Hardware Cryptocurrency Wallets

This is my current plan for a new hardware wallet section. We should flesh out what we want to see the criteria for our recommendations looking like:

Recommended Brands

Recommendations

Would be split up based on budget and use-case:

• For General Use:

  • Trezor Safe 5
  • Ledger Nano Gen5 (when it is released)

• For iOS Users:

  • Ledger Flex
  • Trezor Safe 7 (when it is released)

• Budget Options:

  • Trezor Safe 3
  • Ledger Nano S Plus

• Backup Solutions:

  • Ledger Recovery Key (not Ledger Recover, which we will note on this page) - To my knowledge this is the only decent PIN-protected recovery option, because it is essentially its own CC EAL6+ hardware wallet. However, it can only be used to set up new Ledger devices, it still can’t be used to recover access to the seed phrase itself.

Criteria

• Uses a CC EAL6+ Secure Element
• Supports Monero
• ?

Very cool idea indeed!

Being quite a neophyte on that topic, is it possible to also include more “hardcore” products like those?

Looks badass but I am not fully sure to understand the point nor the why of them. And most importantly, if it’s even worth considering.

These backup products I am not really sure how to evaluate, or where they make sense to use. I’m interested to know what others think. With an unprotected seed phrase I would be most concerned about theft or loss.

It’s commonly said that backing up your seed phrase is critical, which might be true, but you need to store it in multiple physical locations and those locations need to be safe from unauthorized access and accidental lost. This is actually quite difficult to achieve.

Honestly, I would probably purchase multiple hardware wallets,^[1] set them up with identical seed phrases initially, and then not store a seed phrase long-term at all. That prevents you from ever setting up a new identical device, but if one of those hardware wallets dies or is lost/stolen, then I’d buy a replacement, set it up with a brand new seed phrase, and transfer all the cryptocurrency over from the old one to the new one. Once everything is transferred I’d reset the old hardware wallet I still possess to factory settings, set it up again with the same new seed phrase, and then discard that new seed phrase instead of storing it long-term just like before.

I’d feel better in this case only having things stored in a PIN-protected secure element, but not being able to restore an identical wallet can have its downsides. Again interested to know what other people would do in this case.

1. I would want three of them, but one of them could be a cheap Ledger Recovery Key. For example, buying a Ledger Flex for everyday use, a Trezor Safe 3 as a backup, and the Ledger Recovery Key that is included with the Ledger Flex device = $330. Alternatively, a Trezor Safe 5, a Trezor Safe 3, and a Ledger Nano S Plus = $310. ↩︎

Oh okay, it’s mostly for seeds? Again, didn’t looked too deep into that topic yet but it looks quite irrelevant to the initial recommendations indeed.
Feel free to totally ignore my previous message then.
edit: it looks like it’s more to replace something like Cake Wallet I suppose.

PS: oooh, that inline footnote from Discourse looks very interesting and keeps things clean. Need to try that one.

I’ve thought about seed and password backups before, but it’s hard to find a balance between never losing access yourself and never allowing unauthorized access. Ideally, backups would be protected against both physical theft/loss and spontaneous memory loss.

You could duplicate your wallets across multiple devices, as you mentioned, but if somebody steals one of your hardware wallets and it’s not password-protected, then it’s game over. If you add a password to your hardware wallet, then we’re back to the question of how to securely store that. It’s hard to remember infrequently-used passwords.

You could use multisig wallets, but most cryptocurrencies don’t natively support them, and they aren’t useful for backing up passwords, so it depends on your needs. You could still lose access to a multisig wallet, but it is more robust against loss/theft.

You could instead use an algorithm like Shamir’s secret sharing (SSS), which also allows you to store arbitrary data (such as a backup of your password manager’s master password), but requres running software to recreate the encrypted data.

One of my favorite ideas is to leverage the one-time pad (OTP), which is the only 100% cryptographically secure encryption technique (as far as I know) and is also easy to do by hand. This allows you to recreate arbitrary secrets without relying on software (as you would with SSS or other techniques). You just need a source of entropy to produce randomized characters, which can also be done by hand (be careful to do it properly). You could then duplicate the secret key and ciphertext and store them in various locations.

However, wallet duplication, multisig wallets, SSS, and OTP all require you to store things in multiple physical locations, which adds more complexity than most people would be happy with. Although for SSS and OTP, some of the shares/copies could be stored in the cloud.

You could also use two dedicated password manager accounts with a provider that supports emergency access. One account can store your secret and be locked with a long, random password, while the other can have emergency access to the first. The second account’s password could be written down and stored without much care, since you would get a notification and have days or weeks to prevent the thief from gaining access to the secret(s) you’re protecting. If security and access are both of high importance to you, I personally think this is the easiest option for most people. It also means you only need to buy one hardware wallet. Do be wary of providers shutting down your account due to lack of use over longer periods of time - although you could duplicate this setup across multiple providers to protect against that, too. Also ensure you’re paying attention to the notifications, perhaps even forwarding them to multiple people to guarantee somebody you trust will be notified of the theft.

A post was merged into an existing topic: Ledger Flex, Stax, Nano S Plus (Hardware Wallets)

Entering it in a computer immediately defeats the purpose of a hardware wallet so this wouldn’t be advisable. It’s possible to do but not a very accessible solution, basically requiring an air-gapped PC with a verified one-time use OS for the initial setup.

That’s a good point. You could use an OTP and store one half in the password manager and one half offline with the account password. Either copy on its own would be useless.

Another factor I forgot to mention is recovery by loved ones. Anything that doesn’t involve all of the details being written down could end up being unrecoverable if you pass away unexpectedly.

You’d need to weigh whether the relatively extreme threat model that includes being hacked and robbed by the same entity is more likely than memory loss, unexpected death, carelessness by somebody you entrust a share to, etc.

I think most people would be better off doing something like this or using an exchange like Coinbase (with all available account security measures) rather than using memory as a core component of the backup. However, there is no perfect option that protects against all possible threats.

There is an implementation of SSS (Shamir Secret Sharing) that is speciallydesigned for seeds and hardware wallets.
Its called SLIP39 and is currently supported by Trezor and Keystone hardware wallets.
This allows for creating any backup scheme up to 16 different shares.

Indeed, although to avoid vendor lock-in we probably would want to discourage SLIP39 and recommend the standard BIP39.

If this hardware wallet recommendation is primarily for Monero, I believe BIP39 is also a vendor lock-in, because Monero doesn’t use the common BIP39 12-word or 24-word seed phrase. So in an emergency case where the hardware wallet is unexpectedly broken, lost, or stolen and the user wants to import/recover their Monero wallet temporarily with a hot wallet/software wallet on their computer or phone to move the funds, it isn’t possible to use the BIP39 seed phrase that Trezor or Ledger generates.

But there are workarounds. There are tools to convert BIP39 seed phrases to Monero seed phrases.

I personally find the Coinomi BIP39 Tool the most convenient and user-friendly one:
https://github.com/Coinomi/bip39-coinomi
https://coinomi.github.io/tools/bip39/

Other tools I found:
https://github.com/LedgerHQ/app-monero
https://github.com/trezor/trezor-firmware/issues/1078#issuecomment-6476478

I suggest include a warning or explanation of this issue and a guide on how to use those tools to avoid vendor lock-in.

Also, I think it would also be helpful to have section on:

• How to set up and back up a wallet properly. For example, always do a test transaction before sending the full fund to a new wallet, do a factory reset and recover your own wallet from the seed phrase and check if you access the same wallet you just created, to confirm everything’s done correctly. And basic but important things like never back up your seed phrase digitally.
• A basic explanation of what a wallet actually is. Many people have the misconception that their funds live inside the wallet, but the wallet is more like a signing device, more like a YubiKey, to grant access to the fund, and the important part is actually the seed phrase and private keys.
• A warning and explanation of passphrase wallets because it seems the number of people losing their funds due to misunderstanding and user errors is significant. For those who wondering while reading this comment, passphrase in this context doesn’t act like a password, but more like a coordinate to locate a specific wallet among trillions of empty wallets. If you enter a “wrong” passphrase, it will just lead you to an empty wallet, there will be no “wrong password” type of warning, and there won’t be a way to recover the wallet if you forget the passphrase.

That’s a good solution to avoid needing to run the software on insecure devices! However, I still think most people are going to run into trouble with multisig, SSS, or anything similar.

Here’s some of the major locations I could think to store wallets/shares in: at home, at parent’s house, at best friend’s house, in storage locker, in safety deposit box, in password manager, etc.

Hypothetical: Let’s say you have a 2-of-3 system with one share at home, one share with your parents who don’t really understand crypto or technology in general, and one share in your password manager. What do you do when your house is burgled, but when you go to retrieve the share with your parents, you find out they misplaced it?

Or what if your parents understand the share’s importance, but you come looking for it 10 years later? Will they still have it?

You could also have a falling out with your friend or your bank could drill and “misplace” the contents of your safety deposit box (there’s plenty of such stories online). I’m not saying it’s impossible to use a backup system like this, but I think people should carefully consider whether they will be able to keep up with the maintenance required. Will you know if your system is compromised before you get robbed or hacked and need the shares you stored elsewhere? You could add more redundancy with more shares, but then you need to manage even more complexity.

And if you have a password set on your hardware wallet, you would ideally have that backed up too, but how are you going to do that?

If you’re wealthy, you could pay the right people to handle most of these issues, but regular people often don’t have the time or energy. Your backup system needs to last decades, not months or years.

I think coldcard mk4 or there latest one fits pur community’s bill of privacy and security standards.

You should open a new Site Development > Tool Suggestions with more details if you think so.

Done

I understand where this is coming from but SLIP39 isn’t a vendor lock in.

• Its a fully open source standard (MIT licence) like BIP39, it can be implemented by everyone.
• Trezor is not the only hardware wallet supporting it, its also supported by Keystone as well as multiple software wallets (be aware of the generell security considerations of software wallets)

Funfact:
SLIP39 was created by the same people who created BIP39

If they really understand the importance they will have it until you say them that they no longer need it.

The problem is always that no place is 100% secure.
That is way its so good to have multiple shares from which no one is sufficient OR necessary for recovery by its own.
If you have a 2 out of 3 you could always lose one share and still recover your funds.
If you have a 3 out of 5 you could lose 2 shares and still recover.
The more shares the more work in creatign and distributing but also more security.

A couple of good resources for hardware wallets:

Athena Alpha has an overview. They are mostly bitcoin-focused.

Another wallet comparison can be found here: