Hardware wallets such as the Trezor Model One and Trezor Model T take care of the technical aspects of creating and managing your keys.
You can think of your Trezor as your key manager.
What does a hardware wallet do?
Alongside protecting the device itself, the most important thing you have to do as a Trezor user is keep your recovery seed safe. Using your recovery seed, your Trezor will:
- Derive your private key
- Use your private key for transacting bitcoin and other cryptocurrencies
- Create a key pair by generating a public key from your private key
- Use your public key to generate addresses for receiving bitcoin and other cryptocurrencies
Perhaps the most important feature of hardware wallets is that private keys never leave the device and can be physically secured by the owner. Hardware wallets create your keys offline using a secure hardware random number generator, and keep those keys offline, ensuring the security of your funds.
Other types of wallet do exist, such as software and mobile wallets. However, they often use built-in random number generators found on the device the wallet is installed on. These are hard to verify and are generally not secure as they will use an input such as the current time to calculate randomness. Even if your device generated randomness securely, hosting the resulting keys on a networked device means that at any moment it could be extracted, seen, or intercepted by an attacker.
Hardware wallets offer the security of cold or paper wallets, but with the accessibility and ease of use of hot wallets.
Hot wallet is a term used to describe cryptocurrency wallets that are connected to the internet. These typically include web, mobile and desktop wallets. Hot wallets offer greater convenience as they're always online - they're ready to use for small everyday transactions. However, they are vulnerable to attacks, so it is not a good idea to store significant funds using a hot wallet.
Cold wallet is used to refer to cryptocurrency wallets that are not connected to the internet, with cold storage solutions aiming for maximum security. Unlike hot wallets, cold wallets never expose the recovery seed or private keys to an insecure environment connected to the internet (e.g. your PC or smartphone)