[mr_sturd]

I'm still very much in favour of managing my own private keys in an encrypted database on my desktop/laptop. I feel like everyone is blindly trusting these devices, having been scared in to it by horror stories of malware lifting keys off machines.

I will eat my paper wallets if my meagre holdings are stolen from me like that.

[jillesvangurp]

I sort of agree with this.

One caveat is that laptops are commonly compromised and your security would depend on nobody stealing keys/passwords needed to access your database/password manager/whatever.

Having hardware token with paper backup, makes this harder. Having a lot of tokens creates a huge incentive for getting hacked.

If you have non trivial amounts of tokens under your control, you need to consider all the points of failure. Laptops get compromised in all sorts of ways and can be equipped with key loggers or worse. Unless you are a security expert, defending against a determined & skilled hacker is super hard. Most of us never get our setups audited by an expert and I'm afraid that a bog standard OS X/linux setup is probably only get you so far. Even if you turn on disk encryption and do all the rest of the things you are supposed to do.

So the advantage of a token is that it does not depend on your laptop being uncompromised and that it is a third party solution that can be scrutinized and audited. That being said, I'm not a big fan of having a proprietary software/hardware package and would prefer to trade in my ledger for a properly OSS platform. There are a few of these platforms but it is early days and I'd need it to support Stellar though. As far as I know, ledger is the only thing working with that. I own a few of those for this reason.

IMHO there's a big market opportunity for creating a secure, easy to use hardware token for ubikey/oauthn signins, managing blockchain wallets, and doing 2fa. Not impossible, but making open hardware/software platforms commercially is apparently still a big challenge. I'd buy several if the price and feature set were right . Assuming enough auditing/vetting has happened by people that are smarter than me, of course.

[doomslice]

Founder of StellarGuard here, so sort of in the same realm. Just wondering what additional features you'd want out of such a hardware token. Would it need to do the actual signing of transactions on the device for you to feel secure with it, or would generic U2F (Yubikey) + signing on the software be sufficient, assuming we could do it securely?

[jillesvangurp]

Yes, that is the point. Basically you have to work under the assumption that your laptop may be compromised. So anything that exposes private keys to it is going to end up leaking those keys. With the ledger you approve transactions on the token. You configure it from a paper backup or by letting it generate a private key for you and you use it to sign transactions.

[jki275]

Signing on the hardware is pretty much the only way to safeguard the keys. PCs and phones have an attack surface much too large to properly secure.

[kybernetikos]

My Ledger Nano supports fido u2f and manages blockchain wallets, so I presume you're just asking for an open version of that?

Maybe the ease of use isn't quite where it could be.

[jillesvangurp]

Yes, I'd feel more comfortable with something that is end to end auditable without any secret/proprietary stuff.

Also the Nano does some of that but doesn't work with e.g. Firefox. I have to use Chrome to be able to do anything with it.

[kybernetikos]

I use Firefox nightly, and flick the security.webauth.u2f configuration setting.

[matt2000]

Another interesting alternative is multisignature wallets, like the new Gnosis Safe: https://safe.gnosis.io/

An on-chain contract holds your funds and requires some number of signatures to authorize transactions (for personal use usually 2, i.e. one from your desktop computer and one from your phone). That way at least you know two separate devices would have to be compromised to cause loss of funds. This also allows for interesting key recovery strategies like having a third paper wallet that is also authorized. You could use that as a backup key that would allow authorization of a new key if your phone were stolen, etc.

[YjSe2GMQ]

I used both a "swarm of crypto clients" and ledger/trezor, and the thing about the latter is that not only is it more secure (and argue with that if you want), but also more convenient. To a regular user those devices are kind of Netflix/Spotify for crypto.

[kirushik]

Another possible take on this would be Parity Signer (https://www.parity.io/signer/), which is an opensource app turning your (full-disk encrypted and put into an airplane mode) old phone into an improvised hardware wallet.

Very narrow attack surface (no USB or Bluetooth, only QR codes are used for communication), and more safety against the supply chain attacks make it a viable alternative for some particular threat models.

[jki275]

These should be safer than that. The keys are generated on a secure processor and should not ever be able to be removed from the device.

[32032141]

A "secure", closed source processor. Given the Ledger bootloader had a rather nasty and bluntly obvious bug in it that allowed you to bypass all of the write protection and boot any firmware, I'd give them nearly zero chance of having got anything else right.

[jki275]

Let he who has never written software that had a bug throw the first stone...

[32032141]

Hi, I've written bootloaders before.I know that blacklisting addresses doesn't work, as many memory locations will be mapped multiple times. Strangely, most people that have worked with microcontrollers is aware of this, except for the people who wrote the closed source bootloader at ledger.

[jki275]

Well, since you're the expert, why haven't you written a better one? There's a huge market for this...

[32032141]

I don't think my threat model encompasses the safety of other people's money.

[WrtCdEvrydy]

> Let he who has never written software that had a bug throw the first object Object...