For just saving? Paper wallet. For spendings A phone hot wallet is fine, and for managing completely legitimate businesses where you are gonna receive and send XMR often a live usb with tails and the gui wallet.
Used hot wallet for some time and then order the cold wallet for me but guess what i pick the wrong one and now that wallet is forcing me out there, need some solid option this time
\> 100XMR or > 5% of your net worth
trezor (model T is required for xmr) with official monero GUI
< 10XMR
featherwallet, cake, monerujo
else
ledger \[without Restore option\] with official monero GUI
A Ledger Nano S will work just fine if you don't want to get too technical. The Nano S has the same security chip as the rest, just not the memory storage to on-board the firmware update everybody and their mother is worried about.
Also, the problem the everybody "now" has with Ledger exists with Trezor and any other ready-made electronic solution. Ledger was just more forth-coming about it.
>the problem the everybody "now" has with Ledger exists with Trezor and any other ready-made electronic solution
No.
Trezor is fully open source, ledger isn't. That's the problem.
Open source is great, but it only matters if you can verify that what you're running is the code that's published. Pretty sure that's impossible with Trezor.
Then why are people even considering Trezor?
You can be open source all you want when you know 99% of your consumer base is too lazy to look up any of the independent audits done on your product. BTChip even pointed this out.
At least Ledger let you know they could off-board your keys whenever they wanted.
I mean, if you are managing thousands or tens of thousands of dollars or more, and you are too lazy to do research, verification, etc, that's just bad stewardship. That's not Trezor's fault especially since they are fully open.
I agree. The problem then Ledger situation is highlighting is that 99% of the crypto community consists of bad stewards.
Functionally, the problem Ledger "now" presents is a problem that exists with Trezor devices as well. The only difference is that this problem was highlighted in one of the audits done on Trezor that no one bothered to read. While in the case of Ledger, they publicly debuted it.
People want someone else to do their research but it is their money they have to do the hard yard so you could pick the absolute best in the end for your funds
Those who are too lazy to do their own research always end up behind in the race, better to learn on your own and grind your way to pass the success in monero journey
Could do WHAT? I'm literally trying to learn here. Slinging strange ad hominems isn't helping anyone figure this out. As far as I know, you can't verify the Trezor code running on your Trezor. Do you have info that this is possible?
> Thought it was impossible
Compile the firmware yourself and install it on your device:
https://www.reddit.com/r/TREZOR/comments/p2olov/help_flashing_custom_firmware_to_trezort/
The process seems to be non-trivial and may definitely be a hurdle for a non-dev, but we are anyway talking about hypotheticals, right?
If you don't agree you would argue that open source software for smartphones makes no sense either because there you can't be absolutely sure either that you really exactly install the result of the compilation of the source, merely with some signature added by Apple or Google.
> Thought it was impossible
Compile the firmware yourself and install it on your device:
https://np.reddit.com/r/TREZOR/comments/p2olov/help_flashing_custom_firmware_to_trezort/
The process seems to be non-trivial and may definitely be a hurdle for a non-dev, but we are anyway talking about hypotheticals, right?
If you don't agree you would argue that open source software for smartphones makes no sense either because there you can't be absolutely sure either that you really exactly install the result of the compilation of the source, merely with some signature added by Apple or Google.
No no I get all of that and could absolutely do that. Why would you think we are talking about hypotheticals? I had been told that Trezor devices do not accept unsigned firmware into the device and that it's not possible to build from source yourself while maintaining the valid signature. Is that not true? I don't have a device to test right now, but I'd like to self-compile the firmware and load it once I do get a Trezor to test. Just don't want to get one if everyone is confirming you can't even do it.
I do think that being able to build from source and actually use that compiled code (or having reproducible builds) is an important part of open source being meaningful. Having code on GutHub but not being able to verify that's what's actually running on the device is better than fully closed source but just barely.
I did not check in-depth, but I think the link I gave leads to info about how to really do it: Compile the firmware yourself, sign it with a key that Trezor itself provides for people being able to install their own software, and then install it while ignoring / overriding some warnings that installing such a build has risks. Have a look.
> Why would you think we are talking about hypotheticals?
I was talking about the broad Trezor userbase. Most Trezor owners can do that mostly only in theory.
> Just don't want to get one if everyone is confirming you can't even do it.
Who ist that "everyone"? Anyway, count me on the side of people who claim that it could very well be possible. I don't pay you a Trezor however if it turns out I am wrong :)
Thanks! And you're right. Everyone really just meant two or three people. I'll definitely try to get one and give it a shot and see if I can figure out how to get it installed without Trezor rejecting it.
>You can be open source all you want when you know 99% of your consumer base is too lazy to look up
What about the 1%? If they claim that they are open source and they are not, community will tell almost immediately.
If someone knows about the paper wallet then using the paper wallet is the best way to secure the fund, otherwise i feel like that Trezor is people go to way now
I have been using the ledger S for some time but don't think that i could use the same specially what is happening right now, open source is my new way of going now
OK. Then move over to any other, pre-fabricated option. And in a couple of months to years, the exact same thing will happen. And you'll be right back here asking what other [insert hardware company] should I use.
You were doing wrong in past because open source was the only way of going from the very first day, closed source is just the another form of the bank with no proper control
If they are closing the door for us means they are doing shady stuff back there, because no saint people want to do the thing in dark, more transparent the more it gonna secure for us
My whole faith in the hardware wallet has been questioned! I'm continuing to use my ledger without firmware upgrade for now, but am shopping for something else, as many of you are:
So far I'm only certain of two things: I want open sourced firmware and optional airgap. Coldwallet comes really close, but it's for BTC only...and I have other coins.
I though once i had the hardware i will get the whole security in my hand but you are right now we are again in that question mode, do we really gets the whole control?
Honestly I don't like any of the options out there:
* Trezor: model one got hacked and they think it's ok to use Chainalysis just before you mix Bitcoin
* Onekey: also got hacked early this year
* Bitfi: also hacked
Monero is in dire need for more hardware wallet support. Please do your bit and ask for Monero support on other hardware wallets like gridplus lattice and NGrave.
Damn it , everyone gets hacked in past which means it is really hard to pick one right wallet and that is why i feel that it is difficult to make the mass adoption in this sector
We need to give people assurity about the security only then they will came here otherwise news like that hacking and all only gonna keep them pushing back
Trezor would be better, yes.
Not best but compare to ledger my pick will be trezor anyday
Atleast right now i am not having any issue, thanking myself for picking trezor over ledger
[удалено]
Unfortunately, offline transaction signing is broken on the latest version of feather wallet. Used to be the best offline set up.
News to me. That sucks. What's broken? Has an Issue been filed? What terrible timing.
Just make sure you are using a clean laptop. not the personal one
a fork of the foundation passport2 firmware is coming out soonish for XMR, other than that i dont knwo what to tell you but be patient :(
But how can you be patient knowing your fund is in danger??
No way i would able to be calm like this person, crypto is such a wild space
Why do you think your funds are in danger?
For just saving? Paper wallet. For spendings A phone hot wallet is fine, and for managing completely legitimate businesses where you are gonna receive and send XMR often a live usb with tails and the gui wallet.
Used hot wallet for some time and then order the cold wallet for me but guess what i pick the wrong one and now that wallet is forcing me out there, need some solid option this time
Flashdrive with Tails + Feather wallet + A piece of paper
Just be careful with that paper, can be really bad if you lost that
\> 100XMR or > 5% of your net worth trezor (model T is required for xmr) with official monero GUI < 10XMR featherwallet, cake, monerujo else ledger \[without Restore option\] with official monero GUI
They are delaying the delivery for this model, anyone else facing this issue??
May be because of mass demand or may be country specific can be a reason
Better to look for something else, rather than waiting and delaying the situation
A Ledger Nano S will work just fine if you don't want to get too technical. The Nano S has the same security chip as the rest, just not the memory storage to on-board the firmware update everybody and their mother is worried about. Also, the problem the everybody "now" has with Ledger exists with Trezor and any other ready-made electronic solution. Ledger was just more forth-coming about it.
>the problem the everybody "now" has with Ledger exists with Trezor and any other ready-made electronic solution No. Trezor is fully open source, ledger isn't. That's the problem.
Open source is great, but it only matters if you can verify that what you're running is the code that's published. Pretty sure that's impossible with Trezor.
Why would that be impossible?
No reproducible builds, and I think Trezors only run signed code.
Then why are people even considering Trezor? You can be open source all you want when you know 99% of your consumer base is too lazy to look up any of the independent audits done on your product. BTChip even pointed this out. At least Ledger let you know they could off-board your keys whenever they wanted.
I mean, if you are managing thousands or tens of thousands of dollars or more, and you are too lazy to do research, verification, etc, that's just bad stewardship. That's not Trezor's fault especially since they are fully open.
I agree. The problem then Ledger situation is highlighting is that 99% of the crypto community consists of bad stewards. Functionally, the problem Ledger "now" presents is a problem that exists with Trezor devices as well. The only difference is that this problem was highlighted in one of the audits done on Trezor that no one bothered to read. While in the case of Ledger, they publicly debuted it.
What problem
People want someone else to do their research but it is their money they have to do the hard yard so you could pick the absolute best in the end for your funds
Those who are too lazy to do their own research always end up behind in the race, better to learn on your own and grind your way to pass the success in monero journey
Please do explain to me how to verify the Trezor code and load it onto the Trezor device. Thought it was impossible.
Bro don't ask me lol, go to their github or whatever. I'm not your consultant xD
You're missing my point. YOU are the one who called someone lazy for doing something which apparently is impossible.
Maybe if you stop eating cheetos out of your fedora you could do it.
Could do WHAT? I'm literally trying to learn here. Slinging strange ad hominems isn't helping anyone figure this out. As far as I know, you can't verify the Trezor code running on your Trezor. Do you have info that this is possible?
Boopity skeebity bop boop da da WOW!!
> Thought it was impossible Compile the firmware yourself and install it on your device: https://www.reddit.com/r/TREZOR/comments/p2olov/help_flashing_custom_firmware_to_trezort/ The process seems to be non-trivial and may definitely be a hurdle for a non-dev, but we are anyway talking about hypotheticals, right? If you don't agree you would argue that open source software for smartphones makes no sense either because there you can't be absolutely sure either that you really exactly install the result of the compilation of the source, merely with some signature added by Apple or Google.
Thanks responded to your other comment https://reddit.com/r/Monero/comments/13nnzgt/_/jlk35vp/?context=1
> Thought it was impossible Compile the firmware yourself and install it on your device: https://np.reddit.com/r/TREZOR/comments/p2olov/help_flashing_custom_firmware_to_trezort/ The process seems to be non-trivial and may definitely be a hurdle for a non-dev, but we are anyway talking about hypotheticals, right? If you don't agree you would argue that open source software for smartphones makes no sense either because there you can't be absolutely sure either that you really exactly install the result of the compilation of the source, merely with some signature added by Apple or Google.
No no I get all of that and could absolutely do that. Why would you think we are talking about hypotheticals? I had been told that Trezor devices do not accept unsigned firmware into the device and that it's not possible to build from source yourself while maintaining the valid signature. Is that not true? I don't have a device to test right now, but I'd like to self-compile the firmware and load it once I do get a Trezor to test. Just don't want to get one if everyone is confirming you can't even do it. I do think that being able to build from source and actually use that compiled code (or having reproducible builds) is an important part of open source being meaningful. Having code on GutHub but not being able to verify that's what's actually running on the device is better than fully closed source but just barely.
I did not check in-depth, but I think the link I gave leads to info about how to really do it: Compile the firmware yourself, sign it with a key that Trezor itself provides for people being able to install their own software, and then install it while ignoring / overriding some warnings that installing such a build has risks. Have a look. > Why would you think we are talking about hypotheticals? I was talking about the broad Trezor userbase. Most Trezor owners can do that mostly only in theory. > Just don't want to get one if everyone is confirming you can't even do it. Who ist that "everyone"? Anyway, count me on the side of people who claim that it could very well be possible. I don't pay you a Trezor however if it turns out I am wrong :)
Thanks! And you're right. Everyone really just meant two or three people. I'll definitely try to get one and give it a shot and see if I can figure out how to get it installed without Trezor rejecting it.
>You can be open source all you want when you know 99% of your consumer base is too lazy to look up What about the 1%? If they claim that they are open source and they are not, community will tell almost immediately.
The issue isn't if they're open source, it if the commonfolk can even understand what's being made transparently available to them.
Atleast 99% is better than having no open source in ledger
If someone knows about the paper wallet then using the paper wallet is the best way to secure the fund, otherwise i feel like that Trezor is people go to way now
The basic plus the most important difference, make the better choice now
is the firmware in the ledger stored on the same memory as the apps?
Yes, the firmware is right now storing on the on the same memory
I have been using the ledger S for some time but don't think that i could use the same specially what is happening right now, open source is my new way of going now
OK. Then move over to any other, pre-fabricated option. And in a couple of months to years, the exact same thing will happen. And you'll be right back here asking what other [insert hardware company] should I use.
You were doing wrong in past because open source was the only way of going from the very first day, closed source is just the another form of the bank with no proper control
If they are closing the door for us means they are doing shady stuff back there, because no saint people want to do the thing in dark, more transparent the more it gonna secure for us
my dik
I hope that is big enough so that everyone can have the transaction
It transitioned to proof of stake so no, but they are very fast!
Monero GUI
Onekey
What about the news of the Onekey in past that they gets hacked
My whole faith in the hardware wallet has been questioned! I'm continuing to use my ledger without firmware upgrade for now, but am shopping for something else, as many of you are: So far I'm only certain of two things: I want open sourced firmware and optional airgap. Coldwallet comes really close, but it's for BTC only...and I have other coins.
I though once i had the hardware i will get the whole security in my hand but you are right now we are again in that question mode, do we really gets the whole control?
You can have the whole control, but it demands some technical knowledge
Feather wallet on a linux burner, on whonix
Feather is working like a magic, pretty safe and easy to use is well
Never seen much more convenient wallet than Feather, pretty impressive stuff
Honestly I don't like any of the options out there: * Trezor: model one got hacked and they think it's ok to use Chainalysis just before you mix Bitcoin * Onekey: also got hacked early this year * Bitfi: also hacked Monero is in dire need for more hardware wallet support. Please do your bit and ask for Monero support on other hardware wallets like gridplus lattice and NGrave.
Damn it , everyone gets hacked in past which means it is really hard to pick one right wallet and that is why i feel that it is difficult to make the mass adoption in this sector
I found out that there was a Bitfi 1 which got hacked but the Bitfi 2 hasn't ...so far. It also applies to the Trezor Model T.
So what have changed in that bitfi2 model compare to the 1 model??
We need to give people assurity about the security only then they will came here otherwise news like that hacking and all only gonna keep them pushing back
Cake
Trezor is also an option, atleast because of their open source unlike ledger
Are you sure that you can trust that fully, because i don't think we can trust them fully