Reasons to use a bitcoin hardware wallet
Given the different options to store your keys, Why choose a hardware wallet specifically?
As the value of your bitcoin increases, the importance of secure key storage also increases. One solution for this is a hardware wallet, a physical device that securely stores the keys to your bitcoin. However, there are other options for storing keys, such as software wallets, paper wallets, and brain wallets. Why choose a hardware wallet specifically?
1. Keep your keys offline
Hardware wallets allow you to generate and store the keys to your bitcoin offline, known as cold storage. This is different from hot wallets which are more vulnerable to remote attacks such as malware and SIM swap attacks, but still more secure than holding your keys on a software wallet or an exchange.
The seed that generates the keys to your bitcoin is generated within the device and cannot be exported digitally. The keys never leave the device. Even if a hardware wallet is connected to an infected computer, the keys will still be protected, often in a secure element. When you want to move your bitcoin, you authorize a transaction using wallet software, send it to the hardware wallet, sign it on the hardware wallet using your private keys, and then send it back to the internet-connected wallet software to be broadcasted to the bitcoin network.
2. Protect against physical attacks
If someone were to gain physical access to your hardware wallet, the unique features of hardware wallets could help to defend against attacks.
Secure Element
A secure element is a microprocessor that separates, keeps, and secures sensitive information. When used in a hardware wallet, it offers a superior level of protection against physical breaches compared to a mobile phone, desktop, or laptop. This makes it harder for the device to be compromised through fault attacks, side-channel attacks, and cold boot attacks. Some examples of wallets with a secure element are:
Access PINs
An access PIN helps ensure that only the owner can immediately access the key signing capability on the device. Usually, entering the incorrect PIN repeatedly results in a delay that increases with each mistake.
Some hardware wallets may undergo a factory reset or become permanently unusable if the number of incorrect PIN guesses exceeds the allowed limit.
Duress PINs
A duress PIN is a security feature designed to safeguard your bitcoin against a $5 wrench attack. It is a critical component of hardware wallets, with varying levels of robustness offered by different models. The Coldcard Mk4 hardware wallet, for instance, provides three options for duress PINs — unlocking a decoy wallet, destroying the seed upon entry, and activating a countdown to customizable “brick modes”. With these options available, you can feel secure in the knowledge that your primary bitcoin keys are protected in the event of a duress situation, if not completely inaccessible.
Some wallets offering support for Duress PINs:
Passphrase
Passphrase is an optional feature of some wallets that allow users to create hidden wallets. Passphrases serve as a function of second-factor protection of the recovery seed and are an ultimate protection against attacks involving physical access to the device or the recovery seed. Almost all the most important hardware wallets support BIP39 Passphrases.
Firmware verification
Firmware verification is a process for checking the authenticity of the software on a hardware wallet. It defends against counterfeit versions and supply-chain attacks by confirming that the device is using an original, unchanged version of the software.
3. Smaller attack surface
Storing your keys offline on a laptop or desktop can help protect them from physical attacks. But the general-purpose architecture of these devices presents a larger attack surface for skilled attackers, which means there are more ways for attackers to exploit software, firmware, and hardware to steal your private keys.
On the other hand, hardware wallets are specifically designed with specialized hardware that limits their functionality to specific tasks and reduces their connectivity to the internet and other devices. Even with a secure element to protect key data, some hardware wallets also restrict their physical connections with external devices, like air-gapped hardware wallets that primarily interact with other devices via microSD card. Many manufacturers also offer bitcoin-only firmware to further simplify functionality.
These are some wallets 100% air-gapped, which means they can sign transactions without connecting the device to a cellular network, wifi, Bluetooth, USB, or NFC.
Although hardware wallets may be less convenient and have limited functionality compared to general-purpose devices, this limited functionality also limits vulnerabilities. This also has the added benefit of reducing the risk of new vulnerabilities being discovered that manufacturers must patch with firmware updates or hardware revisions.
4. Generate your own entropy
Bitcoin wallets rely on randomness, known as entropy, to create their seed phrases, which are the master secrets that generate private keys. There are various ways to generate entropy, such as on-device random number generators, random text input, or using dice rolls.
Using dice rolls is considered an effective method for generating entropy, as it reduces the involvement of third parties in the process. Some hardware wallets, like Coldcard, BitBox02 or Keystone, have the option to enter dice rolls directly on the device to create a seed phrase.
While it’s possible to generate entropy on an air-gapped laptop, hardware wallets offer a convenient and secure way to do so.
5. Confirm addresses on-device
It is crucial to ensure the accuracy of the address when sending bitcoin, as transactions are irreversible. This is important for both sending bitcoin to others and sending it to a wallet controlled by the keys on your hardware wallet.
Software wallets can be vulnerable to malware that could replace a real address with an attacker’s address in the UI, making it difficult to verify its authenticity. There is also “clipper” malware, which switches the receiving address in your computer’s clipboard, and other attack vectors.
Hardware wallets reduce the risk of funds being sent to the wrong address by displaying it on a physical screen for verification before a transaction. As long as the device is secure, the offline keys stored on it confirm that the address belongs to the intended recipient. To ensure accuracy, it’s recommended to confirm the address through multiple sources.
6. Enhance your travel safety
Transporting small amounts of bitcoin can be done using a mobile phone or other less secure devices, but larger amounts require more consideration. Carrying keys on a laptop or mobile device is risky because these devices are often connected to the internet, have weaker physical protection, and have larger areas that can be targeted by attackers.
Hardware wallets are a good option for keeping one or more bitcoin keys with you while traveling. They provide convenience and security by eliminating the need to worry about insecure WiFi connections or USB ports, allowing for the use of duress features in case of physical attack, and providing better protection against loss, theft, or seizure. Plus, they still offer easy access when you need to spend your bitcoin.
More reasons
In this video Rodolfo Novak (NVK), founder of Coinkite, talks about hardware wallets and why they are needed.
Chose a Hardware Wallet
With so many hardware wallets on the market, it can be challenging to choose the right one for your needs. That’s where our Hardware Wallet Comparison TheBitcoinHole.com website comes in. You will find the most comprehensive and honest resource for comparing the features of the top hardware wallets.
Support Us
There are different ways to support our work:
Related Articles
If you enjoyed this article, you might get value out of these as well!
