Topic: Air-gapping 2 devices vs. Trezor/Ledger? (Read 482 times)

According to qrencode:
However, I can't make one that large. I could copy your post 4 times (2820 characters), so it looks like 3 kB is indeed the maximum:

This works better than I expected!

If I'm not mistaken, the limit is 3 kB. That's big enough for a consolidation transaction with 20 inputs and one output, and also big enough for a pay-to-many with one input up to about 80 outputs, even when using all legacy addresses. That's more than enough for the vast majority of individuals who aren't running a shop or some other service. And you can always fall back on USB if you need to.

You could also save to clipboard and use a third party program to break that down in to multiple QR codes or even one animated code and reconstruct the transaction from that, but I'd always manually check everything if you do use any other software (in reality, I would manually check everything anyway).

Is there a reason you are using a dedicated device for broadcasting them?
I mean, it definitely doesn't hurt. But it's not that necessary. You could use your daily online PC for that.

Further, if you have one dedicated offline device.. what is the point of storing the wallet files encrypted on the USB flash drives?
Why not simply store it on the SD card of the raspberry pi encrypted?




Highly unlikely.
One display should be enough. At least if you aren't edward snowden and are being hunted by 3 letter agencies all around the world.




Not necessarily.
You'll only transfer data which isn't confidential. It might be worth to check the integrity by using signatures or encrypting it, but that's not necessary.

However, using cameras and QR codes to transfer data is a more secure way.

I'm not sure what's the configuration for the maximum size of QR codes in most wallets but I believe if the size of the transaction is too large, it would reach the limit of the maximum size allowable for the QR code after the error correction. Could be a bit difficult to scan for the QR code if the display/camera has a low resolution or if it's too small.

You can probably use a different encoded string within the QR code for a larger size but can be slightly more complicated.

I don't follow the logic of putting these files in the USB drive. If you put your wallet on the USB and then move the USB back and forth between your two devices, including the one which has internet access, then you have completely negated the whole point of an airgapped setup.

For transferring transactions back and forth, the most preferable solution is to use QR codes and a webcam, to eliminate the possibility of accidentally transferring malware or your private keys on the USB drive. You can buy a Raspberry Pi camera module for $25.

A MicroSD card would be required for both devices. USB Flash drive would be necessary if you're transferring raw transactions across the online to offline device and signed transaction the other way.
If you're thinking of using the QR code to transfer the raw transactions, then possibly. If not, a monitor/TV screen would be sufficient.
Not that I've ever heard of. That'll have to be a very complex malware.
Depends. Are you afraid that the Flash drive could get stolen between the time the raw/signed transactions are deleted? If it's stolen, whoever opens that USB drive can see your transaction information and thus compromising your privacy. Security wise, it doesn't matter if it's encrypted or not.

I would wipe my flash drive every time after using it so I wouldn't think of encrypting it.

Please critique my proposed setup:

1) Use a reputable-brand USB stick (Sandisk, PNY, Kingston). Put portable electrum, veracrypt, and wallet files on it. Encrypt it with 20+ character password using AES.

2) Use 2 raspberry pi devices. One always offline. One online , but only for crypto transactions.

3) Display. Do I need 1 for each device?

Could the online device get malware, transfer it to the display, and then display transfer it to the offline device?

4) When transferring the transaction file between devices do I need to use an encrypted USB for this?

I don't find it too much of a problem. As long as you have a passphrase, the attacker would have a hard time trying to get your seed.

There are a lot more choices than those two companies, maybe you could try exploring your options. Regarding the attack, what makes you think that your devices would be more protected than your hardware wallet? Attacking Trezor requires the attacker to specifically extract the encrypted seed from the secure elements by desoldering it and using specialized tools, after that start to crack your keys. I've seen more vulnerabilities affecting mobile devices than most hardware wallet and they don't require special skills.

I feel like most attacks are often blown out of proportion and companies has been relatively quick (at least those competent ones) to respond and provide a mitigation to it.

Given BadUSB and the like, if someone sees using a hardware wallet as a liability (ideally a Trezor with a passphrase as the closed source Secure Element in Ledger could one day lead to a critical vulnerability), webcams to read QR codes are the only reasonable alternative.

No. But to software exploits, depending on how you handle it:

If you mean storing a wallet on an AES encrypted USB drive to then plug it into your computer when you want to make a transaction -- that's suspectible to any old malware attack and not much more secure than a regular hot wallet. Your private keys will get exposed as soon as you decrypt your wallet to make a transaction and if your computer is compromised so will be your wallet.

If you mean storing a wallet on an AES encrypted USB drive for use with an airgapped computer only, then you should be fine.



What sort of officer has a bread board, fitting electronic components and the knowledge ready to build a Trezor glitching device on the go?

On a more serious note, use a strong passphrase. Even after someone extracts the seed it will then still take them a couple of millenia [1] to get through (at least with the technology available for the foreseeable future)

[1] https://coldbit.com/can-bip-39-passphrase-be-cracked/

what i'm talking about is akin to flashing wads of cash in public, where less savory opportunists might notice and come after you. this is why i wouldn't wanna bust out a hardware wallet in a retail setting, show it off in public, etc.

a home invasion is a targeted attack. that's some next level shit. i don't think anyone is targeting me for a home invasion just because i own a cheap netbook! call me paranoid, but announcing yourself as a dedicated crypto investor in public with a ledger or trezor---that may be a different story.

and that's the distinction i'm making---it's not really about hardware wallet vs other security models like airgapping a PC. if you use a hardware wallet only online in your own home, then what i'm saying doesn't apply.

Are AES encrypted USB Flash Drives (PNY or San Disk) susceptible to hardware exploits like the Trezor?

Another problem I see with Trezor is that if an officer stops you and searches you and knows what a Trezor is then he can take it, and from what I've read it only takes 15 minutes to hardware exploit it. Good luck trying to actual go through litigation and get it back or prove anything during that route.

I feel really uneasy with my Trezor knowing that hardware exploit is possible, especially in 15 minutes. And then Ledger is closed source which makes me uneasy. Ugh. Tough decisions.

Hopefully not, secp256k1 has a lot more benefits than that .

Thanks! Someone mentioned (I think a few weeks ago) that secp256k1 isn't that susceptible to certain sidechannel attacks but I couldn't find any literature on that. I didn't do any in depth research on the feasibility on the various other sidechannel attacks. But I suspect an attack could also be mounted on the encrypting/decrypting process of the wallet instead of the signing itself or through the RNG. Don't quote me on this, just a thought.

I've read through the firmware of ColdCard briefly and they did actually implement a few measures to reduce the signature.

The limit here is usually 50k euro, although some banks have a 5k limit (and a few hours delay to increase it). Savings accounts are also fast, and stock brokers are fast too. Welcome to the Dutch banking system

Now, I am by no means an expert on this so please correct me if I'm wrong, but reading this paper it seems this does not apply to most bitcoin wallets (emphasis mine):

I would imagine most banks would put some kind of hold on a transfer if you suddenly decided to empty your entire account in a single transaction. I would also hope that people don't have their entire life savings sitting in a checking account with immediate access, because all you are doing there is slowly (or in some cases quickly) losing money as fiat constantly devalues. Most fiat accounts or investment vehicles which offer enough interest to at least match inflation require several days notice to access your money, although I assume this can vary quite widely between countries.

The wrench attack can also happen to your bank account in a home robbery: having a verified account at any exchange is enough to be forced to deposit your life savings, after which the attacker buys Bitcoin with your money.

Side channel attacks. Most of your devices are not specifically hardened to withstand side-channel attacks by reducing the potential attack vectors associated with the sidechannel, (eg. EM wave leakage, timing attacks). There has been a study conducted on this[1] but, interpret it as you want, it isn't that recent or conducted on major wallets. I wouldn't consider it to be THAT big of a threat but if we were to compare the specifics, might as well mention it.

I understand that Trezor and some of the secure chip used were vulnerable to such attacks as well. They've fixed the problem and most of them requires tearing entire device apart and the victim's participation while it's hooked up to an oscilloscope.

** I'm not sure if someone conducted similar experiments on Electrum but I'd like to see if there is one.


[1] https://eprint.iacr.org/2016/230.pdf

can you elaborate on this? what is the theoretical threat to an airgapped wallet setup?


the wrench attack angle is why i strongly prefer general purpose hardware. hardware wallets just scream "rob me!"

the only hardware wallet that appeals to me is bitbox---nice and discreet. anyone tried it?

As far as I am concerned, Windows 10 is malware, but that's another discussion.

But yes, I would not use a brand new store bought laptop as cold storage without formatting it first. You have no idea if that laptop has gone online before you bought it, what has been installed on it, what prepackaged software it comes with, what that prepackaged software has lurking in it, and so on. Physically airgap (i.e. remove relevant hardware), format, install Linux, set up full disk encryption, install wallet.

Raspberry Pi as suggested, provided you also have the necessary peripherals to plug in. If not then you can have a slightly less secure but still pretty good solution using a single laptop, and carrying a USB with Linux and your encrypted wallet on it. Use your laptop as you normally would with a watch only wallet on it. When you want to sign a transaction, shut down the laptop, disconnect your WiFi card (plus any other connectivity hardware and ideally also your hard drive), live boot to Linux, sign your transaction, shut down, reconnect your hardware, and boot back up to your normal OS.

Two mobile phones is another good solution, provided you make sure the cold storage one is securely encrypted and really airgapped (I wouldn't trust simply turning on airplane mode, and would want to physically remove or disable the relevant hardware).

Well, then I guess you're better off with airgapped storage. It really boils down to if you trust the HW wallet manufacturer in this case, if you don't want to trust anyone else. At the same time, you have to make the same assumption about your cold storage wallet as well as the OS.

I wouldn't say that it's hard to prove. I'll be able to see the various commits to the github page if I were watching it and it makes inspecting the code before updates much easier.

Might have some spyware, after all they tend to include a ton of spyware. I'll wipe them and just install Linux. The popularity and the design behind Linux based OS makes the chances for persistent malware infection harder.
Your use case would probably make hardware wallets more attractive.

If you'd like, you can just purchase 2 Raspberry Pis and use them as cold wallets. My personal preference would just be to put some funds in a hot wallet and bring it around. Even if I were to lose them, I wouldn't lose all my funds.