Pablo Olivera Brizzio, Alumni of the Global Master’s in Blockchain Technologies, has prepared a comprehensive article where he reviews the key aspects and concepts surrounding crypto wallets. A text that, we are sure, will be of great help to those who are not yet initiated in the sector, but also refreshing to those who already have some experience in it.
The world is living times of accelerated digital transformation at different levels and in practically all domains: from artificial intelligence (AI), internet of things (IoT), additive manufacturing (3D printing), all the way to Blockchain and beyond.
In the Blockchain world some terms and concepts require a new understanding and even a redefinition, given that they are not what they seem, a priori. As an example, Smart Contracts are not really smart nor contracts, because they are actually just lines of software code executing pre-determined instructions in a certain order without further intelligence and are also worthless as contracts, per se, if they are not bound to the country’s legal framework.
On the other hand, crypto wallets are also misleading, somehow, as they really do not hold any coins inside…
The following basic frequently asked questions (FAQ) will try to explain some of the fundamental concepts of crypto wallets and clarify some misconceptions, both for first time users and even for those that already have some experience.
DISCLAIMER: The author is not a Security Expert or a Financial adviser. The following content is for educational purposes only.
These terms are deeply related to each other, fundamental to crypto wallets, but they all represent completely different functions.
A private key proves the user’s identity and grants them access to the assets, so they can spend the coins. It’s in essence a very long number that in most cases and for everyday users is generated for them by a software system, aka a crypto wallet. Most of the times people don’t even get to see it, unless they are advanced users or technically savvy. For the sake of better understanding, it’s analogous to the password of an email account. It should not be shared with anyone and needs to be kept secure.
This large number is generated by crypto wallets or can be produced manually. This latter is not usually recommended for the average user, as it needs a high level of entropy or randomness; great for STEM class learning though.
A public key is derived from the private key following an advanced mathematical process.
The public key is responsible to digitally sign transactions.Finally, a crypto address is derived from the public key. This is analogous to an email address, it can be shared with everyone so the user can receive payments.
It’s important to note that the process does not work backwards, in other words someone with a crypto address cannot find the corresponding public key and someone with a public key cannot find its corresponding private key. This is the beauty and strength of cryptography!
It’s mostly a software that allows you to manage your crypto assets.
The software can run on the cloud/online, in a mobile/desktop device, or in a hardware wallet.
Note: though other non-software wallets do exist, they are not the most common types and therefore will be just mentioned further below in this article.
Absolutely not. A crypto wallet is a software or hardware product that basically holds the following “inside”:
a- The private and public keys of the different crypto assets.
b- The address/es of those crypto assets in each of the Blockchains. Note: each Blockchain is a decentralized ledger that records transactions between user’s addresses: i.e. Address A (John) sent 10.5 USD to address B (Mary). Only if John and Mary have their private keys they can prove they are the owners of the address and therefore spend the assets.
c- A firmware (software inside the microcontrollers/chips) to automate the process of generating a private key to start with, then to automate the checking of balance, sending funds, encryption, security, etc.
Yes, there are wallets that can “hold” different coins at the same time, but the specifications need to be checked as there might be coins not supported by wallet manufacturers and this will require the user to have more than one crypto wallet to manage their portfolio.
In a broad sense, there are 2 big categories: Hot and Cold wallets. The former is connected to the internet and the latter is offline.
In terms of Hot wallets there are:
a- Online wallets: typically, crypto exchange companies who provide the user a wallet, but they control the private keys, so if they go out of business or they get hacked there is no way to recover your coins.
b- Software wallets: the user can download to their mobile or desktop and they control their private keys, but as it’s connected to the internet it is very vulnerable to hacker attacks.
Within the Cold wallets there are:
c- Hardware wallets: this is considered by most security experts the most secure solution to own and store keys, but it requires high responsibility and care from the user side.
d- Paper wallets: they are fun and very didactic for learning, besides being a cheap solution. However, this is a semi secure method, on one side it’s secure for being offline most of the time, but insecure as the user needs to use a browser to enter the private key whenever they need to send coins, therefore exposing it to online attacks.
Fun fact: there is even something called a Brain Crypto wallet, where people store the seed words in their memory and it’s considered a cold storage method . Obviously, highly insecure and not recommended for any serious purpose.
Some crypto wallets allow the user to optionally enter a 4 to 9 pin number for extra security. This means that if some unauthorized person were to have access to a user’s wallet, they would still need to enter the pin code in order to use/spend the assets.
When the user does the setup of a crypto wallet for the first time, the wallet application/device generates a random list of 12 or 24 English words, out of 2048 (BIP 39), that allows the user to recover its wallet in case of theft or damage.
It’s vital to record these words in a safe medium and in a safe place. Security experts recommend NOT to do it in a digital format (like excel, text file, etc.) as it could be easily hacked. Paper is not a very good option either as a permanent solution as it might get damaged by humidity over time and the ink might fade away.
There are however different physical options in the market like metal plates with engraving tools and even some new low-cost solutions coming up very soon.
It’s worth noting that if the user loses these seed words and the wallet is stolen or damaged, there is no way to recover it back.
A passphrase is a word or sentence which provides an optional and additional level of security. Some companies refer to it as the 13th or 25th word, as this word is added to the end of the 12 or 24-word list to make the security stronger.
Important: the user should never physically store the passphrase together with the seed recovery phrase, because if for some reason it gets stolen they will have access to reproduce the wallet. On the other hand, if kept separate and only one part is compromised, there is no way to access the wallet.
BIP 39 is a common standard used in most modern crypto wallets nowadays for hierarchical deterministic wallets, however it’s not the only one that is being used.
Standards are very useful because they allow a certain degree of interoperability between crypto wallets. As an example, if a crypto wallet A (software or hardware) breaks and the user wants to recover their coins using a different crypto wallet B (software of hardware), it is indeed possible, as long as both follow the BIP 39 standard and not a proprietary method.
a- Most of the modern crypto wallets follow it.
b- Used to generate a Master key, from where all the other keys will derive.
c- It’s based on 2048 unique English seed words . Note: there are some implementations in other languages as well.
d- Crypto wallets under BIP 39 give the option to generate 12 or 24 random words out of these 2048 word list. It’s always better to choose the highest number of seed words available.
There are different levels of security, but in practical terms, the general rule of thumb is that the less time (or better still, none at all) connected to the internet the safer it is. There is a tradeoff between security and practicality that each person will need to assess and decide on. For example, software wallets are very practical, but vulnerable devices as they are almost always connected online. On the other hand, hardware wallets are very safe, but would be inconvenient to buy a coffee with, while standing in the queue.
Some common best practices that people take are:
a- They use software mobile wallets with small amounts of crypto for daily/weekly use, like buying coffee, purchasing a book or entering a nightclub (which accepts crypto, of course).
b- They have a hardware wallet for bigger amounts like saving for retirement, buying a house or paying the Uni.
c- They sometimes also have a desktop software wallet to do coin exchanges, check trading trends and even to manage one or more hardware wallets as the visualization advantage and ease of use at home is superior and more comfortable.
In order, not to provide a bias opinion on this topic, the author suggest reviewing online references such as https://coinmarketcap.com/alexandria/article/best-crypto-cold-wallets, among many other references that can provide different perspectives from a technical, price and usability point of view.
Finally, it’s the user’s responsibility to take care of their crypto assets and that means taking extra super care about the private keys.
It’s important to remember that security is not about doing one thing right, but being extra careful of doing everything right. It’s vital to make sure that throughout all the chain of custody the keys are kept safe.
Freedom has always its own price and it’s called “knowledge and responsibility”. It should be always kept in mind the famous quote from the crypto community that says: “not your keys, not your crypto”.
References: https://www.gemini.com/cryptopedia/crypto-cold-storage-brain-wallets https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt https://www.elobservador.com.uy/nota/los-championes-de-marty-mcfly-son-uruguayos-20151021500