Review: Ledger Wallet Nano Provides Premium Security on a Budget

The Ledger Wallet Nano is a relatively affordable bitcoin hardware wallet with a few clever tricks up its sleeve.

AccessTimeIconDec 21, 2014 at 5:13 p.m. UTC
Updated Aug 18, 2021 at 3:31 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • The basics

    The Ledger Wallet Nano is a new hierarchical deterministic multisig hardware wallet for bitcoin users that aims to eliminate a number of attack vectors through the use of a second security layer. This tech-heavy description does not mean much to the average consumer, though, which is why I am going to explain it in plain language, describing what makes the Ledger Wallet Nano tick. The wallet launched in early December and for more background on the project you can catch up on our launch coverage.

    ledger-wallet-nano-review-vires-keyboard
    ledger-wallet-nano-review-vires-keyboard

    In terms of hardware, the Ledger Wallet Nano is a compact USB device based on a smartcard. It is roughly the size of a small flash drive, measuring 39 x 13 x 4mm (1.53 x 0.51 x 0.16in) and weighing in at just 5.9g.

    ledger-wallet-nano-review-box
    ledger-wallet-nano-review-box

    The box also contains a simple manual, recovery sheet and security card in black faux leather pouch.

    ledger-wallet-nano-review-unboxed
    ledger-wallet-nano-review-unboxed

    USB flash drive on the right included for reference

    I have no major complaints about the build quality, although some rough edges are visible upon closer examination. The plastic device features an aluminium swivel cover with a brushed finish like many USB drives. In fact, the design looks eerily similar to Super Talent's Pico-A series flash drives.

    Ledger Wallet Nano security concept

    Ledger's familiar design is where its similarities to traditional USB drives end, though. Since it does not use cheap NAND memory like the average USB drive, the Ledger should be more reliable. The manufacturer of the EEPROM memory used in the CC EAL5+ compliant smartcard offers a 30-year guarantee on data retention and 500,000 read/write cycles.

    ledger-wallet-nano-review-smartcard-closeup
    ledger-wallet-nano-review-smartcard-closeup

    The smartcard has been an industry standard for decades and eliminates a number of security issues that may arise on devices based on multipurpose microcontrollers.

    The wallet is obviously not designed as a standalone device, as it relies on the host computer to set up and execute transactions. Since the host computer is the most likely point of failure, the Ledger Wallet Nano is designed to render vulnerable or even compromised computers safe, by introducing another layer of security.

    The wallet signs bitcoin transactions internally and aims to prevent man-in-the-middle (MITM) attacks by employing a security card. Without this added security layer, the wallet would be exposed to MITM attacks, as a hacker could, in theory, gain control of the computer and proceed to compromise the wallet. The security card makes such an attack less likely by providing physical two-factor authentication.

    ledger-wallet-nano-review-security-card-front
    ledger-wallet-nano-review-security-card-front

    No transaction can be signed without human interaction – each transaction requires the user to visually scan the security card when prompted by the wallet app. The wallet displays the payment address and asks the user to enter codes for four random parts of the address. If the right code is not entered, a transaction cannot take place.

    Security card in lieu of dedicated display

    The Trezor hardware wallet, which we reviewed a few months ago, employs a screen to tackle this problem, prompting the user to enter the PIN on a pseudo-random numeric pad, visible only to the user. The Ledger team opted for a different approach in the form of a security card with 58 pairs of characters.

    The basic idea is the same, but the implementation is a bit different. Using a card in place of a screen obviously allows for a smaller device and keeps the overall cost down.

    ledger-wallet-nano-review-security-card
    ledger-wallet-nano-review-security-card

    The trade-off is that it also results in fewer possible permutations of the second-factor code. A persistent attacker with complete control over the user's PC could in theory reconstruct the security card after a few dozen transactions. Each transaction would provide the attacker with more 'depth' until sufficient information is collected to fully map and reconstruct the contents of the security card.

    As odd as it may sound, using the wallet on a number of different malware-ridden PCs would, in theory, be safer from an anti-MITM perspective than using it to make a few dozen transactions on your own computer.

    Ledger is aware of these limitations and is working to develop a mobile companion app that will essentially allow another device to act as a screen for the wallet. The app will be paired to the wallet using the security card, allowing the wallet to display the challenge on the mobile device, along with the target address and amount of BTC. The user will then be able to sign the security challenge and facilitate the transaction. The company plans to release the companion app in January 2015.

    Using the device

    ledger-wallet-nano-review-inserted
    ledger-wallet-nano-review-inserted

    The wallet is designed for use on desktop operating systems on Google's Chrome browser. I used an Asus Windows 8.1 tablet with a keyboard dock as the test bed.

    Installing the Ledger Wallet Nano

    The installation process is relatively straightforward, but requires the use of a Google Chrome app. The user merely needs to plug in the Ledger Wallet Nano into a USB port and head over to my.ledgerwallet.com to automatically install the Chrome application, which connects to Ledger's API server to access the blockchain.

    ledger-wallet-nano-review-chrome-app-install
    ledger-wallet-nano-review-chrome-app-install

    While comparatively popular, Chrome is not the only browser on the market and millions of users still rely on Firefox, Safari and even Internet Explorer. A platform-agnostic approach would have been preferable, but for a number of reasons, including security certificates, it is simply not feasible. Linux users also need to create a set of udev rules to allow access to the device.

    Once the app is ready, the user is prompted to enter the PIN. The user can choose the PIN or use one suggested by the installer. Then comes the recovery seed – when the wallet is initialised, it generates a 24-word mnemonic seed which must be stored, preferably on the included recovery sheet.

    ledger-wallet-nano-review-recovery-phrase
    ledger-wallet-nano-review-recovery-phrase

    Don't try this at home - the seed should be written down and stored safely

    The seed is displayed only once and must not be stored on your computer, in digital form. The seed is the only way of restoring the wallet in case of loss or hardware failure. This can be done using a replacement Ledger wallet, but the process also works on alternative BIP39 wallets like Electrum.

    ledger-wallet-nano-review-new-wallet
    ledger-wallet-nano-review-new-wallet

    The Ledger Nano must be initialised on an uncompromised computer. One way of doing this is via air gap, using a live OS like Chromium on a USB stick, and the process should not take very long, although it does involve a bit of BIOS tinkering (i.e. changing the boot sequence).

    ledger-wallet-nano-review-backup-sheet
    ledger-wallet-nano-review-backup-sheet

    In addition to the 24-word recovery phrase, the neatly arranged recovery sheet also includes the security card recovery QR code, which can be used to create a new copy of the second-factor security card in case of loss or theft. If you punch in the wrong PIN three times in a row, the wallet will reset itself to factory condition. This is also the easiest way of wiping the device in case you want to sell or gift it.

    Using the wallet

    ledger-wallet-nano-review-insert
    ledger-wallet-nano-review-insert

    Once the installation is complete, the user simply needs to insert the device into a USB port and enter the PIN in order to access the wallet.

    ledger-wallet-nano-review-receive
    ledger-wallet-nano-review-receive

    However, all transactions must be validated using the security card. The wallet will issue a challenge and the user needs to follow instructions and enter the four-character code to validate the transaction. This is done by entering the corresponding characters from the security card.

    ledger-wallet-nano-review-validation-card
    ledger-wallet-nano-review-validation-card

    The wallet itself is easy to use and anyone familiar with bitcoin wallets should feel at home. The only difference is the added layer of validation with the security card. Fortunately the whole process is simple and fast – usually taking no more than 15-20 seconds per transaction.

    ledger-wallet-nano-review-qr-scan
    ledger-wallet-nano-review-qr-scan

    The wallet also features a QR scanner. Despite the fact that QR scanning has limited applications on desktop platforms, I used it to simulate topping up a mobile wallet and it worked fine. It could be quite a time saver in some situations.

    Overall there is not much to say about the wallet – and this is a good thing – it's more or less a regular bitcoin wallet with an added layer of authentication, which doesn't take up a lot of time.

    Pros

    • Very compact and sleek design. The Ledger can fit on any keychain, but don't forget the security card.
    • Value for money – at €29.90 the Ledger Wallet Nano is rather cheap as far as hardware wallets go.
    • The use of a smartcard in lieu of general purpose microcontroller should boost security and reliability in the long run
    • Validation via security card does not take a lot of effort or time

    Cons

    • The device must be installed on a perfectly safe computer and not every user will be keen to use the 'air gap' approach.
    • The security card approach has its own pros and cons. While it helps keep the cost down and allows designers to create a truly pocketable device, it also provides slightly lower levels of security than a device with a dedicated screen. However, this issue could to some extent be addressed by the upcoming companion app.
    • Can't be used on mobile devices, support is currently limited to Chrome browser.

    Alternatives

    The Trezor wallet features a screen for an added level of immunity, but costs $119.

    Conclusion

    There is no such thing as absolute security, but the goal of hardware wallets is to make any potential attack more difficult and resource-intensive. Ledger is no exception – it is designed to render attacks impractical by raising the bar.

    At €29.90, the Ledger Wallet Nano is good value for money, which means it will appeal to enthusiasts who want to hold bitcoin but don't want to spend too much money on security, and this is what makes it special in my book. It's not an expensive, specialised piece of hardware for the select few, it's geared toward the everyday bitcoin user.

    The device can fit on a keychain and the security card in practically any physical wallet, which makes the Ledger very practical. If you lose either component, you can still recover your wallet using your mnemonic seed. The upcoming companion mobile app should boost security and bring Ledger on a par with more expensive solutions.

    Update 31-03-2015: The Ledger Wallet Nano is now available from Overstock.

    Disclaimer: CoinDesk obtains hardware in order to test the claims of manufacturers and produce informed reviews. CoinDesk does not receive payment for these reviews.

    This article should not be viewed as an endorsement of any of the companies or products mentioned. Please do your own extensive research before considering investing any funds.

    Where to buy: Direct from Ledger or Overstock.com

    Want CoinDesk to review your hardware product? Email us at contact@coindesk.com.

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.