In this part of the guide, we're going to look at the existing security measures present in cryptocurrency wallet solutions. We'll look at some specific products as examples, but this is intended to be a generalized overview of the types of wallets rather than specific implementations that may break the mould.
If you missed part 1 of the guide that discusses how privacy, security, and trust apply to the cryptocurrency world, check it out here.
The final part will detail the steps for creating a wallet that surpasses current options in terms of both cost and security, so follow me if you haven't already and keep an eye out for it! UPDATE: part 3 is out and can be found here
First, lets get clarify some terms I'll be using:
- Wallet & address - the address refers to the public key portion of the cryptographic key-pair referenced by the blockchain, wallets are address managers that keep track of public/private keys.
- Cold storage - cold storage refers to a wallet that is never connected to an online system. Generally, funds are placed into cold storage and not removed for long periods of time (for security reasons).
- Hot wallet - hot wallets are the opposite of cold storage. They are stored on online devices are should be used for "fast & loose" transactions, not secure storage.
- Air-gapped - systems that are physically separated from any network that is linked to the internet are considered "air-gapped". For security, all devices used on air-gapped systems should be limited to that system's offline network. That means no sticking USB drives that were previously in your online computer into your offline systems, and it's not recommended to use devices that were once on your offline network on your online one since exploits can originate at a pre-user stage.
- Hardware wallet - hardware wallets are physical devices that manage addresses with the use of software.
- Paper wallet - paper wallets are physical storage of address information such as private keys.
- Software wallet - software wallets exist on online systems connected to the internet.
I'll be using the Ledgeron Nano S as my example for hardware wallets since it's one of the most popular. The TREZOR works in slightly different ways, but both have the same advantages and disadvantages I'll be going over.
The LNS utilizes multi-factor authentication, namely knowledge and possession factors. It requires that you know the 4 to 8 digit PIN, and that you have the LNS itself in order to sign transactions. The device is further hardened from software alteration or key sniffing by using secure elements that support attestation, a clever way of solving the "compile it from source yourself" barrier. Overall, this is a very secure and easy to use solution. Unfortunately, the convenience comes at a price, and the demand has created a backlog of orders.
One problem I do have with hardware wallets is that they do not provide a robust method of storing the backup seed (generally a phrase of 24 random words that follow the BIP39 standard). If you lose control of this seed, you are completely compromised. Thus, the seed is critical to keep safe and secure, kind of like your private key... Now we're back at square one, you still need an air-gapped, encrypted system or physically secure location to store your sensitive data. Hardware wallets are just convenience items that still rely on conventional security practices.
You may think the solution to this problem is to not keep the backup seed. This is a terrible idea. Hardware wallets will degrade and eventually break or be lost/stolen. Additionally, there are security features in many of them that will completely wipe all the private keys if the PIN is entered incorrectly a small number of times.
In summary, hardware wallets are great at making wallets easily accessible while maintaining the security that is already in place. That means they are malware and end-user resistant (nothing is exploit-proof), but are only as secure as the seed which is left up to the user to manage. Ultimately, I would highly recommend them for 99% of use cases since storing the seed should be doable with very low risk. The only problem I have with them is that you are really just paying for convenience, not added security. Since inconvenience is one of the largest reasons that end-users fail to practice good security, I find the price justifiable for the average user. However, the price itself is an inconvenience that will not be attractive to many people (myself included), so for those who are willing to put in a small amount of effort, stay tuned for the third part of this guide.
Paper wallets, at their worst, are a QR code image of the plaintext private key to an address. It's not human readable, but I don't personally have the ability to memorize an entire hex encoded private key at a glance either, so this is not an added security. Since you have to actually dig out the wallet in order to sign transactions, they are less secure than hardware wallets because they can't remain in their secure location.
Additionally, paper wallets only cover the possession factor unless additional measures are taken to add a knowledge requirement. You could have a "paper" usb key with the keystore file paired with a memorized password to decrypt the wallet, but you're still in need of an air-gapped system to actually input any of this information on if you don't want it to be intercepted. They are susceptible to theft/loss and degradation, and the methods to account for this like lamination, metal engraving, and secure storage all entail some level of risk and/or cost. Additionally, the actual printing of a paper wallet is not 100% secure. Printers have memory and are often connected to networks that can be insecure and allow unwanted interception.
In summary, paper wallets - when created in a secure manner - can be effectively used as cold storage up until a transaction needs to be signed from the address. At this point, careful handling of the wallet and a secure system is required if the wallet is to be used afterwards. In my opinion, the overhead of properly creating and storing paper wallets justifies the cost of picking up a hardware wallet since that removes the need for a secure system and the risk of actually using the wallet is mitigated. I would only recommend paper wallets as a temporary solution to cold storage.
Software wallets like Jaxx have a wide range of security levels. Some use rigorous multi-factor authentication to allow access while others only require that you hit 'run'. MetaMask at least requires that you enter your password to access the wallet. Still, software wallets are completely dependent on the security of the platform they exist on, and my opinion is that very, very few people have an appropriate level of security on their computers. The recent compromise of Jaxx, and the official response to not fix it, are good examples of just how easy it can be to exploit a wallet if the system is compromised.
The major issue with software wallets is that there is some exploit for every security measure. Passwords can be keylogged or sniffed from the clipboard, keystore files can be copied or corrupted, SMS verification can be attacked with SIM swapping, etc. Backup seeds still need to be securely stored and generated offline, so an air-gapped system should be used. In the end, there is no truly secure software-only approach. Aside from features and usability, software wallets are rarely better than simple password managers.
Password managers like KeePass, LastPass, 1Password, etc. are an extremely valuable piece of security that you should be using. However, passwords are very different from private keys. Generally, you can recover from a compromised password, and even if the account is lost it is unlikely that permanent, irreversible damage was caused. If losing passwords were this big of a deal, security would not be an afterthought to many people these days and everything would use 3 or 4 level MFA.
Blockchain is different. There is no
aggro transaction reset. There is no authority to help you get your funds back, no 'undo' button. This means password managers are completely out of the question in terms of having a highly secure wallet.
In this post, we've gone over the requirements for a secure wallet solution such as offline generation and storage, multi-factor authentication, and redundancy. We've also looked at how hardware, paper, and software wallets differ and the trade-offs associated with using them.
In the final part of this guide, we will address the issues of cost and seed phrase security in hardware wallets and follow a step-by-step guide for creating a cheap, usable, and extremely secure wallet for all your cryptocurrency needs.