Jump to content

What's all this hype around "hardware wallets"?


Zerping
 Share

Recommended Posts

Those are just glorified usb sticks. Aren't they? All they do is store your encrypted private key. So what the heck? Why are they even a thing?

Just put your private key into encrypted 7zip and copy to any usb drive. Voila, that's a hardware wallet.

EDIT: removed the word "nonsense" from the title, seems like that was a bit too harsh :)

Edited by Zerping
Link to comment
Share on other sites

33 minutes ago, Zerping said:

Those are just glorified usb sticks. Aren't they? All they do is store your encrypted private key. So what the heck? Why are they even a thing?

Just put your private key into encrypted 7zip and copy to any usb drive. Voila, that's a hardware wallet.

OMG no - it's a totally different thing.  You really have to do some research.  A child of 4 can pull a private key off a USB stick.

Link to comment
Share on other sites

4 minutes ago, XRP_FER_ME said:

OMG no - it's a totally different thing.  You really have to do some research.  A child of 4 can pull a private key off a USB stick.

you forgot to read: "encrypted 7zip"

that is AES 256 encryption

Edited by Zerping
Link to comment
Share on other sites

1 minute ago, XRP_FER_ME said:

Yes, sorry - make that a child of 9.

Wow can we have a serious conversation? Do you know what AES is?

"Fifty supercomputers that could check a billion billion (1018) AES keys per second (if such a device could ever be made) would, in theory, require about 3×1051 years to exhaust the 256-bit key space."

Link to comment
Share on other sites

3 minutes ago, Zerping said:

I did. But it still seems to me that the only relevant feature is that the private key is encrypted. What am i missing?

That the relevant operations take place outside of your general computing platform. If you do this stuff using 7zip, your key will land in your RAM sooner or later - next to your browser, your resident malware and whatnot. If you use dedicated hardware, only your transaction (which will be public a few seconds later anyways) is going to end up in RAM.

Link to comment
Share on other sites

Just now, Zerping said:

Wow can we have a serious conversation? Do you know what AES is?

"Fifty supercomputers that could check a billion billion (1018) AES keys per second (if such a device could ever be made) would, in theory, require about 3×1051 years to exhaust the 256-bit key space."

You know what - I think you just want to be right.  So go ahead and put your private key on

a USB stick.  Best wishes for a Happy New Year.

Link to comment
Share on other sites

1 minute ago, Sukrim said:

That the relevant operations take place outside of your general computing platform. If you do this stuff using 7zip, your key will land in your RAM sooner or later - next to your browser, your resident malware and whatnot. If you use dedicated hardware, only your transaction (which will be public a few seconds later anyways) is going to end up in RAM.

Oooh so the key never leaves the HW wallet device? So can you recommend one that does not need to be connected to a PC to do transactions?

Link to comment
Share on other sites

Nevermind, i misunderstood. So, it needs to be still connected because it can't send the transaction by itself?

And the signing of the transaction is done on the HW wallet device, right?

Edited by Zerping
Link to comment
Share on other sites

The downside of simply encrypting your private key and putting in on a USB key is that you have to clean up the unencrypted files securely anytime you decrypt the key to use or import it. Deleting files doesn’t do this and operating systems and applications often use temporary files that can leave your key exposed.

And what about the system you access it from. If there’s any malware on the system your key can be compromised.

It also means you’re probably using a software wallet. You then have to trust that wallet will properly protect your key when not in use. Regardless at some point it will be unencrypted in memory or possibly left on disk.

A hardware wallet never leaks your private key from the device and all signing of transactions takes place on the device so even if your system is compromised, your key remains safe.

Hardware wallets are the most secure option available and are worth the cost. It all comes down to how much security you want and how much you trust the integrity of your system. If you plan to invest more in crypto than the cost of a hardware wallet then get a hardware wallet.

Link to comment
Share on other sites

I think encrypting your private key with a trusted (online) encryption application like 7zip, keepass or lastpass is secure enough. But you have to take into account that the developer/publisher can read it's content if they want to. There is no way to be sure that an application written by another then yourself is secure. Same applies to hardware devices where there is allways some software needed to read it.

Writing down you secret key on a paper is also considered secure, if you store it safely.

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.