You are right in that having a closed source hardware, like Intel or AMD, can be a potential liability. I'm not overly familiar with this subject, but I think there are independent hardware manufacturer you can switch to, like Raspberry pi.
Alternatively, if you use an air-gapped computer, you can get by even with closed source hardware, as discussed in this thread:
https://bitcointalksearch.org/topic/could-the-intel-vulnerability-have-compromised-private-keys-2690001
Signing an offline transaction with an airgapped device won't compromise your private keys, since the online device that transmits the transaction has no access to the private keys on the airgapped device.
However, the following possible exploits still prevail, regardless of Meltdown and Spectre:
-) A compromised USB stick could still grab your private keys from the airgapped device while copying the signed transaction for later transmission using the online device.
-) Simply moving a private key from an online device to an airgapped device will do little for your security. The private keys should be generated by the airgapped device itself.
-) Make sure your device is indeed airgapped and doesn't try to connect to any open Wifis that may be around.
Basically, every offline approach to wallet security still holds. Hot wallets are more susceptible to attacks than ever, at least until the security updates are out.
Alternatively, if you use an air-gapped computer, you can get by even with closed source hardware, as discussed in this thread:
https://bitcointalksearch.org/topic/could-the-intel-vulnerability-have-compromised-private-keys-2690001
[...]
Even if I moved all of my private keys into an airgapped laptop which has never seen the internet after being formatted, when I wanted to sign an offline transaction into the online node... the node is still connected to the internet, could somehow a exploit happen in the process?
Even if I moved all of my private keys into an airgapped laptop which has never seen the internet after being formatted, when I wanted to sign an offline transaction into the online node... the node is still connected to the internet, could somehow a exploit happen in the process?
Signing an offline transaction with an airgapped device won't compromise your private keys, since the online device that transmits the transaction has no access to the private keys on the airgapped device.
However, the following possible exploits still prevail, regardless of Meltdown and Spectre:
-) A compromised USB stick could still grab your private keys from the airgapped device while copying the signed transaction for later transmission using the online device.
-) Simply moving a private key from an online device to an airgapped device will do little for your security. The private keys should be generated by the airgapped device itself.
-) Make sure your device is indeed airgapped and doesn't try to connect to any open Wifis that may be around.
Basically, every offline approach to wallet security still holds. Hot wallets are more susceptible to attacks than ever, at least until the security updates are out.
Very smart solution ! +5 merit
About the USB stick, what about if you don't use it: just generate a QR code of the signed tx on the airgapped PC, and you take a pic of the QR with a phone.
That eliminates the need to plug untrusted devices/sticks to the airgapped PC
The only thing left is mining. If you have a mining pool or are mining solo ( maybe a minor altcoin ) , you still need a fully synced node with the PK in its folder, and internet connection.
