Why are hardware wallets more secure?
If you are not familiar with the notion of hardware wallets, you may wonder what would be the advantages versus a paper wallet or an encrypted private key on a computer.
The main principle behind hardware wallets is to provide a full isolation between the cryptographic secrets (private keys) and your easy to hack computer or smartphone. Vulnerabilies of modern PCs and smartphones are well known, and if you keep your private keys there (private key = your bitcoins) it’s just a matter of time before you’ll get hacked and lose everything.
A paper wallet may be secure, but only until you want to use your funds, requiring importing your private keys on your computer. And if you think a password encrypting your keys is enough, malwares are smart enough to wait for the inevitable decryption before sweeping your funds.
Hardware wallets are convenient, affordabe, portable and backuped by a paper wallet allowing an easy recovery in case of loss. If you have any significant amount of bitcoins, using a hardware wallet should be a no brainer.
Why Ledger hardware wallets are even more secure?
Ledger's hardware wallets are architectured around "secure elements" or secure chips. This is the same technology that find in chip and PIN payment cards or SIM cards. These chips bring guarantees against physical attacks and raise the level of security of your private keys.
We come from the security industry (Gemalto, Oberthur...) and we have extensive experience in the field of smartcards and secure embedded OS.
What do I need to use Ledger's hardware wallets?
- a computer with an USB port (for Nano S, Nano, HW1)
- Google Chrome or Chromium 50+
- Windows (not XP), Mac (10.7+) or Linux.
The wallet interfaces with the computer through a Chrome application which you will need to install on your computer. No additional software installation or account creation is needed.
What are the differences between the Nano and the Nano S?
The Nano S is the latest generation hardware wallet available from Ledger. There are many differences in the security architecture, the firmware and the available features.
Nano S has a screen and two buttons. Everything is done directly on device: PIN entry, seed configuration, transaction validation. There is no need for an additional security card like for the Nano or HW.1.
Furthermore Nano S can manage multiple applications such as Bitcoin, Ethereum or FIDO U2F (strong authentication).
For more information, you can see our blog entry presenting Nano S.
What are the differences between the Nano and the Unplugged?
The Ledger Unplugged is the contactless version of the Ledger Nano. It is a Java Card-based Fidesmo smart card with the same properties and level of security than the Nano.
But instead of being connected through USB port, Ledger Unplugged is suited to a mobile use with your compatible Android smartphone, thanks to Near Field Communication technology.
What are the differences between the Nano and the Duo?
The Ledger Nano "Duo Edition" contains two USB dongles which are paired to the same security card. By initializing the second USB dongle with the same seed as the first one, you'll have two perfectly cloned Ledger Nano. Ideal for an instant backup (stored in a safe), or to have copies in different locations.
What are the differences between the Nano and the HW.1?
The Ledger HW.1 is a low cost version of the Ledger Nano. It has exactly the same properties and level of security, and from the usage point of view it is exactly the same thing.
If you order a Ledger HW.1 Multisig, you will get three HW.1 keys containing each their security code and recovery sheet. For the Enterprise pack, you'll get 10 full HW.1 sets.
The key form factor is the main difference between the two products. It is very strong and reliable, but it definitely looks "cheaper" than the Ledger Nano metal counterpart. Also, you'll get the HW.1 brand, the plastic key doesn't have any mention of the Ledger brand.
What are the differences with other hardware wallet vendors?
Other hardware wallets do not rely on smartcards and are based on regular microcontrollers. This leads to possible security holes such as side channel attacks, private keys leaks through code exploits and physical key extraction as soon as it is stolen.
What are the differences with cold storage?
Cold storage (such as a paper wallet in a physical safe) can be a very effective solution to secure your bitcoins. The benefit of Ledger Wallet is that it keeps the same level of security but adds convenience. Indeed, cold storage prevents by definition all usage of your bitcoins. As soon as you need to spend them, you'll have to import your private keys on your computer, and you'll have the same security problem if it has been compromised.
What are the differences with software wallets?
The difference, apart from interfaces and functionalities, is that even if your private keys may be stored encrypted on your computer (or cloud service), they must be available in plain text in your computer memory whenever you sign transactions. When your computer is compromised by specialized Bitcoin-targetting malware (and it is just a matter of time), it will be extremely easy for the malware to steal your bitcoins.
What are the differences with vaults or centralized solutions?
Centralized services host your bitcoins. They solve the above-mentioned security issue by assuming total responsibility for security. You give up direct control of your bitcoins in exchange of third-party supplied security, just like you trust a bank for keeping your dollars or euros. It is a very convenient approach, but which needs an alternative possibility for users who wish to retain full control of their assets.
Do I need to open an account with you or pay any subscription?
No. There is no subscription plan or account to be created.
Can I use a hardware wallet as a direct payout from a mining pool or a faucet?
It is not recommended to receive small payments (also called dust payments) on a hardware wallet. This kind of incoming payments are typical of mining pools or faucets.
Set the payment threshold at a higher level (for instance 0.05 BTC), or use a temporary software based wallet which you'll empty every 0.05 BTC.
The reason is that the chip must sign all inputs when you want to make an outgoing transaction. Imagine that you have received 1,000 payments of 0.001 BTC. If you want to make a payment of 1 BTC then the chip will have to construct a transaction of 1,000 inputs and sign 1,000 times. Not only it will take a few hours, but you have risks that it will not manage to do it (the chip may get too hot and fault some computation etc).
If you are already in this case, the best is to restore your 24 words seed on Mycelium and empty your wallet (and stop receiving dust payments).
Is my hardware wallet nominative? Can I resell it or give it to someone else?