-
Notifications
You must be signed in to change notification settings - Fork 0
/
Comparison_of_Hardware_Wallets.mw
288 lines (229 loc) · 8.84 KB
/
Comparison_of_Hardware_Wallets.mw
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
{{Header}}
{{#seo:
|description=Quick comparison of hardware wallets.
|image=Wallet_comparison12312.jpg
}}
{{Title|
title=Comparison of Hardware Wallets
}}
{{crypto_hardware_wallets_mininav}}
[[File:Wallet_comparison12312.jpg|thumb]]
{{intro|
Quick comparison of hardware wallets.
}}
= Introduction =
The main objective of the comparison table is to highlight an important aspect: even if the firmware of a hardware wallet is 100% Open Source and Freedom Software, and supports reproducible builds, users may still be unable to [[Hardware_Wallet_Security#verify_firmware_device|verify if they are running the official firmware]].
{{Quotation
|quote=
And open source doesn’t really solve this. It’s impossible to have guarantees that the electronic itself is not backdoored, nor that the firmware that runs inside the wallet is the one you audited.
|context=
[https://twitter.com/P3b7_/status/1659187094764285952 Ledger CTO]
}}
Only the latest and best hardware wallets by vendors are considered. Older models are disregarded.
Any mention of a hardware wallet on this page, in any form, should not be interpreted as an endorsement. A strict [[Terms_of_Service#Non-Endorsement|non-endorsement policy]] is in effect. For further details, please refer to the comprehensive [[#Disclaimers|disclaimers]] section of this wiki page.
It is recommended to read this wiki page in conjunction with the [[Hardware_Wallet_Security|Cryptocurrency Hardware Wallet Threat Model]] wiki page. The latter provides additional insights and information regarding the security aspects of hardware wallets.
= Comparison =
{| class="wikitable"
|-
|
! Ledger
! Trezor
! OneKey
! Coldcard
|-
! 100 % Open Source and Freedom Software
| {{No}}
| {{Yes}}
| {{Yes}}
| {{Yes}}
|-
! reproducible builds
| {{No}}
| {{Yes}} <ref>
https://docs.trezor.io/trezor-firmware/common/reproducible-build.html
</ref>
| {{Yes}} <ref>
* https://walletscrutiny.com/hardware/onekey/
* https://github.com/OneKeyHQ/firmware/issues/404
* https://github.com/OneKeyHQ/firmware/issues/579
</ref>
| {{Yes}}
|-
! User-compiled and flashed firmware
| {{No}}
| {{Yes}} <ref>
https://trezor.io/support/a/warning-unofficial-firmware-detected
</ref>
| Deprecated? <ref>
Initially this might have been possible and is still documented on the website.
{{Quotation
|quote=
You can install unofficial firmware on OneKey devices, but doing so will erase device storage and display a warning every time you boot.
|context=
https://help.onekey.so/hc/en-us/articles/6118461753743-Common-Security-Threats
}}
This feature might be been deprecated.
{{Quotation
|quote=
No longer support installing firmware with unofficial signatures
|context=
https://github.com/OneKeyHQ/firmware/releases/tag/classic%2Fv3.0.0
}}
</ref>
| {{Yes}}
|-
! Easy (User) [[Hardware_Wallet_Security#verify_firmware_device|Trustless verification of firmware running on device]]
| {{No}}
| ?
| ?
| {{No}} <ref name=coldcard-firmware-verification>
{{Quotation
|quote=
Mk3 and earlier made a virtual serial port available over USB. As it was only useful to developers, it was disabled by default. Mk4 uses a real universal asynchronous receiver-transmitter (UART) leading to physical pins. It is not only disabled by default, but it also cannot be accessed without breaking the case. A developer wanting to interact with the pins must be willing to damage the COLDCARD's case to do so, but the option is there if needed.
|context=
[https://github.com/Coldcard/firmware/blob/master/docs/mk4-security-model.md#virtual-debug-serial-port-removed coldcard MK4 Security Model]
}}
</ref>
|-
! Trustless verification of firmware running on device by developers
| {{No}}
| ?
| ?
| ? <ref name=coldcard-firmware-verification />
|-
! Re-lock bootloader with user custom keys. / [[Verified Boot]] with user keys.
| {{No}}
| ?
| ?
| ?
|-
|}
= Other Criteria =
{| class="wikitable"
|-
! Criteria
! Details
|-
! Security audited
| The security audit of a hardware wallet depends on the scope and the organization conducting it. It is not a simple yes or no question. Please refer to the {{audit_mininav}} for more information.
|-
! Certification
| Similar to above.
* The secure element might be certified. See [https://bitcointalk.org/index.php?topic=5304483 Secure Element in Hardware Wallets].
* The hardware wallet itself may or may not be certified.
These are an indicator but should not be taken alone as a seal of quality, because, see next column.
|-
! Vulnerabilities
| [https://thecharlatan.ch/List-Of-Hardware-Wallet-Hacks/ List of Hardware Wallet Hacks]
|-
! Warning if running custom firmware.
| Users running the official firmware should get a warning if an attacker flashed a custom firmware from their device's bootloader.
|-
! Installation of custom firmware deletes storage.
| This is a security feature to avoid a malicious custom firmware stealing the private keys.
|-
! Detach storage
| Can storage be detached, duplicated and re-attached? If de-soldering of the storage chip is possible, this may or may not be a security issue because a custom firmware by an attacker might decrypt, steal the private keys.
|-
! Bitcoin only
| Attack surface reduction, complexity reduction to ease security audits by only supporting 1 cryptocurrency, most likely [[Bitcoin]].
|-
! Multiple cryptocurrency support
| If the user wants to use other cryptocurrencies such as [[Ethereum]].
|-
! Secure Element
|
|-
! Private Key never leaves Secure Element
| Yes / No
|-
! Private Key never leaves Device
| Yes / No
|-
! Country of Incorporation
| Of the hardware wallet vendor.
|-
! Country of Production
| Of the hardware wallet vendor.
|-
! Supply chain attacks
|
|-
! Track record
| History of past security issues and their handling.
|-
! Quality of Entropy
| Low entropy can result in private keys getting compromised through bruteforce attacks. See also [[Dev/Entropy|entropy]].
|-
! User supplied additional entropy.
| For better entropy.
|-
! Multisig support.
|
|-
! Multisig compatibility with other hardware and software wallets.
| For diversification of multisig, not relying on one single vendor, one single point of failure only.
|-
! USB / SD / Micro-SD Card Backup Support
| For diversification of multisig, not relying on one single vendor, one single point of failure only.
|-
! Native desktop app
| Or only a (wrapped) web interface.
|-
! Mobile app
|
|-
! Wallet compatibility
|
|-
! [[Hardware_Wallet_Security#Insecure_Display_versus_Secure_Display|Secure Display]]
|
|-
! Big Display
| For ease of readability of long cryptocurrency addresses.
|-
! Display can show QR Codes
| To receive funds.
|-
! Camera can scan QR Codes
| To send funds.
|-
! Can show account number (address) on Secure Display.
|
|-
! Can show balance on Secure Display.
|
|-
! Can show transaction history on Secure Display.
|
|-
|}
= List of Hardware Wallets =
Most of the following hardware wallets are not included in the above comparison and are unlikely to be included in the future. For more information, please refer to the [[#Disclaimers|disclaimers]] chapter on this wiki page, which outlines the goals and non-goals of this page.
<div style="column-count:2;-moz-column-count:2;-webkit-column-count:2">
* [https://www.ledger.com/ Ledger]
* [https://trezor.io/ Trezor]
* [https://www.onekey.so/ OneKey]
* [https://coldcard.com/ Coldcard]
* [https://gridplus.io/ GridPlus]
* [https://shiftcrypto.ch/ BitBox / Shift Crypto]
* [https://foundationdevices.com/ Passport]
* [https://seedsigner.com/ SeedSigner]
* [https://www.keepkey.com/ KeepKey]
* [https://bitcointalk.org/index.php?topic=5304483 Secure Element in Hardware Wallets]
</div>
= Disclaimers =
== Goals and Non-Goals of this Wiki Page ==
* '''Goal:''' Providing readers with objective criteria to aid in their research.
* '''Non-goal:''' Providing a comprehensive and up-to-date comparison of all hardware wallets and their features.
* '''Rationale:''' This wiki page serves as a part of a larger wiki covering various topics. Its purpose is to document general knowledge that allows users to conduct further research and derive specific details when necessary. The author of this page aims to avoid delving into the constantly evolving details and contentious debates surrounding specific hardware wallets to minimize maintenance efforts.
== Criteria for Inclusion ==
Only the most popular vendors with innovative security features relevant to the comparison will be included.
Less popular vendors or those without innovative security features within the context of the existing comparison table will be excluded.
It is not intended to create a complete comparison table.
== Source of Information ==
Primary sources of information are the vendor's public statements on their website or source code repository. However, if the author becomes aware of conflicting expert opinions or other evidence, public statements from the vendor alone will be considered insufficient.
= Footnotes =
{{reflist|close=1}}
{{Footer}}
[[Category:Documentation]]