Wall Observer BTC/USD - Bitcoin price movement tracking & discussion

[AlcoHoDL]

[...]
Many folks might not even know if they lost possession or not. They cannot find their Trezor, but they also cannot remember for sure where they last put their Trezor.
[...]

This may sound too harsh, but these people do not deserve to own Bitcoin. I will not feel the slightest bit of sympathy for them if they lose their coins.

Would they do the same if they had a suitcase full of cash? Would they forget where they last put it? I bet they wouldn't.

Extended family history: lost (for a time) quite a bit of money (bearer bonds or something like that) by putting them, as it turned out, inside a big book, then properly forgetting it completely. Family was looking for this for years, then found the 'instruments' when they were moving many years later. Alas, by then most of the value was eaten by inflation.
Don't think that you would always remember that odd password that you concocted recently and did not write down somewhere. Memories do fade.

Yep, we should probably be reassessing and going through our various security set ups (like testing passwords and access) on about a yearly basis, yet easier to say than done because sometimes it can be time consuming to go through various matters.  I have a set of physical and electronic keys for a smart lock that have been sitting on one of my bookshelves for more than 6 months, on the list of things to do.. to program and to hide them in their various locations.. ..

Also frequently through the year, I will add various new passwords, change some passwords and perhaps even delete a few accounts, including some of them are 12/24 seedwords, and so at a certain time of the year, I am supposed to update them into my storage systems and hopefully I don't lose them or leave exposure to any of them while they are in the process of waiting to be added to my updated system.

Surely some of us may have had relatives who pass and we try to figure out what accounts they have, and i even had some relatives tell me that they want me to know their passwords in case something happens to them, and my most common response is that they need to keep their passwords in a safe place that would be accessible upon their passing, which surely is easier said than done... and most likely value ends up getting lost when persons pass and so many passwords that they are not even able to keep track of.

I would say, don't overdo it when it comes to the complexity of your security schemes, because you may "lock yourself out" of your coins or whatever data you're protecting. I remember a long time ago I had designed a very complex and intricate algorithm that would link a set of seemingly random numbers to my seed words. The plan was to be able to store that set of random numbers on my PC (which could be connected to the Internet), so that, even if someone got hold of that set of random numbers, they would not be able to get to my seed. I'm pretty confident that the algorithm was very secure and would protect the seed. But then it dawned on me: what if I, myself, forget how to get to my seed? So I dropped the whole thing and simply used normal backups + a very strong passphrase.

I think, when it comes to security, a good approach is to keep things clean (not unnecessarily complex), standardized, and cryptographically strong. And don't forget to periodically refresh your neurons by unlocking your "safes" every few months or so.

[El duderino_]

The dude arrived on his celebrating BTC and new years destination

Were is it … merit boost worthy for the correct location

Thank you BTC

Madeira

Homer already got it
Copacabana
But it was across the street so it’s confusing and not the typical signs

[ChartBuddy]

Explanation
Chartbuddy thanks talkimg.com

[ChartBuddy]

Explanation
Chartbuddy thanks talkimg.com

[ChartBuddy]

Explanation
Chartbuddy thanks talkimg.com

[Gachapin]

I wonder where are JJG's Gay Christmas cards ??

seems like Christmas is over, even on that pic... try again next year  

[ChartBuddy]

Explanation
Chartbuddy thanks talkimg.com

[JayJuanGee]

I wonder where are JJG's Gay Christmas cards ??

seems like Christmas is over, even on that pic... try again next year  

I don't recall my having any kind of meaningful streak of posting gay Christmas cards, even at the peak of the holiday card sending seasonings...  

As a matter of fact, I find it less than appealing to be looking at pics of men (whether well-endowed or not), as compared with gawking at the attributes of the more fair sex.

That's part of the reason why I keep my Grinder settings aimed at having preferences for females.

[Gachapin]

....At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has  physical access to the device with a non-secure element.  
....

no no JJG .... The PIN is used to encrypt the seed on your device. A strong (long) PIN cannot be cracked via brute force, so it's not possible to decrypt your seed when someone gets hold of your device.
That's why Trezor enabled PINs with 50 digit length (maybe longer), when they fixed the vulnerability of physical access a few years ago.  

Means, if your PIN is long enough (has enough entropy) nobody can get the seed out of your device.
No (un)secure element needed !

I recall that the security breach of having physical access to the Trezor was from several years ago, and I thought that the ONLY remedies was avoiding physical access to the Trezor and/or having a passphrase, as is stated in this Kraken Blog article.  The Article describes brute forcing the pin too, yet I cannot recall the pin being less vulnerable based on length and complication, even though what you say makes sense if they have to brute-force the pin, too.

Until I see something more clear, I will have to take what you are saying about the creation of a more robust pin (as the solution to the problem) with a grain of salt.

haha no need to trust me.... that the PIN protects your Trezor against physical attacks by encrypting the seed is written in the adtual article you posted yourself...  

We then crack the encrypted seed, which is protected by a 1-9 digit PIN, but is trivial to brute force.

https://blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-wallets

Again, that's why Trezor upped the possible PIN length to 50 digits (166 Bits), so there is no possibility to brute force anymore.

If that 2020 article is proclaiming that changing the pin number protects you from attack, then why did they not list such protection in their suggestions? Here's what the article says:



Maybe there is a newer article going into such details that describe how making a more sophisticated pin code helps?  or prevents hack-ability, as you seem to want to proclaim.

...because at that time the Trezor didn't offer the possibility of a longer PIN yet  

c'mon JJG it can't be that hard to understand!

[Gachapin]

I wonder where are JJG's Gay Christmas cards ??

seems like Christmas is over, even on that pic... try again next year  

I don't recall my having any kind of meaningful streak of posting gay Christmas cards, even at the peak of the holiday card sending seasonings...  

As a matter of fact, I find it less than appealing to be looking at pics of men (whether well-endowed or not), as compared with gawking at the attributes of the more fair sex.

That's part of the reason why I keep my Grinder settings aimed at having preferences for females.

It's not for you or me... it's for the BTC price !   ...ok admittedly that is for you and me then  

[ChartBuddy]

Explanation
Chartbuddy thanks talkimg.com

[JayJuanGee]

....At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has  physical access to the device with a non-secure element.  
....

no no JJG .... The PIN is used to encrypt the seed on your device. A strong (long) PIN cannot be cracked via brute force, so it's not possible to decrypt your seed when someone gets hold of your device.
That's why Trezor enabled PINs with 50 digit length (maybe longer), when they fixed the vulnerability of physical access a few years ago.  

Means, if your PIN is long enough (has enough entropy) nobody can get the seed out of your device.
No (un)secure element needed !

I recall that the security breach of having physical access to the Trezor was from several years ago, and I thought that the ONLY remedies was avoiding physical access to the Trezor and/or having a passphrase, as is stated in this Kraken Blog article.  The Article describes brute forcing the pin too, yet I cannot recall the pin being less vulnerable based on length and complication, even though what you say makes sense if they have to brute-force the pin, too.

Until I see something more clear, I will have to take what you are saying about the creation of a more robust pin (as the solution to the problem) with a grain of salt.

haha no need to trust me.... that the PIN protects your Trezor against physical attacks by encrypting the seed is written in the adtual article you posted yourself...  

We then crack the encrypted seed, which is protected by a 1-9 digit PIN, but is trivial to brute force.

https://blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-wallets

Again, that's why Trezor upped the possible PIN length to 50 digits (166 Bits), so there is no possibility to brute force anymore.

If that 2020 article is proclaiming that changing the pin number protects you from attack, then why did they not list such protection in their suggestions? Here's what the article says:

Maybe there is a newer article going into such details that describe how making a more sophisticated pin code helps?  or prevents hack-ability, as you seem to want to proclaim.

...because at that time the Trezor didn't offer the possibility of a longer PIN yet  

c'mon JJG it can't be that hard to understand!

You think I am playing with you? 

I am not.  I am giving my own understanding of the matter, and I don't claim to be a technical genius, yet I have been pointing out some technical pieces to support the assertions that I have been making...and to show my understanding of the matter.  I doubt that what I have been saying is outside of the sphere of what some other guys might think about various Trezor weaknesses, and/or vulnerabilities.  And, by the way, I find Trezor's usability to be quite friendly and easy.

From my understanding, frequently Trezor is still being criticized because of its physical access vulnerability, and sure that could merely be competitors who are making those kinds of proclamations, yet Trezor does not seem to be countering those claims.

If the longer pin were to be removing such physical access vulnerabilities (or greatly diminishing such vulnerabilities) then I would have had thought that there would be some kind of a counter-marketing campaign coming out of Trezor's camp and/or one of their supporting camps rather than their seeming to want to cave in and to move over towards providing secure elements in their newer products, which yeah so far many of us recognize that the secure element is not completely open sourced, so the Trezor with the secure element remains problematic.

Are you trying to suggest that the Trezor with a sophisticated pin is nearly as secure as the trezor with a secure element?  or you would not go that far in your seeming proclamation that more sophisticated pins are going to save us from hackers if we do not end up locking ourselves out of the device with such sophisticated pins.. yet with Trezor we don't need to worry if we lock ourselves out of the device anyhow since we can still use the device and we can reload our back up seed words back onto the device.  As far as I know, so far, the trezor does not brick itself after unsuccessful attempts with the pin as some other hardware wallet devices do.

I wonder where are JJG's Gay Christmas cards ??

seems like Christmas is over, even on that pic... try again next year  

I don't recall my having any kind of meaningful streak of posting gay Christmas cards, even at the peak of the holiday card sending seasonings...  

As a matter of fact, I find it less than appealing to be looking at pics of men (whether well-endowed or not), as compared with gawking at the attributes of the more fair sex.

That's part of the reason why I keep my Grinder settings aimed at having preferences for females.

It's not for you or me... it's for the BTC price !   ...ok admittedly that is for you and me then  

Perhaps I never bought into the gay christmas cards angle, even though surely I have been participating in the all-seasons daily pushups angle...even though I don't really like doing pushups every day.

[ChartBuddy]

Explanation
Chartbuddy thanks talkimg.com

[ChartBuddy]

Explanation
Chartbuddy thanks talkimg.com

[Gachapin]

....At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has  physical access to the device with a non-secure element.  
....

no no JJG .... The PIN is used to encrypt the seed on your device. A strong (long) PIN cannot be cracked via brute force, so it's not possible to decrypt your seed when someone gets hold of your device.
That's why Trezor enabled PINs with 50 digit length (maybe longer), when they fixed the vulnerability of physical access a few years ago.  

Means, if your PIN is long enough (has enough entropy) nobody can get the seed out of your device.
No (un)secure element needed !

I recall that the security breach of having physical access to the Trezor was from several years ago, and I thought that the ONLY remedies was avoiding physical access to the Trezor and/or having a passphrase, as is stated in this Kraken Blog article.  The Article describes brute forcing the pin too, yet I cannot recall the pin being less vulnerable based on length and complication, even though what you say makes sense if they have to brute-force the pin, too.

Until I see something more clear, I will have to take what you are saying about the creation of a more robust pin (as the solution to the problem) with a grain of salt.

haha no need to trust me.... that the PIN protects your Trezor against physical attacks by encrypting the seed is written in the adtual article you posted yourself...  

We then crack the encrypted seed, which is protected by a 1-9 digit PIN, but is trivial to brute force.

https://blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-wallets

Again, that's why Trezor upped the possible PIN length to 50 digits (166 Bits), so there is no possibility to brute force anymore.

If that 2020 article is proclaiming that changing the pin number protects you from attack, then why did they not list such protection in their suggestions? Here's what the article says:

Maybe there is a newer article going into such details that describe how making a more sophisticated pin code helps?  or prevents hack-ability, as you seem to want to proclaim.

...because at that time the Trezor didn't offer the possibility of a longer PIN yet  

c'mon JJG it can't be that hard to understand!

You think I am playing with you? 

I am not.  I am giving my own understanding of the matter, and I don't claim to be a technical genius, yet I have been pointing out some technical pieces to support the assertions that I have been making...and to show my understanding of the matter.  I doubt that what I have been saying is outside of the sphere of what some other guys might think about various Trezor weaknesses, and/or vulnerabilities.  And, by the way, I find Trezor's usability to be quite friendly and easy.

From my understanding, frequently Trezor is still being criticized because of its physical access vulnerability, and sure that could merely be competitors who are making those kinds of proclamations, yet Trezor does not seem to be countering those claims.

If the longer pin were to be removing such physical access vulnerabilities (or greatly diminishing such vulnerabilities) then I would have had thought that there would be some kind of a counter-marketing campaign coming out of Trezor's camp and/or one of their supporting camps rather than their seeming to want to cave in and to move over towards providing secure elements in their newer products, which yeah so far many of us recognize that the secure element is not completely open sourced, so the Trezor with the secure element remains problematic.

No, I absolutely don't think you are playing me!  I just thought the issue must be quite easy to understand for an AI  

Joke aside, I thought with the quote of the article it should be obvious, as everything is in that short sentence. But maybe I'm just a bit too used to the topic as I once researched the shit out of it, after they changed the PIN length.

Indeed, Trezor really lacked an adequate counter-campaign. I remember some article(s) on the PIN (don't make me search...).
But Trezor surely fell short of educating their users. At least they should have more on their website...

I guess since they went the SE route it's not so important for them anymore..

[ChartBuddy]

Explanation
Chartbuddy thanks talkimg.com

[Gachapin]

....At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has  physical access to the device with a non-secure element.  
....

no no JJG .... The PIN is used to encrypt the seed on your device. A strong (long) PIN cannot be cracked via brute force, so it's not possible to decrypt your seed when someone gets hold of your device.
That's why Trezor enabled PINs with 50 digit length (maybe longer), when they fixed the vulnerability of physical access a few years ago.  

Means, if your PIN is long enough (has enough entropy) nobody can get the seed out of your device.
No (un)secure element needed !

I recall that the security breach of having physical access to the Trezor was from several years ago, and I thought that the ONLY remedies was avoiding physical access to the Trezor and/or having a passphrase, as is stated in this Kraken Blog article.  The Article describes brute forcing the pin too, yet I cannot recall the pin being less vulnerable based on length and complication, even though what you say makes sense if they have to brute-force the pin, too.

Until I see something more clear, I will have to take what you are saying about the creation of a more robust pin (as the solution to the problem) with a grain of salt.

haha no need to trust me.... that the PIN protects your Trezor against physical attacks by encrypting the seed is written in the adtual article you posted yourself...  

We then crack the encrypted seed, which is protected by a 1-9 digit PIN, but is trivial to brute force.

https://blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-wallets

Again, that's why Trezor upped the possible PIN length to 50 digits (166 Bits), so there is no possibility to brute force anymore.

If that 2020 article is proclaiming that changing the pin number protects you from attack, then why did they not list such protection in their suggestions? Here's what the article says:

Maybe there is a newer article going into such details that describe how making a more sophisticated pin code helps?  or prevents hack-ability, as you seem to want to proclaim.

...because at that time the Trezor didn't offer the possibility of a longer PIN yet  

c'mon JJG it can't be that hard to understand!

....
Are you trying to suggest that the Trezor with a sophisticated pin is nearly as secure as the trezor with a secure element?  or you would not go that far in your seeming proclamation that more sophisticated pins are going to save us from hackers if we do not end up locking ourselves out of the device with such sophisticated pins.. yet with Trezor we don't need to worry if we lock ourselves out of the device anyhow since we can still use the device and we can reload our back up seed words back onto the device.  As far as I know, so far, the trezor does not brick itself after unsuccessful attempts with the pin as some other hardware wallet devices do.

The Trezor with a sophisticated pin is even more secure than the Trezor with a secure element!  Because it doesn't use these closed source Secure Elements, that can probably be readout by the companies that produces them, or by people who get their hands on the companies secret.
 
With a good PIN you can go open source and and also eradicate the risk that physical access brings, at the same time!

I would feel more safe loosing a Trezor secured with a 128 Bit PIN than one with a SE.

[bitmover]

The Trezor with a sophisticated pin is even more secure than the Trezor with a secure element!  Because it doesn't use these closed source Secure Elements, that can probably be readout by the companies that produces them, or by people who get their hands on the companies secret.
 
With a good PIN you can go open source and and also eradicate the risk that physical access brings, at the same time!

I would feel more safe loosing a Trezor secured with a 128 Bit PIN than one with a SE.

I agree about the PIN.

I use so small pin in my ledger. I will probably change that soon, as I am a bit worried about it recently.

I created those pin almost 10 y ago. I use 2 pin (as I have one hidden wallet with passphrase).

[Gachapin]

....At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has  physical access to the device with a non-secure element.  
....

no no JJG .... The PIN is used to encrypt the seed on your device. A strong (long) PIN cannot be cracked via brute force, so it's not possible to decrypt your seed when someone gets hold of your device.
That's why Trezor enabled PINs with 50 digit length (maybe longer), when they fixed the vulnerability of physical access a few years ago.  

Means, if your PIN is long enough (has enough entropy) nobody can get the seed out of your device.
No (un)secure element needed !

I recall that the security breach of having physical access to the Trezor was from several years ago, and I thought that the ONLY remedies was avoiding physical access to the Trezor and/or having a passphrase, as is stated in this Kraken Blog article.  The Article describes brute forcing the pin too, yet I cannot recall the pin being less vulnerable based on length and complication, even though what you say makes sense if they have to brute-force the pin, too.

Until I see something more clear, I will have to take what you are saying about the creation of a more robust pin (as the solution to the problem) with a grain of salt.

haha no need to trust me.... that the PIN protects your Trezor against physical attacks by encrypting the seed is written in the adtual article you posted yourself...  

We then crack the encrypted seed, which is protected by a 1-9 digit PIN, but is trivial to brute force.

https://blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-wallets

Again, that's why Trezor upped the possible PIN length to 50 digits (166 Bits), so there is no possibility to brute force anymore.

If that 2020 article is proclaiming that changing the pin number protects you from attack, then why did they not list such protection in their suggestions? Here's what the article says:

Maybe there is a newer article going into such details that describe how making a more sophisticated pin code helps?  or prevents hack-ability, as you seem to want to proclaim.

...because at that time the Trezor didn't offer the possibility of a longer PIN yet  

c'mon JJG it can't be that hard to understand!

You think I am playing with you? 

I am not.  I am giving my own understanding of the matter, and I don't claim to be a technical genius, yet I have been pointing out some technical pieces to support the assertions that I have been making...and to show my understanding of the matter.  I doubt that what I have been saying is outside of the sphere of what some other guys might think about various Trezor weaknesses, and/or vulnerabilities.  And, by the way, I find Trezor's usability to be quite friendly and easy.

From my understanding, frequently Trezor is still being criticized because of its physical access vulnerability, and sure that could merely be competitors who are making those kinds of proclamations, yet Trezor does not seem to be countering those claims.

If the longer pin were to be removing such physical access vulnerabilities (or greatly diminishing such vulnerabilities) then I would have had thought that there would be some kind of a counter-marketing campaign coming out of Trezor's camp and/or one of their supporting camps rather than their seeming to want to cave in and to move over towards providing secure elements in their newer products, which yeah so far many of us recognize that the secure element is not completely open sourced, so the Trezor with the secure element remains problematic.

Are you trying to suggest that the Trezor with a sophisticated pin is nearly as secure as the trezor with a secure element?  or you would not go that far in your seeming proclamation that more sophisticated pins are going to save us from hackers if we do not end up locking ourselves out of the device with such sophisticated pins.. yet with Trezor we don't need to worry if we lock ourselves out of the device anyhow since we can still use the device and we can reload our back up seed words back onto the device.  As far as I know, so far, the trezor does not brick itself after unsuccessful attempts with the pin as some other hardware wallet devices do.

I wonder where are JJG's Gay Christmas cards ??

seems like Christmas is over, even on that pic... try again next year  

I don't recall my having any kind of meaningful streak of posting gay Christmas cards, even at the peak of the holiday card sending seasonings...  

As a matter of fact, I find it less than appealing to be looking at pics of men (whether well-endowed or not), as compared with gawking at the attributes of the more fair sex.

That's part of the reason why I keep my Grinder settings aimed at having preferences for females.

It's not for you or me... it's for the BTC price !   ...ok admittedly that is for you and me then  

Perhaps I never bought into the gay christmas cards angle, even though surely I have been participating in the all-seasons daily pushups angle...even though I don't really like doing pushups every day.

the pushup thing seems to be more widespread than I thought!

thanks for bringing us to 100k, then!

could I ask you to pls do it again? 

[Richy_T]

Surely some of us may have had relatives who pass and we try to figure out what accounts they have, and i even had some relatives tell me that they want me to know their passwords in case something happens to them, and my most common response is that they need to keep their passwords in a safe place that would be accessible upon their passing, which surely is easier said than done... and most likely value ends up getting lost when persons pass and so many passwords that they are not even able to keep track of.

Encryption can help with that kind of thing. Ideally they would hand off to you an encrypted file to you with a password that you would be unable to access (easily) until after their passing. That can be a bit tricky and depend a lot on the level of trust between you so would have to be decided on a case-by-case basis. Also make sure that the password could not be accidentally lost.