I said I’d come back with some further explanation on hardware wallets. It’s only taken me 9 days! Please, if you’re reading this don’t rely on what I say without verifying it for yourself!
The issue was to do with using a hardware wallet to store MAID, when the wallet doesn’t natively support MAID transactions on the Omni protocol. When the time comes to move the MAID, will the act of retreiving the private keys compromise the security of any other coins stored on the hardware wallet? I’ve gathered information specifically relating to the Ledger Nano S with the 1.3 update. (@neo - I still haven’t actually tested this on a device, so for the time-being this is just how it is claimed to work).
With some provisos I would say that the desired outcome can be achieved with acceptable security. Here’s a description of the architecture and necessary steps…
-
During setup, the Nano S produces a 24 word BIP39 recovery phrase which you need to record and kept safe.
-
The user needs to set up a 4 to 8 digit PIN to allow subsequent access to the everyday wallet on the device. Entering an incorrect PIN three consecutive times results in the device being restored to factory settings. (You’d then need to restore using the 24 word mnemonic phrase).
-
Don’t use the default ‘everyday’ wallet for your most valuable funds. Treat it as a hot wallet (or as a decoy if an attacker is trying to coerce you to give them access).
-
The way the Nano S gives you the necessary flexibility is by allowing you to use BIP39 passphrases in order to create/open/manage wallets. The device allows passphrases to be up to 100 characters, and for proper security they need to be long (this is one of the provisos I mentioned).
-
When you use a BIP39 passphrase it is combined with the 24 word recovery phrase to generate a root key. This is the key which is used to generate your public and private key pairs deterministically. The passphrase acts as a salt for the hashing of the recovery phrase during root key generation. Because of the way that hashing functions work, the slightest change in the salt (your passphrase) results in a completely different root key being generated.
-
The Nano S allows you to create and access as many wallets as you wish by using different “temporary passphrases”. You can, however, only access one wallet at a time in any given session, thus the word “temporary”. Each time you turn on the Nano S (beginning a new session), if you wanted to access a wallet created with a “temporary passphrase”, you would have to enter the long passhrase again.
-
It’s important to note that there is another convenient function called “passphrase attached to a PIN”. You already have your main PIN which gives you access to the ‘everyday’ wallet, but you can setup a second PIN. You have to attach a passphrase to this PIN, thus achieving a wallet with a different root key from the ‘everyday’ wallet. You can then easily access this second (‘hidden’) wallet by using the second PIN (no need to enter the long passphrase).
If you’re having trouble visualising all of this, try playing around with a BIP39 tool such as this coinomi one.
Is this secure? What are the provisos? When the time comes to move your MAID, assuming support has not been added to the Nano S by then, you may need to use a BIP39 tool to get your private keys for the wallet on which you’ve stored your coins. This should definitely be done OFFLINE. You would have to input your 24 word BIP39 recovery phrase, which is not ideal (it risks exposing your ‘everyday wallet’ to a bad actor for starters). Assuming your recovery phrase was compromised during this step, the security of the rest of your wallets would hinge entirely on the strength of your passphrases. If you used very long passphrases WITH GOOD ENTROPY (i.e. RANDOM) and kept the passphrases safe (offline), the other wallets can in my opinion be considered secure. To put it in perspective the maximum passphrase length of 100 characters, for example, is I think longer than the length of the variable portion of a BIP32 root key!
I intend to get my hands on a Ledger Nano S hardware wallet to test the operations I’ve described above. I need more time!
Comments, criticisms and corrections welcome!