Cold storage? Still Have a Backup..

[Cricktor]

A hardware wallet that connects to an internet connected device directly is itself connected to the internet.

Not at all, in my opinion. What you say implies that basically every hardware wallet would be connected to the internet, which is wrong.

I'm not trying to convince you, we both likely have a different interpretation of this matter. I'll just say this: if a hardware wallet's firmware and hardware components don't have code or in-built abilities to talk to a network, they're offline to the internet because there's no way the hardware wallet could interact with the network in any case. They can't connect to the internet and vice-versa. Period!

Their whatever connection to a watch-only software wallet part is commonly only used to exchange transaction data which is signed on user's consent by the hardware wallet. The only thing the online watch-only software wallet pulls from the hardware wallet is the signed transaction when the user has agreed to sign it (prior it pushed the unsigned transaction to the hardware wallet).

Usually there's no code in the firmware of a decent and secure hardware wallet that would allow the connected software wallet to pull any of the main secrets which are hopefully or provably kept secure in the hardware wallet, like wallet's initial entropy, derived seed, private keys or extended private keys in the context of BIP32 derivation.

For wallets with open-source firmware, we could check this. For wallets with closed-source firmware we can't. Nothing new on this front.

Second an offline wallet is one that is always offline, otherwise the word offline wallet is meaningless..

A cold wallet is by definition offline and has to stay offline for all time, otherwise it's not a cold wallet anymore. The moment a cold wallet becomes online, it looses its "cold" status forever by definition. Being online, the wallet becomes hot and can't get "cold" anymore.

[Dogedegen]

A hardware wallet that connects to an internet connected device directly is itself connected to the internet.

Not at all, in my opinion. What you say implies that basically every hardware wallet would be connected to the internet, which is wrong.

For wallets with open-source firmware, we could check this. For wallets with closed-source firmware we can't. Nothing new on this front.

I guess that is fair. I mean for most devices the firmware is not open source so we can't be sure of things in general. In the case of Ledger we don't know at all. Now my question is are most hardware wallets fully open source or are most fully closed source or only partially open?

Second an offline wallet is one that is always offline, otherwise the word offline wallet is meaningless..

A cold wallet is by definition offline and has to stay offline for all time, otherwise it's not a cold wallet anymore. The moment a cold wallet becomes online, it looses its "cold" status forever by definition. Being online, the wallet becomes hot and can't get "cold" anymore.

You understand me! On this point we agree completely. I tried to make this point but the users got it all wrong. It has to be offline all the time since creation, it can never be offline only some of the time. In that case it is always a hot wallet no matter if you keep it offline even 99% of the time.

We must be careful with the logic that we use, otherwise we could consider mobile wallets as offline wallets as long as we keep them then disconnected from the internet. Lol

Thats literally the definition of the word "offline".  In technical contexts, it means disconnected from the network, in this case the Internet.  So yes, if you have a wallet installed on a device that is disconnected from the network, that is by definition an "offline wallet."  Im not arguing here that this always makes it a good option for cold storage.  It depends on the setup.

[Cricktor]

See this thread by user maxirosson if you don't know it already: 56 Hardware Wallets, compared feature by feature

The comparison website he created is awesome and e.g. lists for hardware wallets details like "Secure boot", "Source-available", "Free & open-source (FOSS)", "Reproducible builds" and many more valuable things.

I didn't count how many hardware wallets are "open-source" or not. It's not quite my perception that a majority of devices are closed-source, but I repeat, I didn't count.

I wouldn't consider a hardware wallet at all if it's not open-source. For me it's mandatory that the firmware is open-source and it's a not negotiable property, period!

His comparison website also lists software wallets, definitely worth a visit.

[Outhue]

The newbie me always thought that when I finally be able to afford a hardware wallet that's it, there will be no need for writing anything down until I ordered for my first hardware wallet only to be given a recovery seed again. I wish I can forever get rid the need to write down and keep my recovery seed but I guess there is no way to do this and still maintain noncustodial.

When I got smarten up I learnt that with recovery seed you will always have your assets back even if you swap to another hardware wallet, you don't have to worry about what will happen if your favourite hardware wallet company goes out of business in the future.

[CryptoYar]

[...]

Fundamental principle of owning your own crypto is centered on recovery seed. Many people wrongly think hardware device itself is most important thing but it is not. Recovery seed which is list of words you write down is master key to all your money and is what essentially acts as your actual wallet. Physical hardware wallet is just secure lock or tool that manages this key and makes sure it never touches internet. You are required to write seed down because it is single piece of information that proves you are owner of your funds. Crucially because all major wallets follow an open and shared language standard your seed phrase will work to restore your money on any other brand of hardware or software wallet. This setup guarantees that your money is safe from hackers and that you can not lose access to it even if company that made your original device shuts down. This absolute control over your key makes you true non custodial owner of your assets.

[Cricktor]

...

The mnemonic recovery words, most commonly as defined by BIP-39, are a human readable backup representation of the initial secret entropy from which all else is derived for a HD wallet. This initial secret, be it commonly 128 or 256 random bits long, is what defines your personal HD wallet. DO NOT store your mnemonic recovery words unencrypted on any online device. Keep them offline and preferably analog on paper and additionally for hazard protection stamped in metal.

You're not wrong how you express it, but beginners should understand the basics more clearly in my opinion. Maybe this graph helps a little bit (it's not easy to digest if you aren't familiar with some of the technical details though):


The source was (now not working anymore as the Github repo seems to have been deleted): https://raw.githubusercontent.com/EAWF/BTC-Toolbox/3938785f186c76598989cc0aa017ad351483d3b1/Images/KeyDerivationTechnicalOverview.png
It was added to the repository with this commit: https://github.com/EAWF/BTC-Toolbox/commit/3938785f186c76598989cc0aa017ad351483d3b1 -- But it was removed by the uploader for a slightly insignificant reason, some surviving image copies in Reddit show that it's uploaded by the same user. Link to the commit that deleted it: https://github.com/EAWF/BTC-Toolbox/commit/f75e2b352ec9facc8d2da52b5ec303fb280c3298


The key points to take away are that software or hardware wallets that commonly understand the BIP-39 standard can reproduce a HD wallet from those mnemonic recovery words. Most wallets also follow pretty standard derivation paths to derive address types and private keys, public keys and public addresses of a HD wallet accordingly.

[Dogedegen]

See this thread by user maxirosson if you don't know it already: 56 Hardware Wallets, compared feature by feature

The comparison website he created is awesome and e.g. lists for hardware wallets details like "Secure boot", "Source-available", "Free & open-source (FOSS)", "Reproducible builds" and many more valuable things.

Thanks for that, the thread changed location just shortly after you posted it here https://bitcointalk.org/index.php?topic=5560969.0

I didn't count how many hardware wallets are "open-source" or not. It's not quite my perception that a majority of devices are closed-source, but I repeat, I didn't count.

I wouldn't consider a hardware wallet at all if it's not open-source. For me it's mandatory that the firmware is open-source and it's a not negotiable property, period!

His comparison website also lists software wallets, definitely worth a visit.

Website is pretty good, it could use some minor usability improvements to get these counts too and scrolling seems a bit slow for me. But you can fast track to a list of open source ones here.

https://thebitcoinhole.com/hardware-wallets/firmware/open-source

It is around 30 open source ones, pretty good I would say.

[vadranov]

Your report is not bad, but you forgot to add something personally to it. And you know, that's not a good sign. 
What backup method do you use yourself?
I can share my ways: I have two pieces of cryptosteel capsule, and I also have backups in an encrypted Veracrypt container, which is stored in several places.
Come on, it's your turn.

Lol, I got a hardware wallet back then in 2023, Ive got some coins on it too, it's more like a long term for me. My other wallets, aren't cold storage but I have all my keys backed up using paper and pen including that of the hardware. I check them from time to time to make sure it's still intact, though the only thing about paper back up is that over time, it begins to fade off.

Copying on paper is highly discouraged. For example, if it comes into contact with water, it will fade, and it could even be eaten by mice or termites. I keep the key on a flashdrive.

[Cricktor]

Copying on paper is highly discouraged. For example, if it comes into contact with water, it will fade, and it could even be eaten by mice or termites. I keep the key on a flashdrive.

Archival grade acid-free paper is a thing. Archival grade ink, ballpoints or even good pencils are a thing, too. If someone uses crappy paper and ink that fades, it's their fault.

Your local environment, especially humidity, plays a big role for longevity of your analog paper backup. If your local conditions are not suitable, then use something that doesn't degrade in humid environments. Some suitable steel aljoys and Titanium don't degrade under humid conditions.

You keep your key(s) on a flashdrive, until the flashdrive fails which is not something unheard of. In my humble opinion, you're playing with fire.

And there could be more issues with your process. First, your key has to touch a device to copy it on the flashdrive. Was that device a "cold" one ("cold" means, it was never online, never touched the internet, never will touch the internet after seeing your key)? If the device was online or will become online again, you can't be sure your key remains safe.

Second, flash media stores data by trapping charges. Those charges can dissipate over time out of flash cells. The retention time depends heavily on the quality of the flash chips, storage conditions and type of flash cells (SLC has usually better retention than MLC or worse QLC cells). You can't reliably store data on flash media over many years without ever refreshing the flash storage. Refreshing the flash storage exposes your key again to a device that is hopefully clean and "cold", but also is an opportunity for the flash device to fail because most electronics are not built for eternity.

Cheap flash drives commonly use B- or C-grade flash chips, or worse. Don't expect archival retention time from this stuff.

I've no empirical data. I lost very few flash drives somewhat like out of the blue. Can't really remember what it could be. I'm maybe biased but it could be that it were flash drives that have been laying around for really long time, some maybe a few years. Can't tell for sure, though.