Replying to Avatar cryptowolf

the key point here is the steel back up.

I personally prefer Trezor Model T with passphrase and steel backup.

My widely unpopular opinion on this is, if you are using lightning for pocket change, I wouldn't make a big deal about the wallet you choose. Life savings should be on cold storage.

Non custodial lightning wallets are a great initiative, but Im not sure i would trust them with large amounts even once cold storage is available for them.
Avatar
boston wine 2y ago

Steel backup should be non-optional for any significant value đź’Ż

I recall reading that Trezor’s seed can be extracted with the right approach, although I have no idea what that entails. (Note, I just dug this article back up but have not re-read it yet). https://blog.ledger.com/Unfixable-Key-Extraction-Attack-on-Trezor/

I think we’re in agreement on Lightning. Custodial or not, there’s a risk. Some more, some less. A spending wallet in either case, in line with your personal level of risk tolerance 🤙

Reply to this note

Please Login to reply.

Discussion

Avatar
cryptowolf 2y ago

I recall reading that to and it was debunked years ago.

Hence why i wrote "WITH A PASSPHRASE" in my comment :)

The seed cannot be extracted if you use a passphrase even with that multi-millionaire hardware tool kit :) Just like the files on your computer can be extracted without using a password.

The link you posted was from their inferior competitor ledger website. Ledger leaked private user data to the dark web. Ledger also has the ability to download your private keys to the cloud. This is not possible with trezor. Here is the article that explains it. Since your link was from their competitor, my link will be from Trezor :)

https://blog.trezor.io/addressing-concerns-about-trezor-firmware-1-5-2-4c1f766034c7

Avatar
boston wine 2y ago

Haha, thank you for the link! Will read this in depth.

Didn’t know whether a passphrase affected this piece of Trezor security, so that’s great to know.

And I’m familiar with the Ledger hack - between that and the recent “split seed phrase backup” news, I don’t recommend them to anyone… and I sure don’t love that they store a ton of user data from Ledger live itself:

https://www.ledger.com/privacy-policy