-able electronics for well over a decade. Why do manufacturers still insist upon having movable parts which don't close and then stay ABSOLUTELY secure?!? Also, why in the hell do they still insist upon using caps which vanish faster than half of a pair of socks? And finally, if somebody is making a product which will go into somebody's pants pocket, for the love of God please make certain all of the edges and corners have large NON POKE-Y radii.
I don't know. I makes sense if you have a couple of thousand bucks on these things. Otherwise....??
Wouldn't it be cheaper and also just a solution to dump some paper wallet on .pdf on a encrypted USB stick and open it only when you're offline on some kind of secured Linux system?
Don't you think it is better to have a solution that allows you to access your whole balance at any time with no security considerations?
Sure it's safe and cheaper. But hardware wallets allow you to spend directly and check your balance faster. I can't say if that actually does justify the price, it probably comes down to the person.
For just a little crypto portfolio I think a paper wallet as image or text encrypted on at least two HDD's in safe locations is just fine. However, I wouldn't go with any USB sticks because of flash storage. It's fast but flash storage could just have a failure without any chance of data recovery while HDD data can be recovered easier and it's even better if you replace the drives after 3 years. I think it's obvious that nobody should ever rely on just one storage device while doing something like that, so I'd go with at least 2 or 3 at different locations. Some people say paper wallets are useless because anybody can use them if he or she finds it.
I agree but it's just as bad if somebody steals the recovery sheet of your hardware wallet. Because of my paranoia and the comfort I might still get a hardware wallet.
I wonder isnt it possible to listen the communication between MCU and secure chip and get keys this way?
As soon as you write down the seed phrases it's no better than the usual "paper" wallet. Anyway bootable linux and an off-line computer: you get the same level of security, unless your hardware is backdoored.
True if you just buy and don't operate with them. False if you do, with hw wallets your private keys are not exposed in a computer. As for doing offline with usb, your computer device could still be backdored even if you later boot from an usb, so you should dedicate a offline device instead. but it doesn't even matter, this option is by far not as convenient as hw wallet.
HW wallet is a computer, but true, it is much more convenient. Anyway the point is: as soon as you write down the seed, it's game over. Both scenarios have the same weak link.
They do not have the same weak link, as dreyer already points out. When spending from a paper wallet, you have to plainly enter the private keys on a computer each time again, which makes them vulnerable for attacks. With a hardware wallet, the whole transaction is processed inside the Ledger, and only the end result leaves the Ledger. Nobody sees your private keys, not even you! This makes it impossible to hack your private keys, even when used on an infected computer.
Ledger is a computer, granted it would be harder to apply a hardware hack but still ...
Dragan Milivojević You're right, we can never be 100% sure that a hack is impossible. Still, I think it's the safest option for a wallet that you'll use for trades every now and then.
"I might try to get my knife in there" Hahahha you mad man
I'd love to buy such a thing if it came preloaded with the tousands of bitcoins that I missed buying in 2011.
Another great video Dave!
And riding the Bitcoin wave :)
My brother owns a Ledger, I forwarded him this video which I find "atypical" amongst your series ! Like this anyway !
Ciao from Switzerland !
HB3YOE Max
Dave did you just skip the autopsy ? (chest cut)
I thought the white one was broke after you shorted it?
If somone steals your hardware wallet, can't they just spend all the money by using it for transactions????
lol remember when 1 btc was 3.730$ i feel old
Hey EEVBlog, I know Power Ledger is not related to Ledger Wallet but the name just reminded me of it. Have you heard of / looked at it yet?
web.powerledger.io/
The idea is that people with solar panels can get better prices on their feed-in tariff than what electric companies are willing to pay, which it does using their own in-house crypto-currency to handle the money transfer from consumer to producer. The trouble is I haven't yet been able to find out how the electricity gets from producer to consumer. If it just goes over the existing electricity network, how do they handle paying all the middle-men involved in running that? And how else could it work if not over the existing grid?
I'd love to see you dig in to how it actually works.
I can't believe that you are trying to prove the security of these wallets, and you don't accept Monero as donation. I am disappointed :(
Where's the battery to power the display though?
Yes, physically robust like IronKey
Why dont you show the complete list? : )
Try the Ledger Blue
No water resistance? Really. For what it is and how much it costs it does not make any sense. Just for a buck they could make a water resistant version.
Evolv DNA 40 small screen... Where's the large screen version?
The thing that annoys me about cryptocurrencies and that makes me not want to invest is this: *Convenience Factor,* or the lack thereof.
No cryptocurrency I've found has managed to overcome this problem yet. Bitcoin is becoming more usable for the public with machines where you can buy "coins", but they still don't have the same ease of usability as things like contactless debit/credit cards.
As soon as someone creates a secure cryptocurrency that is stable, has a fast transaction speed and is very user-friendly, I'll invest most of my money straight away. That'll be the winner.
the point of crypto is you control it... and you control it with a very secure method... you can spend bitcoin (and maybe other coins) with plastic wallets with magnetic strips... but at that point you dont control it... like having your money in the bank. in the current wild west we have do you want your money in the bank?
Saing " I want a cryptocurrency that is user friendly " is like saying "I wan't a TCP/IP that is user friendly"
Ethereum recently broke a million transactions per day.
Using Ethereum with the Metamask chrome extension seems very simple to me but maybe I just spent too much time using it so idk
You are very deluded. It already is unprecedented in quality; what bank has not seen one service interruption in a decade? What bank does not need second factor auth. when using internet banking? Don't compare with paypal, they piggyback on the banking system.
just like everything else it needs time to be adopted, goverments also slow the process
Mentioning how much better the Trezor is at certain times, I at least expected the Trezor to be included in this video. "Look Ledger Nano S guys, this is how you should do it" while showing how much better the Trezor actually is. Again a mildly interesting video.
How can it be any good if the crypto stuff is in an NDA closed chip? How can we trust it?
You don't have to, you have a full open source option in the Trezor.
But to answer the question, it's trust in ST and the certification agencies, and that many banks and others use the same chip.
The vulnerability with the Trezor is entering the pin through the computer, this one is all contained within the unit. The Trezor has already been hacked.
Yeahhh! Whatever :DDD .
Thank you, awesome video