Ellipal is one of the lesser-known names in the hardware wallet game. The Hong Kong-based company is on the rise, however, propelled by the success of its flagship device, “The Cold Wallet 2.0.” The smartphone-like device promises all the functionality of a Ledger or Trezor wallet, but without the need to ever connect to the web.
Hardware wallets (HW) are the new Walkmans. The pocket-sized devices are becoming ubiquitous, with companies as incongruous as Blockchain and Sony launching their own models. In an era of “de-gadgetification,” in which standalone devices are united into all-encompassing smartphones, hardware wallets buck the trend. They are devices that, unlike MP3 players and voice recorders, are compromised by being incorporated into cellphones. Smartphones can be lost or stolen, while security holes abound, often due to spyware-riddled apps. For the security conscious, physically separating a cryptocurrency wallet from one’s phone is the only safe option.
For those who are paranoid about security, however, there’s an extra step that can be taken: separating the wallet from the web altogether. That’s the step that Ellipal have taken with their plainly named “The Cold Wallet 2.0.” The device claims to be “the most secure crypto hardware wallet.” Coming from a company that can’t even SSL its homepage, that’s a claim that should not be taken at face value. An investigation of the facts mercifully support 2.0’s boast to be highly secure, but it is impossible to rank it categorically alongside the likes of Ledger or Trezor.
Unboxing the Ellipal
The Ellipal, as we’ll refer to the device for the remainder of this review, arrives in packaging similar to that of a Ledger Nano S, complete with the obligatory tamper-proof seal. Inside, however, the device looks nothing like the sort of glorified USB sticks that normally pass as hardware wallets. Instead, it looks like this:
That’s right, a cheap smartphone. The Ellipal cold wallet feels as cheap and plasticky as it looks. In fact, it resembles a child’s toy smartphone — the sort you might pick up in the bargain bucket of a Walmart for a couple of dollars. Appearances can be deceptive, however. Inside the device is all the circuitry you need for a cold storage hardware wallet, controlled via a color touchscreen and a single side-button. For all intents and purposes, this is a smartphone without the dumb internet connection. And the cheap feel of the device is actually perfect for what it’s designed to do.
If you were to pull the Ellipal from your pocket in bars, boardrooms and coffee shops, there would be cause to take issue with the prominent bezel, thick profile and light weight. As it is, the HW will ideally never leave the sanctum where you’ve decided to stash it. And if it were to come fitted with a Gorilla Glass screen, all it would do is add a couple of hundred dollars to the $149 price tag, without any sort of improvement in security or UX. The cold wallet feels cheap then, but what’s inside is extremely expensive — the means to access your precious cryptocurrency.
Getting the device up and running involves a process that lies somewhere between setting up a new smartphone and a new hardware wallet. After popping the battery into the device and powering it up by pressing the side button, you’re prompted to run through a series of onscreen options, starting with language selection, followed by account creation. You can create a new BCH, BTC, ETH, or ERC20 wallet from scratch, or alternatively import an existing one. If you’ve gone for the former option, you’ll be asked to create an account name and password. The password length is capped at 12 characters which, while not a major security concern, seems an odd decision.
Next, it’s mnemonic time. The Ellipal displays a 12-word seed and instructs the user to write it down and store it safely. After doing so, you’re forced to input the seed by placing the words displayed on screen in the correct order. I took this opportunity to try and memorize the seed, using the memory palace technique. My daughter and I competed to see who could learn the seed off by heart, and within a few minutes, we had it committed to memory, with the aid of a picture-rich story in which each word was laid down in a particular place along the trail. I also made sure to write down the mnemonic as a fail-safe against the fallibility of human memory. You should, too.
It’s wise to obfuscate some element of this, perhaps by changing a letter in one of the words, or by reversing the order of the last two words. Alter the seed just enough so that any attacker who finds it and tries to input it will be stumped, but not so much that you’ll struggle to recall the correct order yourself when the time comes. Speaking of security, the decorative Ellipal sticker that comes with your HW shouldn’t be applied to your laptop or anywhere else that might alert others to your ownership of cryptocurrency, as with stickers produced by other HW manufacturers.
One Box, Two Wallets
The Ellipal, up until the point of creating a wallet on the hardware device, functions just like any other HW, albeit with the bonus of a convenient touchscreen. The cool part comes when you go to sign a transaction sent from the cold wallet using your smartphone. How exactly do you bridge the gap between an internet-connected device (smartphone) and a cold storage device? The answer comes in the form of QR codes, which each device can generate and the other can scan.
For example, once you’ve installed the Ellipal app on your smartphone, you can connect the cold wallet by scanning a QR code generated by the HW device. This now grants the ability to view the balance of the cold storage wallet on your phone. However, to send a transaction from that wallet without connecting the HW to the web, you’ll need to cue up the transaction in the Ellipal smartphone app, whereupon it will generate an unsigned QR code. You then scan this code using the HW, which in turn generates a signed QR code that you then scan using your smartphone. The process sounds convoluted, but in practice it’s less arduous than it seems.
For users who have no desire to scan multiple QR codes, there is the option of simply storing cryptocurrency in the Ellipal wallet within the smartphone app. But that defeats the whole purpose of having a separate cold storage device. All told, the Ellipal HW provides a fair trade-off between security and convenience. While there are hypothetical attack vectors by which an app could be compromised and used to send out a QR code instructing the HW to send cryptocurrency to an attacker’s address, it would require a highly sophisticated and precisely targeted attack to pull off such a feat. To all intents and purposes, the open-source Ellipal wallet scores highly for security.
Its UX isn’t as refined as that of the market leaders, but The Cold Wallet 2.0 is a fairly priced addition to a crowded market, and one which stands out on account of its original take on cold storage.
What are your thoughts on the Ellipal wallet? Let us know in the comments section below.
Images courtesy of Shutterstock.
Disclaimer: Bitcoin.com does not endorse nor support this product/service.
Readers should do their own due diligence before taking any actions related to the mentioned company or any of its affiliates or services. Bitcoin.com is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.
from Bitcoin News https://ift.tt/2Pmw037 Review: Ellipal’s ‘The Cold Wallet 2.0’