Topic: 50 Hardware Wallets, compared feature by feature (Read 3222 times)
Added Deterministic nonces (RFC6979) support to the Hardware Wallets comparison.
@thebitcoinhole
I just stumbled upon an iris hardware wallet [EyeWallet] that claims it only extracts private keys [through the use of iris recognition technology] and destroys them after each use, as opposed to storing them in any manner, but it appears to be closed-source.
- There's still no official price for their product and many of its specs are still missing, but for more information, you can refer to their "announcement thread".
I just stumbled upon an iris hardware wallet [EyeWallet] that claims it only extracts private keys [through the use of iris recognition technology] and destroys them after each use, as opposed to storing them in any manner, but it appears to be closed-source.
- There's still no official price for their product and many of its specs are still missing, but for more information, you can refer to their "announcement thread".
Good catch. Thanks. I will take a look
I think that you are missing the new SecuX hardware wallets Neo and NeoGold from thebitcoinhole website.This new devices have similar design like older SecuX Nifty devices, but I think they are cheaper, especially SecuX Neo.
Maybe they have other differences but I didnt compare them in details, I just know they use the same secure element.
https://secuxtech.com/products/neo-series
Not sure if all the SecuX Neo wallets data is correct, not too much information on the official page. Still not clear for me the differences with the Nifty
Good catch. Thanks. I will take a look
I think that you are missing the new SecuX hardware wallets Neo and NeoGold from thebitcoinhole website.This new devices have similar design like older SecuX Nifty devices, but I think they are cheaper, especially SecuX Neo.
Maybe they have other differences but I didnt compare them in details, I just know they use the same secure element.
https://secuxtech.com/products/neo-series
@maxirosson
I just noticed something with the site that I haven't seen before or paid attention to. So, you can navigate between the different hardware wallet brands left and right by using the two arrows (<>) at the top right. You can also click and drag your mouse left and right on the different images of HWs. The problem is, when you release the mouse button, the page redirects to the hardware wallet you left your cursor on.
Maybe this is something you can take a look at and change for an even better user experience with the site.
I just noticed something with the site that I haven't seen before or paid attention to. So, you can navigate between the different hardware wallet brands left and right by using the two arrows (<>) at the top right. You can also click and drag your mouse left and right on the different images of HWs. The problem is, when you release the mouse button, the page redirects to the hardware wallet you left your cursor on.
Maybe this is something you can take a look at and change for an even better user experience with the site.
Good catch. Thanks. I will take a look
@maxirosson
I just noticed something with the site that I haven't seen before or paid attention to. So, you can navigate between the different hardware wallet brands left and right by using the two arrows (<>) at the top right. You can also click and drag your mouse left and right on the different images of HWs. The problem is, when you release the mouse button, the page redirects to the hardware wallet you left your cursor on.
Maybe this is something you can take a look at and change for an even better user experience with the site.
I just noticed something with the site that I haven't seen before or paid attention to. So, you can navigate between the different hardware wallet brands left and right by using the two arrows (<>) at the top right. You can also click and drag your mouse left and right on the different images of HWs. The problem is, when you release the mouse button, the page redirects to the hardware wallet you left your cursor on.
Maybe this is something you can take a look at and change for an even better user experience with the site.
They responded to a couple of users on X and mentioned it's "still available" and "not discontinued".
- Having said that, it's a bit strange we can only find the bundled version (directly) on their website... Perhaps they just messed up their store (you can easily find it through Google as well).
Very strange decision... as if they are tricking people to buy new Trezor 5 Safe device by hiding Trezor Model T from their website.- Having said that, it's a bit strange we can only find the bundled version (directly) on their website... Perhaps they just messed up their store (you can easily find it through Google as well).
It's funny that Trezor One can still be found in the list of devices, but I wouldn't waste money on this old devices, there is a chance they will really discontinue them soon.
Nice and quick addition, but I think you need to move Trezor Model T to list of discontinued devices.
They removed this device from Trezor website and you can't purchase it now,
They responded to a couple of users on X and mentioned it's "still available" and "not discontinued".They removed this device from Trezor website and you can't purchase it now,
- Having said that, it's a bit strange we can only find the bundled version (directly) on their website... Perhaps they just messed up their store (you can easily find it through Google as well).
New Trezor Safe 5 announced. Already listed on our website comparing 58 different Hardware Wallets.
Nice and quick addition, but I think you need to move Trezor Model T to list of discontinued devices.They removed this device from Trezor website and you can't purchase it now, even if they didn't officially said they are stopping production.
For Trezor Safe 5 you should also add support for MicroSD cards.
New Trezor Safe 5 announced. Already listed on our website comparing 58 different Hardware Wallets.
Some Highlights:
- Touch and bigger screen with Gorilla Glass
- Secure Element
- BTC Only variant
https://thebitcoinhole.com/hardware-wallets
Some Highlights:
- Touch and bigger screen with Gorilla Glass
- Secure Element
- BTC Only variant
https://thebitcoinhole.com/hardware-wallets
Nothing from Trezor and legder?
Ledger only offered promotions through their swap service providers like MoonPay, LoopiPay, and some others where you could buy cryptocurrencies with 0 fees. Nothing special or worth mentioning, really. They didn't offer any discounts on their hardware wallets.But I did find something interesting and completely unrelated to Bitcoin Pizza Day while looking through their Twitter. They are trying to solve the Blind Signing dilemma and are looking for collaboration from developers to create safe Clear Signing standards for the ecosystem. Altcoiners might find that interesting.
Yes, I saw the Trezor discount after my post, but not added it because the discount wasn't for a HW.
Thanks for the bug report !!!.
There weren't any when Maxi made that comment [I double-checked to make sure he didn't miss any].
@thebitcoinhole
There's a minor bug on the table that whenever I scroll down, it changes some or all of the active links [beneath the fixed row] in either the first, second, or both of the first two rows into inactive links: Screencast
- Tested in Chrome and Firefox.
Thanks for the bug report !!!.
Pizza Day Discounts
Nothing from Trezor and legder?@thebitcoinhole
There's a minor bug on the table that whenever I scroll down, it changes some or all of the active links [beneath the fixed row] in either the first, second, or both of the first two rows into inactive links: Screencast
- Tested in Chrome and Firefox.
Pizza Day Discounts
Nothing from Trezor and legder?@thebitcoinhole
There's a minor bug on the table that whenever I scroll down, it changes some or all of the active links [beneath the fixed row] in either the first, second, or both of the first two rows into inactive links: Screencast
- Tested in Chrome and Firefox.
I see I missed a big conversation here in last few days. 
You can easily download Bitcoin-only firmware on all their devices, flash it, and you are done with altcoins (if you want).
Some other hardware wallets like Keystone is doing something similar and they are airgapped.
I would not say Ring is more secure, especially as you have to make blind transactions because there is no screen to confirm transaction addresses.
Than let's say that Trezor made first ever hardware wallet in the world, and it's still manufactured today, so I can't say any new company non-open source product is going to be more secure.
Trezor, Ledger etc are neither airgapped nor btc-only firmware.
Trezor can be btc-only.You can easily download Bitcoin-only firmware on all their devices, flash it, and you are done with altcoins (if you want).
Some other hardware wallets like Keystone is doing something similar and they are airgapped.
Considering it uses Shamir, the chip has a higher EAL rating and there's no bluetooth, wifi, inputs etc it's arguably safer than ledger or trezor.
Trezor also have shamir secret share, and they don't have NFC, like Ring (probably have).I would not say Ring is more secure, especially as you have to make blind transactions because there is no screen to confirm transaction addresses.
Than let's say that Trezor made first ever hardware wallet in the world, and it's still manufactured today, so I can't say any new company non-open source product is going to be more secure.
Pizza Day Discounts
Nothing from Trezor and legder?
Pizza Day Discounts
- Coinkite: 10% off all products
- Keystone: 8% off on Keystone 3 Pro
- CoolWallet Pro: 10% off with free shipping
- Ellipal Titan 2.0: U$S 40 off
- Coinkite: 10% off all products
- Keystone: 8% off on Keystone 3 Pro
- CoolWallet Pro: 10% off with free shipping
- Ellipal Titan 2.0: U$S 40 off
Some misconceptions you have:
1. Nunchuk (https://nunchuk.io/) is not a NFC card, is an open source software wallet that can connect with multiple HWs. Like Sparrow or Specter. They allow users to don't trust on the software of the HW manufacturer by using a different software wallet to connect with the HW in a 100% airgapped mode. I am not talking about using them to generate and store your seedphrase, I am talking to use them as coordinators or readonly wallets.
2. Trezor offers a btc-only firmware.
3. If a HW doesn't support multi-sig, is correct to say that is less secure than a HW with the same features but not multi-sig support. Multi-sig support increases the security of a HW.
4. Other HWs are not a wearable, so people don't expect to use them on the street. A good practice is recommend people to not put your wallet in your pocket and move with it. That's why I said that users of your wallet (and any other) should be advised to only wear it if you only have funds to spend on the daily basis.
Regarding you plan to be open source in the future, I think is a bad idea to not be open source since day zero. Nobody should trust in any company with closed firmware and mobile apps. The company could just send to themselves the seedphrase you generate on the HW, and you are not going to know, because all the code is closed.
1. Nunchuk (https://nunchuk.io/) is not a NFC card, is an open source software wallet that can connect with multiple HWs. Like Sparrow or Specter. They allow users to don't trust on the software of the HW manufacturer by using a different software wallet to connect with the HW in a 100% airgapped mode. I am not talking about using them to generate and store your seedphrase, I am talking to use them as coordinators or readonly wallets.
2. Trezor offers a btc-only firmware.
3. If a HW doesn't support multi-sig, is correct to say that is less secure than a HW with the same features but not multi-sig support. Multi-sig support increases the security of a HW.
4. Other HWs are not a wearable, so people don't expect to use them on the street. A good practice is recommend people to not put your wallet in your pocket and move with it. That's why I said that users of your wallet (and any other) should be advised to only wear it if you only have funds to spend on the daily basis.
Regarding you plan to be open source in the future, I think is a bad idea to not be open source since day zero. Nobody should trust in any company with closed firmware and mobile apps. The company could just send to themselves the seedphrase you generate on the HW, and you are not going to know, because all the code is closed.
1. Trezor, Ledger etc are neither airgapped nor btc-only firmware. The only real difference could be multisig but I genuinely don't understand why you say it would be less secure? As for people forcing you to sign a transaction on the street, I seriously doubt that's a casual occurence, sure, there are edge-cases and dangerous locations where it could happen but it's just that, an improbable edge case. I genuinely believe it is much safer to have a ringwallet than any other software wallet (1), and in regards to comparisons with Ledger, Trezor etc the only differnece is you would have it on you, but say you have 2 rings, one you keep at home and one you keep on you. How is the one left at home any less safe than the likes of Ledger or Trezor? Considering it uses Shamir, the chip has a higher EAL rating and there's no bluetooth, wifi, inputs etc it's arguably safer than ledger or trezor.
To answer the question directly, we obviously don't recommend you go walk in a cartel-controlled neighbourhood with a ringwallet holding $1M on it, but that's completely unrelated to the technology or even the ring. You shouldn't go walk in that neighbourhoud, period. And if you do, you shouldn't have anything valuable on you, period. Because chances are whatever you have will be lost if you don't end up dead either way. Whether you have a trezor, ledger, ringwallet, nunchuck etc, the same would happen. That's not normal use case though. I highly doubt you'll be held at gunpoint on a random street/boulevard in the vast majority of countries for you to transfer the contents of your ringwallet. Especially because this is not something instant, it would take at the very least several minutes for the entire thing to happen; time in which what no one notices? It's just highly highly unlikely. And that's not even mentioning the fact that the ring has 0 markings on it of any way, there's just a very small logo on the inside of the ring. That's all.
2. Nunchuck is also a NFC card so not sure how it's safer but that's not important; I doubt that nunchuck can be run on bluewallet or sparrow software; both of which are software-wallets and genuinely less safe than a hardware solution; pretty much any hardware solution.
As for the open source part, that I genuinely understand and agree with, but as mentioned, our plan is to make it open-source, I just want us to have some time-limited legal protection from competitors just forking our code the very next day. As for us having a copy of all generated private keys, we will be using the official industry standard SLIP-0039 implementation of Shamir's Secret from Satoshi Labs which is open source, the only difference being we store it on Ace Cards as opposed to a piece of paper. Either way, with a bit of luck on the legal side I'm hopeful that it won't be long before releasing the entire code as open-source.
Basically my only wish is for us to have a 2-3 year time horizon on every release before it can be forked in a commercially product, that's all. Which is a fair thing to want I believe.
To answer the question directly, we obviously don't recommend you go walk in a cartel-controlled neighbourhood with a ringwallet holding $1M on it, but that's completely unrelated to the technology or even the ring. You shouldn't go walk in that neighbourhoud, period. And if you do, you shouldn't have anything valuable on you, period. Because chances are whatever you have will be lost if you don't end up dead either way. Whether you have a trezor, ledger, ringwallet, nunchuck etc, the same would happen. That's not normal use case though. I highly doubt you'll be held at gunpoint on a random street/boulevard in the vast majority of countries for you to transfer the contents of your ringwallet. Especially because this is not something instant, it would take at the very least several minutes for the entire thing to happen; time in which what no one notices? It's just highly highly unlikely. And that's not even mentioning the fact that the ring has 0 markings on it of any way, there's just a very small logo on the inside of the ring. That's all.
2. Nunchuck is also a NFC card so not sure how it's safer but that's not important; I doubt that nunchuck can be run on bluewallet or sparrow software; both of which are software-wallets and genuinely less safe than a hardware solution; pretty much any hardware solution.
As for the open source part, that I genuinely understand and agree with, but as mentioned, our plan is to make it open-source, I just want us to have some time-limited legal protection from competitors just forking our code the very next day. As for us having a copy of all generated private keys, we will be using the official industry standard SLIP-0039 implementation of Shamir's Secret from Satoshi Labs which is open source, the only difference being we store it on Ace Cards as opposed to a piece of paper. Either way, with a bit of luck on the legal side I'm hopeful that it won't be long before releasing the entire code as open-source.
Basically my only wish is for us to have a 2-3 year time horizon on every release before it can be forked in a commercially product, that's all. Which is a fair thing to want I believe.
Hey, thanks for the lengthy answer and for the information. I will spend a bit more time researching this.
1. That's honestly not something we had considered previously. It's a fair point and something I really like the sound of so while it's definitely not directly compatible with these wallets you mention right now, I do see the value in something like this so I will do some more research and see if and how we can make it compatible with such softwares as well. Realistically, this won't be something we will be able to have in an initial release but it's something I appreciate and will try to see if we can find a way to make it work in a reasonable timeframe.
2. That's fair. And perhaps a good idea. We could have a separate version of the ring that is btc-only, I guess the only issue with that is I didn't really realise there's an actual market for it? But it seems to me that there might be one. I honestly had figured that most people want something that supports multiple chains.
3. That is fair. And multi-sig is one of the things we already have planned for future releases, it's just not something we think we can finish before the initial release and I didn't want to pretend otherwise.
4. I understand this. Indeed, most wallets are built to be left at home. This one is built so you can take it with you, so yes there is an added variable because of this.
Regarding the open source discussion, I understand. My reasoning is simple, I just want to have some sort of protection in place regarding competitors forking the code for monetary purposes the next day, which is why we want to have a special license with a limited time during which it cannot be used for commerical purposes while free to use for any other purpose. After a set time (2-3 years) it can even be used for commercial purposes as that gives us enough of an edge while we work on the next iteration/release.
Just to be clear though, it's possible that we may make the code open-source before the initial batch of rings is shipped. I'm not saying we will open source in 5 years. The worst case scenario is probably that we will open source it in say 12 months from now, and the first shipment is probably going to be in about.4 months from now. But that's the worst case scenario. A reasonable scenario is probably by the end of this year. This moreso depends on the lawyers than on me which is why I don't have a fully definitive answer.
Regardless of that, we will be using the SLIP-0039 implenetation from Satoshi, which is open-source and the industry standard, so I don't think us sending the seed phrases of users to ourselves is a real risk. I'll just play devil's advocate for a second and assume the worst case scenario; let's assume that we do actually send the seed phrases of people to ourselves. I am sure you are aware to make a hardware wallet you have to make a company, have shareholders etc. If that were to happen, 1. It would probably take <24 hours for everyone to find out and probably <30 days for every shareholder to get caught, charged and sentenced to jail. It's just not worth it to do something like this. There's basically 0 gain and infinite loss potential (i.e. spending life in jail) so even discounting the fact that we use a well-known, industry standard, open source implementation for seed generation etc, this isn't a real risk, for any wallet that has a legal entity, simply because no one wants to risk life in jail for 0 gain.
Anyway, I do agree with you on open-source, but not for that reason. The real risk of not being open-source, in my opinion, is that you cannot get properly audited / tested without having everyone try to break your code. That is, in my opinion, the actual value of open source. Because the real risk is not us sending the seed phrases but a well-funded bad actor finding some sort of backdoor / exploit etc to actually manage to retrieve n information from the ring/chip/etc. Obviously everyone releases things when they think they are secure, but nothing is 100% safe, even when open-source and battle-tested, so all the more reason to make things open-source and at least have the best chance of it being as safe as possible. So anyway, again, our intention is to make it open-source. I just want to make that clear. I just want some legal protection from day 2 copycats and waiting on that. That's all.
To give you some more context, the current steps look something like this: finish our fundraising round -> announce some of the partnerships we've been working on -> send out 100-200 rings as demo products to youtubers, influencers, industry-people etc for them to do video reviews and try out the ring and give feedback and only after all of that -> launch a pre-sale -> ship the initial orders -> give free access to order rings normally from the website.
Which is why I am saying that hopefully lawyers won't take an eternity to do what I've asked them to, in which case, in a best case scenario, by the time we ship the initial batch the code will already be open source. Anyway, I just wanted to clear this out because the reason we made the initial thread and etc is mostly because we wanted to get some community feedback. That's it. You can't buy anything now and that's not the intention.
And it was a good decision. We've received some feedback, like yours, which I believe is helpful. I honestly hadn't thought of making the hardware compatible with other softwares like Sparrow or Specter, but it's an interesting idea. Nor have I thought of having a btc-only firmware, which again seems like something worth exploring if there is enough interest.
Anyway, thanks for taking so much time to explain this. I will definitely read more about this and see if and what we can do with it.
Some misconceptions you have:
1. Nunchuk (https://nunchuk.io/) is not a NFC card, is an open source software wallet that can connect with multiple HWs. Like Sparrow or Specter. They allow users to don't trust on the software of the HW manufacturer by using a different software wallet to connect with the HW in a 100% airgapped mode. I am not talking about using them to generate and store your seedphrase, I am talking to use them as coordinators or readonly wallets.
2. Trezor offers a btc-only firmware.
3. If a HW doesn't support multi-sig, is correct to say that is less secure than a HW with the same features but not multi-sig support. Multi-sig support increases the security of a HW.
4. Other HWs are not a wearable, so people don't expect to use them on the street. A good practice is recommend people to not put your wallet in your pocket and move with it. That's why I said that users of your wallet (and any other) should be advised to only wear it if you only have funds to spend on the daily basis.
Regarding you plan to be open source in the future, I think is a bad idea to not be open source since day zero. Nobody should trust in any company with closed firmware and mobile apps. The company could just send to themselves the seedphrase you generate on the HW, and you are not going to know, because all the code is closed.
1. Nunchuk (https://nunchuk.io/) is not a NFC card, is an open source software wallet that can connect with multiple HWs. Like Sparrow or Specter. They allow users to don't trust on the software of the HW manufacturer by using a different software wallet to connect with the HW in a 100% airgapped mode. I am not talking about using them to generate and store your seedphrase, I am talking to use them as coordinators or readonly wallets.
2. Trezor offers a btc-only firmware.
3. If a HW doesn't support multi-sig, is correct to say that is less secure than a HW with the same features but not multi-sig support. Multi-sig support increases the security of a HW.
4. Other HWs are not a wearable, so people don't expect to use them on the street. A good practice is recommend people to not put your wallet in your pocket and move with it. That's why I said that users of your wallet (and any other) should be advised to only wear it if you only have funds to spend on the daily basis.
Regarding you plan to be open source in the future, I think is a bad idea to not be open source since day zero. Nobody should trust in any company with closed firmware and mobile apps. The company could just send to themselves the seedphrase you generate on the HW, and you are not going to know, because all the code is closed.
1. Trezor, Ledger etc are neither airgapped nor btc-only firmware. The only real difference could be multisig but I genuinely don't understand why you say it would be less secure? As for people forcing you to sign a transaction on the street, I seriously doubt that's a casual occurence, sure, there are edge-cases and dangerous locations where it could happen but it's just that, an improbable edge case. I genuinely believe it is much safer to have a ringwallet than any other software wallet (1), and in regards to comparisons with Ledger, Trezor etc the only differnece is you would have it on you, but say you have 2 rings, one you keep at home and one you keep on you. How is the one left at home any less safe than the likes of Ledger or Trezor? Considering it uses Shamir, the chip has a higher EAL rating and there's no bluetooth, wifi, inputs etc it's arguably safer than ledger or trezor.
To answer the question directly, we obviously don't recommend you go walk in a cartel-controlled neighbourhood with a ringwallet holding $1M on it, but that's completely unrelated to the technology or even the ring. You shouldn't go walk in that neighbourhoud, period. And if you do, you shouldn't have anything valuable on you, period. Because chances are whatever you have will be lost if you don't end up dead either way. Whether you have a trezor, ledger, ringwallet, nunchuck etc, the same would happen. That's not normal use case though. I highly doubt you'll be held at gunpoint on a random street/boulevard in the vast majority of countries for you to transfer the contents of your ringwallet. Especially because this is not something instant, it would take at the very least several minutes for the entire thing to happen; time in which what no one notices? It's just highly highly unlikely. And that's not even mentioning the fact that the ring has 0 markings on it of any way, there's just a very small logo on the inside of the ring. That's all.
2. Nunchuck is also a NFC card so not sure how it's safer but that's not important; I doubt that nunchuck can be run on bluewallet or sparrow software; both of which are software-wallets and genuinely less safe than a hardware solution; pretty much any hardware solution.
As for the open source part, that I genuinely understand and agree with, but as mentioned, our plan is to make it open-source, I just want us to have some time-limited legal protection from competitors just forking our code the very next day. As for us having a copy of all generated private keys, we will be using the official industry standard SLIP-0039 implementation of Shamir's Secret from Satoshi Labs which is open source, the only difference being we store it on Ace Cards as opposed to a piece of paper. Either way, with a bit of luck on the legal side I'm hopeful that it won't be long before releasing the entire code as open-source.
Basically my only wish is for us to have a 2-3 year time horizon on every release before it can be forked in a commercially product, that's all. Which is a fair thing to want I believe.
To answer the question directly, we obviously don't recommend you go walk in a cartel-controlled neighbourhood with a ringwallet holding $1M on it, but that's completely unrelated to the technology or even the ring. You shouldn't go walk in that neighbourhoud, period. And if you do, you shouldn't have anything valuable on you, period. Because chances are whatever you have will be lost if you don't end up dead either way. Whether you have a trezor, ledger, ringwallet, nunchuck etc, the same would happen. That's not normal use case though. I highly doubt you'll be held at gunpoint on a random street/boulevard in the vast majority of countries for you to transfer the contents of your ringwallet. Especially because this is not something instant, it would take at the very least several minutes for the entire thing to happen; time in which what no one notices? It's just highly highly unlikely. And that's not even mentioning the fact that the ring has 0 markings on it of any way, there's just a very small logo on the inside of the ring. That's all.
2. Nunchuck is also a NFC card so not sure how it's safer but that's not important; I doubt that nunchuck can be run on bluewallet or sparrow software; both of which are software-wallets and genuinely less safe than a hardware solution; pretty much any hardware solution.
As for the open source part, that I genuinely understand and agree with, but as mentioned, our plan is to make it open-source, I just want us to have some time-limited legal protection from competitors just forking our code the very next day. As for us having a copy of all generated private keys, we will be using the official industry standard SLIP-0039 implementation of Shamir's Secret from Satoshi Labs which is open source, the only difference being we store it on Ace Cards as opposed to a piece of paper. Either way, with a bit of luck on the legal side I'm hopeful that it won't be long before releasing the entire code as open-source.
Basically my only wish is for us to have a 2-3 year time horizon on every release before it can be forked in a commercially product, that's all. Which is a fair thing to want I believe.
1. Do you plan to be honest with your clients and say "please don't use our wallet with large amount of funds"? I disagree that your wallet has the same level of security compared to other wallets. Some missing security features you have: 100% airgapped, multisig, btc-only firmware, etc. Any guy on the street can force you to sign a transaction with your ring and you would lose all your funds.
2- I am talking about compatibility with open source software wallets like Sparrow, Nunchuk, Bluewallet, etc. Given that your code is close source, users have to trust 100% on you. How do they know that you are not a bad actor and have a copy of all generated private keys?
To be clear, you are not the only HW with these issues, Tangem and others have the same problems.
Hey, so let's talk a bit about this.
1. Our initial purpose is indeed to target either a) existing crypto users who don't use a hardware wallet already because they're too complicated b) new entrants in the crypto market and c) experienced users who want to have some amount of money with them on-the-go and have an easy way using it. This, however, is not to say that the security of the ring is bad. It's just our user target, at least initially. Let's break it down a bit.
2. Ok so for the second question I am genuinely not sure if I understood it correctly, so I will try to answer what I understood.
a) If you mean that our software won't be compatible with other wallet like Ledger and Trezor, I believe that is exactly how Trezor and Ledger functions as well, I'm not aware of hardware wallet software that is cross-compatible with other devices.
b) Initially the code is closed-source, yet, but that is because we are waiting on our lawyers for a way to attribute a license to our code that will protect us for say 2 years from people using the code commercially, giving us time to work on a newer version before competitors can just fork our code. That is all to say, our end goal is to make the code open-source, and release new versions as open source constantly, just with a 2 or 3 year limitation against using it for commercial purposes. Either way, just to be clear, Tangem for example has 0 open-source code and as far as I am aware, 0 intention of actually making the code open-source. So even if we were to take that route, which I don't think we will, it's not something never seen before.
2- I am talking about compatibility with open source software wallets like Sparrow, Nunchuk, Bluewallet, etc. Given that your code is close source, users have to trust 100% on you. How do they know that you are not a bad actor and have a copy of all generated private keys?
To be clear, you are not the only HW with these issues, Tangem and others have the same problems.
Hey, so let's talk a bit about this.
1. Our initial purpose is indeed to target either a) existing crypto users who don't use a hardware wallet already because they're too complicated b) new entrants in the crypto market and c) experienced users who want to have some amount of money with them on-the-go and have an easy way using it. This, however, is not to say that the security of the ring is bad. It's just our user target, at least initially. Let's break it down a bit.
- There is only a single vector of attack, namely NFC. There is no bluetooth, no internet, no inputs etc.
- The chip itself is certified as EAL6+, just for comparison purposes, Ledger is EAL5+. Furthermore, if somebody tries to say inject malicious code, initiate an unnaproved transaction etc through the only existing vector of attack (NFC), then the chip automatically burns itself if it is a real risk since these are chips used normally in bank cards, that's what they were initially designed for.
- Lastly, in terms of backup we use Shamir's Secret Sharing through the Ace Cards. This is arguably, at this moment, the most advanced and secure form of actually backing up a wallet at this point. Ledger doesn't even have the option for this, the only other one I'm aware of who does have this option is Trezor and even then, you must write them down on multiple pieces of paper; whereas we allow users to store them on Ace Cards, which is easier. Now, considering that even if somebody say steals your ringwallet they cannot use it unless they also simultaneously do the following: a) steal your paired phone, b) have your phone password c) have your app password and perhaps d) unless you go home, restore the wallet and move the money.
2. Ok so for the second question I am genuinely not sure if I understood it correctly, so I will try to answer what I understood.
a) If you mean that our software won't be compatible with other wallet like Ledger and Trezor, I believe that is exactly how Trezor and Ledger functions as well, I'm not aware of hardware wallet software that is cross-compatible with other devices.
b) Initially the code is closed-source, yet, but that is because we are waiting on our lawyers for a way to attribute a license to our code that will protect us for say 2 years from people using the code commercially, giving us time to work on a newer version before competitors can just fork our code. That is all to say, our end goal is to make the code open-source, and release new versions as open source constantly, just with a 2 or 3 year limitation against using it for commercial purposes. Either way, just to be clear, Tangem for example has 0 open-source code and as far as I am aware, 0 intention of actually making the code open-source. So even if we were to take that route, which I don't think we will, it's not something never seen before.
1. Trezor, Ledger etc are neither airgapped nor btc-only firmware. The only real difference could be multisig but I genuinely don't understand why you say it would be less secure? As for people forcing you to sign a transaction on the street, I seriously doubt that's a casual occurence, sure, there are edge-cases and dangerous locations where it could happen but it's just that, an improbable edge case. I genuinely believe it is much safer to have a ringwallet than any other software wallet (1), and in regards to comparisons with Ledger, Trezor etc the only differnece is you would have it on you, but say you have 2 rings, one you keep at home and one you keep on you. How is the one left at home any less safe than the likes of Ledger or Trezor? Considering it uses Shamir, the chip has a higher EAL rating and there's no bluetooth, wifi, inputs etc it's arguably safer than ledger or trezor.
To answer the question directly, we obviously don't recommend you go walk in a cartel-controlled neighbourhood with a ringwallet holding $1M on it, but that's completely unrelated to the technology or even the ring. You shouldn't go walk in that neighbourhoud, period. And if you do, you shouldn't have anything valuable on you, period. Because chances are whatever you have will be lost if you don't end up dead either way. Whether you have a trezor, ledger, ringwallet, nunchuck etc, the same would happen. That's not normal use case though. I highly doubt you'll be held at gunpoint on a random street/boulevard in the vast majority of countries for you to transfer the contents of your ringwallet. Especially because this is not something instant, it would take at the very least several minutes for the entire thing to happen; time in which what no one notices? It's just highly highly unlikely. And that's not even mentioning the fact that the ring has 0 markings on it of any way, there's just a very small logo on the inside of the ring. That's all.
2. Nunchuck is also a NFC card so not sure how it's safer but that's not important; I doubt that nunchuck can be run on bluewallet or sparrow software; both of which are software-wallets and genuinely less safe than a hardware solution; pretty much any hardware solution.
As for the open source part, that I genuinely understand and agree with, but as mentioned, our plan is to make it open-source, I just want us to have some time-limited legal protection from competitors just forking our code the very next day. As for us having a copy of all generated private keys, we will be using the official industry standard SLIP-0039 implementation of Shamir's Secret from Satoshi Labs which is open source, the only difference being we store it on Ace Cards as opposed to a piece of paper. Either way, with a bit of luck on the legal side I'm hopeful that it won't be long before releasing the entire code as open-source.
Basically my only wish is for us to have a 2-3 year time horizon on every release before it can be forked in a commercially product, that's all. Which is a fair thing to want I believe.
1. Do you plan to be honest with your clients and say "please don't use our wallet with large amount of funds"? I disagree that your wallet has the same level of security compared to other wallets. Some missing security features you have: 100% airgapped, multisig, btc-only firmware, etc. Any guy on the street can force you to sign a transaction with your ring and you would lose all your funds.
2- I am talking about compatibility with open source software wallets like Sparrow, Nunchuk, Bluewallet, etc. Given that your code is close source, users have to trust 100% on you. How do they know that you are not a bad actor and have a copy of all generated private keys?
To be clear, you are not the only HW with these issues, Tangem and others have the same problems.
Hey, so let's talk a bit about this.
1. Our initial purpose is indeed to target either a) existing crypto users who don't use a hardware wallet already because they're too complicated b) new entrants in the crypto market and c) experienced users who want to have some amount of money with them on-the-go and have an easy way using it. This, however, is not to say that the security of the ring is bad. It's just our user target, at least initially. Let's break it down a bit.
2. Ok so for the second question I am genuinely not sure if I understood it correctly, so I will try to answer what I understood.
a) If you mean that our software won't be compatible with other wallet like Ledger and Trezor, I believe that is exactly how Trezor and Ledger functions as well, I'm not aware of hardware wallet software that is cross-compatible with other devices.
b) Initially the code is closed-source, yet, but that is because we are waiting on our lawyers for a way to attribute a license to our code that will protect us for say 2 years from people using the code commercially, giving us time to work on a newer version before competitors can just fork our code. That is all to say, our end goal is to make the code open-source, and release new versions as open source constantly, just with a 2 or 3 year limitation against using it for commercial purposes. Either way, just to be clear, Tangem for example has 0 open-source code and as far as I am aware, 0 intention of actually making the code open-source. So even if we were to take that route, which I don't think we will, it's not something never seen before.
2- I am talking about compatibility with open source software wallets like Sparrow, Nunchuk, Bluewallet, etc. Given that your code is close source, users have to trust 100% on you. How do they know that you are not a bad actor and have a copy of all generated private keys?
To be clear, you are not the only HW with these issues, Tangem and others have the same problems.
Hey, so let's talk a bit about this.
1. Our initial purpose is indeed to target either a) existing crypto users who don't use a hardware wallet already because they're too complicated b) new entrants in the crypto market and c) experienced users who want to have some amount of money with them on-the-go and have an easy way using it. This, however, is not to say that the security of the ring is bad. It's just our user target, at least initially. Let's break it down a bit.
- There is only a single vector of attack, namely NFC. There is no bluetooth, no internet, no inputs etc.
- The chip itself is certified as EAL6+, just for comparison purposes, Ledger is EAL5+. Furthermore, if somebody tries to say inject malicious code, initiate an unnaproved transaction etc through the only existing vector of attack (NFC), then the chip automatically burns itself if it is a real risk since these are chips used normally in bank cards, that's what they were initially designed for.
- Lastly, in terms of backup we use Shamir's Secret Sharing through the Ace Cards. This is arguably, at this moment, the most advanced and secure form of actually backing up a wallet at this point. Ledger doesn't even have the option for this, the only other one I'm aware of who does have this option is Trezor and even then, you must write them down on multiple pieces of paper; whereas we allow users to store them on Ace Cards, which is easier. Now, considering that even if somebody say steals your ringwallet they cannot use it unless they also simultaneously do the following: a) steal your paired phone, b) have your phone password c) have your app password and perhaps d) unless you go home, restore the wallet and move the money.
2. Ok so for the second question I am genuinely not sure if I understood it correctly, so I will try to answer what I understood.
a) If you mean that our software won't be compatible with other wallet like Ledger and Trezor, I believe that is exactly how Trezor and Ledger functions as well, I'm not aware of hardware wallet software that is cross-compatible with other devices.
b) Initially the code is closed-source, yet, but that is because we are waiting on our lawyers for a way to attribute a license to our code that will protect us for say 2 years from people using the code commercially, giving us time to work on a newer version before competitors can just fork our code. That is all to say, our end goal is to make the code open-source, and release new versions as open source constantly, just with a 2 or 3 year limitation against using it for commercial purposes. Either way, just to be clear, Tangem for example has 0 open-source code and as far as I am aware, 0 intention of actually making the code open-source. So even if we were to take that route, which I don't think we will, it's not something never seen before.
I see two big issues on your product:
1- The idea of a ring with a wallet inside sounds good but not secure. As you mentioned on the other thread, you shouldn't put your life savings there. So, you are creating a product to protect small amount of funds.
The problem is that people is not going to know that and they think that a HW is always secure.
2- Correct me if I am wrong. It seems you are creating the classic HW without any open source third-party software wallet compatibility. So, users are forced to trust you and use your closed-source software wallet in a single-sig setup.
Intiially, the ring will support BTC, SOL, ETH and EVM-compatible blockchains. This means, upon release and delivery of presale orders. Unfortunately, it means we won't have things like Tron or Multivers upon release; however we will be adding all the relevant blockchains in a timely manner. In regards to EVM, we will probably include the large ones directly with the release like BSC, Polygon, Optimism etc. Some of the lesser-known ones we might phase out as well.
Regarding the backup (Ace Cards), their sole and exclusive functionality is to act as a backup. They have a different chip inside of them as compared to the wallet (ring) and they're not meant to be a wallet because we think that would defeat their purpose a bit. Ideally, these are things you set up and then store somewhere securely (i.e hide them somewhere) and never use them unless you need to restore your wallet. If you were asking this in the sense of whether we will also have a card-form hardware wallet like Tangem does, the honest answer is I don't know; it's quite honestly not a focus for us right now. First we want to launch and ship the rings along with the Ace Cards; those will also be the only 2 initial products we will have on our website.
After that, we already have a second product in the pipeline which with a bit of luck we should be able to release & start shipping before end of Q1 next year, but I can tell you it's not a card wallet. It's naturally still a wallet, and it is also a wearable, but we'll release more info about this only after we ship out the initial batch of rings.
Of course, I see that you are mostly just responding to satscraper, yet as a courtesy, it is probably best to keep your responses fairly succinct in threads like this (and maybe OP should have created this one as a self-moderated thread, but did not).. I did see that in the last couple of days you guys have created a Ringwallet forum thread (also not self-moderated), which also is receiving some pushback and skepticism, and I have not looked at any of that thread in detail (even though it is so far a short thread, and not that I am any kind of a technical expert), yet it might be a bit early in terms of coming to too many conclusions if the product (or products) is not quite in a released stage.. but still good to refer folks to either that thread that you guys created or some other locations that might answer the questions.
I see, sorry for that, I didn't really give it much thought. And yes we have that existing thread which wasn't very well done to be perfectly honest, we will probably make a more professional one a bit later on. And yes we did receive some skepticism which is generally fair and a good exercise, I did my best to answer all the questions there and will continue to do so. The product is not live yet as of now and cannot be ordered, perhaps I'll come back in this thread after there's more things made public. Thanks for the answer nonetheless.
1- The idea of a ring with a wallet inside sounds good but not secure. As you mentioned on the other thread, you shouldn't put your life savings there. So, you are creating a product to protect small amount of funds.
The problem is that people is not going to know that and they think that a HW is always secure.
2- Correct me if I am wrong. It seems you are creating the classic HW without any open source third-party software wallet compatibility. So, users are forced to trust you and use your closed-source software wallet in a single-sig setup.
[edited out]
Sure, those are very fair questions so let me try and answer them all. Some of it is still not out there because we only recently started publishing things about the company, so we will be slowly phasing out various updates and more information about the product over the next couple of months. Intiially, the ring will support BTC, SOL, ETH and EVM-compatible blockchains. This means, upon release and delivery of presale orders. Unfortunately, it means we won't have things like Tron or Multivers upon release; however we will be adding all the relevant blockchains in a timely manner. In regards to EVM, we will probably include the large ones directly with the release like BSC, Polygon, Optimism etc. Some of the lesser-known ones we might phase out as well.
Regarding the backup (Ace Cards), their sole and exclusive functionality is to act as a backup. They have a different chip inside of them as compared to the wallet (ring) and they're not meant to be a wallet because we think that would defeat their purpose a bit. Ideally, these are things you set up and then store somewhere securely (i.e hide them somewhere) and never use them unless you need to restore your wallet. If you were asking this in the sense of whether we will also have a card-form hardware wallet like Tangem does, the honest answer is I don't know; it's quite honestly not a focus for us right now. First we want to launch and ship the rings along with the Ace Cards; those will also be the only 2 initial products we will have on our website.
After that, we already have a second product in the pipeline which with a bit of luck we should be able to release & start shipping before end of Q1 next year, but I can tell you it's not a card wallet. It's naturally still a wallet, and it is also a wearable, but we'll release more info about this only after we ship out the initial batch of rings.
Of course, I see that you are mostly just responding to satscraper, yet as a courtesy, it is probably best to keep your responses fairly succinct in threads like this (and maybe OP should have created this one as a self-moderated thread, but did not).. I did see that in the last couple of days you guys have created a Ringwallet forum thread (also not self-moderated), which also is receiving some pushback and skepticism, and I have not looked at any of that thread in detail (even though it is so far a short thread, and not that I am any kind of a technical expert), yet it might be a bit early in terms of coming to too many conclusions if the product (or products) is not quite in a released stage.. but still good to refer folks to either that thread that you guys created or some other locations that might answer the questions.
I see, sorry for that, I didn't really give it much thought. And yes we have that existing thread which wasn't very well done to be perfectly honest, we will probably make a more professional one a bit later on. And yes we did receive some skepticism which is generally fair and a good exercise, I did my best to answer all the questions there and will continue to do so. The product is not live yet as of now and cannot be ordered, perhaps I'll come back in this thread after there's more things made public. Thanks for the answer nonetheless.
Hey, so let's talk a bit about this.
1. Our initial purpose is indeed to target either a) existing crypto users who don't use a hardware wallet already because they're too complicated b) new entrants in the crypto market and c) experienced users who want to have some amount of money with them on-the-go and have an easy way using it. This, however, is not to say that the security of the ring is bad. It's just our user target, at least initially. Let's break it down a bit.
- There is only a single vector of attack, namely NFC. There is no bluetooth, no internet, no inputs etc.
- The chip itself is certified as EAL6+, just for comparison purposes, Ledger is EAL5+. Furthermore, if somebody tries to say inject malicious code, initiate an unnaproved transaction etc through the only existing vector of attack (NFC), then the chip automatically burns itself if it is a real risk since these are chips used normally in bank cards, that's what they were initially designed for.
- Lastly, in terms of backup we use Shamir's Secret Sharing through the Ace Cards. This is arguably, at this moment, the most advanced and secure form of actually backing up a wallet at this point. Ledger doesn't even have the option for this, the only other one I'm aware of who does have this option is Trezor and even then, you must write them down on multiple pieces of paper; whereas we allow users to store them on Ace Cards, which is easier. Now, considering that even if somebody say steals your ringwallet they cannot use it unless they also simultaneously do the following: a) steal your paired phone, b) have your phone password c) have your app password and perhaps d) unless you go home, restore the wallet and move the money.
2. Ok so for the second question I am genuinely not sure if I understood it correctly, so I will try to answer what I understood.
a) If you mean that our software won't be compatible with other wallet like Ledger and Trezor, I believe that is exactly how Trezor and Ledger functions as well, I'm not aware of hardware wallet software that is cross-compatible with other devices.
b) Initially the code is closed-source, yet, but that is because we are waiting on our lawyers for a way to attribute a license to our code that will protect us for say 2 years from people using the code commercially, giving us time to work on a newer version before competitors can just fork our code. That is all to say, our end goal is to make the code open-source, and release new versions as open source constantly, just with a 2 or 3 year limitation against using it for commercial purposes. Either way, just to be clear, Tangem for example has 0 open-source code and as far as I am aware, 0 intention of actually making the code open-source. So even if we were to take that route, which I don't think we will, it's not something never seen before.
Jump to: