The only wallets that meet this requirement are those that do not have any secure element.
It is unfortunate that influencers who are not cryptographers, or even computer scientists, are recommending and analyzing hardware wallets.
A Trezor T (despite its vulnerability) with a passphrase of more than 128 bits of entropy is more secure than any hardware wallet with a secure element and a PIN.
Whichever HWW you use, you have to realize that you must use a seed + passphrase with more than 128 bits of entropy, and therefore a secure element becomes unnecessary as well as inadequate because they sell it to you as if a passphrase is not necessary, and on top of that you have to trust something that is a black box, such as the secure element.
It's incredible how much nonsense I have to listen to in this Bitcoin space.
nostr:nevent1qqs25668ywg6prc7c4n39e5ndt83g7geneqyvsxva8pmc0mhcud4l2q09ljnw
Why use a passphrase with more than 128 bits of entropy?
- To forget about the stupid market for hardware wallets with secure elements.
- So you don't have to worry if your seed is stolen.
"Politicians are thieves and bastards" has an entropy of 205.
nostr:nevent1qqs0zysnu92r60vnnkuptcwekara23wdjxdux3x3agfdahuy2vfdtpqpp4mhxue69uhkummn9ekx7mq8s7kms
A passphrase is still a multi-signature, but much easier to manage, and you should treat its backup in the same way as a multi-signature.
Multi-signatures are overrated and passphrases are underrated.
nostr:nevent1qqstl27cj5vyy4rxg7qq489cvn59x37hekty5xzh6spavzg52an6hrsmxkmak
Default seed phrase length is 12 which is about 128 bits of entropy. If you have to memorize a 128 bit passphrase just to unlock your Trezor then what's the advantage over just using a paper wallet. If you're already basically memorizing a seed phrase, just skip all hardware vulnerabilities and use a paper wallet.
The whole point of a hardware wallet is to use the security of the wallets software and hardware to encode a memorizable low entropy pin or password into the 256 bit or higher seed that's encrypted on the device. You rely on the firmwares brute force resistance. The secure element claims to do this better but is a major centralized black box that almost certainly has a backdoor.
Point is if you're at the level where you've memorized 128 bits of entropy, just use a paper wallet and plug it into an airgapped laptop when you need to spend. You've basically surpassed the need for a hardware wallet. Very conflicting information you're spreading.
How do you just “use”
A #paperwallet ? Asking as a newbie and a genuine. Setting aside all the angst about “you will lose it etc”. Assume a competent adult that can keep a handwritten pen and paper document (and a copy remotely) and has dollars and wants bitcoin and only wants to use paper wallet or wallets. How would this happen?
Ideally you have a computer with no networking hardware installed running TAILS OS or Kicksecure in live mode. Then you open some sort of Bitcoin wallet software (I'd choose Sparrow) then you make a wallet, copy down the seed phrase then an address.
You could export view keys to a USB then load those into another computer with networking access. You're going to have to be careful with your network privacy while doing this as a malicious Electrum server can link your transactions to you, but using a view only wallet will give you assurance your transactions are recieved while the private keys are only written down on paper. You could also just watch the address you're sending to on a blockchain explorer like mempool.space
The problem with this is that on-chain all of your transactions are accumulating on one address. Terrible for privacy. There are stealth addresses in some wallets but the adoption is low thus far, I think Cake wallet and one other are the only ones that can recieve steath address payments.
Understood but basically need two computers, one which you had somehow made sure has no networking hardware, some OS that you also have and trust, a USB you also acquired and trust and even then it’s minimally paper and sounds very hard to do with any privacy. I am not trying to just complain and maybe this is all simple to more tech savvy people but my guess is like 99 out of 100 people would read that explanation and have no idea how to even start. And buried in the lines is a bunch of other stuff (just downloading without being on the network confuses me and sparrow isn’t so straightforward iirc comes with other steps like verification of keys and then will say you have to run your own node to really be able to trust sparrow anyway again iirc…. So I bet I’m being generous thinking 1% can handle all that). But even with all that, you have a wallet which is sort of 2 computers and a USB and some passphrase on paper, and you have some dollars, but still no bitcoin right? How do you cross that bridge? Literally once read to wear a disguise and find some sort of shady ATM somewhere (but somehow find these without using any internet search or maps that can track you) and expect to put in cash and get something out while getting photographed but just pull the brim low…
Best way to get non KYC maximally private Bitcoin is to buy Monero either on an exchange or ideally via Retoswap non-KYC then swapping from a site on trocador.app or via Retoswap into Bitcoin.
For those ideologically opposed to non Bitcoin projects, Bisq is your best bet: Tor onion routing by default, high fiat liquidity etc. Others exist like Mostro, Vexl, Peach but they have more tradeoffs from an OPSEC perspective but generally are easier to use. Robosats is good if your lightning setup is private but most have an LSP setup or even worse, a custodial setup like Wallet of Satoshi in which you get less privacy than with on-chain Bitcoin from your custodian.
In my opinion, if you're trying to go as simple as possible, I'd get a Foundation Passport hardware wallet and just buy Bitcoin via Bisq using either cash by mail, USPS Money Orders (assuming US), or Zelle (assuming US). Ideally use a Linux computer for this but windows works (really use Linux though). Then transfer the Bitcoin to your Passport.
If you don't mind KYC or other projects you're better off buying Monero from Kraken, sending that to a Cake Wallet (app on iOS or Android or Desktop) address then swapping to Bitcoin mid app into your Foundation wallet. That's going to give you better on-chain privacy than even buying from Bisq (your UTXO will be linked to the information you give depending on payment method) while having a pretty simple UX and excellent air gapped security with the foundation wallet.
These are just my ideas I'm coming up with off the dome, there may be a better solution but these options provide a high degree of privacy and security with a smaller learning curve.
For spending you can sign a transaction and export it via a USB stick with Sparrow and broadcast it on another computer that has networking access. This is an airgapped solution that uses maximal security. You can also make a seed signer device with a raspberry pi. Lots of airgapped options.
Granted this setup is pretty unintuitive and laborious. Only for specific threat models and use cases. You can compromise by loading the seed phrase into a hot wallet, but greater risk of loss of funds due to malware or a 0day vulnerability.
Security is a spectrum depending on your risk tolerance and threat model. If you've got a few bitcoins, you're probably going to want to do an airgapped solution as I've described, likely with multi signature too so you need to recover multiple seed phrases to sign a transaction. All tradeoffs between usability and security.
What isn't going to help much is using a Trezor but adding what amounts to a second seed (128bit passphrase) onto your seed. You still will get wrenched and lose everything. The difference between brute forcing 256 bit keys and 384bit keys is the difference between impossible and impossible. You don't gain any cryptographic security, just security theater, thus my criticism of nostr:nprofile1qqs0eac2gh86s9l24qfmnw52xawhz0f3d862yleaetpafygjmanaxlspzdmhxue69uhhqatjwpkx2urpvuhx2ue0qy88wumn8ghj7mn0wvhxcmmv9uq3uamnwvaz7tmwdaehgu3dwp6kytnhv4kxcmmjv3jhytnwv46z7ramexg's "advice".
Thanks. I am not critical or defensive of any approach I am trying to figure out what would really work for real people. It seems to me the most private cypherpunk (a word I parrot without pretending to really know) solutions are labyrinthian tech solutions using tech that probably was not available 5-10 years ago and may not be available 5-10 years from now. Seems unrealistic for almost everyone across space and time (successors need to be also expert). Again not trying to be cynical but there is hand waving towards free and open source software as if that’s a guarantee it will be usable and maintained into the future but I have no idea if that’s really more trustworthy than the alternative of profit motivated companies.
Should be clear I wrote cypherpunk above referring to the generic self described term many use - not referring to the particular poster.
You're totally right. For most, secure element hardware wallet with a simple 6 digit pin will do. They're open to attack from the secure element manufacturer and state intelligence backdoors but they're also likely completely KYCed and have no on-chain privacy so the state is not in their threat model anyway.
If one has larger holdings hiring nostr:nprofile1qqs0w2xeumnsfq6cuuynpaw2vjcfwacdnzwvmp59flnp3mdfez3czpsprpmhxue69uhkummnw3ezumr0wpczuum0vd5kzmp0ksxxx2 and having his company or another competitor set up an elaborate multisig setup would be ideal. That way they handle all the cypherpunk security stuff.
For us autistically obsessed cypherpunk types, yeah we are going as hard as possible mainly for fun.
How do you calculate entropy? I looked in some websites but somehow the “years to crack the password” that each one had showed great discrepancies (still in the billions)
Keepassxc uses the zxcvbn algorithm (modified by them), and you can also use:
