(more than you probably need to know)

The thought of moving my coins off an exchange and “onto” a hardware wallet was pretty damn terrifying, yet every crypto vet shouts that this is the way to go and if you’ve got any stake in the game and aren’t taking these measures, then you might really be opening yourself up to vulnerability…

A lot of advice surrounding cold storage is given at the cost of traders having learned the hard way in the past (see: Mt. Gox). At worst, you could lose a lot of money; at best, you’re risking losing a lot of money if not taking the proper precautions.

That said, I needed to know the ins & outs of how things worked before jumping head-first. Adhering to the golden rule of “DYOR”, I dug a bit. And as with everything crypto, the more I dug, the more questions I had and quickly went down rabbit hole after rabbit hole…the result is this comprehensive list of everything that I felt I needed to know before feeling comfortable setting up my hardware wallet.

Note: some of these are Ledger-specific (I purchased a Nano S), but most are device-agnostic and the same rules should apply across the board (Ex: Trezor, paper, etc.):

1) Get the basics out: What the hell is this thing?

What is a hardware wallet? Why do I need it? This seems overkill…is this really necessary?

I would just be regurgitating numerous write-ups on this already, and odds are that if you’re reading this, then you probably already have a basic understanding. That said, this is the best ELI5 I’ve found: https://www.reddit.com/r/Bitcoin/comments/7i51at/eli5_hardware_wallets/

2) What’s actually being stored on my hardware wallet?

When installing a coin’s wallet to the device (Ledger: Chrome > Apps > Wallet Manager) you’re just storing an application that allows it to communicate between the device and your PC. The application contains the rules necessary for the device to sign & send a transaction.

Your coins are not stored on your hardware wallet. They are stored on the blockchain. You are simply using your hardware wallet to securely access your coins.

This isn’t much different than how your coins are stored on an exchange — the main difference is that only you have access to the private key and only you can sign a transaction using your private key (see #11)…in the instance of your coins being stored on an exchange, the exchange does that handling for you because they hold your private key (hence the risk in keeping them there — whomever holds the private key holds the ability to transact). When owning a hardware wallet, you’re just transferring your coins to a wallet that you fully control.

3) Why is there a 5-wallet limit (Nano S) due to space constraints? That seems really low based on the answer to #2.

The limitation stems from the fact that there’s only 320 Kb of storage space on the Ledger Nano S. This figure seems pretty wild considering how cheap storage is these days, but the following is stated on their website:

The Ledger Nano S uses a ST31H320 chip (which has 320 Kb of storage & 10 Kb RAM).

For reference, the Ledger Blue uses ST31G480 (which has 480 Kb flash & 12 Kb RAM)

source: https://www.ledgerwallet.com/products/ledger-nano-s

UPDATE: Nano released firmware update 1.4.1 which now allows upwards of 18 wallet-apps to be simultaneously installed. I haven’t found that I’m actually able to stretch a full 18-wallets onto the device, but the update is significant. Mileage may vary depending on the cryptocurrencies you’re attempting to store.

4) Wait — so I can only store 5 coins on this thing?

No. You can uninstall and re-install as many supported wallets as you’d like without losing anything. If you own 6+ coins and want to store them on your single device, then you’ll have to rotate them in and out as necessary (common practice). It only takes maybe a minute to do and you don’t lose the coins on the wallet that you just uninstalled — re-install the wallet and your coins are still there and accessible again.

UPDATE: See above regarding the 1.4.1 firmware update.

5) How can you track/manage your portfolio once you have them stored on your hardware wallet?

This was a big one for me — having your coins stored on an exchange paints you a nice picture of your overall portfolio & often fiat-equivalent values. You lose that native ability when moving your coins off the exchange..

If using MyEtherWallet for your ERC-20 tokens (coins supported by the Ethereum blockchain), then that’ll provide a nice high-level overview of your balances. However, to track your entire portfolio, you may need to rely on outside applications to track your net balances. I personally use Blockfolio. It’s cumbersome to manually enter every trade, but it does the job.

6) What’s the preferred method of storage for unsupported coins?

Use MyEtherWallet (MEW) for ERC-20 tokens and/or the coin’s official wallet if one exists (ex: NEON wallet for NEO). Many of these (ex: MEW, Stellar, etc.) have hardware wallet integration so you can log in using your device.

MEW:

Connect your Ledger > open the Ethereum app > settings > browser support > “yes” (note: you’ll have to switch this back to “no” if/when using the Chrome Ledger app later)

Go to www.myetherwallet.com > click “Send Ether & Tokens” > use “Ledger Wallet” to log in > unlock your wallet

To send ERC20 tokens to MEW, you can simply send from exchange -> your ETH account address (public key). MEW will automatically separate the tokens from your ETH (in some instances, you’ll have to add a custom token to MEW if it isn’t listed there by default).

To send a ERC20 token (ex: OMG) from MEW -> exchange (or elsewhere), you simply need to select your token that you have stored in MEW from the dropdown and then ensure that your gas limits are high enough to send (note: you’ll need some spare ETH in your MEW account to facilitate the gas/transfer; you’ll also have to set “contract data” to “yes” on your Ledger if wanting to send tokens out of MEW). Ex:

7) What takes place from the time that I plug my hardware wallet into my computer to log into the wallet app and when I’m shown my wallet data?

Is my device simply passing along my public key to the wallet app and the app is then presenting me with the balance of that public key? Or is something else being transmitted between device & wallet to validate that my device is pointing to my account and not someone else’s public key data on the blockchain?

This turned out to be more of the former: The Ledger is passing my public key(s) from device to software/wallet and is essentially requesting/calculating the wallets’ balance via way of the blockchain ledger. You could/can technically take any public key from the blockchain and view its balance (this is by the very nature of how the blockchain works). You couldn’t, however, know ALL the wallets/public keys associated with your private key to know just how large of a balance is held in your collection of wallets.

More specifically, if I know that your public wallet id is 14g7ad523jTySjG9Yk4uY4Prx46iAL2ABC (ex) then I could find out that wallet’s balance (every transaction is stored on the blockchain). But without your private key, I couldn’t know that you also have 30 other wallets of that same coin with various balances that lead to your private key.

And one step beyond that, despite knowing the balance of 14g7ad523jTySjG9Yk4uY4Prx46iAL2ABC, I wouldn’t be able to sign any transactions for a wallet that I don’t hold the private key for (see #11).

In short: when logging in via a hardware wallet, your device is just returning the balance of all the valid public keys that your private key contains/generates on the blockchain along with their balances.

8) How are my private & public keys generated and how is the former kept secure?

Your 24-word mnemonic** (the one you’re prompted to write down when initially setting up your hardware wallet) is a collection of BIP39-approved keywords. There are 2048 possible words for it to choose from when generating your phrase.

When entered into the device to set it up (“seeding”), that string of words are passed through a mathematical algorithm using the BIP32 protocol (using “hierarchical deterministic key generation”) and spits out an alphanumeric “Master Extended Private Key”.

That Master Extended Private Key is then passed through another algorithm to produce your individual coins’ Private Keys (using a BIP44 standard). From there, your individual coin Private Key is passed through yet another algorithm to output your Public Key(s). Each Private Key can output a number of Public Keys, hence your ability to have more than one wallet per coin.

Non-nerd:

24-word mnemonic -> Master Extended Private Key

Master Extended Private Key -> your Litecoin (ex) Private Key

Litecoin Private Key -> Litecoin Public Key(s)

Litecoin Public Key = can be shown to others and is your sending/receiving wallet

Nerd:

“To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string “mnemonic” + passphrase (again in UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function. The length of the derived key is 512 bits (= 64 bytes).”

Source: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki

List of seed words: https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md

** I’ll use a 24-word mnemonic as an example throughout, but BIP39 allows for 12, 15, 18, 21, & 24 word mnemonics.

9) What are the odds of generating a duplicate/pre-existing 24-word seed mnemonic?

If everything (Master Extended Private Key, Private Keys, Public Keys) hinges on the 24-word seed mnemonic, and that mnemonic and private keys are never exposed beyond your hardware wallet and therefore can’t have it’s uniqueness validated by an outside source (ex: by the internet), then what happens if your Ledger and my Ledger both happen to generate the same seed?

The answer is: it would suck. Whomever setup their wallet second wouldn’t be presented with a fresh/empty wallet, but would instead have access to the other person’s wallet.

That said: this is very very very unlikely to happen. It’s not impossible, but the math simply doesn’t allow for this.

I’ve seen some misinformation stating that the odds are 1 in 2048²⁴ (29,642,774,844,752,946,028,434,172,162,224,104,410,437,116,074,403,984,394,101,141,506,025,761,187,823,616)

However, that’s not actually how it works. Rather, it’s 2²⁵⁶ by way of:

· The device generates a sequence of 256 random bits using the true random number generator (TRNG) built into the device’s Secure Element.

· The first 8 bits of the SHA-256 hash of the initial 256 bits is appended to the end, giving us 264 bits.

· All 264 bits are split into 24 groups of 11 bits.

· Each group of 11 bits is interpreted as a number in the range 0–2047, which serves as an index to the BIP 39 wordlist, giving us 24 words.

o The result of this process is that your device will generate a single mnemonic seed out of 2256 possible mnemonic seeds (That’s one of 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936 possible mnemonic seeds).

o Note that while the first 23 words are completely random, the final word was derived from 3 random bits and 8 calculated bits from the SHA-256 hash. This means that the final word can act like a checksum (see #16) — if you input an incorrect seed into the device while recovering it, it is possible for the device to detect that the inputted seed is invalid.

Source: http://ledger.readthedocs.io/en/latest/background/master_seed.html

…either way, the odds are pretty damn slim of the same seed ever being generated.

10) The 25th word

For added safety, you can setup a 25th word to add to your passphrase mnemonic. This can be added after your Ledger is fully setup and can be used in the instance of plausible deniability and/or to protect yourself from IRL thieves.

Ledger Nano S > Settings > Security > Passphrase

More specifically:

Adding a 25th word w/ alternate PIN allows you to create/access a secondary set of wallets.

Terrible-scenario example: gun to your head, you open up your wallet using your secondary access PIN (which quietly takes you to your secondary wallet associated with the alternate 25th word), you transfer your balance to the gunman’s account. They think they’ve gotten all of your funds, but really, your nest egg remains in your primary wallet. You will have lost whatever you had in that secondary wallet (this is real money, and you would have to set it up and transfer funds to it to make it look believable to an IRL thief) but you will have protected yourself against a full loss.

11a) What takes place when creating a digital signature?

When attempting to send coins via your hardware wallet, the software wallet prepares the transaction and relays a copy of the transaction data to your device, asking for a digital signature. That request is what signals your device to prompt for a verification from the user (verified by clicking the physical button on the device). Your device then signs the transaction using your encrypted private key, and sends it back to the software wallet where it can then be sent to the blockchain. The private key itself never leaves the device.

11b.) How does the blockchain and/or the recipient know that the signature is valid and came from the owning private key source/wallet?

i.e., how does the blockchain verify that the signature is authentic if only my wallet knows what the signature should look like in the first place?

In a public key signature system, a person can combine a message with a private key to create a short digital signature on the message. Anyone with the corresponding public key can combine a message, a putative digital signature on it, and the known public key to verify whether the signature was valid — made by the owner of the corresponding private key. Changing the message, even replacing a single letter, will cause verification to fail: in a secure signature system, it is computationally infeasible for anyone who does not know the private key to deduce it from the public key or from any number of signatures, or to find a valid signature on any message for which a signature has not hitherto been seen. Thus the authenticity of a message can be demonstrated by the signature, provided the owner of the private key keeps the private key secret.

Source: https://en.wikipedia.org/wiki/Public-key_cryptography

12) Using Stellar’s web-based wallet as an example, what happens if stellar.org were to go down (temporarily or possibly longer)?

Would I be unable to access any coins I had stored to that particular wallet?

Your data is still on the blockchain. If the web wallet goes down, you could still recover your funds with any other wallet that can talk to that blockchain. If another wallet didn’t exist, then someone could make a new one. You might be out of luck temporarily though.

13) What were to happen if Ledger were to go out of business?

You can recover access to your funds using any wallet/service that utilizes the BIP-39 protocol.

Likewise, if you lose your hardware wallet, you can manually generate all keys using Ledger’s tool here:

https://www.ledgerwallet.com/support/bip39-standalone.html

source: https://support.ledgerwallet.com/hc/en-us/articles/115005297709

14) How secure is a web-based wallet?

The web wallet never gets your private key so it should be just as safe as a desktop wallet. Be careful of phishing sites though, as a fake site could steal any login details that you give it, or try to redirect your transactions to a different address (this is why you need to verify the address that is displayed on the ledger screen).

Bookmark your sites, and consider using Chrome plugins: Cryptonite by MetaCert and/or EtherAddressLookup (EAL) to protect yourself from phishing sites. Both of these are linked from MyEtherWallet.

15) What’s the process if I have same-type coins stored across multiple wallets that were generated by the same private key and I want to transfer my full stash using a single transfer?

This isn’t necessary a hardware wallet specific question, but arose when using the Litecoin (Bitcoin) Chrome app, as that generates a new receiving address each time by default.

It turns out that this varies based on the blockchain that the coin is housed on. When sending money with Bitcoin-like currencies, it will combine the balances from your multiple addresses to make the transfer. When sending money with Ethereum, you cannot send transactions from multiple addresses.

Source: https://blog.trezor.io/wallet-accounts-and-addresses-bdfa6b66b037

16) I recently tested a re-seeding of my Nano S and got all the way to the 24th word in my mnemonic before fat-fingering it. To my surprise, the device told me that it was an invalid seed. How?

I’m confused by this, as all 24 words were of BIP39 standard, yet the device knew that the seed/key wasn’t valid. How did it know this without communicating to the internet/blockchain?

“The mnemonic must encode entropy in a multiple of 32 bits. With more entropy security is improved but the sentence length increases. We refer to the initial entropy length as ENT. The allowed size of ENT is 128–256 bits.

First, an initial entropy of ENT bits is generated. A checksum is generated by taking the first bits of its SHA256 hash. This checksum is appended to the end of the initial entropy. Next, these concatenated bits are split into groups of 11 bits, each encoding a number from 0–2047, serving as an index into a wordlist. Finally, we convert these numbers into words and use the joined words as a mnemonic sentence.”

In real words: a checksum is generated, ensuring that you’re using a legitimate (“technically possible”) seed. The device itself does this calculation and identifies when the checksum is not passed.

https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#Generating_the_mnemonic

17) What are some good steps to take after first setting up your hardware wallet

1.) Test re-seeding

2.) Uninstall/re-install wallets, sending a small balance to them in the process

3.) Test transfers of exchange->wallet, wallet->exchange

4.) Develop a plan to securely store your mnemonic: memorize it (use a system or make a song out of it or whatever), write it down, put it on an encrypted USB drive***, put them in a safe or security deposit box, etc. Have redundancies.

*** PLEASE only do this if you’re utilizing an airgapped cold computer (one that never touches/touched the internet) to populate the data on the encrypted USB drive. Also then know that in order to maintain 100% security, you would only ever want to access that encrypted USB drive from a cold computer in the future. The moment you attach your drive to a hot computer, you are negating the purpose of having a hardware wallet by potentially opening up the possibility of having your mnemonic compromised (via malware/etc).

Additional Sources:

The Crypto Watch