When I was first looking into crypto and reading of all the scams (many perpetuated by exchanges) I read comments about people selling these hardware wallets on Ebay with back doors installed. I also know of people who have sold used computers with back doors they installed as well. Since then, so many reports of back doors right from the manufacturer in the hardware, back doors exploits in the software. Looking into figuring out Linux so I can get away from Microsoft and reading even the popular Ubuntu has code no person seeking privacy would want. I resolved to myself if I ever got any real value in crypto I would only be safest using a paper wallet.
But even then, your worries of it being compromised the minute it was online are justified. So much hacking going on. Came across a guy years ago that would keep wallets on his computer with small amounts of Bitcoin in them so he would know when they were in his computer as they emptied the small balances out. Obviously wouldn't work with patient hackers. If they can hack the DOD, the security suite from Walmart isn't going to do much. That's not even considering how much hacking the government might be doing. Black op projects always need untraceable cash, and there isn't any pesky KYC crap involved for hackers, lol.
Appreciate your further confirmation not much has changed in the last couple years. Wonder if it ever will as it doesn't seem we will have the ability to manufacture this stuff for ourselves in the near future.
Cold signing transactions on an offline device seems like the way to go. It would be pretty much impossible to broadcast a private key from an offline device.
It becomes quite clear to me that generating the master keys themselves becomes the most obvious attack vector. If someone gets tricked into downloading bogus software the attacker can know what the master password is going to be before it even exists.
It is my belief that I should create a system that allows you to create the master seed dynamically with your own brain power, rather than relying on some "random" algorithm. I guess we could call this a proof-of-brain solution.
Fascinating discussion this, and @practicalthought -
I guess if you combined @edicted's method in combination with a newly configured machine when you download you'd have max security.
Otherwise I guess you're left with the option of simply keeping your coins on a multitude of exchanges.
Posted Using LeoFinance