Welcome to our Ledger Nano S Review. Hardware wallets combine the safety of keeping your private keys offline with the ease of use of making transactions from an online computer and thus offer a very safe and yet simple solution for storing your bitcoins. A hardware wallet is a separate device that can be connected (via USB) to your computer to make transactions. The private keys are stored on the device, but can never leave the device.
The Ledger Nano S Review
Earlier we wrote a review of the Trezor, one of the first hardware wallets on the market. In this hands-on review, we look at the Ledger Nano S, the second generation hardware wallet from Ledger.
Ledger is a French startup, established in 2015 and based in Paris. Ledger focuses specifically on secure hardware solutions. In addition to the Nano S, Ledger also offers a number of other wallets: the Ledger Nano X (the successor of Nano S) which has an improved interface, supports more coins and more as well as the Nano Blue, an advanced hardware wallet with a color touchscreen and state-of-the-art-security.
We look at the Nano S because it is comparable to the Trezor in terms of functionality and therefore falls into the most commonly used hardware wallet category. With the price, the Nano S immediately scores a few points: the Nano S costs € 59 and is, therefore,
25 € cheaper than the Trezor (Update November 6, 2019: The Trezor One costs 58,02 € currently)
When you open the Nano S box, the first thing you see is a card with the following message:
Ledger uses attestation to guarantee that the device that you have received actually comes from Ledger. This proves that the device has not been replaced by counterfeiting and that the code running on it has not been modified by a malicious person who hacked the wallet. Ledger achieves this by giving a private key from the factory in a secure element on the device itself. Only Ledger knows which public key belongs to the private key on the device and the private key cannot be changed by someone who intercepts the package.
When you connect the device to a computer and let the Ledger software talk, it is checked whether the private key matches the public key that is known to Ledger for a certain batch of devices. If the device fails this test, it is immediately recognized as not legitimate and rejected. This is a great way to resolve concerns about tampering during shipment. Read here more about this process.
A disadvantage, on the other hand, is that not all code that the Nano S uses is public. The source code of the boot loader, the program that loads the operating system and checks whether the version being loaded is correct, is not (yet) publicly available. As a result, you not only need confidence in the hardware manufacturer, as is the case with other hardware wallets, but also in Ledger itself for loading the correct operating system on the Nano S.
The Nano S is initialized on the device itself. When you connect the Nano S to a computer for the first time via USB, you will be asked to enter a pin code. You do this by scrolling through the numbers with the two buttons on the Nano S. Entering the pin code on the device prevents reading by keyloggers. This operation works, but is not ideal: you have to click a lot of times to enter the pin code.
This pin code protects the device against malicious persons who have physical access to the Ledger Nano S. It is important to re-enter the pin code correctly each time: if you enter the pin code incorrectly three times in a row, the device is completely deleted. You can then only restore your wallet by using the backup seed.
The wallet is then created. This is done, just like with the Trezor and other bitcoin wallets, based on a series of 24 random words. This series of words is called the seed. These words serve as the basis for creating the private keys that the wallet will use. At the same time, the seed serves as a back-up for your wallet: as long as you know the 24 words, it is always possible to access the bitcoins in the wallet – the back-up seed must, therefore, be stored securely!
Generating the random data for creating the seed is done on the chip that is in the Nano S. Ledger indicates that the manufacturer of this chip guarantees that it meets the European standard for generating random data. This, therefore, leads to the downside that you will have to trust the hardware manufacturer.
It is possible to generate your own seed externally and then import it to the Nano S if you do not trust the random data that the Nano S generates. Some other hardware wallets, such as the Trezor, use a combination of internally generated random data and external data that comes from the user’s computer.
The Ledger Nano S shows the 24 words one by one on the screen so that they can be written down in the accompanying booklet. Subsequently, a number of words from the seed are requested on a random basis to check that these have been written down correctly. The words can only be displayed on the Nano S itself since the series is the basis for all private keys in the wallet. To guarantee safety, it cannot be displayed on a (potentially) compromised computer.
The management of the wallet and making transactions is done in the Ledger application on the computer. You can download the correct extension for your browser via ledgerwallet.com/start. Then you connect the Nano S to the computer, enter the correct PIN code and select on the Nano S which type of cryptocurrency you want to manage. In addition to Bitcoin, the Nano S supports Ethereum, XRP, Bitcoin Cash, EOS, Stellar and many more.
In addition to communicating with the Ledger applications for managing the wallet, it is also possible to use the Ledger in combination with an independent open-source desktop wallet, such as Electrum.
When you select Bitcoin, the Nano S communicates with the computer and the wallet interface opens. From here you can manage different accounts (separate wallets on the Nano S), do transactions, view your balance and view the transaction history.
Transactions are done in the same secure way as the Trezor and other hardware wallets: you enter the receiving bitcoin address on the computer together with the amount of bitcoins you want to send and you set the amount of the fee.
The transaction data is then communicated to the Nano S and confirmation of the transaction is requested. The Nano S shows the receiving bitcoin address, the amount of bitcoins to be sent and the amount of the fee on the screen.
After confirmation, the transaction is signed on the device itself – so the private keys never leave the device. This makes it safe to do bitcoin transactions, even if the computer you use is infected with a virus. The signed transaction is then sent from the computer to the bitcoin network.
The Ledger Nano S is comparable to the Trezor in many ways. The different hardware wallets, therefore, play on the same market and are both suitable as secure storage for your private keys. The functionality of both wallets is almost the same, so the choice of one or the other is therefore in small differences.
Out-of-the-box support for different cryptocurrencies is a plus for the Ledger Nano S, as well as the relatively cheap price. On the other hand, there is something to be said for focusing on a single cryptocurrency, a simpler design naturally leaves less room for possible attacks.
There is also something to be said for maximum transparency. One of the great features of Bitcoin is precisely the trustless nature. You prefer to see this feature as much as possible in Bitcoin-related products and services, hopefully, all source code of the Nano S will become fully publicly accessible in the future.
Ledger Nano S Pros
- Your bitcoins are safe for viruses and hackers
- Attestation guarantees the purity of the device upon receipt
- The Nano S offers support for multiple cryptocurrencies
- The price: cheaper than the Trezor
Ledger Nano S Cons
- You must rely on the hardware manufacturer
- Not all source code can be viewed publicly
- Physically safe storage is needed for the Ledger and the backup seed