Testing Recovery of a Hierarchical Deterministic (HD) Hardware Cryptocurrency Wallet
Measure Twice, Cut Once
There’s an old saying: “measure twice, cut once”. This pearl of wisdom reminds us that it’s usually best to plan ahead, as a means of minimizing disappointment later on down the road. We can apply this proverb to the topic of testing any kind of recovery procedure that you may need to subsequently do. For example, if you use file backup software (e.g. Carbonite, Apple’s Time Machine, etc) to safeguard your family photos, it’s a smart idea to test the recovery procedure to ensure that you can successfully restore your precious and irreplaceable photos.
Put all your eggs in one basket? I think not!
The type of future disappointment I’m trying to avert is losing access to my cryptocurrency because I didn’t adequately understand or appreciate the importance of controlling the underlying public/private keys. The common cryptoism (did I just create a new word?) is that if you don’t have control of the underlying keys, then you don’t really “own” your cryptocurrency. I currently have accounts on two of the popular online centralized crypto exchanges, and I’ve also read about a recent hack of a prominent online exchange. There’s no shortage of discussion (both pro and con) about the risks involved in keeping relatively large amounts of crypto on centralized web-based exchanges. What if the exchange gets hacked, or what if it becomes insolvent? It could be bye, bye crypto.
Using a hardware wallet is one of the best ways to secure your crypto investment as it puts you in greater control. Sure, you may still need to maintain a crypto balance on one or more online exchanges, especially if day trading, swing trading, or arbitrage is your thing. But keeping large balances online increases the counter-party risk you assume. You could minimize that risk by diversifying on to additional exchanges, say four exchanges total, but then it becomes more of a management headache.
The goal of this article is to stress the importance of copying down and protecting the seed for your HD wallet and the importance of going through the recovery process of reinstating your HD wallet early on, so that you can be confident that your seed is valid. I’ll be specifically discussing wallet recovery using the Ledger Nano S hardware wallet, but the soundness of testing out wallet recovery is applicable to any HD wallet.
Hierarchical Deterministic (HD) Hardware Wallets
Being new to the world of cryptocurrency I decided to purchase a hardware wallet. After reading a few reviews, including a nice one by @repholder right here on Steemit, I decided on the Ledger Nano S hardware wallet. It currently supports Bitcoin (BTC), Ethereum Classic (ETC) and Ethereum Core (ETH). The Nano S supports Bitcoin cryptocurrency through a BIP39/BIP44 Hierarchical Deterministic (HD) wallet.
From Bitcoinwiki: “A deterministic wallet is a system of deriving keys from a single starting point known as a seed. The seed allows a user to easily back up and restore a wallet without needing any other information and can in some cases allow the creation of public addresses without the knowledge of the private key."
Note that you’ll frequently see the seed referred to as the passphrase or the recovery phase.
Deep-dive on HD Hardware Wallets
Disclaimer: I don’t pretend to be anywhere near an expert on HD hardware wallets and the technologies behind them, so I won’t be doing a deep-dive. Rather, I’ll stay in the shallow end of the pool. For more details about HD wallets, take a look at the BIP32, BIP39, and BIP44 Bitcoin Improvement Proposals. I’ll also not be showing a plethora of Nano S device screenshots, as it appears there are plenty of them out there in the various online reviews.
BIP-0032 (aka BIP32):
This BIP describes hierarchical deterministic wallets (or "HD Wallets"): wallets which can be shared partially or entirely with different systems, each with or without the ability to spend coins.
BIP-0039 (aka BIP39):
This BIP describes the implementation of a mnemonic code or mnemonic sentence -- a group of easy to remember words -- for the generation of deterministic wallets.
BIP-0044 (aka BIP44):
This BIP defines a logical hierarchy for deterministic wallets based on an algorithm described in BIP-0032 and purpose scheme described in BIP-0043.
Wallet Recovery
In an HD wallet, the seed is initially used to algorithmically derive all associated accounts and private keys. Further, if your HD wallet becomes corrupted or otherwise unrecoverable, you will be in good shape if you correctly wrote down your seed. Knowing the seed allows you to completely reconstitute your HD wallet at any time. An HD wallet starts with a single private key from which all future keys can be calculated.
More About the Seed
The Ledger Nano S defaults to a 24-word seed, where each of the 24 words comes from a 2048-word dictionary specified in BIP39. When you plug your Nano S into a USB port and configure it for the first time, you start by specifying a 4-digit PIN code, after which you are prompted to write down and safe-keep an auto-generated sequence of 24 words that are randomly selected from the BIP39 word dictionary. Here’s an illustrative example of a 24-word seed:
gravity machine north sort system female filter attitude volume fold club stay feature office ecology stable narrow fog ozone drill grab fiber curtain grace
So before sending any appreciable amount of Bitcoin to a newly created account on my Nano S hardware wallet, I wanted to ensure that I correctly copied down the 24-word seed. You’d be surprised how you can second-guess yourself, even after very methodically copying down the sequence of 24 words. This is somewhat hindered, IMHO, by the fact that the Ledger-provided recovery sheet insert on which you may choose to copy down the 24 words is arranged in a left-to-right fashion.
Obviously, you don’t need to use Ledger’s recovery sheet which is simply included as a convenience. Instead you can:
▪ write the seed down on any piece of paper,
▪ save it in a file,
▪ get it laminated,
▪ etch it in stone,
▪ or get it tattooed on your forehead (probably not the best idea ;-).
But correctly recording the seed (and in the correct word sequence) and safe-keeping it from prying eyes is of utmost importance in protecting the crypto accounts you create with your HD hardware wallet. The Nano S device and the Ledger wallet apps provide no access to the private keys. Instead, they are encrypted and kept securely locked down within the smart-card inside the Ledger Nano S device. Ledger claims it would be extremely difficult to hack into the smart-card and reverse-engineer the private keys. Further, the use of a three-strikes policy with respect to the device’s PIN code ensures that the Nano S device will immediately be wiped clean after 3 failed attempts at entering the PIN code. This is a good security feature and it also emphasizes how important it is for you to remember your 24-word seed. I’m thinking of a scenario where after a few too many brewskis, you decide to purchase some Bitcoin, flub your PIN entry three times which wipes your Nano S, and then you can’t find or remember your seed.
Initial Configuration of the Ledger Nano S Hardware Wallet
After initial configuration of my PIN code and securing my seed, I installed both the Ledger Bitcoin wallet app and the Ledger Ethereum wallet app which are Chrome browser apps. After connecting the Nano S to a USB port, you can select the BTC wallet by simultaneously pressing both of the device’s buttons and then launching the BTC wallet app. I proceeded to create two BTC accounts via the Ledger BTC Wallet app. To start out, I transferred a very small amount of Bitcoin (e.g. $0.07 USD) to each BTC account from one of my online Bitcoin exchange accounts.
Validating the Recovery Procedure
Ok, so now my Nano S hardware wallet is setup and working. The following steps outline what I then did to validate my 24-word seed. I wanted to be absolutely certain that I understood the steps involved in HD wallet recovery, should I ever need to. For example, what if I lost my Nano S device, or if Ledger went out of business in the future (let’s hope not!)?
- Cut-n-paste or write down the account balance and the public key for each Ledger BTC wallet account you created. You can find the public key for a given account by hitting the associated RECEIVE action button in the Ledger BTC Wallet app. It will be listed as the BITCOIN ADDRESS OF THE RECIPIENT. Note that Ledger generates a fresh public key after each account transaction.
- Plug your Nano S device into a USB port and proceed to enter your 4-digit PIN code incorrectly three times in a row. This will cause the device to be completely reset. The Nano S display will say: “Your device has been reset (3 wrong PIN). To restore your device configuration, use your confidential recovery sheet. To get assistance, contact Ledger support.”
- Now plug in the newly wiped Nano S device via a USB port:
You're prompted with: “Welcome Press both buttons to begin”
- “Configure as new device?” Press the left button to select the X, meaning you do not want to configure the Nano S as a new device, but rather you wish to restore your previous configuration using your existing 24-word seed that you copied down earlier during the initial Nano S setup procedure.
- “Restore configuration?” Press the right button to select the check mark which confirms your intention to restore your Nano S from your existing seed.
- “1. Choose your PIN code” Press both buttons, then enter your 4-digit PIN code. I used the same PIN code as during initial device setup.
- “2. Confirm your PIN code” Press both buttons, then re-enter your 4-digit PIN code as confirmation.
Now that you have entered your PIN code, the fun part is next. Entering a 24-word phrase on a physical device with only two buttons is a bit challenging, but it’s really not that bad. Ledger uses an approach whereby it steps you through all 24 words, asking you to use the two buttons to scroll through the alphabet and select the first letter of each of the 24 seed words. For each word, you then select additional letters until narrowing down to a small set of possible word choices from the BIP39 dictionary. At that point, you can stop entering the remaining letters for a given word and just scroll through the short list of words to select the proper word.
- “3. Enter your recovery phrase” Press both buttons to confirm.
- “Select the number of words to restore” I specified 24 words.
- “Enter first letter of word #1” Use buttons to select the letters of recovery word #1.
- “Next, enter letters of word #2” The device attempts to help by guessing the word.
- “Select word #2” Press both buttons to select recovery word #2.
- … continue with entering all 24 recovery words (yes, it’s a bit painful and takes about 5 minutes and lots of button pushes ;-)
Finally, after entering all 24 recovery words, you’ll hopefully see the following success message on the Nano S display: "Configuration … Your device is now ready”
- Press both buttons to acknowledge that configuration is complete.
- Then press both buttons again to select your Bitcoin wallet. The display will say: “Use wallet to view accounts”, which is requesting you to open the Chrome browser Ledger BTC Wallet app.
- When the BTC wallet app launches, you should see your account(s) that you previously created, each with the correct balance and public key.
You have now successfully restored your existing HD wallet and all of its accounts from scratch. Hopefully, you should now feel more confident in sending larger amounts of Bitcoin and/or Ether to your Ledger Nano S wallet accounts.
In closing …
I’d like to hear any suggestions for how to best safeguard the seed. Some thoughts are storing it in a physical safe, and definitely in more than one physical location. Geographic redundancy is your friend in this regard! One of my concerns is that someone who is crypto-savvy would most likely know what the 24-word seed was if they stumbled upon it and might quickly use it to drain your crypto accounts. Again, I’m new to both Steemit and crypto, so feel free to point out any inconsistencies or clarifications. Thanks!!!
Great article.
Well, thanks for the compliment @dantethegreat. This post didn't meet with much financial success, but if it helps even one person to think a little harder about crypto security then I'm good with it!
A backup system is really of no good until you've proven that it works!
I couldn't agree with you more. Thank you for the effort you put into the post.
It's very helpful to me right now, so thanks for writing this out. Many people just plug and play (well, "many" is not that many right now in the cryptoverse). I think only few think things through.
You can laminate your seed key and put it into a safe. Or hide it - I won't say where in case someone reads this and knows me :)
This is an amazing article. My wife and I are scraping our jaws up off the floor on how exhaustive and informative this thing is. We're both entertained and would like to subscribe to your newsletter.
One question though - I have a very high forehead. Do you still think it might be a bad idea to put my 24-word seed on it? I mean there's only so small a font you can use before tattoo ink becomes unreadable.
Thanks!! I don't have a newsletter but, if I did, I would certainly let you subscribe. You can proceed with the seed tattoo, just remember to cover it up with a hat or bandana when you go out in public. Those crypto kleptos are everywhere ;-)
I should note that there is an alternative way to perform public/private key recovery using your 24-word seed. I haven’t tried it yet, but it makes use of an offline version of the BIP39 Mnemonic Code Converter. This converter allows you to recover the associated keys for your HD wallet and then you could move them to another HD or non-HD wallet. Ledger has the procedure documented here: How to restore my bitcoins without a Ledger Wallet?
You can also attach a 25th word to a second pincode. You can also recover that account. I just wonder if that would be possible without a device. The normal account is handled according to a standard. You could recover it without a device. Could you do that with a 25th word account? Or is that proprietary?
This was a very well-written guide! I wanted to test my Nano S recovery and this was perfect - surprised you didn't get more of a response! Thanks for posting.