Hardware- vs. Software- vs Online-Wallet, a Short Introduction

in #crypto4 years ago


In my recent review of the hardware wallet Digital Bitbox I was asked a question that prompted me to write this pretty long answer. Since I think this could be interesting to more people I repost this answer as a full post. Maybe I will post more stuff in this direction in the future:

Online Wallet

So, I assume you know online wallets. If you have your money in one of those (like e.g. your steemit account), then all the secret data concerning your money is stored on some server somewhere on the internet. There are several risks with that:

  • Someone could steal your password and thus gain access to your money. In a browser situation, this will most likely happen through a phishing-mail, cross-site-scripting or some nasty malware on your computer.
  • The server itself could get hacked, independently of your account. In that case potentially everyone that uses this specific service would loose their money.
  • The owner of the server could be dishonest and simply take away all your money. (This is mainly a concern with services that are not very well established yet)

Software Wallet

Then there are the software wallets. There, all the secret data concerning your money is stored on your computer. And only on your computer, unless you make some kind of backup. This is good because this way there's no server that could be hacked, and also no online login-data that could be stolen. But it brings other problems. Most notably there's the problem that you can never really be certain that your computer is not infected with some sort of malware. If this malware is clever enough, it can quite easily steal your money. In the end, it's not that much safer than a good online wallet.

Hardware Wallet

Then there are hardware wallets, like the Digital Bitbox. With those, all the secrets of your wallet are on the physical device. And they never leave the device. There is actually no way someone could steal the secret data from the device, except they steal the physical device and use some VERY sophisticated techniques to extract the data from the hardware directly. There are usually guards against that in place. Ok, so stealing the secret data is no longer an issue. But malware on your computer could still simply USE the Digital Bitbox once it is plugged into your computer to make payments without your knowledge. That's why there is a touch button on the device. No payment is made unless a human touches this button for at least 3 seconds. Until your computer can grow a real finger, this is a pretty big increase of security ;)

Sending money without being online

So to answer your question more specifically: As long as the Bitbox is not plugged into a computer, it is completely offline. Nothing can happen to your money, except that the Bitbox is lost or stolen. In this state, you can receive money, so you don't need to have the device plugged in to receive money.

To send money, you need to plug the Bitbox into a computer, and the computer needs to be connected to the internet. So you can not make payments when you are completely off the grid. You need at least your computer, the Digital Bitbox application, and a working internet connection.

You might also be interested in reading this. It goes much more into detail and also presents some other hardware wallet systems.