Pages:
Author

Topic: Hardware Wallet protection on a online computer - page 2. (Read 322 times)

legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
The private keys are kept in a sealed environment known as the Secure Element. The keys only get used when you need to sign transactions to spend coins. For that, you need to physically allow your device to sign the transaction by pressing the two buttons on top of it. No software or third-party can see your keys or broadcast the transaction for you.
Secure element doesn't matter all that much in terms of securing the keys from malware. The purpose it serves is to make it harder for it to be extracted via physical attacks. Malware attacks are mitigated by designing the firmware and bootloader to not arbitrarily communicate sensitive information over the USB. Secure element doesn't ensure this, the MCU does. Secure elements mostly acts as a storage medium.

In certain hardware wallets, the private keys has to be exposed  to the MCU for transaction signing as certain secure elements are incapable of signing transactions. The environment is still sanitized nonetheless.
legendary
Activity: 2730
Merit: 7065
Am I missing something?
The two most important elements to the security of your coins is the seed you generate when you first fire-up your hardware wallet and the private keys derived from that seed, which sign transactions allowing you to spend your coins. In the case of Ledger, the seed is only visible on the screen of your hardware wallet. It's native software, Ledger Live, never sees the seed.

The private keys are kept in a sealed environment known as the Secure Element. The keys only get used when you need to sign transactions to spend coins. For that, you need to physically allow your device to sign the transaction by pressing the two buttons on top of it. No software or third-party can see your keys or broadcast the transaction for you.

You can test that yourself if you have a Ledger hardware wallet.
If you use Electrum, create a new wallet for testing purposes. Run the software, click on Wallet > Private Keys > Export. Enter your password and Electrum will display the private keys of 20 receiving and 10 change addresses by default.

Try the same with your Ledger. Plug in your Ledger and connect it to Electrum. Open your bitcoin wallet and try to view and export your private keys. You will see that it doesn't work because Electrum can't access them.
legendary
Activity: 2268
Merit: 18748
If it's compromised one can easily read what's inside the USB.
A good hardware wallet is more than just a simple USB drive. The whole point of hardware wallets is exactly that you can plug them in to compromised or online computers without having your private keys stolen.

The most that a compromised computer could do is craft a malicious transaction and push it to your hardware wallet to be signed. As long as you are paying attention and you don't confirm the malicious transaction on your hardware wallet, then your coins remain safe.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
I'm trying to understand how a Hardware Wallet protects its data when connected to an online computer. If it's compromised one can easily read what's inside the USB. Am I missing something?
The private key is never transferred over the USB. The bootloader doesn't have any codes that would transfer the private key to the computer nor does it need to be exposed that way. The unsigned transaction is transferred through the USB and signed on the device. The private key is always stored within the device in a sanitized environment. As long as the device doesn't send the private key or the seed over the USB, it doesn't matter whatever data is sent to and from the device.

legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
The most secure and safe wallet to use are offline wallets, while hardware wallet is one of the offline wallets, which means its private key is completely generated offline and remain offline. While using online wallet to access your hardware wallet, the only risk involve is the recipient address to automatically change to a hacker's address unknowingly to the person that want to send from such wallet. If the sender do not check the address very well and notice the change of address to hackers address, the bitcoin will be sent to the hackers address. So, checking the address and rechecking it again before sending any coin will help during the time, but yet it is best to avoid malware and have good online and offline practice to protect you from attackers.
member
Activity: 83
Merit: 14
I'm trying to understand how a Hardware Wallet protects its data when connected to an online computer. If it's compromised one can easily read what's inside the USB. Am I missing something?
Pages:
Jump to: