Michael Flaxman Profile picture
Jul 4, 2019 18 tweets 4 min read Read on X
1/ Storing bitcoin private keys is really hard, and unfortunately every hardware wallet I've seen sucks. I'm looking forward to the wave of improvement that BIP174 (PSBT) is going to unleash. In order to be decent, a hardware wallet must do ALL of the following:
2/ Simple support for m-of-n multisig (where m is > 1 and includes competitors' hardware wallets). If you go from 1-of-1 keys using a "great" hardware wallet and add a lousy hardware wallet but make it 2-of-2, you immediately improve your security (multisig security is additive).
3/ Have a true airgap, meaning that it is eternally quarantined (and gapped with air) from an internet connected device. To accomplish this, it must use QR codes. An SD card, audio cable or bluetooth can work, but given how cheap/easy QR codes are there's no reason.
4/ Make it easy for users to input their mnemonic and passphrase (a few hard to click buttons are not sufficient). Otherwise, users won't remember/test long mnemonic/passphrases and will instead rely on less secure PINs.
5/ Maintain user privacy by not requiring you query a third party service to fetch balance and UTXO data. The obvious solution here is to by default use Bitcoin Core's new PBST feature with a watch only wallet.
6/ Don't trust, verify. A wallet shouldn't sign anything that the end-user hasn't verified. A blind-signing wallet is security theater.
7/ There are lots of extra features that would be nice to have, but aren't needed to be decent: a secure element, a defense against a chosen-nonce attack (), support for coinjoins, a GUI (vs command-line only useage), support for altcoins, etc.
8/ I often get the question "which hardware wallet should I buy?" and my answer has always been that I haven't found one worthy of a recommendation. Hardware wallet manufacturers, please make a decent product so we can give you money!
This is counter-intuitive. The "best" hardware wallet can still suffer from many vulnerabilities (being loaded with malware by a third party, have a software bug in one of its dependencies, a side-channel attack, etc), while an inferior wallet may not suffer that exact exploit.
If multiple signatures are required, then a hacker needs to simultaneously break multiple wallets, by multiple manufacturers, using multiple different software implementations... Very challenging!
Obviously, complexity is still the enemy of security and if you lose one of your (required) keys then you could lose funds. However, the additive security of an extra signature outweighs this (for large amounts) as it eliminates any single point of failure.
Another benefit here is that this reduces the need for a secure element; a device with a long passphrase (and that wipes on shutdown) doesn't need to manage storing private key material securely.
An example of this includes anything that is closed source. A wallet should also have a screen and use that to confirm the end-user's intentions. A wallet should confirm change addresses are your own (vs an attacker), and that the fee amount displayed is accurate.
Implicit in this is the ability to load in your own mnemonic (and not trust the CSPRNG on the HW wallet). Because BIP39 uses a checksum this is slightly messier than it sounds; you have to trust *something* to convert your entropy (dice rolls, dart tosses, etc) to an XPUB.
One divisive topic that surprisingly hasn't come up in this thread is altcoin support. If you have altcoins, you may want to use the same HW wallet for all your coins. If you don't touch altcoins, supporting them can be a negative ("complexity is the enemy of security").
This is why it's an added benefit if your hardware wallets were even written in different programming languages. That way, they're unlikely to share the same bugs (and potential exploits).
And if you think that your single wallet is so secure you don't need multisig (because you do everything right) check out this terrifying talk on hardware wallet attacks by @StepanSnigirev:

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Michael Flaxman

Michael Flaxman Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @mflaxman

May 14, 2022
1/ I regularly get messages from people in my extended network who know me outside of bitcoin (for my background in tech, investing, and/or freedom) seeking to introduce me to someone they know in "crypto."
2/ As an outsider, the introducer assumes that we share a background and is trying to make a useful connection. The intention has always been positive. It's easy to forget that "bitcoin, not blockchain" is a slogan that 99% of the world is unaware of.
3/ I usually write them a polite note about why I don't think it will be a fruitful introduction, but it's always a little awkward and hard to explain to an outsider. Remember, the introducer's intent was nothing but positive!
Read 22 tweets
Jul 17, 2019
1/ It's easy to complain about things we wish bitcoin had done differently, but when I look at the protocol I'm impressed at how many things Satoshi got right. Especially when you consider how many coins came much later yet made worse decisions:
2/ Bitcoin's supply is capped, making it the most scarce commodity in the history of the universe. Shifting the cost of transactions onto those spending (as opposed to those HODLing) is the best alignment of incentives.
3/ Bitcoin's software is designed to use as little resources as possible, in order to preserve decentralization (and thus censorship resistance) of the network over time. All participants can easily verify the 21 million coin limit as well as their own transactions.
Read 11 tweets
Jun 13, 2018
1/ Many claim that "bitcoin dominance" is a meaningful metric. Looking at the data, it doesn't appear that demand for bitcoin has shifted to alts/tokens. docs.google.com/spreadsheets/d…
2/ The following protocols are not substitutes: a decentralized store of value, a world computer, a cheap payment network, a cloud storage system, a supply-chain tracking log, a prediction market, a bank-communication platform, a stablecoin, etc. techcrunch.com/2017/11/19/100…
3/ The only thing these "coins" have in common is that they use (ancient) cryptographic primitives, are written by software engineers, and are inspired by Satoshi Nakamoto's work. It's only because they are traded on the same exchanges that people think they're easily comparable.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(