Security Model
How W2QR protects your keys — as a virtual hardware wallet.
Key Lifecycle
In a traditional hardware wallet (Ledger, Trezor), the private key lives in a tamper-resistant secure element and never leaves the device. In W2QR, the key lifecycle is:
- At rest: encrypted in the QR code (honey encryption)
- During unlock: decrypted in-browser, signing key derived, mnemonic cleared from memory
- During session: signing key held in the wallet's encrypted state
- After timeout: signing key zeroed and cleared
The mnemonic exists in memory only during the derivation step (seconds). The signing key exists only during the session (minutes to hours). At rest, nothing is stored anywhere — only the encrypted QR exists.
Threat Model
QR stolen
Honey encryption: every password produces a valid mnemonic. The attacker gets millions of plausible wallets with no way to identify yours. Argon2id (64 MB, 3 iterations) makes each attempt slow.
Brute-force attack
No oracle: the attacker cannot tell when they've guessed correctly. They must check each mnemonic against the blockchain — infeasible at scale.
Wallet extension compromised
The wallet never stores the mnemonic. It holds only the session signing key, which auto-expires. A compromised wallet can sign during the session, but cannot recover the mnemonic or survive a session expiry.
Browser compromised
During the unlock step, the mnemonic exists briefly in browser memory. A fully compromised browser can intercept it — this is the same threat model as entering a password on any web page. Use a clean browser profile.
Man-in-the-middle
The encrypted payload is in the URL fragment (#), never sent to the server. All cryptography runs in-browser via WebAssembly.
Session hijacking
The signing key lives in the wallet's encrypted state, isolated from other extensions and pages. Only the connected wallet can invoke the signing methods.
Virtual HW Wallet vs Hardware Wallet
| Property | Ledger / Trezor | W2QR |
|---|---|---|
| Key at rest | Secure element (hardware) | Honey-encrypted QR (paper/file) |
| Unlock method | USB + PIN | QR scan + password |
| Key exposure | Never leaves secure element | In-browser during derivation |
| Brute-force resistance | PIN lockout (3-10 attempts) | Honey encryption (no oracle) |
| Physical theft | PIN protects device | Password protects QR (+ plausible decoys) |
| Cost | $60-200+ hardware | Free |
Honest Trade-Off
A hardware wallet's secure element ensures the private key never enters the host computer's memory. W2QR cannot match this guarantee — during the unlock step, the mnemonic briefly exists in browser memory. This is the trade-off for not requiring a physical device. Use a strong password, a clean browser, and keep sessions short.