KeepKey: Great Design & Excellent Security

KeepKey is the luxury hardware wallet. Undoubtedly the best I’ve encountered so far.

The thing about KeepKey is that it’s remarkably easy to use. Most hardware wallets are uncomfortable to operate, but KeepKey has risen above their competitors to focus on user experience. To me, KeepKey has found an innovative way to enhance UX, without compromising security.

With its Anodized Aluminium Case and Polycarbonate screen, it is clear from the get go that you’re dealing with a product of superior design. Yes, the KeepKey is bulky; yes, it’s expensive. But, for me, carrying my wallet around isn’t a priority because I barely use it anywhere outside of my home and the big screen is really nice, compared to Ledger and TREZOR’s screens that make it incredibly tedious to double-check that I’m sending to the right addresses. In fact, KeepKey said it themselves, “We designed KeepKey to have a large display because we felt it critical that transaction details be clear and legible. A small display that is difficult to read discourages users from carefully reviewing each detail in a transaction.”

Coins supported: Bitcoin, Bitcoin Cash, Ethereum, Litecoin, Dogecoin, Dash, and more coming soon

Height: 38.0 mm

Width: 93.5 mm

Depth: 12.2 mm

Screen: Yes, 256×64 3.12″OLED

Open Source: Yes

Tamper-proof seal: Yes

Compatibility:  Windows, Linux, Mac & Andoid

Software supported: Electrum, MultiBit, and Mycelium

 

The setup for KeepKey is remarkably simple, you initialize and set your PIN, write down your 12-word recovery phrase and setup the Chrome extention. KeepKey have online demos that walk you through the process and no matter how new you are to the game, it’s very easy to get into the swing-of-things. Transactions are a breeze and exchanging your digital assets is an additional feature that can be conducted through the ShapeShift platform, which is essentially the same process as a regular transaction, but conducted directly within the device itself.

Security wise, KeepKey use the STM32F205RGT6 MCU from STMicroelectronics, and it has received certifications in FIPS PUB 140-2, and FIPS PUB 180-2. The device requires a PINentry when booted (in randomized positions to prevent tracking)  and will also limit the PIN entry attempts, increasing the delay required between attempts on each failed PIN entry. It uses open source firmware and is shipped with a tamper-proof seal and, if you are inclined to, you can run custom firmware. However, KeepKey is built using Trezor source code, which has a great reputation as highly secure software with several protocols in place to ensure the safety of the device. It can be recovered with any software running BIP 44.

The security is certainly good based on industry standard and, despite issues surrounding the Bitcoin Cash hard-fork where KeepKey users became dissatisfied with Bitcoin transaction times and cash lost in transit, there haven’t been any cases of backdoor theft.

Beyond this, I’ve only heard great things about KeepKey’s customer service, which has a very good reputation and, although I’m yet to experience it. What I will say is that, for the additional cost of owning a KeepKey, I find the UX and the security to be top notch and worth the larger investment.

4 Reasons Why You Shouldn’t Buy A Ledger Nano S

The Ledger Nano S is one of the most popular devices on the market, but I think it’s incredibly overrated. So let me tell you why you should save your money.

So Ledger sold over a million units last year and, for it’s price and simplistic design, has received a lot of praise.

The Ledger comes in at the relatively cheap price of €79 (TREZOR One costs €89, TREZOR model T costs €149 and KeepKey is about €110 [$129]), but it’s popularity astounds me, because the security features are incredibly limited.

 

 

Coins supported: Bitcoin, Ethereum, Litecoin, Ripple, Dodgecoin, ZCash, Dash, Bitcoin Cash, Ethereum Classic, Steller, Bitcoin Gold and 16 more.

Dimensions & Weight:98mm x 18mm x 9mm & 16.2g.

Screen:Yes, Embedded Blue LED

Open Source:No

Tamper-proof seal:No

Compatibility: Windows (7+), Mac (10.9+), Linux or Chrome OS. Requires Google Chrome or Chromium

Software supported: Ledger Apps, Ledger Wallet Bitcoin, Ledger Wallet Ethereum, Ledger Wallet Ripple, Copay, Electrum, GreenBits, MyEtherWallet, Mycelium, BitGo

 

So the Ledger Nano S does offer some pretty attractive features that are standard for all hardware wallets, such as multi-currency support, built-in-display, multi-app support, FIDO certified U2F, Backup & Restoration sheets and PIN protection, but that’s pretty much it. It’s barely a step up from a USB flash drive, and let me tell you why:

  1. No tamper-proof seal

When you open the box to your Ledger Nano S, you don’t find that the package is sealed with a sticker that is evidence that the box hasn’t been opened during the shipment process. This leaves all Ledger devices unprotected against supply-chain attacks. “Ledger doesn’t attach any tamper proof seal on its boxes anymore as it is not useful” – quoted from Ledger’s website. They claim that tamper-proof seals were originally just standard stickers and that the seals are easy to fake or replace. They argue that using an attestation is better because it picks up when an attacker has installed rogue firmware into the device, but it doesn’t account for physical access. It is trivial to perform a supply chain attack that modifies the generated recovery seed. Since all private keys are derived from the recovery seed, the attacker could steal any funds loaded onto the device. and, it also begs the question, “why not use both?” Is it because Ledger doesn’t value our security enough to take on the additional production costs?

  1. Closed source coding

Ledger is pretty much the only company that doesn’t have open sourced coding. You literally just have to trust ledger to do the right thing here. Since they program everything there would be next to no method for you to verify that everything matches their open source. If they wanted to put in a backdoor obviously they would make it appear as though it’s not there, pretty simple to do when it’s your hardware and your software. Simply put, trust is the major factor here. They defend this by open sourcing all high-level applications, but I’m not buying it.

  1. 8-digit PIN

A screen is essential for any hardware wallet and being able to verify addresses on your device’s screen, while also generating private keys, is important, but Ledger’s tiny screen is not exactly multi-functional with just two buttons available to use to control the interface. Therefore, likely because the process becomes tedious, the only protection from those who gain physical access to the device is a 8-digit PIN – not exactly Fort Knox.

  1. Attack Address JavaScript Exploit

One of the many attacks that Ledger has fallen victim to is a malware that simply replaced the code responsible for generating receive addresses (the Random Number Generator or RNG). Ledger Wallets generate the displayed receive address using JavaScript code that runs on the host machine. After malware is installed, there’s no trivial way for the user to verify the integrity of the receive address. Even worse, the software for Ledger is located in the App data folder where even unprivileged malware can modify files. Ledger has also failed to address the matter of integrity checks through the source.

 

To be fair to Ledger, they offer a sleekly designed device that they’ve managed to sell very well, but it is largely riding on the coattails of the meteoric rise of cryptocurrencies. It’s portable, functional and easy-to-use, but I’m gravely concerned by its security. There have been too many attacks and there are too many gaping holes in their system. And it bothers me that they aren’t budging on dealing with any of them when they were widely reported.

Unless you’re dealing with a small supply of tokens, the features that offer convenience simply aren’t worth it. If you are storing a sizeable sum of money on a hardware wallet, I would strongly recommend spending more money elsewhere.

TREZOR Model T: The Legacy Wallet Rebooted

Today I want to take a look at the TREZOR hardware wallet and why it’s the right device for any hodler, and why it might not be…

TREZOR’s first hardware wallet was launched in August 2014, back in the days when Bitcoin was worth roughly $270. To me, this is critical for two reasons:

  1. User base – The BTC enthusiasts of 2014 will make up a large portion of those that own large amounts of cryptocurrency. Anyone that had enough BTC to justify a hardware wallet back then, is in possession of large sums of cryptocurrency (Ethereum was also worth less that $2 back then) and will demand water-tight security from Satoshi Labs, the TREZOR’s manufacturer.
  2. Experience – Three-and-a-half years of relatively unopposed control over the hardware wallet market has given TREZOR a major competitive advantage over the likes of KeepKey and Ledger. They know what hodlers want, how hackers operate and, more importantly, how the market has radically transformed over the last few years. I want to be able to trust my hardware wallet manufacturer with the protection of my cryptocurrency and I will generally pick the guy who’s been in the game for years.

Now, beyond the conceptual ideas and opinions about TREZOR, let’s take a look at the latest TREZOR hardware wallet – TREZOR Model T

Coins supported: Bitcoin, Litecoin, Ethereum, Ethereum Classic, Dash, ZCash, Bitcoin Gold, Bitcoin Cash, Nem, 200+ more

Dimensions & Weight: 64 mm x 39 mm x 10 mm (2.52 in x 1.54 in x 0.39 in) & 16 g (0.56 oz)

CPU:168 MHz embedded ARM processor (Cortex-M4) running a custom developed system, the TREZOR Core.

Screen: Yes, Bright color LCD – 240×240 pixels

Open Source: Yes

Tamper-proof seal: Yes

Compatibility:  Windows, Linux, Mac & Andoid

Software supported: Mycelium, Copay, Electrum, MyEtherWallet, FIDO/U2FArc, Bitbitpay, Bitstamp, bitwala, cashila, Coinmap, coinpayments, Encompass, MultiBitSSH Agent, wordpress, efolio, Osclass, Strip4bit, Password Manager

The first thing I noticed about the Model T is that it’s far better looking than the old TREZOR One, which I found tedious to use and, for lack of a better word, ugly… The Model T has ditched the tedious buttons that were standard with the old TREZORs, which limited security functions, and now comes with a colour LED touchscreen. Yet, it’s actually the packaging that grabbed my attention.

The white sleeve slides off and a magnet seals the inner packaging. You flip the lid and see your brand new Model T in a window, along with setup instructions at the bottom of the lid (there are also a few more details on the back of the box, such as coins supported). One thing that upset me about the unboxing process is that removing the tamper-proof seal was a tedious process and leaves behind an ugly residue – but, then again, it’s a great way to guard against supply-chain attacks, so the inconvenience is worth it.

Then, once I pick up the device, I feel a major difference. It feels larger than the TREZOR One and, therefore, more robust. Then, I start setting it up. The setup is a bit tedious, but exactly the same as with previous models, installing firmware, setting up PINS, passphrases and recovery seeds, yet I love the touch screen. It’s easier to read, with some really nice looking on-screen prompts, than previous models and more accommodating in terms of general UX – something I always value in any device. There are other features, such as a rotating screen, which is also visually pleasing, but doesn’t really serve much purpose.

Then, I start using my TREZOR. I get a simple screen prompt that tells me it’s “locked” – One touch brings up the PIN request and I unlock the device. To receive funds, I open the TREZOR chrome extension and click “receive” where I see a partial address for security reasons. I then click “show full address” and confirm that it’s correct on my device by pressing a green tick.

Sending money involves an almost identical process, except when you confirm the transaction; you have to confirm the value of the money being sent.

What I like about the new TREZOR is that it not only connects via USB, but also with a Micro-SD card, which I think could be very useful in my efforts to keep my cryptocurrency in deep cold storage, as it removes the need for me to plug my device directly into my computer.

With regards to my PIN input, this is where the LED screen really makes a difference. Being able to enter my pin on the device itself, means no malware on my computer can read it. Another great feature is that the PIN entry field changes every time, making it impossible to read tracks on the display. Incorrect PIN entries lock you out for a period of time that increases by a factor of two every time (30 incorrect guesses would take 30 years). Other cool new features include passphrase encryption, which adds a new layer of protection, while you are also able to restore your recovery seed. Then, there comes the matter of Open Source software. The Model T, likes its predecessors, uses completely open sourced software, meaning that I don’t have to place complete trust in Satoshi Labs (unlike with Ledger’s Nano S).

 

All in all, I find that the Model T has taken TREZOR to a new level. No longer, do we have the boring black and white screen with limited functionality that forces me to conduct most security actions on my computer. Instead, I have a relatively better looking device that let’s me to secure my device on the device itself – a major boost to the overall security. I feel like TREZOR reacted perfectly to some of the criticisms levelled against it over the years. Relying on my computer less and having a device that isn’t an eyesore makes it has made an already-successful product even better.