The Ledger Wallet Nano: Cutting-Edge Hardware Security
One of the challenges of storing bitcoin securely is finding the appropriate tradeoff between security and convenience. On one end of the spectrum, hosted online wallets make it super simple to store your bitcoin online and access them from any computer by logging in with a username and password. However, this means that your account can be compromised easily by an attacker who learns your email and password. This also means that you must trust your hosted wallet provider to offer appropriate security measures.
On the high-security end of the spectrum, paper wallets allow you to store bitcoin completely offline, but the process of creating a paper wallet securely and spending bitcoin from your paper wallet is quite complex and can be intimidating for first time users.
Enter the hardware wallet: the security of offline storage with the convenience of a hosted web wallet. There are two hardware wallets on the market today, the Ledger Wallet Nano and the TREZOR. At only 29 euros (~$33), the Ledger Wallet is a more affordable option than the TREZOR, which retails for $119. Both offer similar functionality; the TREZOR has more features, including a dedicated screen that accounts for the higher price, but it may appeal to a more select group of users than the basic, all-purpose Ledger.
The Ledger Wallet is a hardware wallet, which means that the private keys to your bitcoin address are stored in a secure chip on the wallet. This allows you to use the wallet even with a computer that may be untrusted, as your private keys cannot be extracted from the hardware wallet. This concept was made popular by the TREZOR wallet, the first bitcoin hardware wallet released.
The Ledger Wallet itself looks similar to a standard USB thumb drive. It comes with a recovery sheet and a security card in a black pocket.
To set up a Ledger Wallet, the first step is to visit theLedger website using the Chrome browser to launch the application. This application walks you through the setup process for the Ledger Wallet and allows you to send and receive bitcoin using the wallet.
When you first open the application, you’re prompted to plug the wallet into the USB drive of your computer. Once you’ve plugged it in, you have the choice of either creating a new wallet or recovering an existing one. Choosing to create a new wallet begins the simple, four-step setup process.
Step one is to confirm that the computer you’re using for the setup process is secure. The setup application handles highly sensitive data about your wallet, so this configuration should only be done from a malware-free computer. For the super security conscious, this means using a fresh install of Linux on a computer without internet access. However, once you’ve completed the setup process, you can use the Ledger Wallet from any computer, even an untrusted one. (Here is where a key feature of the TREZOR may appeal: it can be setup without using a computer, with no extra security precautions needed.)
Step two is to set up a four-digit PIN code that must be entered every time you plug in your Ledger Wallet. If you enter this PIN incorrectly three times, the Ledger Wallet is wiped and you must restore it using the recovery process. This prevents anyone who gains access to your Ledger Wallet and security card from completing transactions without your PIN code.
Step three is to simply confirm the PIN code you’ve chosen during the setup process.
At step four, the Ledger Wallet application generates a 24-word recovery phrase and instructs you to record it on the recovery sheet. This 24-word phrase can be used to restore your Ledger Wallet, so it must be stored in a safe place apart from your wallet, like a safe deposit box. If your Ledger Wallet ever becomes lost, damaged or deleted, you can use your phrase to recover your account and bitcoin to any Ledger Wallet. This is the same recovery process that the TREZOR wallet uses.
Once you’ve written down the recovery phrase, the Ledger Wallet setup is complete and you’re ready to start sending and receiving bitcoin. Simply enter your PIN code to unlock the Ledger Wallet and you’re presented with an interface that allows you to send and receive bitcoin and view your transaction history.
To receive bitcoin, you can either send a request via email or simply display your wallet address as plain text or a QR code containing your public key.
To send bitcoin, you can enter the recipient’s bitcoin address or scan a QR code and enter the amount you’d like to send. However, the Ledger Wallet adds one additional step to the sending process to confirm the intended address. The Ledger Wallet application shows the address you’re sending bitcoin to, and randomly chooses four characters from the receiving address. For each character, you use the security card that came with your Ledger Wallet to look up the corresponding character, e.g. a = 0, b=9, c = 3, etc. This step is important because it ensures that you’re only sending bitcoin to the address you intended, and that this address hasn’t been modified by malware. The TREZOR has a dedicated screen on the hardware wallet so that you can verify the intended bitcoin address before signing the transaction. The Ledger Wallet team has stated that the next version of the Ledger Wallet will also include a screen.
Overall, the Ledger Wallet is a great solution for users who desire a simple yet secure way to store bitcoin. The setup and use of the Ledger Wallet is simple and easy to follow, even for those new to bitcoin. It is small, easy to carry and features a very intuitive interface. The Ledger Wallet’s Paris-based team says that many improvements are in the works, including features for use of multiple accounts as well as a smartphone application instead of the security card, to confirm the destination address. A second version, the Ledger Wallet Proton, which will include NFC transaction signing, is currently under development.