Topic: airgap wallet not totally safe? (Read 3860 times)

No Mic, no problem.

To the completeness: https://en.wikipedia.org/wiki/BadBIOS

A QR code just contains *data* (no program) so it is very different to a USB device (that can contain things like autorun programs).

*EDIT* the use of QR codes is "dumb comms" vs. USB which is "smart comms" - when it comes to best security practices the "dumber" the better (audio cables are another approach that has been worked on).

Note that narrowing the comms down to "one channel" (i.e. just cams) is much better than having to deal with multiple potential comms channels.

I guess I like to say destroy because then I cant use it on network (or someone else) ever again on purpose or by mistake compromising my whole network. Even if I marked the devices in red it could still happen if a family member, TSA, boogyman etc gets there hands on it and says "what's this" and plugs it into a computer (which 2014 will be 99% likely on network) now your whole op is compromised because of someone intentional or otherwise.

Additionally I am not quite sure I understand how QR codes keep you safe from malware. Please correct me if I am wrong but computers communicate using the most basic of 1's and 0's. In theory if the QR code program on each end was malware. It could simply decode the QR data and format it to do whatever corrupt bidding you could fit on a QR code (no idea). I do know that when I was a kid I programmed a basic hard drive delete program. It was so small if I had to guess I could get it into QR format somehow.... could be way off base tho but makes sense in my head at least.

**edit** I guess you're saying that because my airgap computer is snapping photos of the QR codes and the airgap comp never touches the network that there is no way for the airgap comp to transmit back data w/o it generating its own QR code. wireless signal, Lan, IR, etc etc. If that makes sense. Even if they were to encode my private keys into a QR code it could never make it back to the network because the airgap computer physically has no way of talking.

I'm talking about media, such as DVD / CD / or usb-device.

You could print your priv_key of cold wallet on the paper with printer.
Further, import it on the connected to the network computer side.
Thereafter, spend your Bitcoins as much faster as it possible!!!!! (((;


This is what called Air-Gap and what called Sneakernet.

See also: Bell–LaPadula model   - Up - yes, Down - no.

In such way, your Air Gapped Station simply can't leak any data to the network.

It would be safer to use QR codes rather than USB devices (due to potential attack vectors) but if you are going to use USB there is no reason to "destroy" the device (the point is to simply not re-use it).

so this is 100% true? Can anyone else verify this?

Also you can never let a airgap computer touch the network. I have no idea why that article says connect to the network as little as possible? You're supposed to never connect. Anything you move over to the airgap computer should be through usb stick and then the usb stick essentially smelted.

You're missing my point.

The risk of being infected by malware without ever connecting to the Internet = x
The risk of being infected by malware by connecting to the Internet once = x +1


Most malware is not known and Linux is by no means immune. (But I agree, it's a better alternative than Windows)


If "out = no", how will you spend your bitcoins?

Dear, this beastie shall looks like Stuxnet, it must know that you are air-gapped. It is like attack against nuclear power station. Chance to be infected by such worm while first and last boot of air-gap station is 0.00000000 ... 000001 %

Easiest ways to protect your self against such worms, DON'T USE microsoft SOFTWARE. Better to take one of the Linux's LiveCD


Additionally, any device or media connected once to the Air-Gapped Station shall not be used ever. For example, you bring data on DVD 4.0 Gb of blockchain or anything else, this media shall be destroyed, burned, annihilated. In - yes, out - no.

Which would suck if you picked up a beastie during that process, wouldn't it?

He talking about "set up".

He means, that at the first boot something anyway shall be downloaded from the network.

His step 1:


For bitcoin air-gapping that is already not acceptable. You just don't connect it to the Internet.

There is good post "Schneier on Security" from 2013 year about Air Gaps:

https://www.schneier.com/blog/archives/2013/10/air_gaps.html

Looks like it is still actual. Most of Bitcoin's users could just follow him with their 10 - 20 BTC in cold wallets.

Holder with 1mil$ in BTC probably would like to hardening this way little bit more.

This could be avoided if running the computer off batteries, which are only charged from main when they are disconnected from the computer.

I believe the problem is not malware infecting your computer through the the power cable, but existing malware leaking information through the power cable.

Just because I like it so much I'll leave this here:

Tx signing via minimodem
https://bitcointalksearch.org/topic/tx-signing-via-minimodem-735111

so will we all be using that special box thingy in the future? lolzzzz(true the plug itself is a sec breach)

anyway whats the deal with security breach through existing wiring? If you charge a battery first and then charge the computer is it still possible for a virus/malware to be in the battery or is that a gap too. thank

The ground pins in that pic will leak data to the local grid.

I would think isolated signature systems for multisig and 2fa would be ample security. Polarized lenses and laser scanners with mirrors might be useful for independently confirming signatures. There's lots of cheap real world tech to play with.

Air Gap can be safe 100% with caution of RF Emanation, i'm talking about GSM and WI-FI.

See, TEMPEST Transient Electromagnetic Pulse Emanation Standard
* en.wikipedia.org Tempest_(codename)

Read this article en.wikipedia.org Air gap (networking)