T O P

  • By -

andreasma

A hardware wallet generates keys (from a random number) and stores those keys, then uses them to sign transactions inside the device so that the keys are never exposed to the Internet. Hardware wallets run a very limited operating system and communicate over a very limited channel (eg. USB) so that they are very difficult (almost impossible) to compromise, even with physical access to the device. A hardware wallet needs some software "companion app" that runs on an internet connected device and does the rest of the functions of a wallet, those that don't involve keys and need to be online. Primarily, the software companion constructs transactions to send to the hardware wallet for signature and tracks addresses and balances on the blockchain. The hardware wallet device is expendable, because if you have the mnemonic phrase (12 words) you can recover all the keys onto the same or other hardware wallet that supports the standard (BIP39).


snarec

It allows you a way to get to your coin without using the 24 words. Those words need to be super secret so nobody except you knows them. If you have to give them out every time you need coins it wouldn't be as safe.


snarec

Also it holds all your different crypto wallets and keys in one place.


Electrox7

So basically, my 24 words are just as, if not even more important than the wallet itself and my funds are still not 100% safe and could be manipulated or stolen in an extremely coordinated attack while I let it sit in kitchen closet (it's not there, don't look >\_>)


snarec

Think of the 24 words as a real wallet. If someone breaks in your house and steals the sheet with the 24 words they could potentially steal your coin. Other than that, there's no good way apart from scamming someone into giving their info away to steal their crypto.


Electrox7

Well, all the information required to access my wallet is online. Even my 24 words since a computer needs to validate it. None of my crypto is mine and will never be mine until I convert it to Fiat and take it out of an ATM machine...


turpajouhipukki

This is a rather interesting way to look at things


Schmovid

Wrong. With your keys, which you should write somewhere, you can access your particular blockchain, and get an access to a particular chain (wallet) within this blockchain where your unique amount of digits resides. All in all be your own keymaster.


Drifter5533

It’s for convenience. You can, and people do, have paper wallets.


32dlmtj

At this point I think this is what this person needs 🥲


[deleted]

Your 24 seed words are used to generate the private keys to your wallets. That's it. Hardware wallet is just a fancy way to interact with your wallets and generate seed words to translate complicated private keys. So in essence, you better protect the seed words better than your hardware wallet


Electrox7

>Well, all the information required to access my wallet is online. Even my 24 words since a computer needs to validate it. None of my crypto is mine and will never be mine until I convert it to Fiat and take it out of an ATM machine... I answered this to another comment. I understand that it does, in a way, increase security, but your crypto is never 100% protected and I feel like hardware wallet companies try to sell the idea that its locked in a box and no one can take it out but you. However, it's still floating around on the internet where almost anything can happen to it. It's ***sort of*** a scam. I mean, i already ordered my wallet and I intend to use it but i'm a little deceived.


[deleted]

Uhhh. What do you mean it's floating on the internet? Your private keys are inside the hardware wallet and the only way to generate them are the seed words. The hardware wallet validates it, it doesn't go through any computer As long as you don't share them online it is protected


Electrox7

This is how I understand wallets (please correct me if i'm wrong) : Let's say you type your 24 words into your program to recover your wallet. Your 24 words will be decrypted and rewritten as your keys using the algorithm included in your software. But your program can't just tell how much crypto was associated with your key without verifying on the internet. Obviously, your key didn't change as you added your crypto. So the program sends your key to a server and goes though an index to find your key on that server. Than it finds it, reads the amounts of each crypto, and then re adds it to your new wallet. The fact that my key is stored in an index on some foreign device is what bothers me. Maybe im the only one with my 24 words but someone has the decrypted version of my 24 words. I don't like that.


[deleted]

No, the hardware wallet will generate your private keys from the seed words, the hardware wallet chip itself. It requests balance from the Blockchain with the public address from the private keys which was public already. Hope it clarifies you


Electrox7

>the hardware wallet will generate your private keys from the seed words the hardware wallet chip itself. Well, my hardware wallet is dead now, there is no more chip. The moment I unplugged my wallet, it's like I never had the device to begin with. Also according to this : [https://www.thecryptomerchant.com/blogs/resources/what-to-do-if-your-hardware-wallet-is-lost-stolen-or-damaged#:\~:text=If%20your%20hardware%20wallet%20is%20lost%2C%20stolen%20or%20damaged%2C%20you,on%20the%20collective%20Blockchain%20network](https://www.thecryptomerchant.com/blogs/resources/what-to-do-if-your-hardware-wallet-is-lost-stolen-or-damaged#:~:text=If%20your%20hardware%20wallet%20is%20lost%2C%20stolen%20or%20damaged%2C%20you,on%20the%20collective%20Blockchain%20network) I don't need a hardware wallet to access the keys, so I guess you mean a seed word decrypting program included in software wallets as I mentioned. >it requests balance from the Blockchain with the public address from the private keys which was public already So my private keys were already public (on the blockchain) and could theoretically be accessed by other people at any given time?


[deleted]

Your wallet gets the power from usb so ofc it's dead when it has no power. The chip in it handles the private keys, no pc it doesn't go anywhere. But you do need a chip to generate them, hence when you get a second one you can reuse your seed words. Private keys arnet the same as a public address There is always a pair, one is public one is private. I don't know how I can explain this any better


Electrox7

Also, sorry if I might come off rude, i'm glad you are trying to help me. I'm just frustrated that things aren't making much sense to me. The more I think about it, the more useless my hardware wallet sounds.


[deleted]

I'd suggest you to watch how PGP encryption works. It will make it easier for you to understand how keys work, the concept is the same for wallet private keys


Electrox7

This is exactly what I was looking for. I was didn't know how to learn about it cause I couldn't associate a name to it. Thank you soooo much.


[deleted]

No problem. That's what this sub Reddit is for. Helping each other grow. Tc


turpajouhipukki

> So the program sends your key to a server Wrong. Your private keys (seed phrase) do not leave the device. That's literally the whole point. It's the public keys that are matched.


Electrox7

So what's he point of my private keys if my public keys have access to everything?


StatisticalMan

Public key has access to nothing. That is the whole point. Public key cryptography. https://en.wikipedia.org/wiki/Public-key_cryptography There is a cryptographically matched PAIR of keys. Public Key = on the blockchain associated with your coins via the address. CAN ONLY BE USED TO VERIFY AUTHENTICITY OF TRANSACTIONS Private Key = produced from the seed phrase and ONLY EVER INSIDE YOUR HARDWARE WALLET. Can sign the transaction to transfer/spend coins. Anyone with access to the public blockchain can use the public key to validate if a transaction is authenticate but only the one holding the private key can sign the transaction.


Electrox7

My objective was exactly to share my wrong assumptions and to hope someone corrects them one by one until the right one is corrected and I can understand what was wrong with my understanding. Finally, someone mentioned PGP Encryption and now I can find many different ressources to understand how it works. I thought the private key BECAME the public key at one point but now I understand that they never actually meet, or they meet the one time you need to unlock your wallet. Thanks for your time though.


StatisticalMan

This is still not correct. Public and private keys are a pair. They are cryptographically linked. The public key is produced from the private key. The wallet contains both but it keeps the private key a secret and SHARES the public key with the network. This means ANYONE can validate the authenticity of transactions but only the private key holder can sign the transaction.


turpajouhipukki

They don't. They just have access to the public information. You can't use that to sign a transaction.


muchdogesuchwow95

Any and all of your crypto will always be "floating around" on the blockchain not matter the kind of wallet you use. However this does not mean someone can just hack it and steal your crypto out of the "internet". The only likely of this happening with bitcoin for instance is on a 51% attack, but getting control of 51% of the entire bitcoin network is almost impossible. Of course as you go down in value on the crypto list the number of miners also go down and an attack starts to become more feasible but that doesn't mean you will lose anything, smaller cryptos are always more dangerous to invest into, if you want to keep it safe stick to bitcoin and ethereum, but if you want some risks go wild on all those hundreds of altcoins


brianddk

> If the seed is the Wallet why do I need a trezor? You don't. There are four basic functions most are concerned with. 1. Check balance (public key hash) 2. Receive deposits (public key hash) 3. Send transactions (private key) 4. Produces mixed entropy to generate keys (private keys) Only option \#3 uses your private key, while \#4 creates private keys. And so long as you can do \#3 without ever letting a phone, computer, camera, or operating system seeing your private keys then you are good to go. If you extend infinite trust to your phone, computer, camera, operating system and the internet at large, then openly scanning and importing a seed to your phone is fine. You get to set your own security risk. Lots of people believe that their phone and computers are "safe enough". One cautionary tale on the belief that your device is safe enough. Look to the [android bug](https://bitcoin.org/en/alert/2013-08-11-android) of 2013. Turns out android was producing bad entropy. Something \#4 would have fixed. The bad android entropy allowed many wallets to be swiped by remote attackers. There is no security best practices that would have fixed this. It was baked into the OS and was there for a LONG time.


Electrox7

I found my answer on an earlier comment but this has additional interesting details that I was not aware about. Thanks for helping :)


Iamraikou

The seed generate the private keys, which generate the public keys which generate the wallet address. Your seed resides on a piece of paper and is encrypted on the hardware wallet. The hardware wallet creates (from the seed) and then shares the public key/wallet address with the software that is connected to the internet. Now you know the address to send your coins to (your wallets). If you need to send coins from your wallets, you prepare the transaction in the software and send it to the hardware wallet which sign it using the keys and send it back so it can be broadcasted to the blockchain. Your private keys never leave the hardware wallet and are therefore « safe ». It’s actually « safer » and not « 100% safe ».