Max Hillebrand, Bitcoin educator and World Crypto Net broadcaster joins me in this newbie episode to talk about good practices with Hardware wallets and what we should think about. We talk:
- Why you should not leave your bitcoins on an exchange
- How to think about Hardware Wallets
- Recommended practices with Hardware wallets and self custody
- Next steps for learning
Max Hillebrand links
- Twitter: https://twitter.com/HillebrandMax
- World Crypto Net: https://www.youtube.com/user/WorldCryptoNetwork
- Max’s Personal website: https://towardsliberty.com/
- HODL Hotline (bitcoin consulting from Max): https://hodlhotline.com/
- Kraken: http://www.kraken.com/?utm_source=podcast&utm_medium=stephanlivera
- Unchained Capital: https://www.unchained-capital.com/?utm_source=Stephan%20Livera&utm_medium=Referral&utm_campaign=Affiliate
Stephan Livera links:
- Follow me on twitter: https://twitter.com/stephanlivera
- Show notes and website: https://stephanlivera.com/
- Subscribe to the podcast: https://anchor.fm/stephan-livera/
- Rate and Review the podcast: https://itunes.apple.com/podcast/stephan-livera-podcast/id1415720320?mt=2
- Orange Coin Good and other Merchandise @ Layer One BTC Store: https://layeronebtc.com/collections/stephan-livera-podcast
- Email contact: email@example.com
Podcast Transcript Sponsored by GiveBitcoin.io:
Stephan Livera: Hi, and welcome to The Stephan Livera Podcast, focused on bitcoin and Austrian economics. Today, we are starting The Hardware Wallet Interview Series, but first, let me introduce the sponsors of the show. So, firstly, Kraken, one of the world’s biggest Bitcoin exchanges. Over my years in bitcoin, I’ve been really impressed at the way they operate. They have a really strong focus on security. They have consistently acted ethically in the space under Jesse Powell’s leadership. They’re one of the longest-standing bitcoin exchanges and they’ve got some of the best liquidity in the industry. They’ve got high trading volume and low fees as well.
Stephan Livera: Recently, Kraken has been making serious progress in the institutional space. It was the first digital asset exchange to have its market data displayed in the Bloomberg Terminal, and recently, with their acquisition of Interchange, they are providing best-in-class accounting, reconciliation, and reporting services for cryptocurrency, hedge funds, asset managers, and fund administrators. To learn more and sign up, go to the Kraken link in the show notes.
Stephan Livera: Next, Unchained Capital. They do bitcoin financial services and also offer a two of three multi-signature vault product, so that means you can use a Trezor or Ledger wallet and maintain control with your two separate keys and reduce that single point of failure risk because a multi-signature helps protect you against the proverbial $5 wrench attack and you can distribute those keys. If you create an Unchained vault, you also get three free months of access to Saifedean Ammous’ Bitcoin Standard Research Bulletin.
Stephan Livera: Unchained also offer bitcoin collateralized loans, allowing you to get USD liquidity without selling your bitcoins. So, this can be more tax efficient for you and in that scenario, your bitcoin is stored in a dedicated multi-sig address under collaborative custody with Unchained Holding one of three keys. You hold the second key and Unchained’s independent third party key agent hold the third key. So, to learn more, go to the Unchained Capital link in the show notes.
Stephan Livera: Okay, guys. So, today we are starting The Hardware Wallet Interview Series. So, we will actually be having a range of different hardware wallet vendors come on the show to present and represent for their products, as well as some more independent bitcoiners coming on to give you some of their own views on best practices with hardware wallets. So, this first episode is really designed for a newbie so, if you’re a more experienced listener, make sure you share this particular episode with one of your newbie friends who has left their bitcoins on an exchange. This is the targeted episode for that person and it is with Max Hillebrand. He’s a bitcoin educator and World Crypto Net YouTube broadcaster. And he’s got a lot of really good practices to share, in terms of how to use hardware wallets and how to think about hardware wallets for a newbie. On to the interview.
Stephan Livera: Max, welcome to the show, mate.
Max Hillebrand: Hey, Stephan. Finally. Good to talk to you again. It’s been a while. Hey fantastic work on your pod, I’ve been following it pretty much since the first episode, as you’ve grown and expanded to what it is now. Fantastic, man, you share so much good knowledge about Austrian economics and the nuances of bitcoin. Beautiful. We need more of it and you’re a big part on that front, so thank you for your very much for all that work that you do.
Stephan Livera: Oh, well thank you Max. Yeah, I mean it’s a pleasure to finally have you on the show as well. I’ve been meaning to make it happen, but you know how it is. There’s always so many people to get on. So just for some of my listeners, what we’re going to try to do is do a bit more of a newbie episode about hardware wallets and what we might just start with, just for the listeners who aren’t familiar with you, I think most of them are familiar with you, but just for those who aren’t, just give a little bit of a background on yourself.
Max Hillebrand: So I’m an economist by trade, pretty much for my entire life. I’ve been reading stuff about economics and of course the Austrian side of view, especially Rothbard. Pardon me? The hero’s here, a hanging on the wall, they’re all fantastic and phenomenal work to advance the study of human action, which is quite beautiful. And the more and more I’ve gotten into bitcoin and all the cypherpunk tools that we have at our disposal to actually live out by these ideals and that the Austrians propose and actually defend our property rights, ourselves as individuals. And I think bitcoin is one of the many tools that we have. And just within Bitcoin, there are so many more tools, absolutely fantastic that we are all growing and building this together.
Stephan Livera: Fantastic. Yeah, I mean you do a lot of great work over at the World Crypto Net and just on Twitter as well and some of the work that you’ve done contributing. But today what we’re going to do is something a little bit different. Hopefully this episode for my listeners, you can pass this onto your newbie friend and if they are stuck leaving their bitcoins on an exchange, this is the episode for them. Okay. So we’re going to try and walk through what that newbie might be feeling, right? They’re still learning a little bit about, you know, in their mind it’s Crypto, but you and I know it’s more bitcoin, but in their mind they might be thinking, well hey, I’ve just bought some bitcoins and maybe a few other altcoins as well, and they may be holding them on some exchange or in some kind of custodial wallet.
Stephan Livera: Now that person might ask you, Max, they might think, well, Max, what’s, what’s the problem? Why can’t I just leave it on the exchange?
Max Hillebrand: That’s a very good question. And it comes down to the fundamental problem that we have with bitcoin or that bitcoin is trying to solve. And that is defense of your property rights in your own money, right? Meaning that you have something that nobody can take back, or take away from you rather. And this is where bitcoin shines. This is what it is designed to do. And it is only designed to do that if it has been used properly. It’s a tool and any tool can be misused, but any tool can also be used properly so that it is that it emerges then all the things that you desire and it actually solves your problem. And with bitcoin, that is exactly what we have a choice here. Either we use the tool not properly, we give our keys to a third party and we trust them, because they’re good guys come on.
Max Hillebrand: And then, well most likely that trust will sooner or later will be broken. But the cool thing is that with Bitcoin, we don’t have to trust anyone. When you run your own full node and you control your own keys, there’s literally nothing that can take away your bitcoin if done right. So this is why we want to do this, right? Defense first and foremost.
Stephan Livera: Okay, Max. So picking up from there. So bitcoin is this special, unique technology, right? But if I’m a newbie, I might be thinking, well, okay, so I’ve heard about these hardware wallets, I’ve heard about these devices like the Trezor or the Ledger or the Coldcard maybe. But aren’t these hardware wallet devices expensive?
Max Hillebrand: Well, there is some cost to it. Absolutely. And well, settled parts that cost first it’s going to cost you a couple satoshis. You, will have to spend your bitcoin, and give that to an entrepreneur so that he will provide a service to you. And the question is, is that service valid for you? And this building of a hardware wallet is actually not that easy. It’s very difficult. And these entrepreneurs have to invest a lot of their capital into building these tools. So, if you really want to have one, you have to sacrifice a little of yourself. And that is of course, and part of your bitcoin. Though also, I would say it’s more about education as well, right?
Max Hillebrand: This is also a capital cost. Your time and your attention to really sit down and try to understand this and you’re doing it already by listening to podcasts like these. Then you’re way ahead of the curve in this sense, but also invest in your education. I’d make sure that you really understand what you are doing here and how you can use these tools properly. And that I think is also something to be considered.
Stephan Livera: Yeah. Right. So look, I think from the Newbie perspective as well, they might also know this. They might know that, okay, it’s not the ideal practice to leave it on the exchange, but they might feel, they might feel like they’re not confident. They might feel like they’re scared and that they might screw it up and they might lose their bitcoins. Maybe from, you know, again, from the newbie point of view, they might think “Maybe it’s safer for me to leave it on an exchange”. What would you say to that?
Max Hillebrand: Well, I think we can look back at the track record, right, between trusting a central third party and securing your own cryptography keys, and with bitcoin specifically, so, so, so, so, so many trusted third parties have been compromised. And when they were trusted with the private keys, that means that the bitcoin are gone. And because of the design of Bitcoin, these bitcoin are gone forever and you will never get them back because now they are on the proper private key of someone else, and you cannot break that unfortunately.
Max Hillebrand: Well fortunately that’s a feature, not a bug, right? So we see just with the track record of Bitcoin to us, the third parties are security holes. And what we also see, maybe looking back on on some other technologies, people already use cryptographic keys in their daily lives every single day, right? How many SSH keys does your computer have? If you don’t even know that that you’re using it, you’re using HTTPS every single day and these have cryptographic keys, right? So you are already in control of some of your cryptographic keys and it’s actually not that hard.
Max Hillebrand: I mean, with some education you can do that within really seconds. Generating new keys and storing them properly and using them every single day. And this is absolutely doable. So it’s not as scary as itself and you already do it everyday. Now you just use these cryptographic tools, not just to encrypt your communication but also to protect the property rights in your sound money.
Stephan Livera: Excellent. And now if I’m a newbie, there’s a lot of different hardware wallet products out there. How should I think about selecting a hardware wallet product?
Max Hillebrand: Very good question. And that is part of this education, right? And research that you have to do and do your own due diligence right? Don’t trust but verify. And here I would say, well there are, let’s say three different main options and they are quite good to show what is possible. So for example, if you are a bitcoiner, You want to gamble a bit, then it’s still better to do this with your own private keys, right? And most of these bitcoins, you can hold your own private keys and you should do that. That is strictly better than not doing that. Right? Even when holding shitcoins is strictly worse than not holding shitcoins. Right? Yeah, sure. So then if you want to do that, there are two maybe three options. And that would be, for example, the Trezor, which is the OG of hardware wallets, they invented that pretty much. Satoshi Labs with Slush and Stick, and Alena, they build a beautiful product here and that can do shitcoins. The drawback, or the beauty of this hardware wallet is that it is absolutely 100% open source, the hardware and the software and that is great.
Max Hillebrand: It’s probably one of the most well-reviewed pieces of software in the bitcoin ecosystem probably as much as bitcoin core itself or something like Electrum. So it’s really, this is a very well reviewed hardware wallet and pretty good, however, because it is open source, it does not have a hardware secure module. Because that was back in the days a pretty, pretty and still very difficult to actually get, well because closed source stuff sucks and if you want to have a very secure defense against the physical attacks. So if someone is physically holding your hardware wallet, then you really should want to have one of these hardware secure modules and there, the Ledger has one of these and thus it is pretty secure from this physical attack point of view. Though the drawback is the Ledger is closed source so you don’t really know what’s going on in there and you don’t know if the private keys are handled properly. So that would be kind of the two, the two main options, which would you want to go. Complete open source with very, very rigorous peer review or closed source with some more promised security properties of the chip. And that would be Trezor or a Ledger.
Stephan Livera: Right. And then what about the Coldcard? What are your views on that and whether that is suitable for a newbie or not suitable for a newbie?
Max Hillebrand: Well, it kind of depends on what kind of newbie it is. If it’s, if it’s a blockchain Newbie, then most likely it’s not the right thing. If it’s a bitcoin Newbie who really wants to really get into bitcoin and bitcoin only. Yes. This is a very, very good tool. Why? It kind of combines two of these approaches. It is absolutely 100% Libra and open source, both of course the software, the firmware and the hardware. So the hardware chip itself designed and manufactured by Peter, well @Dochex on Twitter and, NVK and then also, it has open hardware with a hardware secure module. So they do have physical security against people who hold the Coldcard by didn’t have physical access, with this hardware security module. Plus they made it that it is open source, right?
Max Hillebrand: They actually negotiated with their supply chain, and they have so much leverage in their market and that they actually said we only buy the product if it is open source. And thus they made it happen, which is fantastic. And this is bitcoin only. Why? It’s a feature, not a bug. Keep it simple and keep it stupid. And adding 1,001 shitcoins is not keeping it simple. It introduces a lot, a lot of security risks. Plus you’re not gonna run a full node on any of these three clients anyways. And that’s, it’s bitcoin only. It’s open source hardware with a hardware secure module that has all of the cutting edge features. And I mean the cutting edge features, like actually writing the BIPs themselves. This is a beautiful hardware wallet and I can only recommend it.
Stephan Livera: Right? Yeah. I mean there’s a lot to unpack in that I think. But let’s say, I’m a newbie. I’ve got a job, I’ve got a family, I’ve got a life. It’s a lot of time to, it’s a lot of effort to try and learn how to do this right. And I’ve seen, you know, maybe I’ve got friends who made a mistake and they lost money. What is the best way Max, to learn about how to use a hardware wallet device? What are some good resources as well?
Max Hillebrand: Well, I think it’s just good to, you know, take a couple hours out of your days and invest in this. Really sit down and try to learn this. And then there are many sources of knowledge that you can go to and accumulate to try to understand it. I honestly believe that it’s absolutely doable for anyone who wants to accumulate this. So I would go to the official documentation of each of these projects. Trezor.io, Ledgerwallet.com I think, and coldcardwallet.com. And each of them most likely have a very, very well-documented archive of how exactly step-by-step to use their hardware wallet. Now that is for people who want to read, and maybe they have some videos as well. But of course there are other ways. Are there a podcast episodes where you get like the high level conversations. Podcasts are a bit difficult to go into the technicals. So most likely the better place for these hardware wallet reviews and how-to guides is Youtube, right? Go look for videos. I’ve done about the Coldcard for example, I think of like 20 videos or so. And there are many, many more by other awesome content creators about the nuances of every hardware wallet. Of course well follow Stephan’s podcasts here as well, because I know that the next coming episodes will teach you exactly the nuances of all of this.
Stephan Livera: Great. So look, are there any tips for when that person might get stuck? So let’s say, they’re trying to do a certain thing, whether that is to, you know, learn about how to initialize the wallet or maybe, somewhere there’s an error. What is the best way to get unstuck?
Max Hillebrand: I think that the first way is always to DuckDuckGo it, look it up on the Internet. Pretty sure someone else had the problem before you and hopefully he’s documented it somewhere in this knowledge archive. And maybe you find it on a stack exchange or just on a random Reddit post or wherever but you can look and maybe learn something on the web. Although, of course, if you really have a tailor-made problem and you want to have like a real support, reach out to the peers, there are many different forums for that. Twitter, Reddit, right? Ask the questions yourself. Why not open a stack exchange question? And, for what I personally love to do is join the chat groups. All of these projects pretty much have their IRC channels or at their telegram groups of, I don’t know, probably no Facebook groups, but the cool thing here is that most of these projects or well, they are open source, right?
Max Hillebrand: There is a strong community around most of them and, if you then are in these telegram groups and you ask a question, well maybe you get like a person working for the company to answer it. Maybe it’s even Slush who was hanging out on the chat right there, right? Or, then you will have a dedicated peer who is himself a user of this product who still wants to help you out because he maybe has the same problem just a couple of weeks ago and now he’s figured it out and now he’s willing to share this knowledge with you. And so I would say be active in the, in the network, right? Be a, be a good peer and try to learn and to grow and to gossip with others about this awesome knowledge and accumulate as much as you can.
Stephan Livera: Right. And I think another tip that might be useful for newbies as well is, try to show that you’ve done some work that maybe you tried to Google it, but you couldn’t find the results. And I think then people tend to be more supportive or happy to help you when you’ve shown some willingness and pro activeness.
Max Hillebrand: Yes, exactly. And that is especially prevalent in these chat groups, right? Because they’re oftentimes the same stuff comes up over and over and over again. And because of the design of such a huge chat group, the knowledge kind of disappears into the logs, right? And nobody really scrolls up, and there I think it’s really important for these open source projects to build a good documentation, and many of them have that where you can easily link users too. So if the same question comes up, it’s also nice, for those who know about these knowledge archives to be okay in this FAQ, section four, here’s the link, there’s the exact answer, right?
Max Hillebrand: And if you have these links available and you know about them, then share them out. This is also a rather efficient way for, for sharing this knowledge, right? Because you only have to share the link and not explain it a hundred times, but then it’s also a way to tell others, hey, look, there’s the archive. Actually go there and look stuff up. It’s quite good. So it kind of is on both sides, right? We want to have the students seeking out the knowledge, proactively, but we also want to have teachers who provide the knowledge in a way that students can find it easily.
Stephan Livera: Excellent. And so let’s talk a little bit more specifically around the flows or at least the cycle that a typical newbie might go through. So, I guess it starts with buying a hardware wallet. What are your tips around who to buy that wallet from and how to make sure you’re buying a legitimate product?
Max Hillebrand: Yes, that is very, very important because here the supply chain is a big attack vector, right? And especially the last mile of shipping. How do you know that the stuff that you buy on eBay for like half the price of the real hardware wallet? Is that really the right thing? I don’t know. Do you? And this really is a level of trust that you have to go into, right? We cannot eradicate this all, but I would always recommend to buy from the source itself. Go to the main website and see if you can buy it there. If it’s a big hassle with shipping to your country, maybe look if there is a local reseller, right? Often times, there are these people and they have the quote unquote stamp of approval and web of trust of these entrepreneurs providing the service. And then it’s always very, very important to, when you get this package, to check for for tampering. Has the package been opened with and there is some packages that do this really, really well.
Max Hillebrand: Like for example, the Coldcard, right? This has a security seal and you absolutely 100% can see if the package has been tampered with it, if it has been opened. If it has been opened, then do not use this. Then, unfortunately it seems that this was kind of a scam and some people try to get your hardware wallet or at least be very, very, very careful and only proceed with great great caution. Always check if the package that you get first, comes from the right source and second, has not been tampered with on the way. Then when you have your hardware wallet that at your own house, that’s then when we can proceed.
Stephan Livera: Right, and also there are some instances where unscrupulous people sold a hardware wallet with the seed or the words already generated. What should we do in that case?
Max Hillebrand: Of course, never, ever send money or Bitcoin to these public keys of these private keys. Why? Because you’re not the only one who knows these private keys. Someone else has written them down before and anyone who knows these private keys can spend the bitcoin, thus you don’t really own these bitcoin because you’re not the only one knowing about them. Therefore, you should delete that wallet and at least start a new wallet. For example, then generate a new 24 mnemonic words, and you write them down securely yourself, And then you know, because you yourself have generated them, that nobody else knows about them. And thus they are your bitcoin.
Max Hillebrand: But it really depends here on this case because, who gave you that hardware wallet, with the seed already enabled? And is the physical hardware actually also a scam? That that might be as well. In this case, to be honest, I would not use that hardware wallet at all or like the specific hardware, because someone else has had it. Unless I really trust that person, I would not continue using that specific hardware wallet, but that really depends on the case.
Stephan Livera: Yeah. Look, I think it, I agree with you. I think it should be taken as, that’s an expensive lesson. You should throw it out and get a new one. Let’s talk about initialization. Right? So this, for the newbies, this is a process where, when you first buy that hardware wallet, you need to set it up. So Max, can you tell us a little bit about what does that look like for the user? Like they’re opening the device, they are plugging it in, how are they, what are they doing?
Max Hillebrand: This, again the nuances depend a bit on the different hardware wallets that we use. But in general, you first can set a pin to that hardware device. So this is probably a number, hopefully a long one, I think mine are always like 16 digits or something, that protects the physical hardware. This is the pin to unlock the hardware to then unlock your private keys. Without the pin you, cannot use the hardware, but the pin does not necessarily have to do with the private bitcoin keys. The pin is for the hardware, not necessarily for the private keys. That is a big differentiation here. So once you have set up that pin to secure the hardware, then it shows you your newly created mnemonic seeds or your mnemonic word, which are 12 or 24 English or well, many other languages, words that represent your private key, and this private key then, here again is very important to back up, and to back up in a secure location, right?
Max Hillebrand: So for example, when you are in a public place, in a café, and you write down these mnemonic words with like a hundred people around you and probably 50 smartphones pointing at that paper that you’re writing on
Stephan Livera: and cameras
Max Hillebrand: Exactly, right? So then the the risk of someone else knowing your mnemonic words is relatively high. And again, whoever knows your mnemonic words has full control of your bitcoin, and thus it makes really a lot of sense to do this in a private moment. Sit down in your own house, make sure that nobody else is in the room. I would even go further, make sure that you don’t have your phone with you, because that has a camera, it also has a microphone, it also has a vibration detector and a bunch of other stuff. Just go into a room without any electronics, sit down in your bathroom. Why not? It’s only for a couple of minutes and if you can protect yourself just a little bit more, it’s not really too much of a hassle. So just make sure that there really is no one around, neither in meatspace as well as in cyberspace. This is a moment in time just for you, because you must be the only one that knows about these private keys.
Stephan Livera: Exactly. And I think it might be useful to just talk about some of the potential attacks that can happen that are not typically thought about. So, some of these, what we call side channel attacks. Can you just explain a little bit around what those are and that’s why we try to, take certain precautions when we’re setting up the device.
Max Hillebrand: Yes. There are several side channel attacks and I guess the overarching theme of them is that it means it’s communication from the hardware wallet to some other device. And you can maybe spy on this communication and reveal some of the secrets that the hardware wallet contains. And that can be just some artificial metadata. Like maybe the size of a transaction that is being sent or signed, something like this, or it could be very, very bad and it can be, even the public keys for example. And so, you know exactly as an outside observer what specific trends, or what money is being held on that private key, and then if it’s worthy to attack or not. Or you could potentially, and that would probably be the worst case, even leak the private keys by just spying on the communication between the hardware wallet and the computer used to interact with it.
Max Hillebrand: This then, is a question, how do you communicate and this path and how do you make sure that it is secure? And here with a hardware secure module, that is the big, big, big first step that makes everything a lot easier, because this really protects against these physical types of attacks, as I’ve called them earlier. And this is a physical attack. You plug a special cable in and you check what bytes are being transferred through that USB cable, for example. That would be a side channel attack. You have physical access to the device. And here, if you have a hardware secure module, that is a lot better than not having one. So I would recommend in that case, if that is your threat model to use something like Ledger or Coldcard.
Stephan Livera: Right. And what is a threat model for a newbie?
Max Hillebrand: Well, it’s the type of person or entity you, defend against. If for example, you are in like a loving relationship with your wife and your children, then maybe you don’t necessarily have to protect yourself against them. You maybe trust them enough, that they will not steal your private keys and run away with your bitcoin, maybe. And then in this type of threat model. Well, your children are not really a threat, so it might be okay to leave the unencrypted mnemonic, for example, in their room, because they can see the private keys because you trust them that they won’t spend it. But of course, if for example, you live in a shared apartment and there are a bunch of strangers running around all the time, well you don’t trust all of them and you don’t want them to have knowledge off your private keys and thus access to all of your bitcoins.
Max Hillebrand: So you might use something like a hardware wallet to physically encrypt your private keys so that only you who knows the pin then also has access to this money. So if you are someone being well, threatened by huge tyrants. You’re a reporter or journalist who should learn to code. No. Let’s say you are a coder building some very awesome technologies that people don’t want you to build then, you need to defend yourself maybe against even more elaborate attacks. It always depends on your individual case of who is attacking you on how much you need to defend yourself. And that is a very individualistic choice. Think about that. It really is important to know before you go and build here for this strategy.
Stephan Livera: Okay. So let’s say the user now, they have set up their device and they have got their 20 word, 24 word seed and they’ve got a pin and they’ve chosen a sufficiently long pin to help give some additional protection. Now if that user still feels a bit uneasy, what are some ways to ease into that experience? Should they use testnet? Should they do small transactions first?
Max Hillebrand: Oh yes. Very, very good point. I’m the biggest fan of testnet. I’m a testnet maximalist, so to say. Why? I think because it has several reasons. Well. the first is nothing really can go wrong. I mean these are fake Bitcoin, right? These are not real sats. And so if you lose your private keys it doesn’t really matter too much. If you send off, all of a sudden, all of this to a third party address by accident that doesn’t really matter, you can always get new fake bitcoin. There is not really a risk of losing your sats. And that is a very high priority to me. I don’t want to be that guy that, all of a sudden, lost a couple thousand, or even millions of sats just an accident because he made a stupid mistakes about setting up his hardware wallet, so always be testing, and here testnet is awesome.
Max Hillebrand: And hopefully all hardware wallets provide testnet. If they don’t, don’t use them because that means that the developers didn’t test either.
Stephan Livera: So that’s a good point. Okay. So I think it might also be useful then to think about recovery. So quick example, if I’m a newbie, maybe I’m not so clear about what it actually takes to recover a device. Is it, just a pin that I need or do I also need to keep the mnemonic seed?
Max Hillebrand: So for the hardware wallet itself, that is the pin. You have full access to the entire hardware wallet with the pin. So if you lose your pin, unfortunately that hardware wallet is no longer accessible. Now some hardware models, especially those with a good hardware secure margin, like the Coldcard even means if you don’t have access to the pin, you cannot even reset the device. There is no factory reset in good hardware wallets. This means that without the pin, the physical Coldcard itself is a brick, and you will never be able to use it again. Not even for a completely new wallet. So the pin is only for the hardware wallet. And then if you want to spend though your bitcoin, you can do so without the hardware wallet, if you have the mnemonic, which then reveals your private keys, your seed.
Max Hillebrand: And this mnemonic can be used, most likely if it is in an interoperable standard, like most wallets are today, on different wallets. So for example, you can use a seed that you’ve generated with Trezor and you can put that, for example, into your Electrum hot wallet on your laptop. And then the Electrum wallet on your laptop now has the secret of the Trezor hardware wallet, which of course means that the hardware wallet feature is not broken because the seed is only hot wallet.
Max Hillebrand: But it means that you have full access to these bitcoin from your Electrum wallet. So even if you, for example, lose access to the hardware wallet, if you have the mnemonic, then you have access to your bitcoin. Now, the thing is though, that you have also the opportunity to encrypting your mnemonic to have this backup show, not the actual private key, but that the backup itself of this mnemonic, the paper backup that you do is in encrypted form so that you need an additional passphrase to reveal the actual secret that reveals your private keys of your bitcoin. So, if you have chosen to use such a passphrase as an additional layer of defense, then you need both the mnemonic, back up, and the passphrase in order to spend your bitcoin.
Stephan Livera: Excellent point. And so let’s just talk to that passphrase component. So, for example, on the Trezor, you can find that in the advanced tab and there’s basically you can think of it like it is a 25th word for your seed instead of 24 words. Now it’s kind of like you’ve got a 25th word. Can you just talk to how that is actually another whole, in some sense, another whole wallet and you have their consideration around backups and recovery now because you’ve got to tell your heirs that 25th word or that passphrase as well.
Max Hillebrand: Yes, exactly. So maybe a little bit about how these things are actually done in a workflow level. First what you do or the hardware wallet is it generates a huge random number and this huge, huge, huge random number is your seed. The seed where to derive all your private keys from. But, of course, the huge random numbers are very difficult to write down as a human. Thus, we take a word list and we transform the seed into 24 English words so that every word corresponds to exactly one part of this random number. And it’s just a human readable interpretation of that same number. The one means the other and the other means the one and then if you add a 25th word, if you add a additional, passphrase to this standard mnemonic, then you also change the seed itself.
Max Hillebrand: That is now another huge random number. It’s like having a huge random number and then adding some additional numbers to it. That’s, in this context, the exact same thing as having 24 words, the huge random number and then adding the 25th word, another bit of randomness. And this means that the 25 words are different than the 24 words. The new seed that is being created, the quote unquote encrypted is different than the original seed, the standard random number that we started with. So here, to recover them, you need both. You need to have the 24 mnemonics and you have to have the passphrase.
Max Hillebrand: But the cool thing is, you can store them in different places. You can have, for example, your 24 words in a safe deposit box somewhere, and then you have the passphrase in your home safe deposit box, somewhere else. And then, because these two are separated, if only one of them gets compromised, if someone gains access to one of these pieces of knowledge, then you’re still good because you need to have two of them in order to actually spend these bitcoin.
Stephan Livera: Excellent. And let’s talk about then the backups and the encryption of these pieces of, crucial pieces of information. So obviously you might, depending on your setup, but if you were just keeping the hardware wallets at home, or if you were leaving the hardware wallet in a safety deposit box or, and then you might need to keep a copy of that mnemonic and/or that passphrase. So how should a newbie think about that in terms of segregating that?
Max Hillebrand: You know, it really, again, depends on your threat model. Who do you defend against? And so for me personally, I have two vastly different experience. For testnet, I have horrible OpSec. The pin to my hardware wallet 1-1-1-1. The unencrypted mnemonics lie next to me on the table. For me, untested, I do not care at all about my security, because it’s fake bitcoin. So here I have horrible OpSec and there’s no separation, there’s no encryption. It’s very, very weak. And maybe that’s okay for your threat model, in your individual case. But for my real Sets, I’m so paranoid about them that I don’t, I will not tell you exactly how I do it because that will reveal some of my strategies.
Stephan Livera: Let’s not reveal anything about your own set up.
Max Hillebrand: That’s the other side here of the threat model. But in general, I would say that it’s always, always very important to encrypt your backups. And this goes for anything really, but it goes especially for your private keys to your bitcoin. So how, how do you do that? While the passphrase is pretty, pretty good, because then you get, the mnemonic word in encrypted form and mnemonic are very easy to back up. It’s writing down at them on a piece of paper or stamping them into metal, It’s very easy to back up your mnemonic. And thus having a way to encrypt this written down backup is very, very good. So that is highly recommended. Though some hardware wallets, like for example, the Coldcard provide this fantastic feature of doing a backup onto SD card, for example. And here the backup is encrypted properly with the secure random number generator off the hardware wallet.
Max Hillebrand: So in the case of the Coldcard, you can generate a zipped archive of your private keys and the bunch of the metadata about your wallet, and then you encrypt this with like 256 bit security, which means that your passphrase is not just one word, but it is actually 12 words. So this is like a completely new mnemonic seed with all the security in the cryptography side of you. Just to encrypt your backups. And then you know, these backups are so securely encrypted, you could theoretically even upload them to your Google server, or to any other third party server, although that might again leak some metadata, but at least the content, the private keys itself are so securely encrypted that no one is ever going to break it. And here these are the different threat models. Always encrypt your backups and store them then in encrypted form in different locations, both physically as well as in cyberspace.
Stephan Livera: Fantastic. And the other point is typically there are certain devices, a quick example is the cryptosteel that an individual may use to back up their 12 or 24 word seed. And so I think as you were pointing out there, that the user needs to be very careful where they leave that device because if they have not used a passphrase, then somebody could steal their bitcoins, right?
Max Hillebrand: Exactly. The advantage of a hardware wallet is that in meatspace we have encrypted private keys. You need the pin in order to get the private keys, that’s the security model here of the hardware of all that in meatspace. Well, for the backups, for mnemonic words, if they are not encrypted, then the meatspace defense is whatever meatspace defense you put around it. If you have it in your drawer, under your socks, then that’s pretty easy to find. If you have it in your own physical safe in your house somewhere like beneath a bunch of cement and iron cages, then maybe that’s good enough physical security. But nevertheless, people might gain physical access to this backup. And then if you do not have it encrypted, they have full knowledge of your private keys and thus they’re no longer your bitcoin.
Max Hillebrand: And then, you know, you really have to be careful here. Very good always to encrypt your backups and then to put these backups into secure locations, and to spread them out. And you might also want to consider not just the attack model of humans, but the attack model of nature as well. If you have paper backups, what happens if it starts to rain and your house floods all of a sudden? Then are your private keys just going to be deleted? Do you have other backups as well? Or what if your house burns down? Are you really secure in a fire secure safe? Or is the sock drawer just going to light up and the paper is going to be poof? That’s where I like to, engrave my private keys on something durable.
Max Hillebrand: You could use gold, that would be utility of gold or you could use something like metal. For example, I have like physical stamps, of hard metal that I put on a thin piece of metal, to then hammer and this will stamp into this thin piece of metal, the letter. And so if I have enough thin pieces of lead or iron or steel or whatever that is, I can easily encrypt, back up all of my mnemonics on these durable, fireproof, waterproof, shockproof, electricity proof, really secure physical manifestations of my private keys of the mnemonics that are encrypted.
Stephan Livera: Excellent. Yeah, I love that explanation. Let’s now talk a little bit about the privacy considerations. We don’t have time to kind of go through the full detail of it, but perhaps you just want to outline some basics for the newbie in terms of what should they be thinking of and what information are they giving off by using say, a Trezor or a Ledger or a Coldcard.
Max Hillebrand: Yes. So the prime design of a hardware wallet that is to protect your keys. The keys that you use to sign your transactions and assuming that that is an order and that everything is secure here, this does not guarantee anything about privacy. The privacy side comes with whom do you reveal your public keys to. Who do you tell which private keys, the public side of your private keys so, they cannot calculate the private keys so they cannot take your bitcoin, but they can calculate which bitcoin addresses, and thus which bitcoin coins belong to you. This can lead to a degrading of your privacy. Then someone else might know exactly how much money you have and where you spend it on and without a shadow of a doubt, he has cryptographic proof of it. The question is how can you initialize this wallet?
Max Hillebrand: For example, a secure Ledger is in this regard absolutely terrifying because you must at any times if you, if you initialize this wallet, or if you upgrade their firmware, you are connected to the Ledger Live application as a desktop application that you run on your computer or laptop and that sends a copy of the private, of the public key, to the Ledger service, or server. And thus they everything about you, quite literally. And then only can you upgrade this device and then only can you use this device with the Ledger Live software. And that’s where all their shitcoin management is housed as well. And that really is a huge, huge problem because now they know exactly what, all your addresses.
Max Hillebrand: And there are other ways though of doing this and that is mainly running your own full node. It’s one of the only options, basically, to really reclaim that privacy in this sense. Because then you no longer have to ask anyone how much money you have, but you verify it for yourself. And thus nobody knows which coins you’re interested in because you have not asked anyone. And that is the main or one of the many reasons of running your own full node in here. You can use, for example, the Electrum wallet interface together with your Electrum Personal Server to connect this Electrum software to your own full node and then plug in the hardware wallet to Electrum, to communicate and to check which coins you have and to sign and broadcast transactions.
Max Hillebrand: All this can be done with your full node together, either with Electrum or then my favorite way of doing this with Wasabi Wallet, because Wasabi Wallet is very private by default, even if you do not run a full node, the private keys are not shared. Sorry, the public keys are not shared with anyone and that is very, very good. If you want to use your hardware wallet in a private way, very conveniently plug and play by default, then I can suggest Wasabi Wallet here.
Stephan Livera: Right. Wasabi Wallet’s, I think, a good trade off for a newbie to look at, although it may be a little bit confusing for, depending how Newbie that person is on how to use it, but what would be some good guides or documentation that exist or just point them towards your videos on how to use Wasabi wallet?
Max Hillebrand: There are many great educators sharing knowledge on Wasabi, 402 Payments, you’ve done a lot of stuff as well, 6102 at Bitcoin-Only and I’ve also done a couple of videos about Wasabi on pretty much step by step, exactly how to use it. And so the video side is covered and right now in working with the peers on a documentation archive at Wasabiwallet.io/docs and here, then it will be in written form all the nuance or many, many nuances of bitcoin privacy, especially Wasabi wallet with step by step guides and FAQs and all the good stuff. There is this knowledge out there, you still have to seek it and you still have to understand it. I agree Wasabi is not yet completely newb friendly, absolutely not. We have a long, long way to go, but it’s a good first step, and anyone who wants to invest their time and who really has the need to defend not just his property rights in the sense of theft, but also his property rights in sense of privacy, to not be forced to talk to others if you don’t want to. Here Wasabi is already really good. Yes, there is a learning curve to it, but we are building to make it better every day.
Stephan Livera: Great. And let’s talk about destruction of a device or trying to get rid of a device. Do you have any tips there and in terms of things that have to be careful with, with the seed?
Max Hillebrand: Yes. So, the first question is always do you really want to delete the private keys? Really? Really, really? Because private keys in this sense of bitcoin, spend money. So, if there is money to be spent by the private key, but you have deleted it, then you can no longer spend it, which would be very, very bad. And remember that in Bitcoin people can send money to old addresses of yours and then this means that you could get money sent to a public key, of a private key that you have already deleted and that is not too good. There might not be too many cases where you really want to delete your private key completely, so always keep a backup somewhere, I would say at least. Then though, if you want to destroy a hardware, that’s a different question.
Max Hillebrand: And this hardware can be reset, depending on the unique manufacturer, but there should be a reset option in all of them in a way that it deletes the private key from the storage mechanism, either the microchip or the hardware secure module and it overwrites that data with random zeroes and ones that are no longer your private key. That would be the first step. Delete the data from the device. And if it’s a hardware secure module, you can actually prove that it was deleted. You can roll over a seed and then you have, under some security assumptions, pretty good proof that this data now is actually deleted. But I would go even further, delete or destroy the physical device, smash it with a hammer, burn it, cut it into pieces. Even the Coldcard, it has, the mark two version. It has a little error right next to the screen where the hardware secure module is placed. And right next to it, it says shoot here, and it is very advised and there are videos on online where people are actually doing this.
Max Hillebrand: If you shoot your hardware wallet Coldcard, then at this spot, then yes, the hardware secure module gets obliterated and then you have absolute certainty that the private keys will never ever be found again. So, that is pretty a pretty cool. Make sure that you do this securely, if you really want to do that. And then what to do with the weight? I don’t know. Throw it into different garbage cans on five different continents. No, you can go paranoid if you, if you want.
Stephan Livera: Yeah. There are many different levels of paranoia, but I suppose at this level we’re just talking about trying to take that newbie off an exchange. But I think good for them to know what is the best practice there. Let’s talk about best practices now with software use as there have been some instances of people losing money because of malware. Do you have any recommendations for beginners, if they are, let’s say downloading Electrum might they need to verify the signatures or what are some other good practices there?
Max Hillebrand: The sense of the hardware model is that we do not trust the computer. We do not trust the software of our main laptop, for example. And because it’s an operating system, it’s huge. Many, many bugs. And thus the private keys are removed to a separate hardware device. But we still need to communicate with our main device in order to build that transaction. And you’re absolutely right, if that software is malicious, there can still be cases where it kind of tricks the hardware model, the hardware wallet into signing a transaction that is not really right, and know that there have been many cases of that, and know many attack vectors are possible here in the sense. So it’s always, always very important to do your research and to verify the software that you’re using.
Max Hillebrand: Again, that’s a huge problem if you’re a shitcoiner, I have no clue how you’re gonna deal with that. Because it’s probably all of these wallets just have Trojans left and right. So yeah, good luck. But if you’re in bitcoin, then we have good devs working here, and all of them sign the releases of their firmware, meaning that, oh well if they don’t, then never ever use that wallet ever again. Ledger. Well if they do, then you can verify that the firmware that you have on your hardware wallet is actually the one that was developed by the developer. And you know that there was no man in the middle who gave you a firmware that the author of the software, like the real entrepreneur did not approve of. And that is very, very important. Always, always, always verify PGP signatures.
Max Hillebrand: It’s actually very, very easy if you learn how to do this. There are graphical user interfaces for it as well on all operating systems, but that is just, it’s so, so, so, so, so important. We should do even much more than just verifying the PGP signatures. Then, if you do that, still make sure that the software itself is good, and here do your research on, for example, Electrum wallet on Bitcoin core itself, bitcoin QT is a pretty good wallet. And with the hardware wallet interface, you can actually connect your hardware wallet to it. Then I can recommend Wasabi, as well. Still much more review needed on that, piece of software, but it seems to be quite solid. Specifically for the hardware wallet, I guess there’s, well no, Armory does not support hardware wallets.
Max Hillebrand: Unfortunately they’re not too many good options out there. But I guess with Electrum, especially connected to your own full node and Wasabi, we have two pretty strong candidates and hopefully we will see many, many more in the future with the integration of hardware wallet interface.
Stephan Livera: Yeah, great points. I think you’re right. I think at this point it’s basically bitcoin core with hardware wallet interface, Electrum Personal Server or one of the other options like ElectrumX, et cetera or Wasabi at this point. But I think that’s a, hopefully, that’s a pretty good overview now for the bitcoin newbie. Let’s talk a little bit about next steps for that Bitcoin Newbie. What are some potential topics or areas or even some software or concepts that they should be looking to try and learn now once they’ve gotten to this level?
Max Hillebrand: Maybe to keep it initially on this hardware wallet stuff, look into more elaborate ways of backing up your mnemonics. For example, the Trezor team has done some great work to bring forth a Shamir’s Secret Sharing in a quite interoperable standard so that you can split up your mnemonics words, and your encrypted mnemonics words, by the way, into several groups, so that, instead of having one times 24 words, you have five times, 12 words and you need three of these 12 words in order to get your master secret again. You kind of split up very securely and in a cryptographically sound way, your mnemonics into five different shares and you need four or three of these in order to get back the real private key to spend the bitcoin. This can help you a lot with your physical defense. If you then have five different secure locations in like three different countries for example, and you need to travel to all three of these places separately in order to get your, your real private key to spend the bitcoin. And that can be really good mechanism for backing up. Maybe in general stay up to date with what’s going on.
Max Hillebrand: Schnorr’s signatures change the game quite drastically for hardware wallets. That will require a lot of further development. Lightning Network for hardware wallet is quite a crazy thing. I follow Stepan Snigirev. who has been here on your pod many times already. He’s doing great, great work with Crypto Advance with that hardware wallet, also open source hardware security module. Fantastic. Scriptable hardware wallets, Coldcard has a couple of cool things up their sleeve that they’re working on regarding co-signing scriptable business logic in one of your cold cards in a multisig setup that is fantastic. Oh yeah. We didn’t even talk about multisig itself, so that’s another can of worms that also has to do with hardware wallets and especially with Trezor and Coldcard.
Max Hillebrand: The rabbit hole goes deep, so I don’t think it will be boring. Keep on learning.
Stephan Livera: Yeah. That’s great. What about any other, I guess more leaving the world of let’s say, hardware wallets more and kind of custody. More specifically, are there any other topics or things within, in or around bitcoin that you think would be beneficial for a Newbie to learn about?
Max Hillebrand: You know, learning the why of Bitcoin, why this is so important., and here I think economics is just a vitally, vitally important part. And, of course the listeners to your show know that. Listening to all your pods, they’re, pretty sure that they got a good grasp of economics by now. Keep on learning about this then nuances are really, really deep. When you understand the why of bitcoin on the economic level, that really pushes you to learning how to actually use it properly in all its different aspects, and then to focus on, take care of your privacy. It really, really is a huge, huge, huge problem that we have in the incumbent world. There is no financial privacy in fiat world. Like forget it, none, zero, nil. You’re transparent to the core. Never use credit cards, so please not.
Max Hillebrand: With Bitcoin it’s already to that a billion times better. Even a basic newb, just having his hardware wallet is much, much, much better than he would ever be in the banking sector of fiat work. But we can do so, so, so much better and we should strive to do so much better. Take care of your privacy, run your own full node. That’s the second rule. Or no wait, the first rule of privacy is never reuse addresses, the second rule of privacy is never reuse addresses, then the third rule is run your own full node. It really is important to do all that. We record today at the anniversary or well, coming at the anniversary, two year anniversary of the user activated software where we proved by choosing to run our full node, how we can manifest Nakamoto consensus and how we can evolve it in a way that does not break consensus. A Beautiful, beautiful event. Run your own full node that is absolutely important and get educated about as much as possible.
Stephan Livera: That’s fantastic. I think that will hopefully give a great overview for some bitcoin newbies out there who might get, shared this episode. Let’s now, just before we let you go, Max, let’s talk a little bit about what you’re working on and if they, let’s say they want to get consulting from you or the, I know you have this HODL hotline, tell them a little bit about yourself and if they want further consulting, how can they find you?
Max Hillebrand: Yes. This rabbit hole is quite intense and it’s always good to have solid peers on your side and a new network that tried to help you and share knowledge, that is really important. And, Stefan and I, we both do this for fun and for free for our podcasts and everything that we share a bunch of this, let’s say passive knowledge where you listened to us talk. I do that on the World Crypto Network with hundreds of videos and, podcasts and, or appearances in several other podcasts and that is great, but oftentimes you really need to have these in depth counsel, sessions where we really talk about one specific problem tailor made to you as an individual and they’re just, you need to have a conversation. The HODL hotline, for a small donation of I think, what is it, a humble 1 million satoshis I think then that over lighting of course only. Well, I would accept CoinJoined bitcoin as well. We really can sort of dig down on all the problems that you have, but in general, in all the chats in, in all the groups, and ask your questions there and seek out this knowledge. There are many different sources to do this. I just offer one additional way of doing this in a real conversation. So, if you’d like to hop on the hotline.com, it’s not just me. There are a bunch of teachers and educators up there offering different services.
Max Hillebrand: Specifically, bitcoin only tools. I mean a lot of the theory, a lot of the economics, a lot of the game theory, a lot of the coding. Then also, though about using the software for different tools, hardware wallets, software wallets, CoinJoins and running your own full node and all this, many different ways that these teachers can help you to advance your understanding of bitcoin, which I think is the best investment that you could ever make. It’s the biggest investment of your time and your attention, but it also is a bit of your investment off your sats, if you really want to bootstrap and get this really going quickly.
Stephan Livera: Yeah. That’s excellent. Thank you so much for joining me on the show today, Max.
Max Hillebrand: No, thank you Stephan. Really a fantastic conversation. I’m really looking forward to this upcoming series on the hardware wallet because the nuances of this are fantastic and you shared with me what peers you will get on show. That’s going to be so exciting. You’ve got the good guests, you got the right peers sharing their knowledge and keep it up, really. Your podcast is, by far the deepest in the rabbit hole of economics and Bitcoin. And it’s very cool to have you on our side here, sharing all this knowledge and teaching that is so, so, so important and we have to do a lot more education. That’s maybe also the call out that I would like to provide here at the end. Really contribute to the open source projects, all of you.
Max Hillebrand: It’s your responsibility if you use open source projects to contribute back, and you can do that in many different ways. It does not at all have to be coding only. Stephen, the work that you’ve done spreading the knowledge of the good tools like nodl or Wasabi, or Electrum. It’s fundamentally important and without peers sharing knowledge, for example, there would not be such projects and, for example, also help with documentation. That’s one of the tasks that I’m doing right now for Wasabi Wallet is to build this knowledge archive in written form and it’s Libra and open source on Git. So if you want to contribute, if you have a question, then ask it there. If you know the answer to a question, well then answer it there.
Max Hillebrand: It’s not just for one specific project, but for all the open source projects. Again, if you use a open source project, it is absolutely your responsibility to make sure that this is a prosperous venture, and this goes in many different ways. So, be active, be a good peer in the network, don’t just be a leech, but give back and help us grow this Libra sound money to become this behemoth of proof of work, of sovereign individuals claiming their sovereignty and defending themselves and their property rights. Stephan, thank you very much for inviting me on the show and to hopefully see you on the next time soon.
Stephan Livera: Hope you found that valuable. Make sure you are subscribed to the podcast using a podcast app so that way you don’t miss out on the episodes that are coming. I’ve got a whole range of interviews with some of the top people to listen to on this, so keep an eye out for that. You can find the show notes on my website, StephanLivera.com if you want to DM me, my handle on Twitter is @StephanLivera, my email is StephanLivera@pm.me. That’s it for me. Thanks guys and see you next time.