Bitcoin Wallet Security: Hardware vs. Software Options?
Following the recent announcement by Gemini, that some of the SafeNet units they have tested may have a vulnerability which allows the extraction of private keys, many users are opting for standard desktop or web Bitcoin clients.
The Hardware Security Modules, or HSMs provided by SafeNet are used by many Bitcoin companies for their cold storage, Gemini included.
As such news of this issue will be a cause for concern for many involved with Bitcoin and interested in the security aspects of the industry.
The devices work by holding all the cryptographic, private key information which provides control over bitcoins contained within a wallet; they are mostly used in a multi-signature fashion such that multiple HSMs must sign and validate a transaction with their private keys before funds are moved.
The vulnerability meant that it would be possible for malicious hackers to perform a brute-force at- tack on the device, however the company has now provided a firmware update which protects against this.
Security practices are continually evolving in the Bitcoin space, particularly after the early days of the industry was plagued with high-profile thefts.
More recently, well established best security prac- tices are being adhered to by most companies operating in the Bitcoin space, with most now utilis- ing some form of multi-signature defence in combination with cold storage devices.
For regular users however, using a straightforward desktop based wallet could be secure enough; provided their activity isn’t significant enough to draw attention, malicious hackers are very unlikely to target their desktop to try and gain access to their private key.
Web-based wallets are also a good option, allowing users to add in the layers of security given by a third-party wallet provider; this often adds the reassurance of funds being insured by the company providing the wallet.
Hardware-based security can be an important step in protecting Bitcoin wealth, but this is an area which is sure to see a great deal of further development as issues, such as those with SafeNet units are rectified.
Many users find it easier to just utilise an old desktop computer, which is never connected to the internet, to securely store the private key to their wallet.
This can be a very se- cure way to manage bitcoins; new transactions are created and signed on the offline machine be- fore being broadcast by a separate, online computer.
As a result, the all-important private key is never held on a machine which is liable to be hacked over the internet, meaning the only way a thief can gain access to the private key is by taking control the physical machine they are stored on.
The growth in awareness of security practices will be an important step towards a more reliable Bitcoin ecosystem.
We are pretty much at a point now where Bitcoin businesses can be relied up on to have secure storage, it’s just the development of security practices aimed at individual users which will need to be established moving forward.