Electrum 2.7 with better multisig hardware wallet support and Ledger Nano S

Electrum has been my favorite Bitoin wallet software for a very long time. The reason I had a look at it initially was because there was a debian package. Only when Trezor hardware wallet support was added and was not yet released, I downloaded the sources. It is written in Python. I work with python regularly, but it is not my primary language. But for frequently updating and testing experimental software, it is pretty cool. That’s how I started to report bugs in the unreleased development branch, and sometimes even committing the patches myself.
But the reason I’m writing this post is, that the new 2.7 release contains two features that are important to me.

Ledger Nano S

One is that the Ledger devices now also support multisig with electrum. I took this as the trigger to order a Nano S. It works totally different from the HW1 in that it has a display. Thus you can set it up without an air gapped computer. With only the two buttons, you can navigate through the whole setup process. As a bonus it is also to my knowledge the first hardware device to store Ethereum tokens, not counting experiments such as quorum. So I finally moved my presales ETH.

Multisig with hardware wallets

I wrote about multisig with hardware wallets before. But Thomas took it a huge step further. Now it’s not only super secure, but also super user friendly. Now the hardware wallets are directly connected to the multisig wallet. No more saving unsigned transactions to files and load in the other wallet. You can still do that if you have the signing devices distributed geographically. Given a solid backup and redundancy strategy, you can now also have a 3 of 3 multisig hardware wallet. So your bitcoins would still be secure if your computer was hacked, and two of the three major BitCoin hardware wallets had a problem, which is very very unlikely.

The only thing still missing is the debian package for the 2.7 version.

Trezor BitCoin HardwareWallet

Today I received my Trezor BitCoin HardwareWallet. When I ordered it in June 2013, the expected delivery Date was October. But as it happens all that often with BitCoin related hardware, the dates get pushed back. They offered a device with plastic case for XBT 1 and one with an alloy case for XBT 3. After the Bitcoin price skyrocketed end of last year, they stopped taking pre-orders. The devices we early backers received, have a nice “First Edition” label at the back.

The trezor is the first hardware wallet for BitCoin that is mass produced. It has a small screen, two buttons and a microUSB connector. So it is actually a lot more secure than if you just stored the private key on a SmartCard, as could be done with a HW1 or a YubiKey NEO if the software was finally released. You can see the balances on the different addresses in the client on the computer. When you want to send some coins, you see the receiving address and the ammount on the small screen of the trezor. Once you confirm using two button presses, the trezor signs the transaction, and the client on the computer propagates it to the BitCoin network.

Build quality and form factor look quite nice. It is actually a bit smaller than I expected, which is a good thing. Fifteen Swiss Francs in Coins would require about the same space. I guess it helps in that regard that it doesn’t require a battery, but is powered from USB.

The first thing I did was setting it up with the browser plugin from https://mytrezor.com. It’s an easy process where you have to write down the seed which consists of 24 words. Then I sent a small amount back and forth. Only after seeing this succeed, I transferred bigger amounts to the addresses of the device.
Then I wanted to test the electrum plugin that slush recently noted, would be merged soon. I found it in a pull request on github. It didn’t work initially, but several people were quick to help. After all issues were sorted out, also sending with the trezor from electrum works fine.

It wouldn’t be a security device if it worked without entering some kind of secret. Entering the secret on the computer would make it less secure, as some malicious software could record it. Entering it on the device with only two buttons would be cumbersome, as not that many people these days are fluent in morse code. So, I was curious, how they solved that problem. The solution they came up with is actually quite nice. They display a 3×3 grid of buttons with question marks on the cumputer, while the trezor shows a 3×3 grid with digits 1 to 9 in random positions. That way, you enter your pin on the computer using a mouse or touch screen, using the positions found on the trezor screen. Even after playing with the trezor for only some hours, it’s evident that a lot of thought went into it.

I wonder what will happen next in that space.
I was not fully convinced by the HardBit. Indeed it turned out, somebody found out how to activate WiFi and bluetooth of the repurposed SmartPhone. That makes it way less secure. The developers seem eager and friendly, but it might be just not the most secure platform to begin with.
Recently I backed an interesting project called PRISMicide on Indiegogo, but with only 8% funding after half the time, it looks as if they won’t make it.
The picture and description of the BitSave from ButterflyLabs look really slick. But they have a history of overpromising and delivering late.
And finally, I’m sure SatishiLabs, the creators of trezor, will work on a follow up device that is even smaller and communicates with SmartPhones.