Trezor and Ledger Hardware Wallets #1731

New Issue

jonah · 2020-02-21T22:47:50Z

jonah commented

2020-02-21 22:47:50 +00:00

Basic Information

Name: Trezor
Category: Hardware Wallets (WIP #1713)
URL: https://trezor.io/

Name: Ledger
Category: Hardware Wallets (WIP #1713)
URL: https://www.ledger.com/

Related meta-issue: #904

Description

I've added the Trezor One and Trezor Model T as recommended cryptocurrency hardware wallets in our hardware recommendations draft, and the Ledger Nano X as "worth mentioning" hardware. I recently received a Trezor One, a Ledger Nano X, and a Ledger Nano S for testing, and I wanted to open a discussion on all three and how they compare, and gather feedback on how we should move forward with these recommendations.

Previous Discussion

@Peter-Easton left thoughts on the Model T: https://github.com/privacytoolsIO/privacytools.io/pull/1713#issuecomment-588482017

Trezor

I'll be covering both the Trezor One and the Model T as one "product" here because:

Trezor's Model T and One wallets are almost identical.
- The Model T has a touchscreen (which does make it considerably easier to use), supports shamir backups, and will theoretically support encrypted storage via microSD, but that functionality is apparently not yet available. It also supports a few more coins than the Trezor One.
- Otherwise from a functionality perspective they do the same tasks.
I only own the Trezor One.
- This is both because at ~$40 I think the Trezor One is a fantastic deal, and because at ~$160 I think the Trezor Model T is overpriced. (but if someone from Trezor wants to send me one to test, hit me up 🤣)

Trezor's products are apparently open source hardware and software.

The Trezor One is small and light enough that I'm happy to keep it on my keychain, but the material quality isn't particularly fantastic. It's just a light, plastic device.

Ledger Nano S

The Nano S is a very well-designed device. The metal and plastic casing just feels more robust/durable than the Trezor One, but it does seem less portable/convenient. I wouldn't want to keep it on a keychain — and this is Ledger's portable model!

Ledger's devices do use closed-source components, which is disappointing in comparison to Trezor's devices.

According to the Ledger community on Reddit, firmware updates have been taking up more and more space, leaving less room for apps. Some users report they can only install 3-5 apps total on their Nano S, which is a major drawback.

Note that you only need the apps to setup wallets for the first time and approve subsequent transactions. If you send Ethereum to your Ledger wallet and later delete the Ethereum app, your Ethereum is not lost, just momentarily unusable. This means that it would still work fine as a backup device, it would just be inconvenient as a "daily driver" with multiple currencies.

Ledger Nano X

This is an updated Ledger device with Bluetooth functionality, which enables it to work with mobile devices. If you are set on using crypto on the go, this is definitely the way to do it. However, there is little additional functionality that works with mobile devices outside of wallets, so unless you're constantly making transactions away from home I don't think it'll be a huge benefit to too many people.

The biggest advantage of the Nano X is the additional storage capacity. According to Ledger it can store "up to 100" apps, as opposed to the advertised "3-20" on the Nano S. Also from a convenience perspective, the Nano X uses USB-C rather than USB Micro-B.

Trezor Wallet

Trezor Wallet is the online website that — coupled with Trezor Bridge (a background application which facilitates the connection between the device and your browser) — is used to manage your device and wallets.

For me, the experience has been spotty. Trezor Bridge has a hard time functioning with adblockers, Firefox's Privacy Protections, and the HTTPS Everywhere extension, all of which I had to disable on Trezor's website. Even then, it took a couple browser restarts and device reconnects to get everything showing up in the wallet.

The first thing the site has you do before setting up your device is update its firmware. It claims to do this so that you have the best experience almost right out of the box. But strangely enough, I had a firmware update available immediately following the setup procedure, and it showed that my Trezor (which I had just updated) was at least three versions behind. Not sure if that's a strange bug, or what.

Trezor + Third-Party Wallets

Connecting my Trezor to third-party apps in Firefox was also a frustrating experience. Setting up your device with compatible apps like MetaMask or MyEtherWallet involve a redirect to connect.trezor.io, where you can authorize the application's connection to Trezor Bridge/Your Trezor device. Unfortunately, I kept receiving messages on this page claiming Trezor Bridge wasn't installed on my computer, despite having Trezor Wallet open and working in just another tab. Even with all the relevant privacy extensions/adblockers disabled in my browser, it took 5 or 6 attempts to get the device to appear in the first place.

Even after my device was linked, I would still run into these issues. Attempting to send Ethereum in MetaMask would open a verification pop-up on connect.trezor.io to verify the transaction with my device for obvious reasons, and the connection on that page with Trezor Bridge was still hit-or-miss.

Ledger Live

Ledger devices use a Desktop or Mobile wallet and management app called Ledger Live. I found it to be very intuitive to use, and everything synced up well. I deposited a small amount of various cryptocurrencies and everything worked as expected.

Because I used the same recovery key on the Trezor, my wallets and transactions appeared in Trezor Wallet too, which was nice. More on that below.

There is an option to sync wallets from the desktop to your mobile app manually, but I do wish there was a way to sync the two automatically. Ultimately I don't think this will be a huge deal for most users however: Once they set up their wallets on both devices completely there will likely be little changes.

I did experience synchronization errors with my Ethereum wallets during testing (basically all day today for example). I have no idea whether this is common or not. These wallets get their data from crypto nodes that Ledger operates on their own servers, so I assume it's just some "momentary" downtime on their side of things.

Ledger + Third-Party Wallets

I had a much better experience using Ledger with MetaMask in Firefox. Ledger's devices have no need to connect to Ledger Live or any other kind of "bridge" program to connect to browser applications. I'm not sure how it works exactly, but I suspect it uses some sort of WebAuthn/U2F connection in the browser based on the numerous "security key" popups I saw spammed in Firefox for a few seconds. The good news is it worked basically painlessly, how I would expect it to. I haven't yet tested with any other third-party wallets either in-browser or on-device, but I will probably test it with the official Monero wallet soon, which supposedly also has Ledger functionality. Unfortunately, Monero is not supported in Ledger Live.

Using a Ledger as a Trezor backup (and vice versa)

I'm happy to report that if you set up two devices with the same 24-word recovery key, you can make transactions on either device, and it will appear in the software wallets either device uses. This of course makes sense, because the idea behind hardware wallets is that they are software and hardware agnostic, and everything is stored on the blockchain rather than the device itself. But, it is still nice to confirm.

Comparison: FIDO U2F and FIDO2

Both Trezor and Ledger's devices work as-advertised. The Trezor Model T is the only unit to support FIDO2, the Trezor One and Ledger devices only support U2F. For most users, I don't think this will be a big deal.

Despite the Ledger Nano X being equipped with Bluetooth, it does not function as a Bluetooth U2F key, which I find very disappointing. I've been told this will come in a firmware update with FIDO2 support, but it did not seem to be a high priority to the Ledger team.

Comparison: PGP/GPG and SSH Authentication

Trezor's devices do not act as a GPG smart card, instead opting to use a custom trezor-agent that is still under development.

It does not support importing keys, all keys need to be created on the Trezor and they can never be exported. This is fine because they can be theoretically restored with your paper seed, and it is certainly secure, but it means that you can't setup multiple GPG devices. So, if you wish to also use a YubiKey or Ledger device as a PGP keystore, you would be unable to do so.

My use-case is very much reliant on being able to use PGP on a couple different hardware devices (i.e. I need to import a specific key from a file to a device), so this is a dealbreaker for me. As such, I haven't put too much into testing the PGP functionality of my Trezor One.

Ledger's devices supposedly act as a normal GPG smart card, that can be used with pretty much any standard GPG implementation. Unfortunately on my devices, I received this error when attempting to use them as such:

OpenPGP card not available: Operation not supported by device

This could either be a macOS issue or a driver issue. In either case, I am not going to disable SIP on my personal computers to troubleshoot this, so I have been unable to test PGP functionality. I may try to find a Linux machine to test the Ledger devices with in the future.

Both of these devices were fairly disappointing to me, in comparison to the YubiKey 5 series keys I've been testing as well, which worked out of the box on my macOS machine with no issue. Assuming I am able to get the Ledger to work properly, I would say that I prefer their implementation of PGP over Trezor's.

It should be noted that the SSH key functionality of all these devices is tied to GPG (the GPG authentication subkey), and therefore I have not been able to test it.

Conclusion

This is just some initial testing on these devices. Let me know if there is anything I should look into.

Trezor One: Currently recommended. At its price point it seems like it is the best option, but its strange implementation of PGP is disappointing to me. But PGP is just one flaw, and its main benefit is obviously cryptocurrencies which it handles decently well. I am not a fan of its support with Firefox, but things generally worked eventually. It is good to have a completely open-source option on the budget side of things.

Trezor Model T: Currently recommended. I'm tempted to move this to worth mentioning however, because it doesn't seem like a huge improvement over the Trezor One unless you need Tezos support or something. Curious to hear thoughts.

Ledger Nano X: I'm tempted to make this a full recommendation over the Model T. As far as mid/high end devices in this category go I have not been disappointed by the experience, and it certainly isn't as bad of an experience as some reviewers would have you believe. Again, I am curious to hear your thoughts however, because the closed-source aspect might be a concern.

Ledger Nano S: Not recommended. The lack of usable storage space is only going to get worse down the road, which is probably a dealbreaker if you are using it as your main device. I think if you got it for free/cheap with a Nano X (they occasionally have decent bundle deals) it is a solid device as a backup. But if you just need a backup device, the Trezor One is likely cheaper and more functional.

## Basic Information **Name:** Trezor **Category:** Hardware Wallets (WIP #1713) **URL:** https://trezor.io/ **Name:** Ledger **Category:** Hardware Wallets (WIP #1713) **URL:** https://www.ledger.com/ Related meta-issue: #904 ## Description I've added the Trezor One and Trezor Model T as recommended cryptocurrency hardware wallets in our hardware recommendations draft, and the Ledger Nano X as "worth mentioning" hardware. I recently received a Trezor One, a Ledger Nano X, and a Ledger Nano S for testing, and I wanted to open a discussion on all three and how they compare, and gather feedback on how we should move forward with these recommendations. ## Previous Discussion @Peter-Easton left thoughts on the Model T: https://github.com/privacytoolsIO/privacytools.io/pull/1713#issuecomment-588482017 ## Trezor I'll be covering both the Trezor One and the Model T as one "product" here because: 1. Trezor's Model T and One wallets are almost identical. - The Model T has a touchscreen (which *does* make it considerably easier to use), supports [shamir backups](https://trezor.io/shamir/), and will theoretically support encrypted storage via microSD, but that functionality is apparently not yet available. It also supports a few more coins than the Trezor One. - Otherwise from a functionality perspective they do the same tasks. 2. I only own the Trezor One. - This is both because at ~$40 I think the Trezor One is a fantastic deal, and because at ~$160 I think the Trezor Model T is overpriced. (but if someone from Trezor wants to send me one to test, hit me up 🤣) Trezor's products are apparently [open source hardware](https://wiki.trezor.io/Open-source_hardware) and [software](https://wiki.trezor.io/Open-source_software). The Trezor One is small and light enough that I'm happy to keep it on my keychain, but the material quality isn't particularly fantastic. It's just a light, plastic device. ## Ledger Nano S The Nano S is a very well-designed device. The metal and plastic casing just feels more robust/durable than the Trezor One, but it does seem less portable/convenient. I wouldn't want to keep it on a keychain — and this is Ledger's portable model! Ledger's devices do use closed-source components, which is disappointing in comparison to Trezor's devices. According to the Ledger community on Reddit, firmware updates have been taking up more and more space, leaving less room for apps. Some users report they can only install 3-5 apps total on their Nano S, which is a major drawback. Note that you only need the apps to setup wallets for the first time and approve subsequent transactions. If you send Ethereum to your Ledger wallet and later delete the Ethereum app, your Ethereum is not lost, just momentarily unusable. This means that it would still work fine as a backup device, it would just be inconvenient as a "daily driver" with multiple currencies. ## Ledger Nano X This is an updated Ledger device with Bluetooth functionality, which enables it to work with mobile devices. If you are set on using crypto on the go, this is definitely the way to do it. However, there is little additional functionality that works with mobile devices outside of wallets, so unless you're constantly making transactions away from home I don't think it'll be a huge benefit to too many people. The biggest advantage of the Nano X is the additional storage capacity. According to Ledger it can store "up to 100" apps, as opposed to the advertised "3-20" on the Nano S. Also from a convenience perspective, the Nano X uses USB-C rather than USB Micro-B. ## Trezor Wallet **Trezor Wallet** is the online website that — coupled with **Trezor Bridge** (a background application which facilitates the connection between the device and your browser) — is used to manage your device and wallets. For me, the experience has been spotty. Trezor Bridge has a hard time functioning with adblockers, Firefox's Privacy Protections, and the HTTPS Everywhere extension, all of which I had to disable on Trezor's website. Even then, it took a couple browser restarts and device reconnects to get everything showing up in the wallet. The first thing the site has you do before setting up your device is update its firmware. It claims to do this so that you have the best experience almost right out of the box. But strangely enough, I had a firmware update available immediately following the setup procedure, and it showed that my Trezor (which I had just updated) was at least three versions behind. Not sure if that's a strange bug, or what. ## Trezor + Third-Party Wallets Connecting my Trezor to third-party apps in Firefox was also a frustrating experience. Setting up your device with compatible apps like MetaMask or MyEtherWallet involve a redirect to **connect.trezor.io**, where you can authorize the application's connection to Trezor Bridge/Your Trezor device. Unfortunately, I kept receiving messages on this page claiming Trezor Bridge wasn't installed on my computer, despite having Trezor Wallet open and working in just another tab. Even with all the relevant privacy extensions/adblockers disabled in my browser, it took 5 or 6 attempts to get the device to appear in the first place. Even after my device was linked, I would still run into these issues. Attempting to send Ethereum in MetaMask would open a verification pop-up on connect.trezor.io to verify the transaction with my device for obvious reasons, and the connection on that page with Trezor Bridge was still hit-or-miss. ## Ledger Live Ledger devices use a Desktop or Mobile wallet and management app called **Ledger Live**. I found it to be very intuitive to use, and everything synced up well. I deposited a small amount of various cryptocurrencies and everything worked as expected. <img width="1136" alt="image" src="https://user-images.githubusercontent.com/3637842/75076742-93e90080-54c6-11ea-9519-bd94964b5a5e.png"> Because I used the same recovery key on the Trezor, my wallets and transactions appeared in Trezor Wallet too, which was nice. More on that below. There is an option to sync wallets from the desktop to your mobile app manually, but I do wish there was a way to sync the two automatically. Ultimately I don't think this will be a huge deal for most users however: Once they set up their wallets on both devices completely there will likely be little changes. I did experience synchronization errors with my Ethereum wallets during testing (basically all day today for example). I have no idea whether this is common or not. These wallets get their data from crypto nodes that Ledger operates on their own servers, so I assume it's just some "momentary" downtime on their side of things. <img width="1136" alt="image" src="https://user-images.githubusercontent.com/3637842/75076707-83d12100-54c6-11ea-88f8-6a5f43b74910.png"> ## Ledger + Third-Party Wallets I had a much better experience using Ledger with MetaMask in Firefox. Ledger's devices have no need to connect to Ledger Live or any other kind of "bridge" program to connect to browser applications. I'm not sure how it works exactly, but I suspect it uses some sort of WebAuthn/U2F connection in the browser based on the numerous "security key" popups I saw spammed in Firefox for a few seconds. The good news is it worked basically painlessly, how I would expect it to. I haven't yet tested with any other third-party wallets either in-browser or on-device, but I will probably test it with the official Monero wallet soon, which supposedly also has Ledger functionality. Unfortunately, Monero is not supported in Ledger Live. ## Using a Ledger as a Trezor backup (and vice versa) I'm happy to report that if you set up two devices with the same 24-word recovery key, you can make transactions on either device, and it will appear in the software wallets either device uses. This of course makes sense, because the idea behind hardware wallets is that they are software and hardware agnostic, and everything is stored on the blockchain rather than the device itself. But, it is still nice to confirm. ## Comparison: FIDO U2F and FIDO2 Both Trezor and Ledger's devices work as-advertised. The Trezor Model T is the only unit to support FIDO2, the Trezor One and Ledger devices only support U2F. For most users, I don't think this will be a big deal. Despite the Ledger Nano X being equipped with Bluetooth, it does not function as a Bluetooth U2F key, which I find very disappointing. [I've been told](https://www.reddit.com/r/ledgerwallet/comments/f5duvg/nano_x_with_google_smart_lock/fhyfpc4) this will come in a firmware update with FIDO2 support, but it did not seem to be a high priority to the Ledger team. ## Comparison: PGP/GPG and SSH Authentication **Trezor**'s devices do not act as a GPG smart card, instead opting to use a custom [trezor-agent](https://github.com/romanz/trezor-agent/blob/master/doc/README-GPG.md) that is still under development. It does not support importing keys, all keys need to be created on the Trezor and they can never be exported. This is fine because they can be theoretically restored with your paper seed, and it is certainly secure, *but* it means that you can't setup multiple GPG devices. So, if you wish to also use a YubiKey or Ledger device as a PGP keystore, you would be unable to do so. My use-case is very much reliant on being able to use PGP on a couple different hardware devices (i.e. I need to import a specific key from a file to a device), so this is a dealbreaker for me. As such, I haven't put too much into testing the PGP functionality of my Trezor One. **Ledger**'s devices supposedly act as a normal GPG smart card, that can be used with pretty much any standard GPG implementation. Unfortunately on my devices, I received this error when attempting to use them as such: ``` OpenPGP card not available: Operation not supported by device ``` This could either be a [macOS issue](https://github.com/LedgerHQ/openpgp-card-app/issues/18#issuecomment-397544958) or a [driver issue](https://github.com/LedgerHQ/openpgp-card-app/blob/master/doc/user/blue-app-openpgp-card.pdf). In either case, I am not going to disable SIP on my personal computers to troubleshoot this, so I have been unable to test PGP functionality. I may try to find a Linux machine to test the Ledger devices with in the future. Both of these devices were fairly disappointing to me, in comparison to the YubiKey 5 series keys I've been testing as well, which worked out of the box on my macOS machine with no issue. Assuming I am able to get the Ledger to work properly, I would say that I prefer their implementation of PGP over Trezor's. It should be noted that the SSH key functionality of all these devices is tied to GPG (the GPG authentication subkey), and therefore I have not been able to test it. ## Conclusion This is just some initial testing on these devices. Let me know if there is anything I should look into. **Trezor One**: Currently recommended. At its price point it seems like it is the best option, but its strange implementation of PGP is disappointing to me. But PGP is just one flaw, and its main benefit is obviously *cryptocurrencies* which it handles decently well. I am not a fan of its support with Firefox, but things generally worked eventually. It is good to have a completely open-source option on the budget side of things. **Trezor Model T**: Currently recommended. I'm tempted to move this to worth mentioning however, because it doesn't seem like a huge improvement over the Trezor One unless you *need* Tezos support or something. Curious to hear thoughts. **Ledger Nano X**: I'm tempted to make this a full recommendation over the Model T. As far as mid/high end devices in this category go I have not been disappointed by the experience, and it certainly isn't as bad of an experience as some reviewers would have you believe. Again, I am curious to hear your thoughts however, because the closed-source aspect might be a concern. **Ledger Nano S**: Not recommended. The lack of usable storage space is only going to get worse down the road, which is probably a dealbreaker if you are using it as your main device. I think if you got it for free/cheap with a Nano X (they occasionally have decent bundle deals) it is a solid device as a backup. But if you just need a backup device, the Trezor One is likely cheaper and more functional.

👍 1

This repo is archived. You cannot comment on issues.