Hardware Wallet Doesn’t Store Private Keys to Surpass Cold Storage
A payments technology company has created a hardware wallet that addresses the “flawed approach” used for cold storage — and eliminates the physical storage of private keys.
Instead of storing private keys on a device — a “potential security problem” — Bitfi says it has developed technology that does not store any data or private keys. Instead, the company’s hardware uses a deterministic algorithm to calculate the private key at the moment of a transaction. This means that the private key comes into existence for a fraction of a second and vanishes immediately afterward. This technology is meant to overcome the risk of total loss should a hardware wallet be lost, seized or stolen.
Bitfi recommends creating a seven-word passphrase by using its Diceware method, which offers greater entropy. However, the company says that those who own its wallet have the option to memorize their passphrase. It encourages users to leave 24-word mnemonic seeds behind in favor of a seven-word alternative. Combined with no physical storage of private keys, the company argues this better protects users against attacks — as memorizing a shorter phrase eliminates the need to write down a seed, something a malicious actor could access.
The company says it eliminates the possibility of wallet funds being lost if a physical device is stolen by ensuring that no data is stored on the hardware itself, meaning that hacking the wallet is “fruitless.” This approach also offers greater protection to users in the event that their wallet is damaged or lost following natural disasters such as fires, floods or earthquakes.
Bitfi argues the practice of storing private keys on hardware wallets and connecting such devices to a computer creates an unacceptable risk of this sensitive information being obtained by hackers or malware, especially during physical attacks.
Making amends
Last year, Bitfi described its hardware wallet as the “world’s first unhackable device” — but the company has now withdrawn this claim.
The company had established a bounty hunt — initially offering a $100,000 prize, but which was then raised to $250,000 — for the first person who managed to hack its device. As reported by Cointelegraph this summer, this initiative was spearheaded by infamous investor John McAfee.
Although reports began to emerge that security experts had unearthed vulnerabilities, Bitfi claimed that these breaches did not satisfy the conditions of the six-figure bounty, which required researchers to extract funds from the device — and the company then went on to create a second bounty hunt with a smaller reward of $10,000 for “man-in-the-middle” vulnerabilities. Both bounty programs have subsequently been closed, but the company says it will soon introduce a new program with the launch of the new DMA-2 wallet.
Bitfi has described the incident as a disagreement with the infosec community, and says that the initial model that was the subject of the bounty program is no longer being shipped, as it has been superseded by a new model with additional features.
Simple, yet secure
Bitfi says crypto wallets need to offer a blend of high security and user friendliness, as otherwise, inexperienced owners of crypto assets risk losing their funds by accident. The company says no technical skill is required to use its product, and the device itself receives new features and security updates automatically from Bitfi’s node in real time.
This helps to reduce the chance of a user downloading corrupt software — and it also means users will be able to benefit from new features, such as support for additional cryptocurrencies, instantly. Overall, the company says that this ensures its devices are “never outdated or obsolete.”
In January, Bitfi integrated an all-in-one privacy cryptocurrency known as Apollo, and a blog post written by the coin’s team says it “combines mainstream crypto features into an unregulatable platform.”
Bitfi says that worries about safe cryptocurrency storage are a major hurdle in the quest for mainstream adoption — and it hopes that its solution, combining security with a device that is as “easy to use as an ATM,” will help drive growth for Bitcoin and other important assets.
Disclaimer. Cointelegraph does not endorse any content or product on this page. While we aim at providing you all important information that we could obtain, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor this article can be considered as an investment advice.