The problem here is not cryptography, but the number of attack vectors.
To tackle the first point, cryptography:
It doesn't matter if you use the most sophisticated seed generation process if someone is snooping. For example, if you roll 50 casino-grade dice to generate a 128 bits of entropy (considered a very secure way), your seed-generation might be very cryptographically secure, but you:
- Forgot to close the curtains and your nosy neighbor was watching
- Had your CCTV cameras on
- Were doing it in a coffee shop full of people
That would render your very secure cryptographic seed generation process completely useless.
Now, the second point, consider the possible attack vectors of a hot wallet:
- Malware/keylogging software installed on the phone/computer
- A bug present in the wallet software (or the wallet itself being malicious)
- The inevitability that when we use electronic devices, we frequently copy and paste information
- A diversion that tricks you into believing that you are using the right piece of software (when you aren't)
The last one is my favorite. To give an example:
You install Electrum, a very popular wallet that many trust. You generate your seed, you use it normally.
One day, out of the blue, your funds are missing.
How can it be possible? You haven't shared your seed with anyone, you trust that Electrum generated a cryptographically secure seed, and that Electrum's app has no vulnerabilities.
Well, turns out that you accidentally installed a counterfeit version of Electrum that looks exactly the same.
No need to panic though, hot wallets are great for convenience and I use them to generate seeds when testing small amount of funds.
The key importance is how much the funds mean to you. I have a tiny amount on my phone wallet that I use to pay for services, a small percentage on desktop hot wallets. For everything else, hardware wallets.
There are still possible attack vectors on cold wallets that don't connect to the internet, but most of them require you to be physically close to the wallet (such as this Trezor being split open), or an exploit on how the devices communicate (say you use a Cold Card and communicate through an SD Card, there could be a bug where your private key is leaked).
In reality, the biggest threat is a socially engineered situation where you are told to share your information, like a fake Ledger email telling you that the device is compromised, prompting you to panic and type your mnemonic seed on their website to secure your device.
The risks are just much less considering the millions of people that could get access to your information through the internet.
A lot of digression, but hope it helps! I used a broad number of examples from different vendors so that you see the big picture. (Nothing against them, as I am a happy user of many of them).
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments