MultiversX Tracker is Live!

How secure are the private keys on a hardware wallet?

Bitcoin Stack Exchange

Bitcoin News / Bitcoin Stack Exchange 199 Views

How secure are the private keys on a hardware wallet? - Bitcoin Stack Exchange

Bitcoin Stack Exchange is a question and answer site for Bitcoin crypto-currency enthusiasts. It only takes a minute to sign up.

Sign up to join this community

Anybody can ask a question

Anybody can answer

The best answers are voted up and rise to the top

Asked

Viewed 238 times

Specifically two questions are interesting to me:

  1. Are private keys ever accessible?
  2. When are they generated and how can we know/prove this?

In more detail:

  1. Is my understanding correct that even when connected to a computer with an internet connection the private keys are unaccessible and the only thing that can be seen is a signature/signed transaction? (let's take the Ledger Nano S as an example)

  2. How can I know that the seed phrase I see is new and hasn't been seen by the manufacturer before? How can I be confident that when I get the seed phrase/access to the private key nobody else has before me?

New contributor
MManke is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct.

Is my understanding correct that even when connected to a computer with an internet connection the private keys are unaccessible and the only thing that can be seen is a signature/signed transaction? (let's take the Ledger Nano S as an example)

Right, if you plug a hardware wallet/signer into a laptop your hardware wallet/signer will provide signatures when requested so that transactions can be constructed and broadcast but will not ever provide private keys to that laptop. The private keys stay on the hardware wallet/signer.

How can I know that the seed phrase I see is new and hasn't been seen by the manufacturer before? How can I be confident that when I get the seed phrase/access to the private key nobody else has before me?

You can generate a fresh seed phrase (or enter an existing one, Coldcard supports dice rolls) on the hardware wallet/signer but you are trusting the manufacturer that they haven't pre-loaded a set of seed phrases on the hardware wallet/signer. Hence it is important to buy directly from the manufacturer's website and not third party sellers who may have tampered with the hardware wallet/signer or be selling you a replica. One thing you may want to look into if this concerns you is multisignature or threshold schemes. This would allow you to use multiple different products and manufacturers and mitigate the risk of any one manufacturer being malicious. (They now wouldn't be able to spend your coins with knowledge of the seed on the device they sold you.) It does introduce complexity though so practise first on testnet/signet and make sure you understand what you are doing.


Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
πŸ’° Install these recommended apps:
πŸ’² SocialGood - 100% Crypto Back on Everyday Shopping
πŸ’² xPortal - The DeFi For The Next Billion
πŸ’² CryptoTab Browser - Lightweight, fast, and ready to mine!
πŸ’° Register on these recommended exchanges:
🟑 Binance🟑 Bitfinex🟑 Bitmart🟑 Bittrex🟑 Bitget
🟑 CoinEx🟑 Crypto.com🟑 Gate.io🟑 Huobi🟑 Kucoin.



Comments