Seems like a good time to add that security doesn’t need to be (and usually shouldn’t be) complex.
To have security it’s important to first understand the risks (ie write them down, not just in your head) then form suitable processes to manage those risks. Once the risks start being rigorously addressed it’s surprising what the main threats to security really are.
Start with the risks, not with the security product.
Please be careful with printing private keys since some printers keep a history of printed documents in their memory. Not all printers, but some.
There’s a long thread about options here Buying Maidsafecoin & storage - #99 by BIGbtc and elsewhere if you search for ‘omniwallet’. Basically any wallet (online or offline) that can hold BTC can store MAID, but if you want to move them around you need to use one based on the OMNI protocol, such as omniwallet.org.
I’ve also read about this feature in the last 9 days and agree with your assessment.
FYI, NanoS is backordered until end of July. Trezor is in stock, but not sure how this feature works on it.
I’m curious about recovery from losing your hardware key and the advantages of using a hardware wallet in general.
I’m a bit confused because looking at the nano FAQ it says if you lose you nano, you can restore your wallet to another nano or any BIP39 software wallet.
In which case, what’s the point of your nano? How does it differ from using an equivalent software wallet?
Is it just that you can use a PIN for the ‘everyday’ wallet?
Or to do with the password access to ‘temporary’ wallets? BTW Am I alone in thinking ‘temporary’ is misleading?!
With a paper wallet everything hinges on safely backing up the private key. With nano hardware wallet or a similar software wallet everything hinges on backing up the ‘seed’. So little practical difference there?
So what are the particular advantages of the nano? Is it that you can use it safely on a machine that is not secure (eg entering the pin directly into the nano) or is there something else?
In HW wallets the Private Key has never seen the internet and signs transactions offline. Spend directly from a hardware wallet for convenience. Bit IMO a hardware wallet should not be a hot-wallet. Storage only. Move monthly spend allowance to hot-wallet from cold storage.
The hardware wallet does all of the proper paper wallet procedures for you in a user friendly way. Offline key generation, offline storage, offline transaction signing. Following this procedure exactly with paper wallets can be a bit arduous, leading people to cut corners, and in so doing sacrifice some security. How many people really import their private paper wallet key into an offline computer and sign the transaction from that offline PC? A common trade off here was to split your coins across multiple paper wallets so you could import them as needed into an online PC without risking losing all of them if the PC was compromised, but then you have the added inconvenience of managing all these different wallets, etc. So in general the hardware wallets are just much more user friendly.
Well, in that there is really no “from” address in Bitcoin, that argument can be made as we refer to the risks of a public address linking to private key during import on a paperwallet. In a hard ware wallet the private key does not see the internet. Or am I not understandi g your point? I think I do, maybe not.
My questions were about equivalent software wallets not paper wallets
From what I’ve learned so far I’ll try to summarise:
whatever wallet you use, you will have to keep something secure (passphrase, seed words, private key etc), usually physically printed on paper because a secure enough seed / phrase / password is unfeasible to remember.
a paper wallet is simple in functionality and operation, but a bit too technical for many to handle safely with confidence (as @drehb points out in his reply to me from which I have quoted). Signing a transaction for a paper wallet normally makes the wallet insecure because there is a risk that the private key was compromised by exposing it on the machine used to broadcast the transaction on the Internet, so once used any coins remaining at the address should immediately be swept to a new paper wallet and the address discarded.
a BIP39 hardware or software wallet simplifies the user interface and also adds the ability to generate and manage multiple wallets (addresses) which can all be recovered from a single ‘seed’, and can also sign transactions without exposing the private keys. In the case of a hardware wallet this can be done on any machine whereas to do this with a software wallet one needs an isolated machine (old laptop, raspberry pi etc) which you never allow to be connected to a network (so you transfer signed transactions from the isolated /offline machine to the online machine using a USB stick, or for truly maintaining the air-gap, by capturing a QR code displayed by the isolated/offline machine).
a BIP39 hardware wallet has the advantage that you can sign transactions on any machine without exposing your private key, and without needing to use two machines (one offline and one online). The ledger nano s for example: using a PIN for a default wallet, or passwords for the other wallets also accessible on the device.
How’s that?
EDIT: PS Thanks @Runswick for your expansion. Your study and sharings are helpful and show that you don’t need to be a programmer to learn about this. If you didn’t get everything right in a forum like this I’m sure somebody would politely, or not point it out . Also thanks @MerkleTree & @drehb for helping me out.
Perfect. But they key to paperwallet is they get used once. So let’s say you have $100,000 to store for an extended period of time but may need some to live in an emergency… Always plan for some spending of cold-storage Split the storage across 5 or 10 wallets with one wallet being equal to an emergency fund like $5k. Sweep that wallet when needed. Send anything remaining back to a new wallet if necessary. Paper wallets are all or nothing.
I did mention that paper wallets should be ‘once only’ but I think your point about how to manage them is also worth noting. Depends on the expected use though.
Let me be clear with my point on paperwallet. There should not be spending from a paper wallet. Only a sweep of the entire contents to a Hot-Wallet. Then do not reuse paper wallet. And do not ever throw away a used paper wallet. Things happen and it could one day end up with a balance.
point it out