Discussing Security: How Much Does Open-Source Contribute to Security?
There is a debate that open/close source of the crypto wallet will impact the security on the web. Here we will explain a bit about wallet security. Open-source is indeed useful for users and experts to perform audits and do reviews. However, open-source doesn’t lead to safer solutions naturally.
Occasionally, open-source can be cracked easily by hackers because the resources, codes, and utilities are readily available. There are many vulnerabilities on open source products such as the Trezor, the most famous open-source hardware wallet. Ref 1. Unfixable Seed Extraction on Trezor — A practical and reliable attack. Ref 2. Crack Trezor in 15minutes.
In this article, we will explore the basics of evaluating a hardware wallet’s security and why open-source may not necessarily be related to security.
When we consider the security of a cryptocurrency wallet, there are four layers of security issues that may fundamentally impact whether you will lose your crypto assets:
1) Randomness and safety of key/seed generation.
2) Security and protection of private key/seed.
3) Avoid breaches during the spending process or signing of transactions using the private key.
4) Social engineering protection. For example, the product should have powerful methods to avoid exposing PIN.
Following are example use cases of the four security layers:
1) Key/Seed generation
Everyone should have heard a famous phrase by Andreas Antonopoulos: “Not your keys, Not your bitcoin.” What is a key, or more precisely, what is a private key? The private key is a significant random number of 256bits. If the Key generation has a bug or backdoor, your crypto can easily be stolen by the person who created that backdoor.
Users can explicitly check an open-source code of an open-source wallet to see whether the wallet generates trustworthy keys.
Transparency regarding key generation is one of the main concerns regarding closed-source wallets. However, there is a method close-source wallets can use that can overcome this.
For example, the ELLIPAL Titan has a unique solution that not many wallets have. Users can import their private keys or seeds (Via mnemonic words) that they generated using software they trust. Users do not need to trust the wallet because the keys are generated by themselves and not relied on the wallet’s code. It is trustless trust.
Additional info for new users: in a full-function crypto wallet, there will be many child private keys for various coins calculated from a seed. This was defined as HD wallet by BIP32, BIP39, and BIP44. When you lose your wallet, the mnemonic words can recover your seed, then recreate your private keys of all your coins into a new wallet. So, keep in mind “mnemonic words” is another form of your private keys. Please do NOT give it to anyone; otherwise, you lose your assets.
2) Key/Seed protection
The basis of private keys protection is isolation and formatted access. A SE (Secure Element) chip is a common choice for engineers to use when trying to protect private keys inside a hardware wallet. Another alternative that is also very effective is to isolate the hardware wallet from any outside connections, in other words, keeping it air-gapped.
As no connections are allowed for an air-gapped wallet, wallets like the ELLIPAL Titan uses QR codes as a communication interface instead of USB or Bluetooth. During a QR code scan, the data becomes visible, and the user has to scan the code manually. The format is open, documented, and contents can be easily verified that no data is leaked. In contrast to open-source wallets, the QR code’s open data format of air-gapped wallets is easier and more natural to check.
Besides protecting the private keys using software against tampering and attacks, engineers can upgrade the hardware to grant even more protection. For example: Anti-Tampering and Anti-Disassembling features have been added to the ELLIPAL Titan’s hardware to protect against supply chain attack and evil-maid attack.
Considering a close-sourced hardware wallet with robust software and hardware protection, hackers will need years to break the system. On the other hand, it is easy for hackers to re-compile and knows the attack points of an open-sourced wallet.
3) Spending process
The crypto spending process (transaction) is usually forgotten by users when talked about private keys protection. During spending, the attack point is focused on the online part, which is the APP. Due to the APP’s online nature, it is easy to be attacked by hackers. A fake transaction can send your coins to hacker’s address instead of yours.
A simple function that can protect the user is to show the receiver’s address by decoding the full transaction data. It does not matter if your wallet is close or open-source; If it cannot clearly show you every part of your transaction data, it is not safe.
4) Social engineering
Regardless of how technically secure a wallet may be, many people lose their assets because they are victims of social engineering attacks. Peeping PIN code or a scammer imposing as customer support, social engineering attack is mainly the reason people lose their coins.
A product with well security design should help users to avoid this kind of problems. These are not related to the wallet being opened or close source. If you use simple digits as PIN and make yourself vulnerable to peeping, open-source cannot help you. If a wallet has 2-factor protection like the ELLIPAL Titan, it is harder to peep and more secure than simply being open-source.
— — — — — — — —
We discussed in essence about wallet security and open-source. It can be concluded that security and open-source are not necessarily related.
From another point of view, open-source provides the whole community the chance to improve the product in terms of software features and security. Nonetheless, this is limited to the software part only. How the hardware and application are designed still cannot be controlled. It is always crucial for users to understand security and cryptocurrency to use hardware wallets at their highest security potential.