NEW YORK (InsideBitcoins) — Hardware wallets have been touted as the perfect solution when it comes to creating a useful combination of security and convenience for bitcoin users. Although the general public likes to believe that their files and passwords are secure on their home computers, the reality of online security is nowhere near that false hope. As we’ve seen in the past, users who are not using strong passwords, 2-factor authentication, and other security measures tend to only figure out the error of their ways when it’s already too late.
Hardware wallets allow users to store sensitive information on separate devices, which offers greater security in a situation where their computer has become infected with malware. Most of the bitcoin community knows about the TREZOR, but the Ledger Wallet Nano is a relatively new offering that enables enhanced bitcoin security for a lower price. I was recently able to test out one of these new devices. Here are my thoughts.
Setting up the Ledger Wallet Nano
Setting up a Ledger Wallet seems like it should be simple enough in most instances, but I ran into one issue due to the fact that I was using Linux. GreenAddress (one of the wallets that supports the Ledger Wallet) did not seem to be recognizing the hardware wallet at all, so I decided to load up the official Ledger Chrome App instead.
The app was also not seeing the hardware device, so I visited the FAQ page on the Ledger Wallet website. It was there that I realized I needed to download a script to get the hardware device to work. After following the instructions, I was good to go.
GreenAddress and Electrum integration?
Now that I knew the hardware device would work properly, I decided to test it out on Electrum. Contrary to what I had heard in the past, Electrum did not seem to support the Ledger Wallet. It appears that the device is supported in Electrum 2.0, but that is not the build currently available on the Electrum website. After clicking around for 15 minutes, I decided to give up on Electrum and move to GreenAddress.
I was excited at the prospect of using the Ledger Wallet as one of two or three signatories for bitcoin transactions, but it does not seem that sort of functionality is available at this time. In reality, the Ledger Wallet is currently not much more than a storage device when connected to the GreenAddress Chrome App. All I was actually able to do was download the seed for my GreenAddress wallet onto the Nano.
Is security a priority?
At this point, I decided to use the Chrome app to setup my device and simply see how the whole thing worked. I was told to write down the mnemonic phrase for my HD seed and PIN number during the setup process. It was at this point that I began to question the actual security offered by the Nano.
While it is true that the hardware device can protect private keys, that doesn’t really matter if the device can be tricked into sending bitcoins to the wrong address. The PIN number attached to the hardware device does not help when it is typed into a computer with a keylogger, and the device can then be used to send bitcoin transactions to any address that the malware’s heart desires.
The team behind the Ledger Wallet would counter this argument by stating a card that is paired with each device must also be used to confirm that the Ledger Wallet is sending bitcoins to the correct address, but the issue there is that it would only take a few dozen transactions for a sophisticated piece of malware to figure out the decoder-ring-esque security of the card.
While I commend the team behind the Nano for all of their hard work in creating this device, the fact of the matter is that it seems to fall short of the security offered by the TREZOR. Due to the screen and physical buttons featured on the TREZOR, a piece of malware attempting to trick the user into sending bitcoins to the wrong address could be easily discovered.
The user experience when using the official Ledger Wallet Chrome App was rather seamless, but the real issue was that I didn’t feel like the device was offering a substantial improvement in a situation where malware is sitting on my computer.
To their credit, the Ledger Wallet team is currently working on roughly 100 prototypes of their hardware device at various stages of development in an attempt to find the right balance between security and convenience. For now, it seems that they need to turn the dial towards the direction of creating a more secure device. Purchasing one of these devices still makes sense if you’d like to help support further development of alternative hardware wallet options by the Ledger Wallet team.
Update: GreenAddress released an update today. Using a Ledger Wallet Nano as a signator for a 2-of-3 multisig account is now possible by customizing a 2-of-3 account with the Ledger Wallet’s master public key. It should be noted that this sort of implementation also works for paper wallets, and the custom master public key is only needed in situations where GreenAddress disappears or goes offline.
— Lawrence Nahum (@LarryBitcoin) January 8, 2015
Correction: In the final paragraph “roughly 100 different variations of their hardware device” was changed to “100 prototypes of their hardware device at various stages of development.”
Disclosure: Kyle was provided a Ledger Wallet Nano at no cost for the purposes of this review. The Nano retails for $34.00.
You can follow @kyletorpey on Twitter.