How do you know it's been separated the whole time? Did you build all the components from scratch? You don't know where they've been prior to you getting them. Even if you got everything straight from the factory manufacturer's have been caught hiding backdoors and exploits in their hardware since the 90s at least.
What about the OS you load in it. Did you build and develop it yourself? You know every line of code in it?
If it's not separated, then it's not separated.
The assumption is that the initial setup of your offline computer is reasonably secure.
Each time it communicates with the outside world there is a risk of something going wrong.
Your offline computer might be virus free, but a vulnerability means that it autoruns USB devices. If there is a virus on the USB stick that you use to transfer your transactions, then the offline computer could be compromised.
Even if you have a virus, it has to be able to get data to the outside world, or no harm is done.
Offline
legendary
Activity: 3766
Merit: 1364
Armory Developer
What's wrong with this?
Don't know, didn't read it. This is stuff from back in 2013 written by a user, not a dev/expert, for newbies. Why?
Don't have time for a long winded explanation, research that yourself. The security model for offline signing is to use an air gapped signer. Either respect the model or downgrade your security assumption. Caveat emptor.
newbie
Activity: 6
Merit: 0
legendary
Activity: 3766
Merit: 1364
Armory Developer
I'm trying to create a cold storage for some BTC. I don't have any prior experiece with Armory.
The guides talk about having a computer that you never connect to the internet, the one you use to create a wallet file.
How about booting to a linux distribution from an USB drive and doing it there? Is there some key layer of security I lose?
What if I literally remove all the prior HDDs on the machine, then boot from the USB? In essence this would be a new computer that hasn't ever been connected to the internet, or what am I missing?
Don't, that's a terrible idea.
newbie
Activity: 6
Merit: 0
A completely separated computer cannot receive a virus at all.
How do you know it's been separated the whole time? Did you build all the components from scratch? You don't know where they've been prior to you getting them. Even if you got everything straight from the factory manufacturer's have been caught hiding backdoors and exploits in their hardware since the 90s at least. What about the OS you load in it. Did you build and develop it yourself? You know every line of code in it?
legendary
Activity: 1232
Merit: 1094
How about booting to a linux distribution from an USB drive and doing it there? Is there some key layer of security I lose?
A completely separated computer cannot receive a virus at all. The main thing you lose is that a BIOS/firmware based virus could still affect you. As you realised, there is a risk that your USB based OS will mount your hard drives and execute malware (automatically, or you accidentally trigger it). I think a CD based OS would be better than USB, since the CD is read-only. Getting your transactions over to the cold storage is also a risk point.
newbie
Activity: 6
Merit: 0
I'm trying to create a cold storage for some BTC. I don't have any prior experiece with Armory.
The guides talk about having a computer that you never connect to the internet, the one you use to create a wallet file.
How about booting to a linux distribution from an USB drive and doing it there? Is there some key layer of security I lose?
What if I literally remove all the prior HDDs on the machine, then boot from the USB? In essence this would be a new computer that hasn't ever been connected to the internet, or what am I missing?
|