A hardware wallet is a physical device that stores some private keys in a tamper-proof secure element. Those private keys can be regenerated from a recovery phrase[1] which acts as a seed to regenerate the keys in a deterministic way.
The hardware device is typically itself secured by means of a pin. Without the pin, the device can’t be unlocked so can’t be used, too many incorrect pin attempts will brick the device.
So the answers to your questions are:
1) If you entrust it to a safe deposit box then if someone steals it, it is worthless without the pin.
2) If the safe is itself destroyed and with it the device (this is also the case if you have it in a safe deposit box and the depository is burned down or something) then the private keys (and transitively the funds) can still be recovered using the recovery phrase. So if you have securely stored your recovery phrase and are able to retrieve it even this kind of problem won’t cause the accounts to be lost.
So what people tend to recommend is choosing good secure storage for your pin, keeping reasonable physical care of the device, taking the recovery phrase and splitting it into parts and storing those parts separately. If one of the parts is destroyed then you will need to urgently replace the hardware wallet, move the funds and securely store the new recovery phrase because if not you don’t have a fallback if the hardware wallet is destroyed, but otherwise you are good.
That's overly complicated. A single hardware wallet in a fire proof safe or a safe deposit box in a bank vault is sufficient for this use case. If a hardware wallet were stolen, the thief would still have to guess the password. q.v. https://xkcd.com/538
Think of a hardware wallet as of a credit card. You will have some mechanism protecting it from being used when you're not next to it (password/pin); you will have some cold recovery option if you lose it (like a long passphrase stored in a safe deposit box).
But, like a credit card, the send/receive operations are performed on a secure, limited scope system (rather than an easily-compromised PC)
Unlike a safe, a hardware wallet doesn't store money, it stores private keys. These keys are derived from a seed phrase you are supposed to back up offline.
Hardware wallets come with a passphrase mnemonic that completely restores them. Write it down, put it in a safe deposit box, you're done. You can then take an acetylene torch to your hardware wallet, buy a new one, restore from the passphrase, and have everything back. Hardware wallets are far easier to back up offsite than key management on a computer, though a SmartCard-HSM comes close. (Hardware wallets are the same principle as an HSM.)
Since you're probably wondering, the passphrase mnemonic on my Ledger is a group of 24 words that represent a translation of the primary secret key. All accounts on my Ledger are derived from it. I've tested wiping and restoring, and the passphrase now lives in my bank deposit box.
By the nature of cryptocurrency, if you had all the public keys from your hardware wallet you could use it as a bank by dropping the wallet itself in a safe deposit box. You don't need it in your physical possession to receive, only send. I'm considering buying a second for exactly this purpose, though at that point, a paper wallet would be just as functional.
Yes you absolutely do[1]. But that’s true of any wallet (software wallets also have the exact same recovery phrase system so for example if you lost the hardware wallet you could configure a software wallet by using the recovery phrase and get your crypto back).
Someone else using your recovery phrase to steal your private keys wouldn’t actually brick your hardware wallet. It would still work but obviously since the thing that it was there to secure (your keys) had been stolen that would be moot.
The subtext is that keeping all this stuff secure is hard and depending on your threat model may not be worthwhile. This is similar to the way in which for most people it makes sense to have a bank look after their funds. In the world of crypto though we’ve seen obvious examples of these centralised custodians being untrustworthy and since they are not regulated or FDIC insured or anything of that kind it’s much more risky.
[1] If you want the ability to recover your funds if the hardware device becomes inoperable, lost, stolen etc. If not you could just burn the recovery phrase so you don’t need to secure it.
Hardware wallet protocol involves a key phrase and password you keep secure elsewhere. You need either wallet + password, or if the wallet breaks, you can buy a new one and initialize it with the seed phrase and then use the same password.
You could use a multi purpose computer, e.g. a phone or PC and software to do the same, but they are more complex devices with more avenues to exploit them, e.g. a keylogger plus something than can upload your keepass file means you're robbed.
Physically stealing a hardware wallet is typically not usefull because they are PIN-protected. And you can back them up by writing the 12/24-word seed in a safe/hidden spot.
You use a cold wallet, that is, a secure element storing your private key. Those chips are physically isolated from the computer and cannot be tempered with.
If you lose your device (which should NEVER happen, it's a safe, not a purse), your keys are still encrypted with your PIN code and the device will self erase after 3 unsuccessful attempts.
You can retrieve your private key from a 24 word sequence (seed key), which you will usually store on a fire proof and water proof medium like a like a billfodl or stamped washers. For added security, the private key will be derived from the seed plus an additional passphrase only known to you (kind of like a salt), so your key doesn't get compromised if someone gets his hands on your seed.
Cold wallets didn't exist by the time of the incident you mention.
Hardware wallets can be backed up. You can even have 2 hardware wallets using the same cryptographic seed and both able to spend the same BTC. You won't lose any BTC if a wallet gets destroyed.
A hardware wallet is a device to store cryptocurrency. When you have bitcoins or ether or whatever, you're 100% responsible of its safety, lose the keys, lose the coins. Just like cash or gold, and unlike PayPal or banks (where they owe you the quantity of your balance).
The problem is that holding keys in a PC or a phone is very risky: malware, security holes, etc. A hardware wallet allows very little communication between the key holder and the wallet usage, so the attack surface is several orders of magnitude smaller. You can even use it in a virus-ridden Windows XP machine.
edit: Another problem with crypto coin keys is that they can steal them and you won't notice until they spend the coins. Just like what happened with MtGox: they assumed there was no theft because the thiefs didn't transfer the coins immediately. With a hardware wallet you can be sure nobody else is holding your keys (but it doesn't hurt to transfer them from time to time to a new wallet, which means the coins get new keys).
Hardware wallets use a seed to generate key pairs using a cryptographic random number generator. The seed is usually a sequence of words which you backup on a piece of paper.
If the hardware wallet is destroyed you can simply generate the keys again with either a new hardware wallet or a software one.
I must be missing something, but can someone explain what's the point of a hardware wallet? Why not just use a password manager?
Hardware wallets seem to have so many downsides, as far as I can understand.
You can keep multiple copies of your password manager's database (something like a kbdx file), but you won't have multiple copies of the hardware wallet. Therefore a single point of failure. If the wallet is stolen, damaged in a house fire, crushed by some accident etc. you're done. Also, can't the firmware of the hardware wallet possibly have some unknown bugs that might cause some failure in the future? Is the hardware failure-proof? No possibility of manufacturing defect etc.?
Secondly you've to buy a hardware wallet and whatever the cost, it's not free. Whereas an open source password manager like keepass is completely free (as in freedom as well as beer).
They can come take your hardware wallet but they can't use it without your passphase/pin and most have a built in self-destruct if you get the pin wrong too many times.
Now if someone has an electron microscope and can read the raw memory cells, that is another matter, but not your typical adversary trying to steal for a quick buck at a pawn shop.
It is also more durable because gold you can only store in a single location, whereas with a hardware wallet you could put you 24 word backup somewhere hard to access, maybe spread across one or more safety deposit boxes.
Then if your funds ever feel at risk, you can simply erase your hardware wallet and go on vacation with confidence knowing you can trivially restore it when you get back with a trip to the bank.
> If the wallet is stolen, damaged in a house fire, crushed by some accident etc. you're done.
This is incorrect. Hardware wallets typically come with a recovery seed. Even if the original device gets destroyed, the seed helps you to get access to your addresses/crypto. This covers against all of the scenarios you mentioned.
For example, I just updated the firmware on my device this afternoon. Before I did it, I'm double-prompted to make sure I have my recovery seed in case the update fails.
As for storing in a password manager, you certainly could. I used to print my wallets out back in the day. The hardware just makes the process a bit easier and makes mistakes on my part less likely.
The hardware device is typically itself secured by means of a pin. Without the pin, the device can’t be unlocked so can’t be used, too many incorrect pin attempts will brick the device.
So the answers to your questions are:
1) If you entrust it to a safe deposit box then if someone steals it, it is worthless without the pin.
2) If the safe is itself destroyed and with it the device (this is also the case if you have it in a safe deposit box and the depository is burned down or something) then the private keys (and transitively the funds) can still be recovered using the recovery phrase. So if you have securely stored your recovery phrase and are able to retrieve it even this kind of problem won’t cause the accounts to be lost.
So what people tend to recommend is choosing good secure storage for your pin, keeping reasonable physical care of the device, taking the recovery phrase and splitting it into parts and storing those parts separately. If one of the parts is destroyed then you will need to urgently replace the hardware wallet, move the funds and securely store the new recovery phrase because if not you don’t have a fallback if the hardware wallet is destroyed, but otherwise you are good.
[1] https://medium.com/coinmonks/mnemonic-generation-bip39-simpl...
reply