Hardware Wallet Review: Digital Bitbox by the-tech-guy

View this thread on: hive.blog | peakd.com | ecency.com

security · @the-tech-guy · Aug 20 '17 (edited)

$4.73

Hardware Wallet Review: Digital Bitbox

http://res.cloudinary.com/dmy29tkdq/image/upload/v1490391020/digitalbitbox/Digital_BitBox_openbox_V1.jpg
[source](http://res.cloudinary.com/dmy29tkdq/image/upload/v1490391020/digitalbitbox/Digital_BitBox_openbox_V1.jpg)

# What is a Digital Bitbox ?

Like the title says, it's a hardware wallet. In contrast to your normal garden variety desktop- or mobile wallet, this little thing is completely offline, meaning the risk of your wallet being compromised is A LOT smaller. In a way, it's almost the same as a Yubikey, in case you are familiar with those.

Watch the official introductory video to get a better idea of how it is supposed to work (don't expect anything flashy though):

https://youtu.be/KNFmiTwhEEc

At least in theory, this thing seems pretty secure. Because you have to physically press a button on the device every time a payment needs to be authorized, the chance that malware is able to steal your funds is minimal.

# Unboxing

![DSC_0233.JPG](https://steemitimages.com/DQmSWtY4t7Aq3Gji4FbRMEVfuSLmiq1pR3Kj3AA2K21vPuA/DSC_0233.JPG)

The device is shipped in a sturdy box which is enclosed in an anti-static bag, which gives a solid impression from the start. I am hoping though that the bag is only intended to keep moisture out, since the Bitbox will be dangling on my keychain in the future.

The contents of the package are as advertised: The Bitbox itself and a 4 GB SD-card. Also, they include two nice stickers.

# Getting started

Following the [official quick start guide](https://digitalbitbox.com/start), I first download the desktop app, in my case the 64bit version for Windows. Software version at the time of writing: v2.2.1. I also have a look at the code on Git-Hub, but apart from telling you that it looks tidy and well structured, it is beyond my experience to judge whether the code has any flaws (or maybe I'm just too lazy ;)

After checking the hash of the download, I want to install the application, and there's my fist surprise: No installation required. Nice! So I insert the SD-card into the Bitbox, start the application and plug the device into my computer.

Side note: I always find it a little bit icky if the hash of a file is just next to the download-link on a website, especially if the executable I'm downloading is supposed to be really safe because it handles sensitive information. It's so easy to fake one if you manage to manipulate the other. Would it really hurt to do it like the devs of PuTTY? They have a public GPG key which they use to sign the downloads.

![Capture.PNG](https://steemitimages.com/DQmTLLgND2ZYF8a9xCZaLxsBdfY28xPZ2uDcSyHaypoB9Sj/Capture.PNG)

So far, so good, the device is recognized and the app is asking me to enter a wallet name and password. I'm not completely sure why I need to give it a name, but that's just me...

Since the device will be offline most of the time, I am going to chose a password that's not super strong, but rather easy to enter on any type of keyboard-layout. (Nope, it's not 12345 ;)

Creating the wallet takes a second, I assume that's the internal random generator of the Bitbox taking its time to create a private key. After this is done, the application screen changes again and displays the contents of my wallet. Sadly I encounter the first error right here: The app tells me that it cannot connect to the internet, even though everything else works just fine. Ok. Unplugging and reinserting the device fixes this issue quickly though, and the app seems to be working.

![Capture2.PNG](https://steemitimages.com/DQmcSdfTi8VvxvB1o2zdf7tT4Dh27aQHe9KGuTrzM9LbrK2/Capture2.PNG)

# Firmware upgrade

Let's see what happens if I upgrade the firmware. Under the tab 'Options', there's a button 'Upgrade Firmware...'. Alright.

Hm. All that happens is a file explorer window opening. I guess firmware-updates must be downloaded manually. I'm a bit disappointed; it would have been a nice touch if the app did this automatically. The 'Blink LED' button is fun though^^

# Pairing mobile app

Overall security can be increased even further by using the mobile app. This then allows you to set up 2FA where you need to authorize payments in the mobile app as well. Also, you can verify if the payment-address the desktop app shows you is really your address.

![Screenshot_2017-08-18-10-26-14.png](https://steemitimages.com/DQmQ1JrgZqz4Wp4v4b3xahbKcCrwrsoyovyS2VYndRAiQpV/Screenshot_2017-08-18-10-26-14.png)

The pairing process is interesting. The LED on the Bitbox will blink a number of times, and you have to select how often it blinked in the app. After doing this a couple of times you can touch the Bitbox's touch-button to finish the process. Works like a charm.

# Receiving funds

Now that all is set up, it is time to send some BTC to my new wallet and see if it arrives.

![Capture3.PNG](https://steemitimages.com/DQma24ay8j1c4rnr3FHExKuHjPirNCZzKwJrhaWFdmVN35V/Capture3.PNG)

Yes, it worked! I always get an adrenaline rush from sending BTC to a new address.

# Transmitting funds

The last thing to be tested. I will do a transaction w/o 2FA enabled, and another one with it enabled.

## Without 2FA:

![Capture4.PNG](https://steemitimages.com/DQmQb8hXGhMn7URB3wb4wAGP3FSgYwhHcH8DQP7innAgjrr/Capture4.PNG)
Entering destination address, amount and fee

![Capture5.PNG](https://steemitimages.com/DQmZpX5CHuTzaabg4k5FHc5vdGuVvTjkLTZXGj16nEnDfTm/Capture5.PNG)
Program is waiting for me to physically touch the Bitbox

It works! Yes I know I don't show it. You will have to take my word for it.

## With 2FA:

Enabling 2FA is a one way street. Once the Bitbox is locked with 2FA, the wallet can only be changed via a complete device reset.

![Capture6.PNG](https://steemitimages.com/DQmbC9Ji6WCRgaN898yjywvHfMiFXhhY7E7A8hijbWRceSa/Capture6.PNG)
Program warning me

The payment process is the same as above, but with an additional step on the mobile app:

![Screenshot_2017-08-18-12-06-14.png](https://steemitimages.com/DQmdzs1V2mDTVSJtKxGKsLiCwawrsBxecqi7ucAorHFWXcY/Screenshot_2017-08-18-12-06-14.png)
Confirmation screen on my smartphone (transaction details covered)

This works as well.

# More on security

In case you are interested in this device, I suggest you check out the [security FAQ](https://digitalbitbox.com/faq#security) to learn more about the different ways someone could steal your money and how the Digital Bitbox prevents that.

# Conclusion

The Digital Bitbox seems to me like one of the most promising hardware wallets so far. It is small and very secure. At the moment it supports BTC, ETH, ETC and ERC20 tokens, but the developers are planning to add more coins in the future. Because it is a FIDO U2F authentication token as well, it really makes a good addition to your set of tools to be safe and secure in the digital world.

👍 promoted, lovejuice, diabolika, the-tech-guy, tomshwom, feelsomoon, cryptos, arunava, maylong, echung321, guggerf, citizen7, shaishav, parahandy, mutatedalien095, anomaly, greenlabel, obormot, codybanks, roma.tlekhutch, akilie1029, hiiru

`author`	the-tech-guy
`permlink`	hardware-wallet-review-digital-bitbox
`category`	security
`json_metadata`	{"tags":["security","crypto","bitcoin","steem","cryptocurrency"],"image":["http://res.cloudinary.com/dmy29tkdq/image/upload/v1490391020/digitalbitbox/Digital_BitBox_openbox_V1.jpg","https://img.youtube.com/vi/KNFmiTwhEEc/0.jpg","https://steemitimages.com/DQmSWtY4t7Aq3Gji4FbRMEVfuSLmiq1pR3Kj3AA2K21vPuA/DSC_0233.JPG","https://steemitimages.com/DQmTLLgND2ZYF8a9xCZaLxsBdfY28xPZ2uDcSyHaypoB9Sj/Capture.PNG","https://steemitimages.com/DQmcSdfTi8VvxvB1o2zdf7tT4Dh27aQHe9KGuTrzM9LbrK2/Capture2.PNG","https://steemitimages.com/DQmQ1JrgZqz4Wp4v4b3xahbKcCrwrsoyovyS2VYndRAiQpV/Screenshot_2017-08-18-10-26-14.png","https://steemitimages.com/DQma24ay8j1c4rnr3FHExKuHjPirNCZzKwJrhaWFdmVN35V/Capture3.PNG","https://steemitimages.com/DQmQb8hXGhMn7URB3wb4wAGP3FSgYwhHcH8DQP7innAgjrr/Capture4.PNG","https://steemitimages.com/DQmZpX5CHuTzaabg4k5FHc5vdGuVvTjkLTZXGj16nEnDfTm/Capture5.PNG","https://steemitimages.com/DQmbC9Ji6WCRgaN898yjywvHfMiFXhhY7E7A8hijbWRceSa/Capture6.PNG","https://steemitimages.com/DQmdzs1V2mDTVSJtKxGKsLiCwawrsBxecqi7ucAorHFWXcY/Screenshot_2017-08-18-12-06-14.png"],"links":["http://res.cloudinary.com/dmy29tkdq/image/upload/v1490391020/digitalbitbox/Digital_BitBox_openbox_V1.jpg","https://youtu.be/KNFmiTwhEEc","https://digitalbitbox.com/start","https://digitalbitbox.com/faq#security"],"app":"steemit/0.1","format":"markdown"}
`created`	2017-08-18 10:23:45
`last_update`	2017-08-20 21:03:33
`depth`	0
`children`	22
`last_payout`	2017-08-25 10:23:45
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	4.152 HBD
`curator_payout_value`	0.577 HBD
`pending_payout_value`	0.000 HBD
`promoted`	12.370 HBD
`body_length`	6,781
`author_reputation`	591,393,926,026
`root_title`	"Hardware Wallet Review: Digital Bitbox"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	12,162,400
`net_rshares`	1,352,130,380,893
`author_curate_reward`	""

properties (23)vote details (22)

voter	rshares	pct
maylong	1,502,345,878	100%
greenlabel	253,927,155	100%
cryptos	3,861,073,664	5%
anomaly	364,009,358	1%
tomshwom	8,963,274,057	100%
parahandy	591,380,826	100%
feelsomoon	5,122,353,765	100%
shaishav	619,520,000	100%
arunava	3,035,873,583	1%
diabolika	27,569,027,153	100%
the-tech-guy	19,672,732,014	100%
lovejuice	28,169,472,988	5.45%
promoted	1,247,994,990,288	36.67%
akilie1029	61,074,872	100%
roma.tlekhutch	104,510,549	100%
echung321	1,290,997,022	5%
guggerf	1,160,638,353	100%
obormot	243,733,394	100%
citizen7	922,704,802	100%
codybanks	214,717,409	100%
mutatedalien095	412,023,763	100%
hiiru	0	100%

@diabolika · Aug 18 '17 (edited)

$0.07

Sorry @the-tech-guy for my questions, I'm very new to crypto. So this is completely offline and is no doubt safer than the software wallet right, and you can make payments without being online.

But still you need to be online or in sync with the network when sending btc to the hardware wallet? And also when sending from the hardware wallet to software wallet?

👍 the-tech-guy

`author`	diabolika
`permlink`	re-the-tech-guy-hardware-wallet-review-digital-bitbox-20170818t105737938z
`category`	security
`json_metadata`	{"tags":["security"],"app":"steemit/0.1","users":["the-tech-guy"]}
`created`	2017-08-18 10:57:51
`last_update`	2017-08-18 10:58:06
`depth`	1
`children`	3
`last_payout`	2017-08-25 10:57:51
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.050 HBD
`curator_payout_value`	0.016 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	362
`author_reputation`	116,053,592,627,298
`root_title`	"Hardware Wallet Review: Digital Bitbox"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	12,164,211
`net_rshares`	18,964,087,299
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
the-tech-guy	0 B		18,964,087,299	100%

@the-tech-guy · Aug 18 '17

$0.12

Hey @diabolika! On the contrary, I'm happy that you ask. You say you're very new to crypto, so I'll give you a wider picture. I hope it does not bore you too much. (And I also hope I'm not telling you stuff that is wrong. I am not a cryptography expert, so if you want to be really really really sure about those things, read multiple sources)

---

So, I assume you know __online wallets__. If you have your money in one of those (like e.g. your steemit account), then all the secret data concerning your money is stored on some server somewhere on the internet. There are several risks with that:
* Someone could steal your password and thus gain access to your money. In a browser situation, this will most likely happen through a phishing-mail, cross-site-scripting or some nasty malware on your computer.
* The server itself could get hacked, independently of your account. In that case potentially everyone that uses this specific service would loose their money.
* The owner of the server could be dishonest and simply take away all your money. (This is mainly a concern with services that are not very well established yet)

---

Then there are the __software wallets__. There, all the secret data concerning your money is stored on your computer. And only on your computer, unless you make some kind of backup. This is good because this way there's no server that could be hacked, and also no online login-data that could be stolen. But it brings other problems. Most notably there's the problem that you can never really be certain that your computer is not infected with some sort of malware. If this malware is clever enough, it can quite easily steal your money.

---

Then there are __hardware wallets__, like the Digital Bitbox. With those, all the secrets of your wallet are on the physical device. And they never leave the device. There is actually no way someone could steal the secret data from the device, except they steal the physical device and use some VERY sophisticated techniques to extract the data from the hardware directly. There are usually guards against that in place. Ok, so stealing the secret data is no longer an issue. But malware on your computer could still simply USE the Digital Bitbox once it is plugged into your computer to make payments without your knowledge. That's why there is a touch button on the device. No payment is made unless a human touches this button for at least 3 seconds. Until your computer can grow a real finger, this is a pretty big increase of security ;)

---

So to answer your question more specifically: As long as the Bitbox is not plugged into a computer, it is completely offline. Nothing can happen to your money, except that the Bitbox is lost or stolen. In this state, you can receive money, so you don't need to have the device plugged in to receive money.

To send money, you need to plug the Bitbox into a computer, and the computer needs to be connected to the internet. So you can not make payments when you are completely off the grid. You need at least your computer, the Digital Bitbox application, and a working internet connection.

You might also be interested in reading [this](https://en.bitcoin.it/wiki/Hardware_wallet). It goes much more into detail and also presents some other hardware wallet systems.

---

I hope this answers your question. If not, please go on asking. There are no stupid questions. (Ok there are some, but since I assume you are not going to ask me "Can I kiss you?" we should be on the safe side ;)

👍 the-tech-guy, tomshwom, diabolika

`author`	the-tech-guy
`permlink`	re-diabolika-re-the-tech-guy-hardware-wallet-review-digital-bitbox-20170818t112856178z
`category`	security
`json_metadata`	{"tags":["security"],"users":["diabolika"],"links":["https://en.bitcoin.it/wiki/Hardware_wallet"],"app":"steemit/0.1"}
`created`	2017-08-18 11:28:57
`last_update`	2017-08-18 11:28:57
`depth`	2
`children`	2
`last_payout`	2017-08-25 11:28:57
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.091 HBD
`curator_payout_value`	0.026 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	3,517
`author_reputation`	591,393,926,026
`root_title`	"Hardware Wallet Review: Digital Bitbox"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	12,166,095
`net_rshares`	33,643,400,571
`author_curate_reward`	""

properties (23)vote details (3)

voter	rshares	pct
tomshwom	8,444,347,665	100%
diabolika	5,423,667,754	20%
the-tech-guy	19,775,385,152	100%

@diabolika · Aug 18 '17 (edited)

$0.07

Wow, I'm actually amazed how you thoroughly answered my question. At the beginning, I was reading the _Digital Box FAQ on your post_, but I couldn't find the answer so I just asked, you hahaha. Even if I will look stupid here in the sea of crypto geeks lol.

That was what I thought actually, that the internet is of course, needed to be able to send/receive coins, but at least, you don't have to be always online. I don't have a lot of btc _yet_, but the software wallet is just making me feel worried. I just don't trust putting the money under anyone's control, I mean if that's the case, I'll just put it in a bank. 

So yeah, I was researching about this hardware wallet before, and I'm glad you posted about it. Thanks! I really appreciate your response, I hope someone will give you a high upvote as my upvote is not worth anything _yet_.  :)

👍 the-tech-guy

`author`	diabolika
`permlink`	re-the-tech-guy-re-diabolika-re-the-tech-guy-hardware-wallet-review-digital-bitbox-20170818t122951334z
`category`	security
`json_metadata`	{"tags":["security"],"app":"steemit/0.1"}
`created`	2017-08-18 12:30:03
`last_update`	2017-08-18 12:31:03
`depth`	3
`children`	1
`last_payout`	2017-08-25 12:30:03
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.051 HBD
`curator_payout_value`	0.016 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	850
`author_reputation`	116,053,592,627,298
`root_title`	"Hardware Wallet Review: Digital Bitbox"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	12,169,969
`net_rshares`	19,369,736,225
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
the-tech-guy	0 B		19,369,736,225	100%

1 reply

@feelsomoon · Aug 19 '17

Have a trezor but if this wallet proves to be good I may get one at a later time.

👍 feelsomoon, obormot

`author`	feelsomoon
`permlink`	re-the-tech-guy-hardware-wallet-review-digital-bitbox-20170819t172314729z
`category`	security
`json_metadata`	{"tags":["security"],"app":"steemit/0.1"}
`created`	2017-08-19 17:23:15
`last_update`	2017-08-19 17:23:15
`depth`	1
`children`	1
`last_payout`	2017-08-26 17:23:15
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	81
`author_reputation`	1,054,110,900,538
`root_title`	"Hardware Wallet Review: Digital Bitbox"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	12,279,815
`net_rshares`	5,039,922,503
`author_curate_reward`	""

properties (23)vote details (2)

voter	weight	wgt%	rshares	pct	time
feelsomoon	0 B		4,796,189,109	100%
obormot	0 B		243,733,394	100%

@the-tech-guy · Aug 19 '17

$0.03

Have you been affected by this hack?
https://steemit.com/bitcoin/@tomshwom/lessons-from-the-trezor-hack

👍 tomshwom

`author`	the-tech-guy
`permlink`	re-feelsomoon-re-the-tech-guy-hardware-wallet-review-digital-bitbox-20170819t200112317z
`category`	security
`json_metadata`	{"tags":["security"],"links":["https://steemit.com/bitcoin/@tomshwom/lessons-from-the-trezor-hack"],"app":"steemit/0.1"}
`created`	2017-08-19 20:01:18
`last_update`	2017-08-19 20:01:18
`depth`	2
`children`	0
`last_payout`	2017-08-26 20:01:18
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.022 HBD
`curator_payout_value`	0.007 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	103
`author_reputation`	591,393,926,026
`root_title`	"Hardware Wallet Review: Digital Bitbox"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	12,290,970
`net_rshares`	8,774,573,551
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
tomshwom	0 B		8,774,573,551	100%

@gabris · Aug 31 '20

properties (22)

@guggerf · Aug 23 '17

A really big thank you to @the-tech-guy for this review! I'm quite new in the crypto business but catching up on the news. On a Meetup in Bern, there was a giveaway of Digital Bitbox so I googled it and saw that this product is from Swiss engineers from ETH Zürich. As a swiss my self, I had to purchase it :-)
It's not here yet but I'm excited to test it. 
Has anybody tested the "plausible deniability"?

properties (22)

`author`	guggerf
`permlink`	re-the-tech-guy-hardware-wallet-review-digital-bitbox-20170823t130335606z
`category`	security
`json_metadata`	{"tags":["security"],"users":["the-tech-guy"],"app":"steemit/0.1"}
`created`	2017-08-23 13:06:42
`last_update`	2017-08-23 13:06:42
`depth`	1
`children`	5
`last_payout`	2017-08-30 13:06:42
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	405
`author_reputation`	126,112,491,499
`root_title`	"Hardware Wallet Review: Digital Bitbox"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	12,635,365
`net_rshares`	0

@the-tech-guy · Aug 23 '17

You're welcome! What kind of meetup was that? Did you get a chance to speak to the guys behind Shift Devices there?

What do you mean with testing the plausible deniability? If you want I can check if the feature of hidden wallets works, but the whole concept of plausible deniability, respectively the success of this, lies mostly with your ability to sell a lie. If you can convince the person that's interrogating/torturing/pressuring you that the password you share is the only one, then it works. If they do not believe you, well...

👍 guggerf

`author`	the-tech-guy
`permlink`	re-guggerf-re-the-tech-guy-hardware-wallet-review-digital-bitbox-20170823t225113192z
`category`	security
`json_metadata`	{"tags":["security"],"app":"steemit/0.1"}
`created`	2017-08-23 22:51:12
`last_update`	2017-08-23 22:51:12
`depth`	2
`children`	4
`last_payout`	2017-08-30 22:51:12
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	537
`author_reputation`	591,393,926,026
`root_title`	"Hardware Wallet Review: Digital Bitbox"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	12,682,723
`net_rshares`	1,144,529,287
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
guggerf	0 B		1,144,529,287	100%

@guggerf · Aug 24 '17

What do you mean with "Shift Devices"? It was a Meetup in Bern about Blockchain in general, organized by Puzzle ITC.

Well yes, I mean the hidden Wallet function ;-)

properties (22)

`author`	guggerf
`permlink`	re-the-tech-guy-re-guggerf-re-the-tech-guy-hardware-wallet-review-digital-bitbox-20170824t090407964z
`category`	security
`json_metadata`	{"tags":["security"],"app":"steemit/0.1"}
`created`	2017-08-24 09:07:12
`last_update`	2017-08-24 09:07:12
`depth`	3
`children`	3
`last_payout`	2017-08-31 09:07:12
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	165
`author_reputation`	126,112,491,499
`root_title`	"Hardware Wallet Review: Digital Bitbox"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	12,719,247
`net_rshares`	0

3 replies

@jaxable · Feb 13 '18

Hey @the-tech-guy! I hope you are well. I'm facing an issue with my Digital Bitbox wallet. I'm not able anymore to access my funds and the reason might be due to special characters used within the password.

Do you know if anyone else has experienced a similar issue? See here my Reddit post: https://www.reddit.com/r/DigitalBitbox/comments/7x96vj/im_not_able_anymore_to_access_my_wallet_and_the/

Cheers,

properties (22)

`author`	jaxable
`permlink`	re-the-tech-guy-hardware-wallet-review-digital-bitbox-20180213t150914492z
`category`	security
`json_metadata`	{"tags":["security"],"users":["the-tech-guy"],"links":["https://www.reddit.com/r/DigitalBitbox/comments/7x96vj/im_not_able_anymore_to_access_my_wallet_and_the/"],"app":"steemit/0.1"}
`created`	2018-02-13 15:09:15
`last_update`	2018-02-13 15:09:15
`depth`	1
`children`	0
`last_payout`	2018-02-20 15:09:15
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	405
`author_reputation`	0
`root_title`	"Hardware Wallet Review: Digital Bitbox"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	37,236,751
`net_rshares`	0

@lovejuice · Aug 18 '17

<p>This post has received a 5.45 % upvote from @lovejuice thanks to: @diabolika.  They have officially sprayed their dank amps all over your post rewards.  GOOD TIMES!  Vote for Aggroed!</p>

properties (22)

`author`	lovejuice
`permlink`	re-the-tech-guy-hardware-wallet-review-digital-bitbox-20170818t124946369z
`category`	security
`json_metadata`	{"tags":["security"],"app":"drotto/0.0.1"}
`created`	2017-08-18 12:49:48
`last_update`	2017-08-18 12:49:48
`depth`	1
`children`	0
`last_payout`	2017-08-25 12:49:48
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	191
`author_reputation`	10,538,740,461,622
`root_title`	"Hardware Wallet Review: Digital Bitbox"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	12,171,378
`net_rshares`	0

@obormot · Aug 19 '17

very cool !

properties (22)

`author`	obormot
`permlink`	re-the-tech-guy-hardware-wallet-review-digital-bitbox-20170819t184829097z
`category`	security
`json_metadata`	{"tags":["security"],"app":"steemit/0.1"}
`created`	2017-08-19 18:48:30
`last_update`	2017-08-19 18:48:30
`depth`	1
`children`	0
`last_payout`	2017-08-26 18:48:30
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	11
`author_reputation`	-45,204,709,399
`root_title`	"Hardware Wallet Review: Digital Bitbox"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	12,285,855
`net_rshares`	0

@rek5767 · Aug 18 '17

Thanks .....  So much to learn !!!       I am super new to cryto currency  and Steemit .   I feel so far behind !

properties (22)

`author`	rek5767
`permlink`	re-the-tech-guy-hardware-wallet-review-digital-bitbox-20170818t103400272z
`category`	security
`json_metadata`	{"tags":["security"],"app":"steemit/0.1"}
`created`	2017-08-18 10:34:00
`last_update`	2017-08-18 10:34:00
`depth`	1
`children`	2
`last_payout`	2017-08-25 10:34:00
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	113
`author_reputation`	42,243,079,267
`root_title`	"Hardware Wallet Review: Digital Bitbox"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	12,162,991
`net_rshares`	0

@guggerf · Aug 23 '17

same here, sooo far behind. But there are some nice people like @the-tech-guy to help us get the needed information. Don't worry we'll get this ;-)

👍 rek5767

`author`	guggerf
`permlink`	re-rek5767-re-the-tech-guy-hardware-wallet-review-digital-bitbox-20170823t125353680z
`category`	security
`json_metadata`	{"tags":["security"],"users":["the-tech-guy"],"app":"steemit/0.1"}
`created`	2017-08-23 12:56:57
`last_update`	2017-08-23 12:56:57
`depth`	2
`children`	0
`last_payout`	2017-08-30 12:56:57
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	147
`author_reputation`	126,112,491,499
`root_title`	"Hardware Wallet Review: Digital Bitbox"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	12,634,498
`net_rshares`	69,948,257
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
rek5767	0 B		69,948,257	5.89%

@the-tech-guy · Aug 18 '17

$0.03

You're very welcome. Lesson no 1: Upvote stuff you like. Like my post. Now.
Just joking ;) Google around or have a look at the howto section here on steemit and you'll get the hang of it quickly.

👍 tomshwom, rek5767

`author`	the-tech-guy
`permlink`	re-rek5767-re-the-tech-guy-hardware-wallet-review-digital-bitbox-20170818t110423946z
`category`	security
`json_metadata`	{"tags":["security"],"app":"steemit/0.1"}
`created`	2017-08-18 11:04:27
`last_update`	2017-08-18 11:04:27
`depth`	2
`children`	0
`last_payout`	2017-08-25 11:04:27
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.025 HBD
`curator_payout_value`	0.006 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	195
`author_reputation`	591,393,926,026
`root_title`	"Hardware Wallet Review: Digital Bitbox"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	12,164,638
`net_rshares`	9,395,622,864
`author_curate_reward`	""

properties (23)vote details (2)

voter	weight	wgt%	rshares	pct	time
tomshwom	0 B		8,633,048,171	100%
rek5767	0 B		762,574,693	100%

@tomshwom · Aug 21 '17

$0.12

Very nice review! I'm a fan of the ATAES132 chip that the Bitbox is using. The dual chip ST31/STM32 architecture (the one Ledger Nano S is using) is CC EAL 5+ and arguably better for cryptographic attestation, but I don't know as much about its side-channel hardening (which the ATAES132 has had a good reputation for). Keeping things simple and using a single-purpose ATAES132 chip narrows possible attack vectors.

As far as features, the FIDO U2F compatibility could be a big deal if people use it, and the removable SD card is very nice for switching wallets.

Some potential problems is see though:

* SD card contents don't seem to be encrypted. If it was stolen, all those "plausible deniability" claims on the site are probably meaningless.
* Hardware wallets like this sign the transaction locally, but need to be connected to the internet to broadcast it. To access the Bitbox, it looks like you need to type your password into the app (if using 2FA), or into the desktop program. This compromises the security of the password.
* I'm cautious about the use of SD cards. I don't think it's unfair to say that this could be used as an attack vector if specially crafted data was on the card.

I also can't find all the hardware specs I'd like to see, so I guess only the code is fully open source. Speaking of which, it hasn't had any GitHub progress in months. Granted, it's not super complicated code so it shouldn't require a lot of maintenance.

I still don't like the price, and I'd still consider my security guide wallet to be much more secure if set up and used properly.

Side note: there's a big focus on using expensive secure chips, epoxy housing, and all kinds of other physical measures on hardware wallets like this. I believe this is due to the fact that all of the sensitive data is located on one single device - so it must be kept secure. This is the fundamental flaw I try to attack in my guide, but it does mean trading convenience for cheap security.

👍 the-tech-guy, tomshwom, arunj, guggerf

`author`	tomshwom
`permlink`	re-the-tech-guy-hardware-wallet-review-digital-bitbox-20170821t140818350z
`category`	security
`json_metadata`	{"tags":["security"],"app":"steemit/0.1"}
`created`	2017-08-21 14:08:18
`last_update`	2017-08-21 14:08:18
`depth`	1
`children`	1
`last_payout`	2017-08-28 14:08:18
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.096 HBD
`curator_payout_value`	0.026 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	1,996
`author_reputation`	1,713,446,395,686
`root_title`	"Hardware Wallet Review: Digital Bitbox"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	12,440,290
`net_rshares`	30,301,331,068
`author_curate_reward`	""

properties (23)vote details (4)

voter	rshares	pct
tomshwom	8,161,296,905	100%
the-tech-guy	19,876,797,383	100%
guggerf	1,120,016,011	100%
arunj	1,143,220,769	100%

@the-tech-guy · Aug 21 '17

$0.12

Wow, thanks a lot for taking the time to write this long response!

* Regarding the SD-card: I just did a device reset and then used the card to restore my wallet. This process requires the original passphrase to be entered, therefore I assume the backup is encrypted. Of course the backup cannot be protected against brute-force attacks, so this might be one of the more promising attack vectors.

* Concerning the password: I am still waiting for the day that someone uses the concept of the [Kingston DataTraveler-2000](https://www.kingston.com/us/usb/encrypted_security/dt2000) (see picture) for a hardware wallet.
http://trulynet.com/wp-content/uploads/2016/04/Kingston-DataTraveler-2000.jpg
[source](http://trulynet.com/wp-content/uploads/2016/04/Kingston-DataTraveler-2000.jpg)

* Concerning the company itself: It seems they are situated in Switzerland and that they are a spin-off of ETH Zurich. As far as I know, the ETH has a very good name all around Europe and even in the states. When I bought the device for testing, I was a little worried about the appearance of the website. They use a Let's Encrypt SSL certificate without any kind of ownership certification, and there does not seem to be any kind of office address. Possibly this, together with the fact that the code has not been maintained in a while, is caused by the fact that there are only two guys behind it, and they seem to be fresh from uni.

I really hope they are going to take the time to fix these 'issues' in the future and also that they hire some more people. Maybe I will go pay them a visit the next time I'm in Switzerland. If I do I'll report back^^

---

Currently I don't have all that much time at my hands, but following your guide to a secure wallet is a fixed point on my todo-list.

👍 the-tech-guy, tomshwom, guggerf

`author`	the-tech-guy
`permlink`	re-tomshwom-re-the-tech-guy-hardware-wallet-review-digital-bitbox-20170821t174212289z
`category`	security
`json_metadata`	{"tags":["security"],"image":["http://trulynet.com/wp-content/uploads/2016/04/Kingston-DataTraveler-2000.jpg"],"links":["https://www.kingston.com/us/usb/encrypted_security/dt2000","http://trulynet.com/wp-content/uploads/2016/04/Kingston-DataTraveler-2000.jpg"],"app":"steemit/0.1"}
`created`	2017-08-21 17:42:12
`last_update`	2017-08-21 17:42:12
`depth`	2
`children`	0
`last_payout`	2017-08-28 17:42:12
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.102 HBD
`curator_payout_value`	0.017 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	1,780
`author_reputation`	591,393,926,026
`root_title`	"Hardware Wallet Review: Digital Bitbox"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	12,459,089
`net_rshares`	29,397,762,292
`author_curate_reward`	""

properties (23)vote details (3)

voter	rshares	pct
tomshwom	8,114,121,778	100%
the-tech-guy	20,181,034,078	100%
guggerf	1,102,606,436	100%

@tomshwom · Aug 21 '17

$0.03

Liked, followed, & resteemed.  Looking forward to your future quality content :)

👍 tomshwom

`author`	tomshwom
`permlink`	re-the-tech-guy-hardware-wallet-review-digital-bitbox-20170821t140946624z
`category`	security
`json_metadata`	{"tags":["security"],"app":"steemit/0.1"}
`created`	2017-08-21 14:09:45
`last_update`	2017-08-21 14:09:45
`depth`	1
`children`	0
`last_payout`	2017-08-28 14:09:45
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.022 HBD
`curator_payout_value`	0.007 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	80
`author_reputation`	1,713,446,395,686
`root_title`	"Hardware Wallet Review: Digital Bitbox"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	12,440,437
`net_rshares`	7,509,078,971
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
tomshwom	0 B		7,509,078,971	100%