Pages:
Author

Topic: Air-gapping 2 devices vs. Trezor/Ledger? (Read 525 times)

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
January 02, 2021, 01:02:29 PM
#35
I'm not sure what's the configuration for the maximum size of QR codes in most wallets
If I'm not mistaken, the limit is 3 kB.
According to qrencode:
Quote
The capacity of QR Code is up to 7000 digits or 4000 characters
However, I can't make one that large. I could copy your post 4 times (2820 characters), so it looks like 3 kB is indeed the maximum:
Image loading...
This works better than I expected!
legendary
Activity: 2268
Merit: 18771
January 02, 2021, 09:49:31 AM
#34
I'm not sure what's the configuration for the maximum size of QR codes in most wallets
If I'm not mistaken, the limit is 3 kB. That's big enough for a consolidation transaction with 20 inputs and one output, and also big enough for a pay-to-many with one input up to about 80 outputs, even when using all legacy addresses. That's more than enough for the vast majority of individuals who aren't running a shop or some other service. And you can always fall back on USB if you need to.

You could also save to clipboard and use a third party program to break that down in to multiple QR codes or even one animated code and reconstruct the transaction from that, but I'd always manually check everything if you do use any other software (in reality, I would manually check everything anyway).
legendary
Activity: 1624
Merit: 2481
January 02, 2021, 08:52:37 AM
#33
1) Use a reputable-brand USB stick (Sandisk, PNY, Kingston). Put portable electrum, veracrypt, and wallet files on it. Encrypt it with 20+ character password using AES.

2) Use 2 raspberry pi devices. One always offline. One online , but only for crypto transactions.

Is there a reason you are using a dedicated device for broadcasting them?
I mean, it definitely doesn't hurt. But it's not that necessary. You could use your daily online PC for that.

Further, if you have one dedicated offline device.. what is the point of storing the wallet files encrypted on the USB flash drives?
Why not simply store it on the SD card of the raspberry pi encrypted?



3) Display. Do I need 1 for each device?

Could the online device get malware, transfer it to the display, and then display transfer it to the offline device?

Highly unlikely.
One display should be enough. At least if you aren't edward snowden and are being hunted by 3 letter agencies all around the world.



4) When transferring the transaction file between devices do I need to use an encrypted USB for this?

Not necessarily.
You'll only transfer data which isn't confidential. It might be worth to check the integrity by using signatures or encrypting it, but that's not necessary.

However, using cameras and QR codes to transfer data is a more secure way.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
January 02, 2021, 08:30:07 AM
#32
I don't follow the logic of putting these files in the USB drive. If you put your wallet on the USB and then move the USB back and forth between your two devices, including the one which has internet access, then you have completely negated the whole point of an airgapped setup.

For transferring transactions back and forth, the most preferable solution is to use QR codes and a webcam, to eliminate the possibility of accidentally transferring malware or your private keys on the USB drive. You can buy a Raspberry Pi camera module for $25.
I'm not sure what's the configuration for the maximum size of QR codes in most wallets but I believe if the size of the transaction is too large, it would reach the limit of the maximum size allowable for the QR code after the error correction. Could be a bit difficult to scan for the QR code if the display/camera has a low resolution or if it's too small.

You can probably use a different encoded string within the QR code for a larger size but can be slightly more complicated.
legendary
Activity: 2268
Merit: 18771
January 02, 2021, 07:58:27 AM
#31
I don't follow the logic of putting these files in the USB drive. If you put your wallet on the USB and then move the USB back and forth between your two devices, including the one which has internet access, then you have completely negated the whole point of an airgapped setup.

For transferring transactions back and forth, the most preferable solution is to use QR codes and a webcam, to eliminate the possibility of accidentally transferring malware or your private keys on the USB drive. You can buy a Raspberry Pi camera module for $25.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
December 30, 2020, 09:11:01 PM
#30
1) Use a reputable-brand USB stick (Sandisk, PNY, Kingston). Put portable electrum, veracrypt, and wallet files on it. Encrypt it with 20+ character password using AES.

2) Use 2 raspberry pi devices. One always offline. One online , but only for crypto transactions.
A MicroSD card would be required for both devices. USB Flash drive would be necessary if you're transferring raw transactions across the online to offline device and signed transaction the other way.
3) Display. Do I need 1 for each device?
If you're thinking of using the QR code to transfer the raw transactions, then possibly. If not, a monitor/TV screen would be sufficient.
Could the online device get malware, transfer it to the display, and then display transfer it to the offline device?
Not that I've ever heard of. That'll have to be a very complex malware.
4) When transferring the transaction file between devices do I need to use an encrypted USB for this?
Depends. Are you afraid that the Flash drive could get stolen between the time the raw/signed transactions are deleted? If it's stolen, whoever opens that USB drive can see your transaction information and thus compromising your privacy. Security wise, it doesn't matter if it's encrypted or not.

I would wipe my flash drive every time after using it so I wouldn't think of encrypting it.
newbie
Activity: 11
Merit: 13
December 30, 2020, 09:03:15 PM
#29
Please critique my proposed setup:

1) Use a reputable-brand USB stick (Sandisk, PNY, Kingston). Put portable electrum, veracrypt, and wallet files on it. Encrypt it with 20+ character password using AES.

2) Use 2 raspberry pi devices. One always offline. One online , but only for crypto transactions.

3) Display. Do I need 1 for each device?

Could the online device get malware, transfer it to the display, and then display transfer it to the offline device?

4) When transferring the transaction file between devices do I need to use an encrypted USB for this?
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
December 28, 2020, 11:58:26 PM
#28
Are AES encrypted USB Flash Drives (PNY or San Disk) susceptible to hardware exploits like the Trezor?

Another problem I see with Trezor is that if an officer stops you and searches you and knows what a Trezor is then he can take it, and from what I've read it only takes 15 minutes to hardware exploit it. Good luck trying to actual go through litigation and get it back or prove anything during that route.

I feel really uneasy with my Trezor knowing that hardware exploit is possible, especially in 15 minutes. And then Ledger is closed source which makes me uneasy. Ugh. Tough decisions.
I don't find it too much of a problem. As long as you have a passphrase, the attacker would have a hard time trying to get your seed.

There are a lot more choices than those two companies, maybe you could try exploring your options. Regarding the attack, what makes you think that your devices would be more protected than your hardware wallet? Attacking Trezor requires the attacker to specifically extract the encrypted seed from the secure elements by desoldering it and using specialized tools, after that start to crack your keys. I've seen more vulnerabilities affecting mobile devices than most hardware wallet and they don't require special skills.

I feel like most attacks are often blown out of proportion and companies has been relatively quick (at least those competent ones) to respond and provide a mitigation to it.
legendary
Activity: 3472
Merit: 1724
December 28, 2020, 08:49:10 PM
#27
  • If you can use webcams to transfer transactions back and forth via QR codes, then this removes the possibility of accidentally and unknowingly transferring malware via a USB drive. The webcams should be unplugged when not being actively used for your own privacy.

Given BadUSB and the like, if someone sees using a hardware wallet as a liability (ideally a Trezor with a passphrase as the closed source Secure Element in Ledger could one day lead to a critical vulnerability), webcams to read QR codes are the only reasonable alternative.
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
December 28, 2020, 07:14:32 PM
#26
Are AES encrypted USB Flash Drives (PNY or San Disk) susceptible to hardware exploits like the Trezor?

No. But to software exploits, depending on how you handle it:

If you mean storing a wallet on an AES encrypted USB drive to then plug it into your computer when you want to make a transaction -- that's suspectible to any old malware attack and not much more secure than a regular hot wallet. Your private keys will get exposed as soon as you decrypt your wallet to make a transaction and if your computer is compromised so will be your wallet.

If you mean storing a wallet on an AES encrypted USB drive for use with an airgapped computer only, then you should be fine.


Another problem I see with Trezor is that if an officer stops you and searches you and knows what a Trezor is then he can take it, and from what I've read it only takes 15 minutes to hardware exploit it. Good luck trying to actual go through litigation and get it back or prove anything during that route.

I feel really uneasy with my Trezor knowing that hardware exploit is possible, especially in 15 minutes. And then Ledger is closed source which makes me uneasy. Ugh. Tough decisions.

What sort of officer has a bread board, fitting electronic components and the knowledge ready to build a Trezor glitching device on the go? Cheesy

On a more serious note, use a strong passphrase. Even after someone extracts the seed it will then still take them a couple of millenia [1] to get through (at least with the technology available for the foreseeable future)

[1] https://coldbit.com/can-bip-39-passphrase-be-cracked/
legendary
Activity: 1652
Merit: 1483
December 28, 2020, 05:37:19 PM
#25
the wrench attack angle is why i strongly prefer general purpose hardware. hardware wallets just scream "rob me!"
The wrench attack can also happen to your bank account in a home robbery: having a verified account at any exchange is enough to be forced to deposit your life savings, after which the attacker buys Bitcoin with your money.

what i'm talking about is akin to flashing wads of cash in public, where less savory opportunists might notice and come after you. this is why i wouldn't wanna bust out a hardware wallet in a retail setting, show it off in public, etc.

a home invasion is a targeted attack. that's some next level shit. i don't think anyone is targeting me for a home invasion just because i own a cheap netbook! call me paranoid, but announcing yourself as a dedicated crypto investor in public with a ledger or trezor---that may be a different story.

and that's the distinction i'm making---it's not really about hardware wallet vs other security models like airgapping a PC. if you use a hardware wallet only online in your own home, then what i'm saying doesn't apply.
newbie
Activity: 11
Merit: 13
December 28, 2020, 02:34:49 PM
#24
Are AES encrypted USB Flash Drives (PNY or San Disk) susceptible to hardware exploits like the Trezor?

Another problem I see with Trezor is that if an officer stops you and searches you and knows what a Trezor is then he can take it, and from what I've read it only takes 15 minutes to hardware exploit it. Good luck trying to actual go through litigation and get it back or prove anything during that route.

I feel really uneasy with my Trezor knowing that hardware exploit is possible, especially in 15 minutes. And then Ledger is closed source which makes me uneasy. Ugh. Tough decisions.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
December 28, 2020, 08:43:01 AM
#23
Now, I am by no means an expert on this so please correct me if I'm wrong, but reading this paper it seems this does not apply to most bitcoin wallets (emphasis mine):

-snip-

Bitcoin Core has been using libsecp256k1 since 0.10 in 2015. Which wallets are still using OpenSSL and not libsecp256k1?
Hopefully not, secp256k1 has a lot more benefits than that Tongue.

Thanks! Someone mentioned (I think a few weeks ago) that secp256k1 isn't that susceptible to certain sidechannel attacks but I couldn't find any literature on that. I didn't do any in depth research on the feasibility on the various other sidechannel attacks. But I suspect an attack could also be mounted on the encrypting/decrypting process of the wallet instead of the signing itself or through the RNG. Don't quote me on this, just a thought.

I've read through the firmware of ColdCard briefly and they did actually implement a few measures to reduce the signature.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
December 28, 2020, 08:32:43 AM
#22
I would imagine most banks would put some kind of hold on a transfer if you suddenly decided to empty your entire account in a single transaction. I would also hope that people don't have their entire life savings sitting in a checking account with immediate access, because all you are doing there is slowly (or in some cases quickly) losing money as fiat constantly devalues. Most fiat accounts or investment vehicles which offer enough interest to at least match inflation require several days notice to access your money, although I assume this can vary quite widely between countries.
The limit here is usually 50k euro, although some banks have a 5k limit (and a few hours delay to increase it). Savings accounts are also fast, and stock brokers are fast too. Welcome to the Dutch banking system Wink
legendary
Activity: 2268
Merit: 18771
December 28, 2020, 08:28:54 AM
#21
Now, I am by no means an expert on this so please correct me if I'm wrong, but reading this paper it seems this does not apply to most bitcoin wallets (emphasis mine):

The wrench attack can also happen to your bank account in a home robbery: having a verified account at any exchange is enough to be forced to deposit your life savings, after which the attacker buys Bitcoin with your money.
I would imagine most banks would put some kind of hold on a transfer if you suddenly decided to empty your entire account in a single transaction. I would also hope that people don't have their entire life savings sitting in a checking account with immediate access, because all you are doing there is slowly (or in some cases quickly) losing money as fiat constantly devalues. Most fiat accounts or investment vehicles which offer enough interest to at least match inflation require several days notice to access your money, although I assume this can vary quite widely between countries.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
December 28, 2020, 06:24:45 AM
#20
the wrench attack angle is why i strongly prefer general purpose hardware. hardware wallets just scream "rob me!"
The wrench attack can also happen to your bank account in a home robbery: having a verified account at any exchange is enough to be forced to deposit your life savings, after which the attacker buys Bitcoin with your money.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
December 28, 2020, 05:20:39 AM
#19
can you elaborate on this? what is the theoretical threat to an airgapped wallet setup?
Side channel attacks. Most of your devices are not specifically hardened to withstand side-channel attacks by reducing the potential attack vectors associated with the sidechannel, (eg. EM wave leakage, timing attacks). There has been a study conducted on this[1] but, interpret it as you want, it isn't that recent or conducted on major wallets. I wouldn't consider it to be THAT big of a threat but if we were to compare the specifics, might as well mention it.

I understand that Trezor and some of the secure chip used were vulnerable to such attacks as well. They've fixed the problem and most of them requires tearing entire device apart and the victim's participation while it's hooked up to an oscilloscope.

** I'm not sure if someone conducted similar experiments on Electrum but I'd like to see if there is one.


[1] https://eprint.iacr.org/2016/230.pdf
legendary
Activity: 1652
Merit: 1483
December 28, 2020, 05:01:54 AM
#18
If you want to seriously compare the security of airgapped vs hardware wallets, then the sidechannel attacks are impossible to defend though I think secp256k1 is less susceptible to some of it than others. Hardware wallets are usually hardened against those.

can you elaborate on this? what is the theoretical threat to an airgapped wallet setup?

Most times in situations with physical access a $5 wrench attack happens, rather than some high-tech hacking with abusing hardware bugs and such. If you trust hardware wallet manufacturers and distrust computer component vendors, that's fine, and vice versa.

the wrench attack angle is why i strongly prefer general purpose hardware. hardware wallets just scream "rob me!"

the only hardware wallet that appeals to me is bitbox---nice and discreet. anyone tried it?
legendary
Activity: 2268
Merit: 18771
December 28, 2020, 03:59:13 AM
#17
So, if I went to best buy I bought 2 HP laptops with Windows 10, I should be concerned that there may be malware in them even if they don't go online--perhaps by some of the pre-installed software?
As far as I am concerned, Windows 10 is malware, but that's another discussion. Tongue

But yes, I would not use a brand new store bought laptop as cold storage without formatting it first. You have no idea if that laptop has gone online before you bought it, what has been installed on it, what prepackaged software it comes with, what that prepackaged software has lurking in it, and so on. Physically airgap (i.e. remove relevant hardware), format, install Linux, set up full disk encryption, install wallet.

Also, what do you suggest to be a lightweight option. I travel a lot and if I took this route I'd like to not have to carry around 2 laptops with me all the time. This weight issue might be the only reason I stick with Trezor.
Raspberry Pi as suggested, provided you also have the necessary peripherals to plug in. If not then you can have a slightly less secure but still pretty good solution using a single laptop, and carrying a USB with Linux and your encrypted wallet on it. Use your laptop as you normally would with a watch only wallet on it. When you want to sign a transaction, shut down the laptop, disconnect your WiFi card (plus any other connectivity hardware and ideally also your hard drive), live boot to Linux, sign your transaction, shut down, reconnect your hardware, and boot back up to your normal OS.

Two mobile phones is another good solution, provided you make sure the cold storage one is securely encrypted and really airgapped (I wouldn't trust simply turning on airplane mode, and would want to physically remove or disable the relevant hardware).
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
December 27, 2020, 10:42:37 PM
#16
I find the line of reasoning very similar to how people on reddit say "don't worry the source code is open and firmware is open" [and just assume it's audited by experts].

Also just wanted to throw in there that if there was perfect time for Ledger to do an exit (or not even necessarily exit) scam it would be now given the high price of BTC and probably the lowest ever approval rating for the company. Even if 1 or 2 out of every 100 wallets lose funds it would be hard to prove fraud. They could probably get away with it. I doubt they will do something like that, but I'm just saying.
Well, then I guess you're better off with airgapped storage. It really boils down to if you trust the HW wallet manufacturer in this case, if you don't want to trust anyone else. At the same time, you have to make the same assumption about your cold storage wallet as well as the OS.

I wouldn't say that it's hard to prove. I'll be able to see the various commits to the github page if I were watching it and it makes inspecting the code before updates much easier.

Let me make sure I interpreting this correctly.

So, if I went to best buy I bought 2 HP laptops with Windows 10, I should be concerned that there may be malware in them even if they don't go online--perhaps by some of the pre-installed software?
Might have some spyware, after all they tend to include a ton of spyware. I'll wipe them and just install Linux. The popularity and the design behind Linux based OS makes the chances for persistent malware infection harder.
Also, what do you suggest to be a lightweight option. I travel a lot and if I took this route I'd like to not have to carry around 2 laptops with me all the time. This weight issue might be the only reason I stick with Trezor.

I was hoping I can just use 2 phones (remove wifi card and antenna of the offline one)?
Your use case would probably make hardware wallets more attractive.

If you'd like, you can just purchase 2 Raspberry Pis and use them as cold wallets. My personal preference would just be to put some funds in a hot wallet and bring it around. Even if I were to lose them, I wouldn't lose all my funds.
Pages:
Jump to: