What are your favorite hardware wallets, among the latest generation of them?
And are there any that you really don’t like?
Discussion
1) Yes.
2) Yes, anything shitcoin enabled.
Cold card is cool but not great if you need regular access. The nano s was my old fav but I’m going to see if the jade can replace the nano, so fare the jade has been nice but I have only had it for a day or two.
One thing I’ve always wondered about hardware wallets is are they valued at the cost of the technology + market + distribution etc, or is there a ‘crypto premium’ added which is reflective of the value they protect? I would have expected given the free market AND the range on offer, that they’d be considerably cheaper by now on a per unit basis.
Ledger is just bottom tier trash. Coldcard is the standard, imo.
nano x + sparrow (w/o the ledger live crap)
Coldcard mk4 is best quality hardware i have used. Ledger & Trezor both OK, but CC feels way better in use.
Any HWW that can connect to the internet is garbage IMHO.
Why? There's no known hack of a HWW through such connection.
Bc it’s completely unnecessary. I want my keys offline.
ColdCard, Keystone, SeedSigner
These are the ones that support total airgap via microSD, or camera/QR.
Technically Specter DIY also meets this criteria, but you have to solder it yourself. If these were available pre-fab they’d be on my list.
If there are other fully airgappable vendors I’d like to hear about them.
They don’t arrive where I live. But one day I will have it.✊🏼
Passport is great
https://foundationdevices.com/passport/
Thank you nostr:npub1tr4dstaptd2sp98h7hlysp8qle6mw7wmauhfkgz3rmxdd8ndprusnw2y5g for your work on this
Jade is great.
nostr:npub1jg552aulj07skd6e7y2hu0vl5g8nl5jvfw8jhn6jpjk0vjd0waksvl6n8n
I don't like anyways wallets that are not Bitcoin only.
Coldcard is a notable mention for the more advanced. nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8
#jade wallet impress me on highest level
Who provides the most objective reviews of the various hardware wallets?
Whichever you can talk about publicly without decreasing your security. Avoid those which talk about themselves publicly without your consent though. (Looking at you Ledger)
How about your Lyn?
Had a Ledger Nano X for 2 yrs. Really liked it, especially the interface; however the recent scares about a back door led me to swap to Coldcard + Sparrow + Umbrel. Coldcard has lots of interesting features.
Question for the pros: is multisig all it's cracked up to be in regard to safety? It seems like you are creating more vulnerabilities in terms of long-term loss of keys. Where do you store all these keys? In a bank vault? With friends? With a pirate's map? Seems like it's adding ways to make an error. If I die, ensuring my kids get my keys is increasingly hard when using multi-sig. With one key, it seems simpler. Obviously it's a personal choice. Just curious to hear everyone's thoughts. Maybe I've overlooked something.
If you are asking about potential problems with multisig you are probably going to have them. NVK (Coldcard creater) talks about this. You are much better off creating a Passphrase and keeping it separate from your Seedphrase. This is much safer for average users & if someone has your 24 words they won't be able to access or even see your bitcoin without the Passphrase I store my seedphrase on paper and a metal plate (lots of options available I bought mine from Coinkite) & my Passphrase is digital (& in my head!)
Jade is cool in that it allows temporary seed phrase login. So it works as a signing device for any number of seeds. A bit like seedsigner.
Jade by Blocksteam.
As a side note: I had an "Aha moment" today when I was studying your Unified Theory of Money today. Thank you.
Loving Blockstream Jade. Used Ledger in the past but got nervous about the ‘back door’ issues
1. BitBox02
2. Jade
3. Passport 2
Just use Krux with Sparrow once... You can test drive with Krux app, without spending a single sat.
https://github.com/odudex/krux_binaries/tree/main/Android
It's simple and objective, big QR codes and touchscreen.
Later, for a few sats you can buy an Amigo(ready to use), just flash the firmware and have the same touch UX, on a dedicated device without OS and wifi/BLE.
One guy created an easy to read comparison table of 40+ HWWs
You'll find out all specs in minutes. There are several great wallets.
What you don't get is how easy to use are they.
IMO nothing beats BitBox02 here.
Bitbox02
Jade is excellent, I just ignore all the Liquid stuff since it’s not useful to me.
Second this. Jade is ideal in terms of feature set, security, and price.
Paper & Dice.
www.bitbox.swiss
nostr:npub1s0vtkgej33n7ec4d7ycxmwt78up8hpfa30d0yfksrshq7t82mchqynpq6j Passport and nostr:npub1tg779rlap8t4qm8lpgn89k7mr7pkxpaulupp0nq5faywr8h28llsj3cxmt BitBox02 - Bitcoin only Edition
You don't need one.. with bluewallet you can setup a miltisig wallet with an old phone. I can have a wallet set up and use old phone for multisig on bluewallet..
why not Trezor ? nobody is talking about it here, even thought they make the most progress not only BIP39, BIP44, now working on TropicSquare-open source chip, but also towards being privacy friendly and open source as fuck
Great comment. Trezor, I suppose, is not cool anymore.
Coldcard + Sparrow wallet combo = top tier for me.
Also Seedsigner is a fun little project.
nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl
I have enjoyed the Trezor Model 1 and T for a few years now. I just ordered a Coinkite because I here such good things from the core BTC community. I do not like the Ledger Nano S or X.
Also you can get a phone and never put a sim card in and run off wi fi and that phone never leaves your house and thats like your bank.. the phone will be online for what like 5 minutes to move funds for availabilitie. 5 minutes is a long time but on off you good
Someone needs to point out this is a terrible idea for any real amount for a very very long list of reasons.
I know I won't change your mind but I don't want a noob to see this idea go by unopposed.
Everyone has their own ways and she asked. Untill sha-256 gets broken my btc is safe.. no btc has ever been hacked only erc-20 tokens.. this is my way. She asked I answered.. all shipping addresses can get compromised no company is perfect 👌
If you are worried about supply chain issues similar to the ledger hacks, check out nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl
Device built from generic robot parts available from multiple non bitcoin related suppliers.
Coldcard is great. Jade is great on a budget. Heard really good things of Foundation Passport. Seedsigner too
Anything made by ledger is trash
Has to be Coldcard and Jade in conjunction with sparrow
I am obviously biased, but I think your engineering brain would appreciate some of the design choices we have made with our project. If you’re curious to learn more, you can read more about our approach here:
https://seedsigner.com/seedsigner-independent-custody-guide/
I am using (for educational reasons only) nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl , #bitbox02 and #coldcard. These are my favorites.
I don't like #ledger
I think I could a positive opinion for #Jade but I haven't use t still.
Coldcard Mark IV+Sparrow+Start 9 node
Coldcard
SeedSigner
Jade is good but be sure to flash the firmware before generating a seed (or ideally importing your own rolled seed) and then keep it airgapped after that, since there is no physical security to prevent a supply chain attack and nostr:npub17777777tpz9x2dcvvlw37sgk5gmpffexl0u30gjjgcd59ty92vrs0atnu0 has been able to compromise the Jade by opening, inserting a compromised
chip and closing the device such that you’d never know, and it still works with
Green wallet (Jades companion software wallet).
Wish they’d add better physical security (like making plastic parts break
upon opening) because I like that it’s a more affordable for those who need
such ✌️
Trezor was east to use before I switched to coldcard. Jade seems solid too
Bitbox is my fav!
seedsigner
My favorite is Coldcard. I really don't like Ledger or Trezor.
Coldcard and Jade
Seedsigner is a big relief
Switched from ledger to cold card and am very pleased. Haven't used any others.
Seedsigner
Wallet that needs battery has limitation IMHO. What happens when battery comes to its end? How to replace it, does it has standard battery?I don't own #Jade but that was the reason not to buy it.
Really liking the Blockstream Jade
Keystone
But will be trying coldcard soon
Although a bit too DIY’ish for a consumer market product, IMO Jade is the best overall right now.
When Bitkey comes out, everything will change as it will be the first product to apply end-to-end world class design across SW, HW & UX. Are you on the beta nostr:npub1a2cww4kn9wqte4ry70vyfwqyqvpswksna27rtxd8vty6c74era8sdcw83a ?
Cold card, the only true elliptic curve calculator...
BitBox 02
So far I dislike all of them because i don't really understand their advantage. They add just two more parties you have to trust where things can go corrupt. Would only considsr if i would do payments onchain. But this is what we don't want to. we have Lightning for it.
So short term we will need a lightning hardware solution.
May the purple light always shine on you
Mateusz
Has anyone tried Jade?
bitbox 02
Coldcard mk4 is my favorite
Very much depends upon timeframe Lyn:
If you’re looking to safely secure over a handful of years, hardware wallets are a good option and there are many to choose from
I contend they are a poor choice for long term (decades or generations) because hardware devices *and their interfaces* are notoriously short lived
If bitcoin had been around when i started in IT, the most secure storage was archive-quality mag-tape. Step back just a decade, and the best was likely CD/DVDs .. now think about the last two computers you acquired - does either have a DVD drive?
What about SD card readers? They were popular for a while and many computers included slots for them - today, not so much.
Core point is that todays hardware wallet, may be difficult to access in a decade or two simply because tech and interfaces evolve. As a recent example consider the new iPhone which has now finally switched to a standard USB-C port instead of the apple proprietary one.
So for short/medium term, hardware wallets are useful as signing devices, but never to be relied upon for long term security.
IMO, for that longer term security you must store the seed and passphrases on very low-tech solutions.
As long as BIP39 is supported by signing devices of the future, I don't think this is so much of an issue.
I see signing devices as a convenient way of recieving & spending bitcoin. If long term custody is required, you extract the xpub & wipe the signing device. Your seed words then become your only significant threat to exclusive access.
For the average user, I think the Bitbox 02 or Jade would be my recommended wallet.
I trust the Cold Card security more but I think the average user is better off with something simpler.
You can take your seed phrase from an old device and recreate the wallet in a new device when technology advances to the point your old device is difficult to use.
Absolutely!
So if you’re reviewing every 2-3 years and acting accordingly you’ll be fine
If you want to create storage for your unborn grandchildren that will survive half a century without intervention you’ll need a different approach
ColdCard ftw
I put all my favorites in this wallet guide.
I really don't like Ledger because their software is closed source and the CEO has admitted they can extract your private key!
Gostei da BitBox02
Trezor with passphrase. All HW wallets can likely be cracked if found anyway, so the extra passphrase is important.
Used to have a ledger….
Now I’m very happy with the passport 2 but I would like to play either with jade or bitbox, not sure which one I’ll get yet!
As your premium newsletter readers, I look to read your research and get your insight, which has been life changing.
Hardware wallets are expensive, impractical, unsecure and dangerous.
I think most hardware wallet owners would disagree. But if you have a small allocation, they are probably a bit "extra".
Jade is my favorite, it should be cheap, nothing fancy, and it is built by a Bitcoin genius (Adam Back) versus some marketing guy pointing finger guns at you. I just got my buddy onto Jade, he's 75. He understands, the BlueTooth is dropping on it, annoying but I am telling him it's the cheapest and cold storage is sort of a one and done forget it. Further, I had to do a 'factory reset' at one point, with the 12 words to 'recover' it. SO EASY. I love it. No frills.
Yeah I like that Jade has a camera. Seems like an obvious thing to include
Coldcard.. we had an earthquake in Morocco recently, u just take it and run for ur life. No need to worry about what’s in the safe :)
Jade was super easy to setup, Seed Signer was super easy to build
Seedsigner
Trezor Model T is my favourite. Ease of use and fully open source hardware, firmware and works with open-source software like Sparrow Wallet.
Cold Card and some of the others here like ledger use use a proprietary secure element. No Thank you.
1. Coldcard; Airgapped and great support materials.
2. Jade; Airgapped and when coupled with qr seeds, hardware doesn't hold any private keys so if you lose it, no big deal. It is a pain to upgrade though. Takes me several attempts. When it works though, its great.
However the signing devices are useless if you can't audit your entropy. That's why anyone with a substantial stack should be using https://www.rudefox.io/burrow/. Created by '@bjdweck' on twitter, it's a system you can use to manually verify the dice roll using an airgapped computer.
Coldcard MK4. Feels very cypherpunk and badass.
Sparrow on Tails OS running on a vintage lenovo laptop
Seedsigner
Coldcard FTW!
If not tech savvy, nostr:npub1jg552aulj07skd6e7y2hu0vl5g8nl5jvfw8jhn6jpjk0vjd0waksvl6n8n jade.
coldcard - ensure you verify the firmware and any wallet/node software you're using too.
Jade
bitbox02
In general don’t use a device dedicated to storing bitcoin to store bitcoin. Any hardware wallet that isn’t (a) exclusively multisig or (b) is designed to not be able to leak your keys via nonce (I believe only bitboxv2 and Jade) should be considered incompetent at best.
nostr:npub17777777tpz9x2dcvvlw37sgk5gmpffexl0u30gjjgcd59ty92vrs0atnu0 thoughts?
No private keys were extracted from the Coldcard.
What do you think of coldcard?
Jade does not have a secure element as far as I know. I know only #coldcard and #foundationdevices to be most secure.
I want to know what you mean but this note is confusing. Can you clarify? 🤙
Fantastic advice matt, really helping.
So why haven’t you implemented provable randomness in the nonce yet? https://damus.io/note1xl5tvtlr9tc9yhyfcy28a4f9uglth9r320y80gp5sadlwsqrkxlszh5gkl
Because it breaks the air gap barrier and it's pointless over engineering
Can’t you generate your own provable randomness with 256 dice rolls with the cold card? Seems Matt is way off-base here.
Point is the signature nonce, not the private key itself
Signature is worthless without the private key 🤷♂️
Signature can leak the private key to an attacker via the nonce :)
Interesting. Would require physical possession though?
Nope, just compromised firmware/hardware.
It seems like the trade off is to either trust your wallet software to not generate leaking nonce or to trust your hardware wallet to not leak via nonce. IMO trusting the hardware wallet is the better option as that is the device that you are trusting to not be compromised already
Nope! There’s no tradeoff, what I’m proposing allows you trust that *both* need to be compromised, instead of just the hardware wallet.
Interesting. This is definitely above my technical expertise, but good to see this being discussed.
I think we can all agree that any hardware wallet (ledger included 🤢) are better than trusting custodians
Ah okay. So you’re saying hardware wallet would use the nonce unless it thought the nonce was leaking, in which case it wouldn’t sign. The change is just that software _could_ specify the nonce to use as an additional security measure
The “air gap barrier” isn’t broken lol. The computer is sending instructions (in the form of amount/address) and the hardware wallet is responding. I’m just saying add a nonce to those instructions.
If the HW device doesn't simply use the provided nonce as-is (seems undesirable due to sensitivity of nonces), can't the HW device still grind it's portion of the nonce to exfil?
It seems like an extra round of communication is unavoidable? (but likely worthwhile!)
Nope! The magic of XOR (or pre-committed EC points) is that neither gets a “part” but rather the full thing is random if either input is fully random.
@NVK could you address this next pod episode?
Did you type this drunk?
Seems oddly bait and switch given RFC6979 advises to use deterministic nonce (which secp256k1 has ecdsa support for and Coldcard Mk4 uses?) while folks are trying to redo nonce impl’s for Schnorr signing because DN
https://github.com/randombit/botan/issues/2939
https://github.com/BlockstreamResearch/secp256k1-zkp/issues/172
https://github.com/bitcoin-core/secp256k1/pull/1140
Btw can also do deterministic build of Coldcard firmware and flash
Problem is you have a device that you cannot realistically audit the supply chain of, and which is at incredibly high risk of supply chain attacks. Deterministic nonces are great but they’re not auditable - there’s high risk of the machine telling you its doing a deterministic nonce when it is instead leaking your private key with an attacker-derivable nonce!
The point of deterministic nonces is “include a hash of the private key and message in the nonce so that you know you didn’t screw up”, that’s great, but you can also build on top. The computer driving the hardware wallet can input randomness which the hardware wallet can prove was incorporated into the selected nonce. This allows the device to prove to the computer its not leaking your private key, requiring an attacker to compromise *both* your computer and the device, not just the device!
Hardware wallets that don’t use such a protocol should absolutely be considered, at best, incompetent, maybe malicious.
FUD. Computers are worst in every respect.
Ppl are not losing money on HWW, they are on computers. Even core devs with high skills have.
So your proposed alternative is the average user does what exactly—use airgapped laptops w/ bitcoin core for everything?
Hmm? No, the average user uses a hardware wallet and corresponding software control wallet which implements such a protocol completely transparently to them.
interesting
Jade is my go-to _o/
1. Foundation Devices Passport. Trending
2.Blockstream Jade. Trending
3. Seed Signer. Neutral-hold rating.
All 100% air gapped. Jade has Bluetooth/ possibly a ding.
Coldcard. Maybe a steeper learning curve than others. When used in conjunction with Sparrow on desktop there really isn't a compelling reason to use any other combination.
If on a budget then just use tailsOS, install Sparrow. While tailsOS is technically not a hardware wallet, it has been battle tested for years with electrum and gets the job done. AND it's free.
BitBox02, but I'm obviously biased as I'm working on it.
Open source, has Anti-Klepto, Miniscript, Taproot, advanced multisig and is super easy to use.
Cold card x Sparrow is so great.
Used Ledger for a good while, but fell into NVKs funnel, but having a bigger display, actual number buttons and it looking just like a goofy calculator.
Watching Natalie Brunell’s video helped heaps (couldn’t find her npub) can recommend
Trezor One, open source 💪🏻
Coldcard
Personal story: since the Ledger's leak and didn't like Coldcard (sorry, not for me), I decided to take another path: use a very old Android phone, took everything out and just left with two wallets: Bluewallet with the Vault and Samourai Wallet.
First, receive my sats in Samourai and send to Whirpool, after several days, send partially to Vault to where I'm stacking sats.
And then, I'm going to take this phone directly to a lake where I'm going to fish with my phone. Rumor I've been told is fish love phone with private seeds.
nostr:note183qrxphd7e70ec5u65f7d0k2qe6xg0v68ru64ynv6aak0jewevkqql3k4z
Foundation Passport. The right choice of tradeoffs between usability and utility.
CC
Ellipal Titan Mini .. for sure, 100% air-gapped
Jade is great from a Bitcoin only and price perspective, removing the secure element from the device could be smart, but I guess time will tell.
Seedsigner is great if you are even slightly technically inclined, as you get multiple layers of assurance that your seed isn't accessible by anyone.
Coldcard is the GOAT so far.
Trezor caters to far too many altcoins, which divert dev resources away from Bitcoin related security work.
Ledger is dead to me.
I use one Trezor T and one Ledger Nano each with the same btc account. Two wallets, different companies reduces risk.
Ledger Nano X has been my favorite wallet for many years.
I'm using Jade and Keystone. Jade on the go Keystone (formerly Cobovault) for longer time frame storage. 🫂⚡️🤙
BitBox. No opinion on others.
1) keystone pro, jade
2) ledger
Tapsigner is awesome.
Ledger is garbage.
BitBox O2
Easy to use and best Customer-Support👍
#Coldcard
Coldcard, pero su dificultad de uso me parece un inconveniente para su popularidad.
Arculus
nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl is best!
Ledger is a scam,; CEO himself Said He will extract your Keys from the Wallet via remote If a government Calls him Up.
Bitbox is so far ok, but i really hate their Touch Panel, Drives me crazy.
Once again, Open source Community products Like seedsigner are best; No one can force Updates on your seedsigner;
Even bitbox devs could force Updates onto your device without telling you.
So better don't Trust - verify!
1 more Thing to add:
You will want to start with single Signature.
But in the end you will do multisig.
You get redundancy and Higher security.
Most Hardware Wallets cannot do multisig.
So you buy twice.
nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl is Made for single and multisig.
The device and their Webpage will teach you everything.
I really recommend it.
It is amazing knowledge for free.
Important conversations, however, loathe to discuss specific personal details:
Don't trust, verify is great advice because bitcoin is so verifiable
Lots of testing of combos of hardware and software can be employed and compared, prioritize testing of backups as nvk implores
Sadly, the IT/gov industrial complex has made computing/networks so insecure... So education, practice and vigilance are key
🧡
old smartphone!
I had a #coldcard, when decided to set it up finally, display broke. I had it for so long, I couldn't ask for replacement :/
Jade and Seedsigner by miles.
Both designs do not require proprietary secure elements. Both can work statelessly (only that for ss). Both can operate in a completely air gapped fashion.
They are the best hardware signing devices.
I haven't tried out any new wallets lately, but my experience with Ledger leaves a lot to be desired; the buttons and the display are too small, it doesn't allow transaction labeling, and the lanyard connection is poorly designed.