Topic: AirGapped Hardware Wallets - page 5. (Read 1223 times)

Yes,

we can generate a wallet without being connected to the internet. With ledger nano s we can generate a wallet using power bank, but still, need a ledger Live application to download the Bitcoin aplication.

maybe Trezor is real air-gapped, with a new update, we can generate a wallet without using the internet (suite)

EVERYONE in the field refers to a device that is plugged via USB as non-airgapped. You may define your definitions however you want or even start a discussion, but this won't change the commonly accepted terminology.

As for the malware examples; not sure whether there was an attack already, but if there was none so far, it's easy to understand how the attack surface is smaller when you're not physically attached but merely exchange QR codes. Also just because an attack was not carried out yet, doesn't mean it's not possible. That's why we migrate to secure encryption schemes before quantum computing is able to break RSA and not after it will have happened, for example.^{in case it's not clear, airgap has nothing to do with quantum computing or breaking asymmetric encryption}

They're not, because they are connected to an online PC via USB directly. In theory, the communication protocol can be hacked and e.g. address be replaced before being sent to the device to be signed.

That's the whole point of air gap: a gap of air between your hardware wallet and your online device which publishes the signed transaction. This highly minimizes the attack surface.

@dkbit98: thanks for this topic, I really enjoy these 'wallet lists'! Always great to have them bookmarked and check from time to time to see what's available.
Suggestion: add next to each device an info on the type of airgap it uses: QR/Cameras, SD cards, etc.... (not sure of other ways).

For me, it seems way better to have the QR Code + camera way because on one hand I feel plugging an SD card in, bears potential risk as well (see viruses that spread via USB sticks..) and also because if you have a QR + camera type wallet, you can use it with any PC or phone which has a webcam. This is one limitation of USB wallets that really bugs me; they don't work on iOS. And I will certainly not use a HW wallet that communicates over Bluetooth either..

I think this definition is quite accurate. I looked on wikipedia and found this:


I tend to agree with this, but I am not an specialist.

I was reading ledger website, and I found this:


Looks like Ledger and Trezor are airgapped.

On the other hand, is it true that removing USD we really achieve an extra protection? are people safer using Cold Wallet than using Ledger Nano or Trezor? I don't know, and I have never heard such claim before, this is new to me. I am currently satisfied with my ledger, AFAIK.


It is also true that you insert a Ledger and Trezor into an infected computer that the virus will be unable to extract your private keys (ofc you shouldn't do that on purpose). You can see this comment from Trezor team on Reddit:

According to the website, coldcard is only for bitcoin. Don't it require any upgrade? For instance; supporting LN may require an upgrade? I'm not sure though.
In case of Safepal, upgrade is optional. You can still go with current one all the time but that wouldn’t give you the benefit of using the latest coin edition in wallet. Other than that, that's okay to use as airgapped wallet. I haven’t use it yet but seen one review in youtube and seems fine as it doesn’t require you to be connected with any other device directly.

OMG...
No we don't, because I defined them in first few sentences.

Sorry but you have zero authority to talk anything about airgapped devices.

Have you actually read what I wrote before or you just blabing like this without any sence?
I literally said they are using secure USB over FIDO protocol so no need to repeat like a parrot.

No they are not trully airgapped and even those manufacturers don't claim that, but maybe you can teach them better  

I think we need to define what airgapped devices are.

For example, I can set up Electrum airgapped device and be using its watch-only wallet to connect to it through QR code or USB stick, that does not mean it is not airgapped.

I know you are trying to bring up something but making use of airgapped may not be appropriate.

Hardware wallets like Trezor and Ledger Nano that make use of USB code can not be said they are not airgapped, they are actually airgapped devices, they are completely seperate from wallet extension that are used to operate them while making transactions, even is there any malware that can reveal their seed phrase or keys? I doubt that, if wrong you can correct me with proves.

Only the malware I know that can attack reputed hardware wallet this way are clipboard or QR code malware which can change recipient's address to hacker's address while making transaction. The reason we should make sure we protect our hardware wallet extension that we use to operate it from malware, also checking and rechecking the bitcoin address we are sending bitcoin to.

Reputed hardware wallets like Trezor and Ledger Nano are airgapped too, but I understood what you meant, but airgapped should not be the appropriate term.

AirGapped devices by definition are never directly connected to internet or to any other devices that are connected to the internet.
However, most devices including computers and hardware wallets still have USB connections and that is the easiest way to breach airgapped machine, but not the only one.
Airgap malware exist today that are using acoustic or other type of signaling like light, magnetic, thermal or radio frequency, so we know that AirGapped devices are not providing perfect protection.

Hardware wallets are never directly connected to the internet and most of them are using USB connection with secure device-to-device FIDO protocol,
but if we want better protection we should look for True Airgapped wallets, and remove any USB connection with computer.
There are currently only a few Airgapped hardware wallets, but I expect this trend will grow in near future with better devices and better protection.
Always choose Open Source and tested hardware wallets.

Airgapped Hardware wallets:

• Keystone
• Coldcard
• Passport
• Jade (soon)
• Safepal
• Ellipal
• Ngrave

- Safepal is closed source, claims it is airgapped, but you need to connect it with USB cable for every update.
- Ellipal is closed source.
- Ngrave is unknown source (they plan to be mostly open source)

DIY Airgapped Hardware wallets:

• Specter DIY Wallet
• SeedSigner DIY Wallet*
• Krux DIY Wallet*

* Signing Device

Most of this wallets are communicating with QR codes or SD cards and they have their own flaws.
Nothing is perfect so do your own research before using any of this wallets.