Andreas Antonopoulos - Hardware Wallet Security (2019-02-01)
Transcript By: Michael Folkson
Name: Andreas Antonpoulos
Topic: Are Hardware Wallets Secure Enough?
Location: Andreas Antonopoulos YouTube channel
Date: February 1st 2019
Are Hardware Wallets Secure Enough?
Q - Hi Andreas. I store my crypto on a Ledger. Listening to Trace Mayer this week has me concerned that this is not safe enough. Trace says you need Bitcoin Core for network validation, Armory for managing the private keys and a Glacier protocol for standard operating procedures and a Purism laptop for hardware. What is the gold standard for storing crypto for non-technical people? Is a hardware wallet good enough? If my crypto has been on my hardware wallet for a year now is it more or less likely to be hacked over time?
A - Here’s the thing. Different audiences, different groups of people are going to have different risk models and they are also going to have different tolerance for technical complexity. The important thing to realize here is that technical complexity is part of the risk model. Meaning that if what you are trying to do with security is more technically complex than your level of skill you introduce a very serious risk, that you will lose your crypto. Not because it is stolen but because your ambition for technical excellence exceeded your skill level for technical execution and you frankly messed it up. This applies to every level of technical expertise. There is always a higher level of security you can achieve by adding a bit more complexity. Security is not an on, off thing. It is not “It is secure” or “It is not secure.” There is no gold standard for security that applies for everyone. There is a sweet spot where the risks that you face from external factors, from the adversarial model that you have identified where you understand who might be after your crypto and under what circumstances they might access it. The risk model you have for resilient long term storage and also you should be thinking about inheritance and how your loved ones will deal with this is if something happens to you. The risk model you have for simple loss which includes a fire, a flood, an environmental disaster, a problem with your home or the other areas where you store keys, termites that eat through your paper backups or whatever else the risk model might be. Then you balance against your technical skill and you find which of these risks you can eliminate in a way that both you and the people you will designate as helping your loved ones recover your crypto if something happens to you can execute that technical plan flawlessly. That’s the sweet spot. Trace’s sweet spot is Bitcoin Core for network validation, Armory for managing private keys, Glacier protocol for standard operating procedures, Purism laptop for hardware. Other people have a higher sweet spot. For example for Coinbase’s cold storage they use a Faraday cage. They have a room that is lined with an electromagnetic shield so it won’t leak RF. Other people use nothing. There is a range here. What Trace is doing is identifying his sweet spot based on his level of technical expertise and the people around him that he has able to assist him and others if the need comes. He is also balancing this against his lifestyle and where he lives, what access he has to secure locations to store his keys etc. None of this is going to be same for you. You have to figure out what is right for you. For 99 percent of users this is not right. The reason it is not right is because 99 percent of users of crypto do not have the technical expertise to execute on a plan of this complexity. As a result what they will do is they will overextend and underachieve on technical execution. They stand a much bigger risk of losing crypto because of key loss than having crypto stolen because of an external adversary. Your own lack of technical expertise and your overambition in execution is going to cause you to lose your crypto, not some nefarious hacker. Having said that, what can you do that is practical? If you have your crypto on a hardware wallet that is a fairly high level of security. The important question then comes where is that hardware wallet backed up? Where are those backups stored? How are those backups stored? And do you have additional layers of security? For example, if you have a hardware wallet with a PIN then the hardware device itself is somewhat secure but it is still vulnerable to physical attacks. Meaning you have to secure the physical location where you have that hardware wallet. A wall safe, floor safe or even a hidden compartment where you can hide your hardware wallet is often enough security if people don’t know that you have crypto. If people know that you have crypto and they know where you live then you have a slightly higher degree of risk and you need to account for that. Now about the backups. Writing 24 English words on a piece of paper with your own handwriting is probably the most resilient way you can backup your hardware wallet. You have to protect that seed. Most people are very worried that someone is going to break in, identify what the 24 words are and steal their money. That is not the biggest risk. The biggest risk is you lose it, you forget where you put it, you didn’t do the backup in the first place, it got moisture, that is going to be a real problem. Paper gets wet and it gets destroyed, the ink bleeds, whatever. Or you had a fire, termites or some other natural disaster that destroyed your only backup. You can protect against many of these risks. Step one, create another layer of protection. Make a passphrase on top of the seed so that you have this additional layer of security. You still need to backup your passphrase because if you pass or are involved in an accident and you are the only one who knows the passphrase then that is a point of failure, your crypto is lost. It would be very difficult to brute force. A simple 4-6 word, random English word passphrase is sufficient if you physically protect your seed from disclosure. I would also add important measures. Make two or more copies of your seed and store them in geographically distant locations. The seed on its own without the passphrase is not sufficient to break it. Take that paper seed and laminate it so that it is protected from moisture which is the number one risk. Then put it in a tamper evident sealed envelope. You can buy these by the hundreds from retailers. They are often used for cash donations in religious institutions and things like that. This will allow you to ensure with easy inspection whether anyone has peeked at your seed. And give you piece of mind that no one has accessed that particular copy of the seed. Create more than two copies of it. Put it in a standard fireproof safe that can resist a fire and put two copies in two different locations that are unlikely to burn down at the same time. With these measures in place you have protected yourself from the biggest risks which are accidental damage, environmental damage and loss due to insufficient backups. You have to also backup those 4-6 word passphrases. Write those down on paper, laminate those, put them in a tamper evident envelope, store 2 or more copies in 2 or more different locations from where their seeds are. Finally write a letter so that people know that these things exist. Coordinate with your family so that they know that these things exist but they can’t easily access them and take away your crypto. For most people the simple Stone Age technology of paper, pencil with a little modern addition of a laminated sheet so you don’t get moisture damage and a simple cheap, plastic envelope that makes it obvious if someone has peeked at your seed is sufficient. You don’t need to go to the extremes and the technical complexity of Glacier protocol. Here’s the problem. When people give advice like this, when they say that if you don’t achieve this level of “I feel confident” you are not secure, what they are doing is not encouraging people to achieve better security. They are either pushing people to try to overextend their technical skill and making them at risk of losing their crypto due to a variety of technical problems or they are pushing people to go to custodial exchanges. The vast majority of people having read things like the Glacier protocol will go “ I don’t even know.” They will either try to do it without understanding it fully, be very uncomfortable with their knowledge and probably lose their crypto because they messed it up or they are just going to give up on the first page and move their crypto into custodial storage and let someone else take care of the security. We have an intermediate level that people can use. Hardware wallets with paper backups, properly secured with a passphrase, are very effective, they are easy to do for most people and if you follow instructions…. Don’t try to improvise. Don’t try to do things like cutting up your seed into groups of words and sprinkling them in different locations. Don’t try to use overly complex passphrases or take the words, put them in a file, encrypt that file with PGP, store it on Dropbox…. None of that. Old fashioned, low tech, paper, pencil, protection from water, protection from fire, multiple redundant copies, second factor passphrase. That is achievable by most people. Mike, your crypto is fine on the hardware wallet. It won’t get hacked. It is not more likely to be hacked now than it was anytime in the past. 99 percent of the attacks you see against hardware wallets, you read about in academic papers or you see at academic security conferences, require physical access to the device. And even then they don’t work if you’ve updated your firmware correctly. More importantly the biggest risk you face is losing your crypto because you didn’t properly backup your hardware wallet or because you tried to follow a set of instructions that started with “Obtain the unobtainium Linux distribution and install on an airgapped Faraday protected supercomputer in an underground bunker” and you went “Hands up” and put your money on Coinbase.