MultiversX Tracker is Live!

How a hardware wallet works

All Cryptocurrencies

by COINS NEWS 99 Views

How a hardware wallet works

Due to the drama a lot of people are coming out of the wood works spouting off wrong info on how hardware wallets work on it's fundamental level.

How it SHOULD work no matter the type:

Transactions are signed within the device itself through what’s called a crypto bridge, a simple piece of software that facilitates a hardware wallet’s connection to the blockchain.

  1. When a user connects their hardware wallet to a PC or a QR code/SD card for air gap, the crypto bridge transfers unsigned transaction data to the device.
  2. Then the hardware wallet signed it in inside itself.
  3. Lastly, the signed data is sent back.

This making it where your private keys are never exposed to the internet.

Single chain vs multi-chain wallet:

So I seen some argument about single chain wallets are better than multi-chain because they don't come with the security vulnerabilities like a multi-chain.

The TLDR, this is BS on the front of it. The only reason why it can be true is with a single chain if someone steals the seed, they will only have access to the 1 type of crypto. Where with multi-chain they can access a bunch of types.

Think of it like you having 1 key for your house vs having a separate key for every door of your house. In theory a key per door is safer. But it is far far far far more unrealistic and far less friendly. It is extremely unlikely someone will even get access to your seed if properly kept anyways. All the other things like social engineering is the same risk level.

A multi-chain wallet uses a mater private key to make all the other private keys. The master key is generated from a seed phrase that you create when you set up your wallet. The interesting thing is the seed phrase you get only refers to the master key, and all the crypto wallets it makes will have a different seed phrase. Like if you use your multi-chain wallet seed phrase on a single chain even if the multi-chain supported it. It's EXTREMELY likely it will generate a new wallet.

A single chain only deals with 1 chain and 1 private key.

Now this isn't a perfect system. In theory it is possible for someone to guess or just by luck get the private keys you have when they generate their private keys. But the likely is EXTREMELY low. The number of possible private keys is so large that it’s virtually impossible for two people to generate the same one. For example, Bitcoin uses 256-bit private keys, which means there are 2^256 possible keys. That’s roughly equivalent to the number of atoms in the observable universe.

Security

The point of a hardware wallet is you need to have the device in hand in order to do anything with your crypto. Now that problem is, can a firmware or the right push make it possible for the hardware wallet to expose your master key in any way?

A good diagram on this comes from

https://twitter.com/hosseeb/status/1658740448947765250

https://preview.redd.it/9wu4mxirx93b1.png?1346&format=png&auto=webp&v=enabled&s=3ee597b2f04f071595e77ac9126641bea58be792

In this you can see the following happens.

  1. The computer, QR code, whatever sends the unsigned data as we mention before.
  2. The data is signed inside of the device/hardware wallet.
  3. The signed data is sent.

This is clean, easy, and no data is lost. The private keys is kept locally.

Note at the bottom firmware updates can't change the SE code. Not all devices have this, and this is why having a good community around open source projects is great. But there is many hardware wallets that have this.

But when you have hardware wallets with bad firmware or they aren't really that secure

https://preview.redd.it/0fl1aoryy93b1.png?1348&format=png&auto=webp&v=enabled&s=c603780ec3df71ec0d5d369a7703b2a792de8541

As you can see there could be code that pushes for the device to send whatever info.

So it's not only important to have a hardware wallet, and to have it opensource. But understand the hardware part of the hardware wallet. Like if this is even technically possible. It is also important to make sure the open source community is active or at least tools like AI are scanning the code to make sure nothing bad is in the updates.

EDIT:

I forgot to add 1 key detail. Air gap wallets use QR codes to get the data and send it. Some might see that and think they are safe from getting the master key exported. The problem is, you have no idea what the QR code is saying just from looking at it.

In theory you if the app knew what to look for in the QR code, knew what to send, and the device had bad firmware on it. Then in theory you can trick the device to sending the private keys.

This is given it doesn't have security which prevents a given chip with the keys from being updated so it can't export your keys.

Air gap only really protects from a man in the middle attack. For example something between the metamask and the hardware wallet changing the info midway. This is extremely rare, and I'm sure most can think of ways to get a virus to hide say metamask QR code and displays a hackers QR code. But again, that would be extremely rare and extremely complicated.

The one advantage it does have over other types is during the firmware process the hardware wallet can't send out the keys because it is air gapped, and it makes a man in the middle attack on the firmware almost impossible.

submitted by /u/crua9
[link] [comments]

Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.



Comments