Hardware wallet: Difference between revisions
→Security risks: added malware swapping addresses risk |
|||
Line 14: | Line 14: | ||
To date there have been no verifiable incidents of Bitcoins stolen from hardware wallets. Hardware wallets are relatively new, but at least for the time being they have maintained a good track record, unlike the numerous incidents of Bitcoin theft from Internet-connected computers. | To date there have been no verifiable incidents of Bitcoins stolen from hardware wallets. Hardware wallets are relatively new, but at least for the time being they have maintained a good track record, unlike the numerous incidents of Bitcoin theft from Internet-connected computers. | ||
However, it important to understand that hardware wallets are a high value target and depend on various assumptions holding true to maintain security. They are not a silver bullet, and there are several realistic ways in which a hardware wallet can fail to protect your Bitcoin. These risks need to be carefully considered when deciding how much trust to place in a hardware wallet, and which hardware wallet to buy. | However, it's important to understand that hardware wallets are a high value target and depend on various assumptions holding true to maintain security. They are not a silver bullet, and there are several realistic ways in which a hardware wallet can fail to protect your Bitcoin. These risks need to be carefully considered when deciding how much trust to place in a hardware wallet, and which hardware wallet to buy. | ||
How a hardware wallet could fail: | How a hardware wallet could fail to protect your Bitcoin: | ||
# '''Malware swaps recipient Bitcoin addresses''': a hardware wallet won't protect you from being tricked into sending Bitcoin to the wrong address. For example, malware on a PC could monitor for high value transactions and then swap out the recipient's authentic Bitcoin address for an address controller by the attacker. When the stakes are high, multi factor (e.g., over the phone) confirmation of a recipient's Bitcoin address is recommended. | |||
# '''Insecure RNG ([https://en.wikipedia.org/wiki/Random_number_generation Random Number Generator])''': hardware wallets rely on the security of an RNG, often embedded in hardware, to generate your wallet's private keys securely. Unfortunately, it is notoriously difficult to verify the true randomness of the RNG. An insecure RNG may create wallet keys that can later be recreated by an attacker, by generating psuedo-randomness that would seem statistically indistinguishable from true randomness yet still be predictable to an advanced attacker. An RNG may become insecure as a result of malicious weakening or an unintentional mistake. This failure mode is common to any wallet generation procedure in which the true randomness of the source of entropy being used can not be verified. | # '''Insecure RNG ([https://en.wikipedia.org/wiki/Random_number_generation Random Number Generator])''': hardware wallets rely on the security of an RNG, often embedded in hardware, to generate your wallet's private keys securely. Unfortunately, it is notoriously difficult to verify the true randomness of the RNG. An insecure RNG may create wallet keys that can later be recreated by an attacker, by generating psuedo-randomness that would seem statistically indistinguishable from true randomness yet still be predictable to an advanced attacker. An RNG may become insecure as a result of malicious weakening or an unintentional mistake. This failure mode is common to any wallet generation procedure in which the true randomness of the source of entropy being used can not be verified. | ||
# '''Imperfect implementation''': the security of all computing devices relies on the quality of their implementation. Hardware wallets are no exception. Bugs at the software, firmware or hardware level may allow attackers to break into a hardware wallet and gain unauthorized access to secrets. Even if the design is perfect, proving the security of a hardware or software implementation is a very hard, mostly unsolved problem. To date, no wallet in existence is implemented using provably correct software. | # '''Imperfect implementation''': the security of all computing devices relies on the quality of their implementation. Hardware wallets are no exception. Bugs at the software, firmware or hardware level may allow attackers to break into a hardware wallet and gain unauthorized access to secrets. Even if the design is perfect, proving the security of a hardware or software implementation is a very hard, mostly unsolved problem. To date, no wallet in existence is implemented using provably correct software. |
Revision as of 17:47, 22 January 2017
A hardware wallet is a special type of bitcoin wallet which stores the user's private keys in a secure hardware device.
They have major advantages over standard software wallets:
- private keys are often stored in a protected area of a microcontroller, and cannot be transferred out of the device in plaintext
- immune to computer viruses that steal from software wallets
- can be used securely and interactively, as opposed to a paper wallet which must be imported to software at some point
- much of the time, the software is open source, allowing a user to validate the entire operation of the device
This page is an attempt to summarize all the known developments of hardware wallets that can use Bitcoin as part of their operation.
Security risks
To date there have been no verifiable incidents of Bitcoins stolen from hardware wallets. Hardware wallets are relatively new, but at least for the time being they have maintained a good track record, unlike the numerous incidents of Bitcoin theft from Internet-connected computers.
However, it's important to understand that hardware wallets are a high value target and depend on various assumptions holding true to maintain security. They are not a silver bullet, and there are several realistic ways in which a hardware wallet can fail to protect your Bitcoin. These risks need to be carefully considered when deciding how much trust to place in a hardware wallet, and which hardware wallet to buy.
How a hardware wallet could fail to protect your Bitcoin:
- Malware swaps recipient Bitcoin addresses: a hardware wallet won't protect you from being tricked into sending Bitcoin to the wrong address. For example, malware on a PC could monitor for high value transactions and then swap out the recipient's authentic Bitcoin address for an address controller by the attacker. When the stakes are high, multi factor (e.g., over the phone) confirmation of a recipient's Bitcoin address is recommended.
- Insecure RNG (Random Number Generator): hardware wallets rely on the security of an RNG, often embedded in hardware, to generate your wallet's private keys securely. Unfortunately, it is notoriously difficult to verify the true randomness of the RNG. An insecure RNG may create wallet keys that can later be recreated by an attacker, by generating psuedo-randomness that would seem statistically indistinguishable from true randomness yet still be predictable to an advanced attacker. An RNG may become insecure as a result of malicious weakening or an unintentional mistake. This failure mode is common to any wallet generation procedure in which the true randomness of the source of entropy being used can not be verified.
- Imperfect implementation: the security of all computing devices relies on the quality of their implementation. Hardware wallets are no exception. Bugs at the software, firmware or hardware level may allow attackers to break into a hardware wallet and gain unauthorized access to secrets. Even if the design is perfect, proving the security of a hardware or software implementation is a very hard, mostly unsolved problem. To date, no wallet in existence is implemented using provably correct software.
- Compromised production process: even a perfect software and hardware implementation of a hardware wallet would be vulnerable to a corrupt production process that introduces intentional or unintentional holes into the final product. The introduction of hardware backdoors is a real concern for high risk financial and military applications.
- Compromised shipping process: a compromised fulfillment process may substitute or modify secure devices for superficially identical but insecure replacements. Government programs that intercept hardware and modify them in route to insert backdoors are known to exist.
In summary:
- While not a silver bullet hardware wallets can still be extremely useful, assuming you take care to use a good one: an authentic device manufactured by trustworthy, technically competent security experts with a good reputation (e.g., TREZOR).
- Cold storage solutions implemented with open source software and general purpose hardware, using a verifiable source of entropy (e.g., physical dice) may provide superior security for some use cases (e.g., long term savings).
Commercial hardware wallets (ordered chronologically)
Pi Wallet - cold storage
The Pi-Wallet is a small computer with the Armory bitcoin client.
Transactions are signed offline, then transferred on a USB stick via Sneakernet to an online system for broadcasting.
TREZOR The Bitcoin Safe
TREZOR is a secure bitcoin storage and a transaction signing tool. The private keys are generated by the device and never leave it thus they cannot be accessed by a malware.
It uses a deterministic wallet structure which means it can hold an unlimited number of keys (BIP 0032/BIP 0044). A recovery seed is generated when the device is initialized. In case TREZOR gets lost or stolen, all its contents can be recovered using this seed (private keys, bitcoin balance and transaction history) into a new device or another BIP 0039/BIP 0044 compatible wallet.
TREZOR also introduced a unique way of PIN entering preventing keyloggers from recording it even when entered on a compromised computer. An encryption passphrase can be set on top of the PIN protection. More passphrases can be used for plausible deniability.
E-shop BuyTrezor.com | TREZOR Documentation | BitcoinTrezor.com
Ledger HW.1 - USB Smartcard Hardware Wallet
HW.1 is an implementation of a deterministic (BIP 0032) Hardware Wallet on a USB smartcard.
It is typically used as a blind secure device for multi signature transactions - holding a set of derived private keys and signing transactions without requiring user confirmation.
Power users can rely on it to confirm all transactions with a second factor scheme turning the dongle into a keyboard typing what the user is supposed to have signed, as a protection against malware.
It is also possible to customize HW.1 for more specific needs, such as creating a prepaid card without revealing the deterministic seed before it is received by the user, or securing bitcoin transactions on a server.
E-shop | Technical Documentation
Ledger Nano - USB Smartcard Hardware Wallet
Ledger Nano protects your Bitcoin data within a smartcard. Its micro-processor certified against all types of attacks (both physical and logical), and has been used in the banking industry for decades (think credit card chips). The device connects to your computer through the USB port and will do all the Bitcoin cryptographic heavy lifting such as signing transactions inside its secure environment. You can therefore use your Bitcoin account with maximum trust, even on an insecure or compromised computer.
The second factor verification of the transaction signature can be done either with a paired smartphone (Android, iOS) or a physical security card.
The Ledger Wallet Chrome application (available also on Chromium) provides an easy onboarding as well as a seamless user experience, and the Nano is compatible with numerous third party software: Electrum, Mycelium, GreenAddress, Greenbits, Coinkite and Copay.
Ledger Nano product page | Source and specifications
Ledger Unplugged - NFC Smartcard Hardware Wallet
The Ledger Unplugged is a credit card sized NFC hardware wallet. It embeds an open source Java Card app and is compatible with all NFC enabled Android phones.
The device can be used with Mycelium or Greenbits. In case of loss, you can restore it on any Ledger Wallet (Nano or another one) or all other compatible solutions (BIP 39).
Ledger Unplugged product page | Source code
BWALLET TREZOR clone
BWALLET is a clone of Trezor by a Chinese company. Trezor code is open source and this device operates like a Trezor. However, this product has been reviewed by Merek aka Slush(Trezor developer) and he has found some problems which makes this device less than 100% compatible, for example it doesn't work with myTREZOR.com website and it does not work with Trezor official firmware.
KeepKey: Your Private Bitcoin Vault
KeepKey is a USB device that stores and secures your bitcoins. When you entrust KeepKey with your money, each and every bitcoin transaction you make must be reviewed and approved via it's OLED display and confirmation button.
KeepKey has a unique recovery feature utilizing a rotating cipher to restore private keys with a BIP 0039 recovery seed. This means it is not necessary to store your private keys on KeepKey: the recovery process is secure enough so that KeepKey can be used as a transaction device for paper wallets.
Opendime: Bitcoin Credit Stick
The 1st Bitcoin Bearer Bond or just call it a "Bitcoin Stick"
Opendime is a small USB stick that allows you to spend Bitcoin like a dollar bill. Pass it along multiple times. Connect to any USB to check balance. Unseal anytime to spend online. Trust no one.
It comes in the shape of a mini USB, and setting it up is astonishingly quick and simple. You plug OpenDime into a USB port, and it behaves just like a USB drive with a tiny amount of storage. In its folder, is a web page. You open the webpage in your browser, and there’s only one instruction to follow: “Drop a file onto the drive”. Once you do that, the OpenDime automagically generates a unique address for you to receive Bitcoin with.
- Opendime FAQ
- You can watch a video here
- Read this review
- Multi-language user interface: 中文 • 日本語 • English • Portuguese • Français • Deutsch • Русский
- Works as USB drive with no need for software
- Opendime Electrum plugin
- Opendime source files and key verification
CoolWallet: The Ultimate Bitcoin Safe
CoolWallet is a credit card sized Bluetooth device that stores and secures your bitcoins and private keys. It fits in your wallet and works wirelessly.
Every Bitcoin transaction must be manually confirmed and approved through its e-paper display and button.
CoolWallet only acknowledges the paired smartphone. Whoever stole the CoolWallet are not able to steal any bitcoins. Using recovery Seed can restore all your bitcoins in case you lost the device.
coolbitx.com | Source and specifications
BlochsTech card: Your user friendly Bitcoin wallet
The BlochsTech open Bitcoin card is an open protocol secure hardware Bitcoin wallet your grandmother could use. For shops it's faster to accept than slow QR code based wallets and more reliable as it works offline.
Currently it's of course in a novelty phase like Casascius coins (of which thousands were sold), however in the long run it is fully capable of functionally replacing the VISA system in all nations.
BitLox Bitcoin Hardware Wallet
BitLox is a metal cased (aluminum or titanium) bitcoin hardware wallet that works with their own web based wallet by USB and apps for iPhone and Android using Bluetooth LE.
At present it is the only bitcoin hardware wallet you can buy that works with iPhone. The device weighs one ounce and is the size of a credit card 4 mm thick.
Bitlox allows you to set up hidden wallets. Unlike other hardware wallets your seed is never displayed on a connected computer or phone but only on the Bitlox. All your wallet, device and transaction PINs are only entered on the BitLox and never on any app.
BitLox has also implemented several advanced security features not available on any other bitcoin hardware wallet.
Digital Bitbox
- Secure hardware RNG & key storage using crypto element with 50 year lifespan and an epoxy-filled case.
- Offline backup and recovery of BIP-32 seed with a micro SD card rather than BIP-39 phrase written on paper as in Trezor.
- Native software wallet client and ability to use a mobile phone for 2FA and to verify transaction details.
- Multisig out-of-the-box including Copay support.
- Open Source (firmware, bootloader, desktop client).
- Made in Switzerland (a country with strong privacy laws) by Bitcoin Core developer Jonas Schnelli.
Ledger Nano S - USB Smartcard Hardware Wallet
Ledger Nano S is a secure Bitcoin hardware wallet. It connects to any computer through USB and embeds a built-in OLED display to double-check and confirm each transaction with a single tap on its buttons. It is architectured around a Secure Element (ST31 family) and built on top of the BOLOS platform, a powerful and flexible Operating System allowing the secure execution of multiple Open Source applications in full isolation.
Main features:
- cryptographic secrets protected by a secure chip
- open source embedded Bitcoin app
- Confirmation of transactions on the embedded screen
- Built-in 4 digits PIN security lock
- Built-in onboarding (seed generation and recovery)
- BIP39 seed (12/18/24 words), easy backup and restoration
- Multi-apps support: FIDO U2F, GPG, SSH…
- USB connectivity
- Foldable and compact casing
Not purchasable hardware wallets
BitcoinCard Megion Technologies-Card based wallet
Incorporates a e-paper display, keypad, and radio (custom ISM band protocol.) Unfortunately it is fairly limited in terms of transaction I/O, requiring a radio gateway or another bitcoincard wherever funds need to be transferred.
BitSafe - allten/someone42's hardware wallet
Signing transactions only, requires USB host software for transactions & USB power. Has a OLED display and Confirm/Cancel buttons. Evolved out of someone42's prototype below, and has significant contributions from someone42 as well.
someone42's original prototype
Hardware Bitcoin wallet - a minimal Bitcoin wallet for embedded devices
Signing transactions only, requires USB host software for transactions & USB power. All work is rolled into the above BitSafe wallet currently.
Other/Defunct but with good discussion:
- natman3400's BitClip Jun 2011 https://bitcointalk.org/index.php?topic=24852.0
- Seems to have gone defunct around Dec 2011. Some good ideas though and seemed to have started on execution.
- jim618 hardware wallet proposal Apr 2012 Dedicated bitcoin devices - dealing with untrusted networks
- Great discussion and good ideas from jim618. Also linked the following video:
- Prof. Clemens Cap's hardware wallet? (video:)Clemens Cap about electronic bitcoin wallet at EuroBit
- Clemens Cap of Uni Rostock explains the Electronic Bitcoin wallet device he's working on. It's based on adafruit microtouch device.
- ripper234's discussion based on Yubikeys Aug 2012 Having a YUBIKEY as one of the parties for m-of-n signatures
- The use of Yubikeys. They only support symmetric crypto, so you'd have to trust the host device.
- kalleguld's hardware wallet proposal Oct 2012 Proposal: Hardware wallet (Win 3 BTC)
- Vaporware: Matthew N Wright's ellet ANN The world's first handheld Bitcoin device, the Ellet! (Vaporware)
Smart Card based wallets
This type of device requires complete trust in the host device, as there is no method for user input. See Smart card wallet
Related Resources
- Best Bitcoin Hardware Wallet 2015 - reviews of all bitcoin hardware wallets.
- TREZOR vs. Ledger - User reviews and Reddit feedback
- Hardware wallet wire protocol: slush's Hardware wallet wire protocol discussion
- Re: Split private keys: kjj's Todo List discussion for client protocol requirements
- Hardware Wallet Roundup
- Bitcoin Hardware Wallet Comparison - information about using Bitcoin hardware wallets for cold storage.
- Ledger Wallet Review