Private Keys, Cold Storage and Hardware Wallets

Posted by David True on

What is a Private Key? 

Private keys are unique cryptographically generated strings of characters (e.g. text and numbers - similar to passwords) used to authenticate ownership of a cryptocurrency wallet. 

Possession or knowledge of a private key will enable full control of the associated cryptocurrency wallet, which may contain valuable digital assets. This makes gaining access to private keys a very attractive target for hackers and thieves.

Private keys are often generated from a unique set of words called a 'seed passphrase'. The seed passphrase can then be used as a backup, to regenerate the private key and restore control of the associated wallets.

Important considerations:

  • ENSURE to write down your seed passphrase, on paper with a pen, storing it in a safe place.
  • NEVER type or save your seed passphrase on a computer.

LOSS/EXPOSURE OF YOUR SEED PASSPHRASE OR PRIVATE KEY RISKS PERMANENT LOSS OF YOUR DIGITAL ASSETS.


What is Cold Storage? 

Cold Storage is a method of securing cryptocurrency private keys offline; inaccessible from the internet or computer networks. This leaves no possible way for a hacker or virus to access a private key and gain control of associated wallets.

 

Vault to represent cold storageBitcoin Logo

Why storing private keys in cold storage is important:

Private keys stored or entered on an internet-connected device may be compromised via numerous methods; for example, a trojan virus, keylogger malware, phishing websites, to name just a few. Cryptocurrency assets held in online wallets or exchanges can also be stolen in a similar fashion and there is little-to-no protection for users when this occurs. 

Many owners of cryptocurrency prefer to control their own private keys and store them in a secure method, away from internet connected devices or prying eyes. Cryptocurrency exchanges also store large portions of customer holdings in offline wallets (cold storage), usually only keeping an amount on the server wallet to cover exchange operations (e.g. customer withdrawals).

Examples of cold storage:

  • Purpose Built Hardware Wallets Ledger Nano S cryptocurrency hardware wallet connected to a laptop computer
  • Storing private keys on an offline computer or encrypted USB stick USB Flash Drive
  • Paper wallets or written seed (passphrase from which the private key can be cryptographically generated from)

 

What is a Hardware Wallet?

Hardware Wallets are purpose-built devices with the sole or main function of securing cryptocurrency private keys. This works by generating and storing private keys on a micro-controller device, isolated from the internet and never exposing the private keys in plain text.

Ledger Nano S Cryptocurrency Hardware WalletIn order to make a transaction (i.e. send Bitcoin), the user is usually required to press or touch a physical confirmation button. These features ensure the user’s private keys and associated wallets are resistant to hacking from compromised devices or third party platforms. Some hardware wallets include a display screen with the ability to check the destination wallet address.

 

Are hardware wallets safe?

Computer code being checked for errors

Hardware wallets often run on open source software, allowing anyone to audit the code to check for vulnerabilities. This transparency provides assurance of a secure device since there is no hidden code, or 'backdoors', that could potentially steal your digital assets.

Private keys are cryptographically secured on the device and cannot be displayed in plain text, instead you will normally create a backup passphrase or 'seed' when first initiating the device. All of your private keys will be generated (or restored) using this seed. 

It is very important to keep the seed passphrase written down in a safe and secure place, in order to recover your assets, for example, in the event of a lost or damaged hardware wallet. Never type the seed passphrase on a computer, phone or expose it to anyone. 

Since it is not possible to view the private key physically or, for instance, via spyware on an infected computer; there is no chance for hackers or thieves to steal your assets. The thief would need to gain knowledge of the seed passphrase (to generate and restore the private keys on another device). This would only be possible if the seed is: 

  1. physically stolen or exposed (e.g. photographed)
  2. typed on a computer or other device
  3. generated by a compromised or non-genuine device

Therefore, if common sense precautions are taken to use a genuine device and to secure the generated backup seed; there is no known way for a potential attacker to gain access to the private key, thus keeping your digital assets safe. 

Additionally, in order to spend any of the assets held in your hardware wallet, a physical action on the device is required (i.e. pressing a button). This ensures no malicious code can trick the user into sending coins unintentionally.

Hardware wallets are undoubtedly one of the safest methods to secure digital assets such as Bitcoin or other cryptocurrencies. 

 

Are hardware wallets easy and convenient to use?

Hands holding ledger nano S showing screen display

Most hardware wallets are designed with an easy to use interface; often combined with the manufacturer’s software, to enable administration from a PC or other device. Those already familiar with software cryptocurrency wallets will familiarise quickly, finding hardware wallets a vital tool for secure cryptocurrency storage and transactions.

For those unfamiliar with using Bitcoin or cryptocurrency wallets, there will inevitably be a learning curve. Instructions are usually included and various online tutorials available. New users should take extreme care when using cryptocurrencies for the first time. It is recommended to test sending and receiving very small amounts to get familiar with the platform and protocols.

 

How much do hardware wallets cost and where to buy?  Image of shopping trolley to represent buying online

Most commercial hardware wallets for individual users cost around £50-£110 ($60-$130 USD). Each hardware wallet product will have different features in terms of supported coins, platforms or features. We have listed below some popular hardware wallets available on the market today which have been thoroughly tested and reviewed (with links to purchase where available):

*Prices displayed below inc. UK VAT and should be considered a guide only

 

Digital Bitbox Cryptocurrency Hardware Wallet

Digital Bitbox

£59.00 / €59.00 / $69.00

 

  • Minimalist design; small, discreet. Very portable.
  • Connects directly to USB port. No connecting wires.
  • Native software included for Mac & Windows.
  • Securely interact with Ethereum, ERC20 tokens and smart contracts via myetherwallet.com
  • Bitcoin (BTC), Litecoin (LTC), Ethereum (ETH), Ethereum Classic (ETC) and ERC-20 tokens supported. The Swiss-based manufacturer plans to support more cryptocurrencies in future.
  • FIDO U2F (Universal 2nd Factor), for securing and logging into website accounts such as Google, Facebook, Github and many more. 
  • Anytime offline backup and recovery with micro SD card (included).
  • Ability to create hidden wallets (for plausible deniability).
  • LED and Touch sensor to confirm actions (instead of a button).
  • Private keys are created with its built-in True Random Number Generator (RNG) hardware and stored on a secure section of the device. Private keys are never exposed in plain text.
  • With a single purpose micro controller, only the manufacturer’s firmware can be run on the device.
  • Mobile app for two-factor authentication (optional)
  • Open Source
  • Password protection to unlock and use the device.
  • USB powered (no battery required)

Buy your Digital Bitbox directly from the Cryptoversal Amazon store by clicking your country below:  

United KingdomGermany / France / Italy / Spain

 

    Ledger Nano S

     £54.50 / €62.00 / $70.00

 

  • Private keys are stored on a secure-element chip, similar to those used for biometric data in passports or credit cards.
  • Secure chip ensures your hardware wallet is genuine and tamperproof.
  • Supports over 1100 cryptocurrencies including Bitcoin, Ethereum and Ripple.
  • Securely interact with multiple cryptocurrency wallets; using apps on the device and the “Ledger Live” software, or other 3rd party clients.
  • Stores up to 18 applications on the device simultaneously (depending on app size). Easily uninstall and reinstall applications as required. Wallets and accounts are automatically restored as they are linked to your private key secured on the device.
  • Includes a screen to view all actions, addresses and functions.
  • Navigate, select and confirm actions by pressing one or both of two buttons.
  • PIN protection to unlock and use the device.
  • Use with Ledger Live desktop software for Mac, Windows, Linux; to conveniently view or transact with your cryptocurrency accounts.
  • 24-word recovery passphrase seed to restore your wallets and accounts on any Ledger hardware wallet, (in case of theft or loss, for example).
  • USB cable included for connecting the hardware wallet to a computer.
  • Dimensions: 56.95mm x 17.4mm x 9.1mm. Weight: 16.2g.
  • USB powered (no battery required).
  • Compatible with Windows 8+ (64-bit), Mac OS 10.8+ (64.bit) or Linux (64-bit). 

Click here to purchase your Ledger Nano S directly from the Ledger store.

Ledger Nano X Cryptocurrency Hardware Wallet

 

    Ledger Nano X

     £109.00 / €125.00 / $140.00

 

*Currently available to pre-order. Shipping commences in March.

  • Bluetooth enabled. Connects with your smartphone and Ledger Live mobile app for secure transactions on-the-go (the connection is secure since bluetooth communications are encrypted end-to-end).
  • Store up to 100 cryptocurrency apps on the device at the same time.
  • Private keys are stored on a secure-element chip, similar to those used for biometric data in passports or credit cards.
  • Secure chip ensures your hardware wallet is genuine and tamperproof.
  • 24-word recovery passphrase seed to restore your wallets and accounts on any Ledger hardware wallet, (in case of theft or loss, for example).
  • Supports over 1100 cryptocurrencies including Bitcoin, Ethereum and Ripple.
  • Securely interact with multiple cryptocurrency wallets; using apps on the device and the “Ledger Live” software, or other 3rd party clients.
  • Includes a screen to view all actions, addresses and functions.
  • Nano X includes larger buttons on each side of the screen (instead of two smaller buttons on the Nano S). Navigate, select and confirm actions by pressing one or both of these two buttons.
  • PIN protection to unlock and use the device.
  • Use with ‘Ledger Live’ desktop software (Mac/Windows/Linux) or connect via bluetooth with the mobile app (iOS/Android); to conveniently view or transact with your cryptocurrency accounts.
  • USB cable included for connecting the hardware wallet to a computer.
  • Compatible with 64-bit installations of Windows 8+, Mac OS 10.8+ or Linux. Also smartphones with iOS 9+ or Android 7+.
  • Dimensions: 72mm x 18.6mm x 11.75mm. Weight: 34g.
  • Features 100 mAh battery (recharge with included USB cable). When fully charged, the device will last several hours in use or a few months if left idle. The battery is fixed and therefore cannot be replaced, however it is designed to last 5 years.

Click here to purchase your Ledger Nano X directly from the Ledger store.

     

    Trezor One Cryptocurrency Hardware Wallet

     Trezor One

     £74.00 / €83.49 / $95.00

     

     

    • Supports over 700 cryptocurrencies including Bitcoin, Bitcoin Cash, Ethereum and Litecoin.
    • Compatible with Windows, Linux and Mac (OS 10.8+) via Trezor web browser client.
    • Micro USB cable to connect to a computer or smartphone (Android only).
    • Dimensions: 60mm x 30mm x 6mm. Weight: 12g.
    • Features 128x64px OLED display screen.
    • Firmware is verified by the bootloader. The device will not work unless the firmware is signed by SatoshiLabs.
    • Private keys are isolated on the device and will never be exposed to the internet or outside world.
    • Device access is protected with PIN authentication.
    • Transactions require physical confirmation by pressing one of two buttons below the display screen.
    • BIP39 Recovery passphrase seed in case of lost or stolen device, compatible with a number of wallet app providers.
    • Includes a utility to encrypt and store passwords for websites and other digital assets.
    • PIN and recovery passphrase is entered securely on the computer combined with randomness on the device.

    Click here to purchase your Trezor One directly from the Trezor store.

     

    Trezor Model T Cryptocurrency Hardware Wallet

     Trezor Model T

     £158.00 / €180.29 / $204.00

     

     

    • Supports over 700 cryptocurrencies including Bitcoin, Ripple, Ethereum and Litecoin.
    • Features 240x240px colour LCD touchscreen interface, to approve operations and confirm transactions.
    • Supports U2F, SSH and GPG.
    • Compatible with Windows, Linux and Mac (OS 10.8+) via Trezor web browser client.
    • Micro USB cable to connect to a computer or smartphone (Android only).
    • Dimensions: 64mm x 39mm x 10mm. Weight: 16g.
    • Firmware is verified by the bootloader. The device will not work unless the firmware is signed by SatoshiLabs.
    • Private keys are isolated on the device and will never be exposed to the internet or outside world.
    • Device access is protected with PIN authentication.
    • Transactions require physical confirmation by pressing one of two buttons below the display screen.
    • BIP39 Recovery passphrase seed in case of lost or stolen device, compatible with a number of wallet app providers.
    • Includes a utility to encrypt and store passwords for websites and other digital assets.
    • PIN and recovery passphrase is entered securely on the device instead of the web client. Device recovery is also initialled on the device itself.

    Click here to purchase your Trezor Model T directly from the Trezor store.

     

    KeepKey cryptocurrency hardware wallet

         KeepKey

         £99.00 / €115.00 / $129.00

     

    • Supports Bitcoin, Bitcoin Cash, Ethereum, ERC20 Tokens, Litecoin, Dash, Dogecoin and Bitcoin Gold.
    • Private keys are generated using hardware-based random number generator combined with randomness derived from a connected computer.
    • Your private key is never exposed and is securely stored on the device.
    • Twelve-word recovery passphrase (seed) to backup your private key, in case of lost or damaged device.
    • PIN protection to unlock and use the device.
    • Features a large display screen and confirmation button to authorise transactions.
    • Ability to exchange assets on the device using ShapeShift.
    • 3rd party software client support, including Electrum and Mycelium.
    • Immune to attacks from viruses or malware.
    • Compatible with Windows, Mac, Linux and Android.
    • KeepKey software is a Google Chrome App. Connect via USB cable (included) to a computer with a current version of Google Chrome and download the KeepKey client app.

     

    Alternatives to hardware wallets?

    There are other methods to secure your private keys in cold storage, including paper wallets, offline computers and encrypted USB devices. Unfortunately these alternatives include some weaknesses; for instance, losing or exposing paper wallets, unauthorised access to an offline computer or malware attacks to access an encrypted USB device.

    Hardware wallets are built to address weaknesses inherent with other cold storage methods. Your recovery passphrase should be treated in the same way as any paper wallet/private key, as such should be stored securely and never exposed to the internet or other people.

     

    How to know if private keys are in cold storage?

    There are a number of other methods of private key ownership, including generating keys with core software on a PC or smartphone app with a backup seed. In both examples, private keys are stored or generated on a device that could be exposed to the internet and therefore cannot be considered cold storage.

    In order to be protected from malware or other malicious attack, private keys must be securely generated offline and never exposed to the internet  Generating private keys within an app can be compromised through various malicious attacks and online exchanges are susceptible to hacking or closure.

    Things to note when using hardware wallets:

    • ALWAYS generate your own private key or seed (passphrase) with the device.
    • DO NOT use a pre-generated seed or passphrase to initialise a hardware wallet.
    • ENSURE to write down the seed or passphrase, on paper with a pen, storing it in a safe place.
    • NEVER type or save the seed/passphrase on a computer.

    LOSS/EXPOSURE OF YOUR SEED, RECOVERY PASSPHRASE OR PRIVATE KEY RISKS PERMANENT LOSS OF YOUR DIGITAL ASSETS.


    Share this post