Welcome to another edition of Crypto Explained. We are on the mission of making crypto easy for everyone. If you’d like to learn more about the world of crypto, don’t forget to subscribe to receive this Newsletter directly in your email!
I’m currently traveling, with very limited time to write an insightful article for you all.
However, I would definitely not want to skip and edition, and therefore upon coming across an article by Theodore of the Whiteboard Crypto that talks about hardware wallet, so I decided to share his work with you all. The timing seems fitting considering the fudge with Ledger.
I’ve been following Theodore’s work for some time, and would recommend you to follow him as well.
Without further ado, and again with all credits to the Whiteboard Crypto, let’s talk about hardware wallets today.
Are Hardware Wallets safe?
It seems like everyone is asking this question lately. Are hardware wallets—also called cold wallets, and supposedly the safest crypto storage option—actually safe?
In order to answer this question, we have to understand how hardware wallets work. Of course, not all hardware wallets are the same design, but hopefully after reading this you'll have a better idea of what makes a hardware wallet and what kind of security they offer.
As I mentioned in last Saturday's email, I'll be reviewing a bunch of different hardware wallets soon. But you should still understand how they work so you can make an educated decision about which you think might be best for you.
Native crypto users talk about "verify, don't trust," which really means that we prefer being able to see code so we can verify that it does what it is supposed to do (and isn't malicious) without having to take someone else's word for it.
But many hardware wallets keep their code private so we can't see what it is. This is because of two reasons: 1) they are worried that people would be able to hack it easier if they knew the code, and 2) some of the firmware they use is not their own and they are required not to share it.
What is firmware? Let's take a minute to define some terms we'll use throughout this explanation.
Terminology
A hardware wallet is a physical device that is used to create wallet addresses and sign transactions (some of them don't create the wallet address, but we'll get into that a little later).
There are three things required for a hardware wallet to function. They go in the following order.:
Hardware - physical device
Firmware - code
Software - code
In order for the hardware to work, there needs to be code that tells it what to do. The most fundamental kind of code that gives hardware instructions is called firmware. It is required for the device to function and is not regularly changed or updated. Firmware is often one part of a device's operating system (OS), but sometimes it's the entire OS. We'll explain why a little later.
Have you ever bought a computer that didn't have an OS already installed? You still need to be able to turn it on and run the program that would install the OS, and the firmware is the code that allows you to do that.
Other parts of an OS are the software which describes the codes that allows programs to work. When we use a computer or other electronic device, we typically are interacting with the software, such as Microsoft Office or Discord. The firmware is running in the background.
Security
The more complex a device is, the more software it needs. Firmware provides really basic instructions, so if you want to be able to use multiple blockchains or view your NFTs on your device, that requires software. The more software something has, the more chances for it to be hacked. Code is complicated, and it just takes one mistake to put the device's security at risk. The more code there is, the more mistakes there could be.
Code also needs to be updated. Imagine you have a bunch of software on your device and someone realizes there is a vulnerability—an error in the code. The code needs to be updated to fix the error.
Some people argue that firmware should not be able to be updated. For hardware wallets, the firmware is (most often) what generates the private key to your wallet. Some people say it's not supposed to be able to do anything else other than tell you what the private and public keys are. It shouldn't be able to connect to the internet or send or receive information.
In order for any software (firmware included) to be updated, it needs to be able to connect to the internet, or at least connect to an outside source that holds the new code. If firmware can be updated, that means that someone with bad intentions could potentially push an update through that makes it possible for them to get your private key. But imagine the firmware was originally sent out with a vulnerability. If someone figures out the vulnerability and wants to fix it, they need to be able to update the firmware.
To solve this problem, some hardware wallets use another layer of security called a secure chip (SC). This is a computer chip that is meant to be secure both physically and from digital attacks. (You may have heard the term "secure enclave" recently, and most often this is referring to firmware that exists only on a secure chip)
Of course, if someone gets your hardware wallet, there are ways they could hack into it without knowing your password. It takes skill, but there are ways to "brute force" your way into someone's tech. Secure chips are meant to protect against these physical attacks.
Encryption is used to protect against digital attacks, but some code and information needs to not be encrypted in order to use applications and receive updates.
Recap
Okay so that's a lot of info already. Let's recap.
A hardware wallet requires at least two things: the physical device and firmware. Software for applications is optional (though common).
There are two types of security we need to be concerned about, generally: physical and digital.
Physical security means that someone could get the actual device and break into it to get access to your wallet.
Digital security is if someone does not have physical access to your device so is trying to hack it through software (and/or firmware).
If a device uses encryption, it adds another layer of security because even if someone gains physical or digital access to your device, they still need to know how to decrypt the information. Usually, it is your private keys that are encrypted.
Encryption
It is important to know that even if your private keys are encrypted, if someone gains access to your device they may not need to know the private keys, as long as they can force signatures through.
When you perform a transaction, you sign the approval on your device. The transaction doesn't know your private key, so if someone can force the approval, they don't need to decrypt your private key.
Best practices
Now that you have a sense of what goes in to a hardware wallet, we can talk about how to best organize it.
Ideally, you want hardware that can't be compromised physically, and you want software that is open-source and has encryption built in. You also want to make sure that the private key never has the possibility of leaving your device or being accessed by the internet or malicious software.
So far, most companies have to leave out one of these things to make it work. For instance, most secure chips are closed-source by nature so we don't actually know what code is used or how it works.
One way to achieve all of these things without compromising security could be to have a hardware wallet that:
uses an encrypted program to randomly generate the wallet address
encrypts the wallet address and breaks it into three parts
stores one part in a secure chip, one under password protection and the third only unlocks if the other two are successfully unlocked (meaning the physical device has been unlocked and the password unlocked the second part)
decrypts the three pieces together with a different password
makes sure the chip can't access the internet and is run by firmware that can't be updated
limit the amount of attempts to access the device before it is automatically reset
open-source the code
This way, the device can only be used if someone has access to the physical device, the software via password, and the decryption via another password. That means a hacker would need to hack three separate things, and the chances of that happening in a limited amount of attempts are slim (though not impossible).
This isn't perfect, but it would allow the code to be open-source while keeping your wallet as secure as possible.
Let me know what you think, and if you can think of any other ways this might work better!
Hope you all enjoyed Theodore’s article, and all links to his work are at the beginning
Thanks for making it this far! If you enjoyed it, hit like, subscribe, and share, so more people can find us!