Topic: What exactly is mainly stored on a hardware wallet? (Read 336 times)

As you said hardware wallets protect the seeds from evil maids thanks to a pin code or a password. So OP obviously doesn't understand why he's asked to write down his seed in clear on a paper because it defeats this purpose. He's right, seed back ups should be carefully hidden and not kept at home if people are likely to find them there. Another safe strategy is to use a passphrase with the seed, to memorize it and to store it elsewhere.

Hardware wallets have a specific feature for entering device pin/asswords. Passwords/pin protect your device from thieves', but they're not to protect your funds. Because funds are protected by devices or seed phrases, So why should you keep the device and seed phrase together at home? The device should be reset for attempts with the wrong pin/passwords. I am using Ledger, so I have experience with that. I'm not sure how other wallet passwords work. You need a password and a device to sign a transaction. Otherwise, you need to input your seed phrase into any other wallet that supports your seed phrase categories. I can't find anything wrong here. Can you be more specific about what is on your mind? How do you want to protect your fun :'(ds?

No no please... one thing that will never be stored on your hardware wallet is your pin. Your pin is used to encrypt the wallet and the recovery phrase and that encrypted recovery phrase will be stored on the wallet but not the pin.

It's a security measure to ensure that even if someone physically accesses your hardware wallet, they cannot use it without the PIN.

---

I guess you've already received plenty of good answers. I just want to add that your recovery phrase is a key to your wallet, whether it's a hardware or a software wallet. If we say hardware wallets are used to store your "recovery seed/phrase," it is technically correct. However, even if your recovery phrase is not stored on the wallet, it will still function as intended. Your recovery phrase is stored on the wallet just for you, so you can retrieve it again in the future if required. Otherwise, a hardware wallet does not need your recovery phrase to be stored on the device after setting up or restoring your wallet.

So, yes two things are stored on wallets:

1. Encrypted recovery phrase for you to retrieve later.
2. Your public and private keys (used to sign transactions).

Everything in your wallet is locked (encrypted) using the "PIN."


Logically speaking, wallets are not supposed to physically store your recovery seed or phrase. Instead, they should generate your public and private keys based on that seed when you create your wallet. Your recovery seed is something you should write down and keep in a safe place that is not, or never connected to the internet.

That is the reason why every hardware or software wallet will recommend you to write down your recovery phrase on paper; this recovery phrase is your responsibility to be taken care of.

Now, to answer your question regarding if you write down your private key (recovery phrase) on paper, then what's the use of a hardware wallet? Can you use your recovery phrase to send transactions? No. You still need your private key to sign transactions, and that private key you will get after restoring your wallet. This is what a hardware wallet does for you. In this case, your private keys will never leave your hardware wallet, but you can still send transactions.

In summary, the recovery seed (or phrase) is your backup, and private keys are securely managed within the hardware wallet to sign transactions when needed.

There is no universal answer, and this all depends on model of hardware wallets, there are some that don't even use seed phrases.
Hardware wallets are much different from hot wallets because they are not directly connected to internet in the same way like hot wallets, and risk of losing coins is much smaller.
Some DIY hardware wallets don't even store anything permanently, as soon as you turn it off everything is wiped including seed phrase, so you need to scan QR code or do manual import.
Other hardware wallets are using secure elements for storing seed phrase, others don't have secure element (Trezor One, T) so they use different security model with passphrase.

That is correct.


There are no accounts in Bitcoin. The closest thing to an account is a wallet, which is a collection of private keys. A wallet may also have software to manage the keys, create and sign transactions, and monitor the addresses associated with the keys. Note that an address is typically used only once and each address has a private key, so a wallet will create many private keys as it is used. A public key/address is not similar to a bank account number. It is more like an invoice number.

Please read this post: Important terms that are frequently confused

A hardware wallet is just a tool that makes it easy for you to sign the transaction because the key is inside. While on paper, you must write down the private key if want to sign the transaction using a software wallet. This means the hardware wallet makes your life easy and simple with the same security. You don't have to be confused too much bro, if you doubt about security, Many people have used hardware wallets for a long time and safely. if you are in doubt there is people lost the coin on the hardware wallet, it's usually not because the tool but because of their own mistakes by careless amd don't really pay attention to how to store the seed or key.

I agree with what you said. Even if wallet seed phrases appear simple, it is never a good idea to memorize them because everyone experiences memory loss from difficult situations in life or altered memory access.
Aside from that, it's always preferable to back up wallet information when it comes to cryptocurrency.

As I understand it and if my answer is incorrect, please correct me, a hardware wallet is a physical device that stores cryptographic keys used to access cryptocurrencies. It is considered to be the safest way to store cryptocurrencies compared to software wallets because of its offline storage and advanced security features.

The primary information that is stored in a hardware wallet is the private key. A private key is a unique secret code that is used to access and control cryptocurrencies. With the private key, users can sign transactions and make transfers from their cryptocurrency accounts. The private key is generated by the wallet when it is set up and is stored securely on the device.
Hardware wallets also store the public key, which is used to receive cryptocurrencies. The public key is similar to a bank account number, and other users can send cryptocurrencies to this address.

Additionally, most hardware wallets also have backup and recovery features that allow users to easily recover their private keys if the device is lost or damaged. The backup phrases are usually a series of words that are stored on a piece of paper or other physical medium and kept in a secure location.

Overall, a hardware wallet stores the critical cryptographic keys that enable the user to send and receive cryptocurrencies, and protects these cryptographic keys with advanced security measures, including offline storage and encryption.

You are incorrect, you might memorize 12 or 24 words today and still remember in a few days time, but what about after a few months and then years, you would definitely forget some words or mix up the exact sequence/arrangement. Even if you don't forget it in that way, what if you have a head injury or you fall ill to a sickness that affects your memory, etc.

The brain can easily memorize 12 or 24 words today, the same way it can easily forget it tomorrow, thus never you memorize your seed phrase, but always write it down with a paper and pen and keep it very safe.

Your cryptocurrency may be associated with different addresses; addresses are nothing else but human-friendly representation of long public keys.

To be precise, a hardware wallet holds your seed phrase from which to generate many-many private keys on the fly. In other words, hardware wallet doesn't keep private keys themselves but generates them from a common secret when needed.

Only to prove you are the owner of a particular public key, not the whole wallet.

PIN code is used to encrypt information stored in a hardware wallet, it has nothing to do with private keys themselves.

Hardware wallet is a management tool that helps in your interactions with the blockchain: it generates keys and addresses from your 12 or 24 words, prepares transactions for transfer via the blockchain, ensures that secret key stay isolated from vulnerable online environment.

The hardware wallet keeps your private keys on a secure offline device but also easily accessible for signing transactions so bitcoin can be be sent. Writing your seed phrase on paper is just the backup in case your hardware wallet is ever lost, stolen, damaged, or otherwise compromised.

The PIN is the most important item stored on the hardware wallet, not the seed - because the seed is encrypted by the PIN (and by some other stuff I believe - I am not familiar with the internals of hardware wallets), but if the PIN is compromised, the seed might as well be stored in plain text at that point.


I imagine that all power-of-2 multiples of G are also stored in the ROM somewhere to speed up ECDSA signing.

You are close, though you could have a better understanding of the terms.

Please read this post: Important terms that are frequently confused

A password is a password. It is used to secure a wallet generally by encrypting the contents. It is not related to a hash of a private key.


The recovery phrase (a.k.a. seed phrase or mnemonic phrase) is used by the wallet to generate all of the private keys and addresses used by the wallet. Any wallet given the same recovery phrase will generate the same private keys and addresses.


1. You can't connect a piece of paper to a computer.
2. Anyone can read a private key or seed phrase off a piece of paper, but nobody can extract that information from a hardware wallet.

Q: What exactly is mainly stored on a hardware wallet?

A: BIP 32 root seed (which is 512-bit number).

Private- public key pairs are calculated on the fly (when requested)  from BIP 32 root and relevant derivation paths rather than  stored in memory of HW.

The other sensitive info stored on hardware wallet (not to mention BIP 39 wordlist) is a PIN that allows to unlock memory  area  with  BIP 32 root.

A HW can be used to store the private key so you don't have to manually import it (or the seed phrase) every time you wish to spend from your wallet. On a piece of paper you write a backup so you can use it in case something goes wrong. But in order to actually use the wallet, you can use the device which is stateful, as in "it holds the key offline in its storage".

The approach I follow is totally different, but my use-case is not the common one, at least that's what I assume.
I import my seed phrase to my HW, I do what I want to do and then I factory reset the device. So, my device holds my keys only for the time I want it to hold them.

They are safer than online wallets because their seed phrase and keys are not connected online.

It is always good to have backups of your seed phrase offline, like on a paper or on a stainless steel or titanium sheet, in order to be able to recover your coins in case of wallet damage or theft. Having like two more backups in different locations.

As you can see, my rank in this forum is still low, so I am still researching to become a successful member of bitcoin and also in this forum. If you can read and understand my question, it is not that I don’t know that the seed phase and private key are kept in hardware for backup, but I want to know if you can write them on a piece of paper, then what is the use of a hardware wallet?

The seed phrase is as important as your private key. Perhaps you might not know but this seed phrase is more of a mnemonical pattern of displaying your private key instead of what could be considered as a lengthy sequence of random numbers and characters. Most seed phrase can be easy to be memorized since it consists of words which the brain can easily retain. You need both of them for securing your crypto assets and they are both valuable.

OP your funds will be prone to attacks if you don't make use of a hardware wallet. There are lot of Malware that can detect activities that are related to cryptocurrency on any devices, without any hardware on your device this malware may be successful in draining away your funds. This is the reason why a hardware wallet is needed because they are not connected to the Internet in any way.

yeah because OP asked why do we store Seed Phrases and how is it different than storing private keys:


Anyway, if my answer is unecessary, let it be this way. At least it is not misleading or wrong.

Some hardware wallets offer additional features like secure element (ATECC608B,) cryptographic method, dealing with SD/RAM protection from physical attacks. All of these features are considered additional protection in the event of losing your device, which instead of trying to brute force all data will be deleted after entering the wrong PIN 3 times.

اIt provides an easy device for anyone who does not have technical knowledge to set up a hardware wallet that is relatively safe in all cases, even physical theft, and a simple recovery mechanism represented by seeds without having a technical background. Even if the wallet is stolen, you must quickly access your coins and send them to another address.

this is not how HW wallet work, you described how a public key/address can be generated from a seed.

When you press the "create new wallet" button on your HW, the device has collected 128 - 256 bits of entropy from various sources. Imagine a sequence of 0s and 1s.

Then the entropy is hashed and the first 4 - 8 digits (checksum) are appended to the initial checksum.

Then the sequence you have is split into 12 - 24 smaller sequences of bits, of 11 digits each.

Each of these subsequences is converted to a decimal number.

Each of these decimal numbers corresponds to an english word in the BIP-39 dictionary (which is the recovery phrase you refer to above).

Finally, the seed words, plus some salt (the word "mnemonic" + an optional passphrase) is stretched through the PBKDF2 function and a 512-bit seed is produced.

This seed produces the wallet (EDIT: and is stored in the device).

Note: as you can see, if 2 people have the same set of words, they can produce the same wallet, unless they have set an optional passphrase on the last step.


Now, to answer the question:

BIP-39 is a standard that is used to facilitate people when they want to recover their wallet. How? It is (as I explained above) a representation of the initial entropy.

If you wanted to produce the same wallet without a backup of the entropy, it would mean that you have produce the same entropy randomly. It will never happen - it is infeasible.

So the wallet offers you 12 - 24 words to help you recover the wallet in any other device you want, provided that it uses BIP-39.

The HW can have a state, meaning it can remember the private key, but if it gets destroyed, for example, how would you recover the wallet?

I know you think that you could hold a backup of the private key instead of the words, but trust me, keeping track of 64 Hexadecimal characters is much more difficult than keeping track of 12 english words.

This answers the OP question. But on hardware wallet, seed phrase are written down for backup, not the private key. I know you know this, but it is worth mentioning. The seed phrase can always generate and regenerate the private keys.

I think OP do not need to ask this kind of question because it is not hard to know the reason for the seed phrase backup. On most wallets, the reasons are even stated, that seed phrase are used for wallet recovery.

What is stored on your hardware wallet is the private key or the seed phrase, which is needed to sign a transaction. Just like you have stated a transaction must be signed by the private key and that is what the hardware wallet keeps, the remaining process are done by a software wallet. The reason for a hardware wallet is just to prevent your private key or seed phrase from coming online like the software wallets. The hardware device is prevented from an internet connection which is the first point of exposing your private key or seed phrase

The hardware wallet is referred to as an offline wallet for This purpose, also you can use the software wallets too as an offline wallet by using it offline and never allowing the device to come online. You can then have a watch only wallet on another device for broadcasting the transaction. So basically what the offline wallet does is to use this stored private key to sign the transaction.

Yes the private key is needed to be written down and stored (advisable offline), because you don’t know what is going to happen to that hardware wallet, it can mistakenly get damaged, get lost or gets stolen. With a seed phrase or Private key elsewhere you can simply just recover everything back on another wallet that supports the hardware wallet’s seed phrase formats.

Even after a few days of study, there are still some concepts that I still don't fully understand and some that I find difficult to grasp. For that reason, I've chosen to submit such concepts here in order to receive additional clarity. As far as I can tell, your cryptocurrency is stored on the public ledger under a public key; your hardware wallet holds your private key, which is used to verify that you are the owner of the public key or wallet; and you set a password to secure your hardware wallet something that is easier to remember than a complete hash of your private key.

I find it confusing that when you create a hardware wallet, you are required to write down a 12-word "recovery phrase" in order to restore your wallet in the event that it is misplaced.
What makes this any different from simply leaving your wallet at home and writing down your private key on the same piece of paper? What use does a hardware wallet serve if you have to write down what is effectively your private key anyhow?