Carrying a complete banking institution in your pocket is a powerful statement!
Hardware wallets are really cool. They’re basically specially designed storage systems, like supercharged flash drives, but they add many security and usability features on top of just storage and retrieval capabilities. The requirements of a hardware wallet are much more stringent than that of any common flash drive.
For instance, should a hardware wallet fall in the wrong hands, it must be either impossible or very difficult to retrieve the secret keys contained within its storage device. With common flash drives this is trivial, unless you’ve encrypted the filesystem using full disk encryption software.
Hardware wallets must also be difficult to open physically and its internals must ideally be dipped in some hard epoxy in order to avoid electric contact to be made to the memory and controller pins. If this electronic-level access were granted, there are many forensic techniques which could be employed against the wallet’s security features.
As you can see, there is a justification for the price tag on these little critters: security is expensive.
Most commercial hardware wallets also provide a basic interface to generate and sign transactions. When a Trezor or a Ledger Nano are connected to a gateway to the Internet (a PC/notebook) they are able to send out transactions and update their cryptocurrency balance automatically. There is, therefore, a decent processor contained in the hardware wallet which allows this. Hardware wallets are thus more than just storage, but secure devices which contain a processor, primary and secondary memory, all configured with a focus on strong security.
Hardware wallets must also be shielded from electromagnetic (EM) emissions. There are several forensic techniques to gain information from a device, including radiofrequency reverse engineering, TEMPEST, Van Eck phreaking and other advanced methods of obtaining data from a device’s EM footprint. Although these attacks can be expensive and require advanced know-how, cryptocurrencies can be worth billions of U$, especially those lost or forgotten in older devices.
DYI Hardware Wallet
If you don’t need a fancy little portable hardware wallet, you can roll your own for under $94 which is the current price for a Ledger Nano. With a Raspberry Pi, some storage card and a little creativity, you are able to create a secure offline wallet that can do anything a Trezor or Ledger Nano could.
There are several tutorials available and, since this is a DYI solution, there is more than one way to do it. Using disk encryption, a lean and secure Linux distribution and basic information security practices, a Raspberry Pi cold wallet is as secure and as powerful as any custom solution you could purchase ready-made.
The safest “hardware” wallet: Papirus!
It turns out that there’s an old school method to protect your secret keys without having to buy a hardware wallet. It’s one of the oldest technologies developed by man : plain old paper! The only vulnerability in paper wallets is physical destruction of the paper or blurring of the ink. If you use secure ink or a good pen, plastify your printed wallet and keep it off-site in a fire protected environment, it is possibly the most secure hardware wallet available.
Writings from thousands of years ago are perfectly preserved to this day in historical sites. Cryptocurrencies which use deterministic wallets, such as the Daedalus wallet in Cardano ADA, can even make this process safer by providing a humanly readable secret phrase from which all future private keys can be generated. This means a secret phrase can recover your funds should you lose access to a Daedalus installation. Many other deterministic wallets provide this feature as well.
Hardware wallets have very limited storage. A Ledger Nano or Trezor is unable to store even a tiny fraction of the Bitcoin blockchain, much less have a copy of each blockchain for each supported cryptocurrency stored within its tiny secure flash drive. This means that transactions and balances shown in these devices must come from an external trusted source as they cannot verify the integrity of the blockchain themselves. Just like all mobile, MyEtherWallet and similar offline web-based wallets, hardware wallets must trust an external server in order to send out and verify transactions, it cannot do this internally due to its inherent physical limitations.
As you can see, cold storage security is a double edged sword. While it is practically 100% secure for as long as it is offline and kept in a safe location, the transactions originating from it are not fully decentralized – it requires trust in some external infrastructure. This breaks one of the cornerstones of cryptocurrencies – full decentralization.
Hardware wallets also depend on … hardware. We’re still at the pre-historic era of cryptocurrencies and we don’t know yet how the most popular hardware wallets will hold up against the test of time. The author of this post still has a functional Palm Pilot handheld computer that keeps his old phone book and to-do lists! It’s been working for almost 20 years and the battery still lasts over a week without charging. Older iPhones also seem to last forever, with devices being used as portable assistants and offline iPods long after they’re no longer on the mobile network. But only time will tell whether the most popular hardware wallets will survive the test of time.
So, do you need a hardware wallet?
For 99% of crypto investors the answer is probably no, you don’t need a hardware wallet.
But if you want additional security, convenience and the wow factor of pulling one charming little things of these out of your pocket, then a portable hardware wallet is a nice addition to your cryptocurrency arsenal.
Cryptocurrency can be more than just an interesting new concept for money. For many, it signifies a lifestyle and revolutionary paradigm for society. There is the fashion component to it and owning one of these nifty little gadgets is much a statement as it is to own a Rolex and a Montblanc.
Photo Credit: Stickac by CC via Wikipedia