 I thought that was fantastic. Can you talk a little bit about the hardware wallets? You know, those devices that no one ever used. Can you talk a little bit about those please? Absolutely. How many people in this audience have a hardware wallet or have used one? Okay, great. That's good practice. So hardware wallets were first introduced in 2013. Let me backtrack just a tiny bit and say something else, which is an important clarification. A Bitcoin wallet doesn't hold Bitcoin. In fact, the word wallet is very misleading. It's one of the problems in the naming of our industry. Bitcoin doesn't stay in your wallet. It's not in your wallet. It's on the blockchain. The Bitcoin is always on the blockchain. It cannot be anywhere else. Strictly speaking, there are no coins. There's just a ledger, but let's not go into that. The bottom line is, what we call a wallet is actually a keychain. It controls keys. It contains keys, and these keys are numbers. Your wallet contains the numbers that allow you to unlock, sign for, control the Bitcoin on the blockchain. This applies to all open public cryptocurrencies. Your wallet contains keys. The problem is that if someone steals your keys, they can do the unlocking, signing, and controlling part... of the Bitcoin that you thought was yours, but now, based on the possession of the keys by someone else, is no longer yours. That can happen fairly easily, because stealing a number out of a digital device is not that hard. The more complex the digital device is, the more opportunities there are to get in and steal something from inside it. The more applications it runs, the more interfaces it has, the more network traffic it has. There is a big difference in security between a device that is connected to the internet, on which you browse any old site that you happen to fancy just this moment, type things in, and go all over the internet, sampling things, and downloading little apps. That device is not going to be very secure. What a hardware wallet is, is basically, take that personal computer you are, strip out everything, and leave only a screen, two buttons, and only the software that can sign transactions and control keys, and make it as secure as possible. That is a minimalist approach to security. That device usually is a USB device, usually about this big. It looks like a thumb drive, really, in many cases. You connect it to your computer. Your computer can prepare a transaction, do all of the interacting with the internet, go to the merchant store, scan the QR code, all of that stuff. But then, the only device that can actually sign a transaction is the hardware wallet, where the keys are. Your computer will pass a transaction to the hardware wallet, and you can see on the screen that it is paying this amount to this address. That means that even if you take this and plug it into the most virus-infected machine you know, your local library computer, my dad's laptop, you can still do a secure transaction, because as long as you check on the screen of this device that the transaction it receives, through a very narrow opening, is the correct transaction, you can sign it and transmit it out onto the network, and the keys never leave the device. Nothing leaves the device other than a signed transaction, which isn't secret anyway. It's going to get recorded on the public blockchain soon. That's what a hardware wallet is. They cost anywhere from $35 to $150 on average, some are more expensive and fancy. If you have any significant amount of cryptocurrency, you should own one of these devices to store cryptocurrency. Most hardware wallets nowadays can have multiple cryptocurrencies, easily the top ten. They can control Bitcoin and Ethereum, Litecoin, and a bunch of other currencies. And of course all of the Ethereum tokens that go with that. They're very flexible, they're very convenient, they're very easy to use, and most importantly they're easy to use securely. You don't have to be an expert to maintain security. I think they're a great balance of ease of use and security for new users. Now you may think, okay great, so the keys are on the device, what happens if I lose the device? I mean this is just a USB device, what happens if I drop it in the toilet? I mean I've done that with my phone twice. So when you first initialize the keys on this device, it will display on the screen, once and only once, 24 English words, which are called the mnemonic phrase. Those 24 English words can recreate every key that device will ever produce. Which means that if you write those down and store them safely, they are a complete backup of every transaction, every address, every key that device will generate. Then you have to worry about how do you protect those 24 words. You can add a passphrase, but you're still much better than if you had that on your personal computer or smartphone. It's a lot harder to hack. Physical security is something that our species has had four million years of experience with. Hide the knot under the rock, don't let the other caveman see that it's under the rock. Information security is something that we've had about 30 years of experience with, and we still suck at it. One of the advantages of hardware wallets is that they allow you to take something that is purely digital. By turning it into a physical form, which is the words, and the device itself has a pin, it can be broken into even if someone takes control of it, at least not easily, by turning it into written words, you can apply physical security. Then all of your ancestral knowledge of castles, locks, bolts, keys, dogs, and alarms comes in. You can start applying all of that to the domain of Bitcoin. People are generally much more comfortable understanding what it takes to secure a piece of paper in one or two locations to have backup than what it takes to secure their own personal computer. That's the idea with hardware wallets. Make the virtual physical. Can the USB cable be compromised, the one that connects your hardware wallet to your desktop, and compromise some kind of sensitive information? The same question applies to, can the Chrome applet or user interface facing wallets be compromised? And compromise sensitive information? If you use a hardware wallet correctly, no. The reason for that is that no sensitive information ever travels out of the hardware wallet. A hardware wallet will receive all of the information it needs about a transaction in order to sign it. It will sign that transaction, then it will transmit a signed transaction back to the computer you're using. That signed transaction gets broadcasted to the network. There's nothing sensitive in that signed transaction, and even if that computer was completely compromised, there is no sensitive information for it to capture in the communication between your device, with two exceptions, and this is important to understand. One is the pin you enter. To protect against the capture of the pin you enter, there are two ways. Some hardware wallets use a combination of button clicks on the device to enter the pin. Second-generation hardware wallets have touchscreens that allow you to enter the pin directly on the device, not on your desktop or whatever other thing you're using to interface with a hardware wallet. First-generation hardware wallets also use the pin scrambling technique, where you see a mixed-up grid of numbers and identify them on your desktop by location. Your desktop doesn't actually know what pin number you're entering, just the location of this scrambled image. Again, if properly used, a compromised desktop can be used with a hardware wallet in a way that doesn't compromise the hardware wallet. The other way that you have some risk in the desktop environment is if you're using a passphrase. I would recommend that you do use a BIP39 passphrase with your hardware wallet. It offers that extra layer of protection. It's a second factor, which improves the security of your backup seed, as well as your device itself from theft. If that passphrase is typed on the desktop, then you have a problem, because that can be easily compromised by a key-locker. One of the great developments in hardware wallets in second-generation devices has been the introduction of the ability to type or select, letter by letter, the passphrase on the hardware wallet itself. It's never typed into your desktop computer. You can do that with the Ledger Nano S, the Model T, the Ledger Blue, the Model T is the new Trezor. All of those allow you to interface directly with the hardware wallet for pin and passphrase, so you never type that into the desktop. The final point about using hardware wallets with a compromised desktop, one of the easiest ways to compromise and steal money from end-users of cryptocurrency, is a clipboard or screen attack, whereby the address that you select to pay is compromised before it is sent to your hardware wallet. For example, you say, I want to receive some money on my Trezor, and you copy the Trezor address and paste it into an exchange, or send it to someone who is going to pay you. Because your desktop is compromised, in the clipboard it will replace the address that you intended to receive money with the attacker's address. When you paste it into an exchange, if you are not careful, or if you send it to your friend, they end up paying the attacker instead of you. On the opposite, you check out from a website or do an e-commerce purchase where you are trying to deposit money into an exchange, and you receive a Bitcoin address and you see it on your screen. Is that the address that the exchange sent you? Sometimes it is very difficult to verify that information. If you copy that and paste it into the desktop application or plug-in that is used to run your hardware wallet, how do you know that is the address you are sending funds to? A couple of tricks or techniques you can use to better use your hardware wallets to protect yourself against these types of attacks. Most hardware wallets have a feature that allows you to display the receive address of the hardware wallet on the screen of the hardware wallet. If you want to receive money into your hardware wallet, before you copy that to an external source, you press a button, it is usually a little eyeball or something like that, on your desktop interface. That tells the hardware wallet to display on its own screen the address it is going to give you to receive money. If you can see it on the screen of your hardware wallet, that, for the most part, is a secure channel. It is much more secure than your desktop. Before receiving to a hardware wallet, I always press that eyeball. I always have the hardware wallet display the receive address on its screen so that I can confirm that that is what my desktop is telling me, because I don't trust my desktop or laptop. The other way around you can do that is, let's say you are trying to pay a merchant or pay an exchange. Under certain circumstances, you can verify that the receive address you are about to send money to, let's say you are sending money to Coinbase, and it says, here is the address you should deposit Bitcoin. Can you trust your browser? Can you trust your screen? Can you trust your clipboard? That is the address in fact that Coinbase gave you. One way to do it is to pull out your smartphone, log on and visit your Coinbase account or your other exchange account, and look at what receive address comes up on your smartphone. Maybe your desktop is compromised. Maybe there is a man in the middle attack between you and the exchange over Wi-Fi. Maybe even there is an SSL vulnerability or TLS vulnerability and they are breaking into your session. Can the attacker also do all of that on your smartphone, operating over a cellular network, with a completely different browser? Unlikely. If you use two different channels to look at the address of your exchange, and they both show you the same information, then you have a higher level of confidence. Then when you ask your hardware wallet to make a payment, just before you hit that confirm button on your hardware wallet, carefully read that address and say, okay, is that the one that I saw on my screen? Is that the one that I actually pasted? Is that the one that I want to send the money to? It sounds paranoid, it sounds painstaking, and it's not going to be easy for new users. The rule of thumb when you are operating with these things is the hardware wallet screen is the screen you can trust what you are seeing, for the most part, and the desktop screen, or the smartphone screen, is the one you can't trust as much. First check, then double check, then triple check, then double and triple check again, which is quadruple and quintible check. Maybe it takes a few more seconds, but you will feel increasingly confident if you follow these simple steps in order to make absolutely sure you know where you are sending money. Mark asks, hardware wallet and a full node? I've been wanting to run a full node and ensure good security of my private keys. You recommend a hardware wallet as the most secure user-friendly way of storing private keys. As the Glacier protocol, or Agapt, private keys, are more difficult to secure for new users. But Bitcoin Core does not support hardware wallets. And to set up an Electrum as a full node requires maintaining an Electrum server, or the Electrum personal server, which is very new and only maintained by one developer. What options are there to have your transactions validate through your own full node, and sign with a hardware wallet that is relatively safe and easy? Well, Mark, that's a great question. And you are right, Bitcoin Core does not currently support the use of hardware wallets. However, just because you are using a full node to validate your own transactions, doesn't mean that that full node has to sign them. So, here's a setup that is much easier to do. Bitcoin Core does support Bip39 and Bip32 hierarchical deterministic wallets. So, what you can do is you can initialize Bitcoin Core to have what's called a watch-only extended public key. And what that means is that Bitcoin Core has the public key and the addresses of your entire HD wallet, but doesn't have any of the private keys and cannot sign transactions. That allows you to use a full node to monitor your transactions, to monitor the value and the balance of your various accounts, and to independently verify payments made to you. And if you want to sign a transaction, you open another platform. A simple electronic wallet will do. Or, quite honestly, any of the other wallets that support hardware wallet backends, and you sign your transaction there, and then you go back to Bitcoin Core, and you verify that your transaction has been propagated, and you can see your balance update.