Hehe, that makes more sense. With an old offline computer, that would be a very good option. If no one comes out strong against this, I think I prefer an old offline "burner" then.
Awaiting more information seems very reasonable, although the whole point of a system like this would be to not be vulnerable to those sorts of issues. Not really in a rush though...
I have looked at encrypted paper wallets and various multisig setups, but with these options I find it much more likely I will lose the coins. Fragmented backups with 2/3-4/7 looks to me like a setup that both keeps your coins safe, and ensures you are unlikely to lose access. I saw iancoleman.io had a way of applying SSS to mnemonic seeds, but the site also states you should not use it yet.
Thanks again for you comments!
Topic: Cold storage setup. (Read 129 times)
Sorry, that should've been "write once media". It is perhaps almost archaic by today's standards, but I was alluding to CD/DVD-R. Schneier mentions it in his "air gaps" blog post from 2013.
I guess if both devices required an external USB optical drive anyway, that'd offer a similar attack surface too? If the read only switch on your USB cannot be overridden by software or firmware, that'd probably be okay?
Without linux, yeah a touch difficult. AMD is affected by Spectre too, so really that only leaves Atom chips from before 2013 (ha!) or ARM's in order execution chips. I'd wager that a Raspberry Pi isn't an uncommon choice for an offline signer. I guess my point was letting the dust settle and ensuring that software mitigations were in place if lacking secure hardware.
Anyway, don't consider my posts definitive comments on your setup - mostly just food for thought. Protecting keys and air gapping isn't new so, if you aren't already, broaden your search beyond Armory and you might find more generic ideas/principles you can apply.
Hopefully others will post too
I guess if both devices required an external USB optical drive anyway, that'd offer a similar attack surface too? If the read only switch on your USB cannot be overridden by software or firmware, that'd probably be okay?
Without linux, yeah a touch difficult. AMD is affected by Spectre too, so really that only leaves Atom chips from before 2013 (ha!) or ARM's in order execution chips. I'd wager that a Raspberry Pi isn't an uncommon choice for an offline signer. I guess my point was letting the dust settle and ensuring that software mitigations were in place if lacking secure hardware.
Anyway, don't consider my posts definitive comments on your setup - mostly just food for thought. Protecting keys and air gapping isn't new so, if you aren't already, broaden your search beyond Armory and you might find more generic ideas/principles you can apply.
Hopefully others will post too
If you're not aware, there is a security issue with fragmented backups generated on 0.96.2 and lower. Make sure you're using 0.96.3 or higher.
Not an expert and hard to judge exactly where on the scale of Security <-----> Convenience that you want to be without background on how you reached your decisions... but USB & Windows sticks out as the weak link to me. I hear plenty about compromised USB devices and Windows has a bit of a history there.
You seem to be going to great lengths on the offline side and I wonder whether employing write only media might be worth consideration.
Again, you can go deep down a rabbit hole on this and it is hard to know when to stop.
On the simpler side of things, verifying checksums is good but verifying signatures is important too. Getting to grips with GPG is probably worth your time and can help maintain trust.
Reading up on Meltdown & Spectre is probably pertinent given your priority to keep those keys as safe possible.
Not an expert and hard to judge exactly where on the scale of Security <-----> Convenience that you want to be without background on how you reached your decisions... but USB & Windows sticks out as the weak link to me. I hear plenty about compromised USB devices and Windows has a bit of a history there.
You seem to be going to great lengths on the offline side and I wonder whether employing write only media might be worth consideration.
Again, you can go deep down a rabbit hole on this and it is hard to know when to stop.
On the simpler side of things, verifying checksums is good but verifying signatures is important too. Getting to grips with GPG is probably worth your time and can help maintain trust.
Reading up on Meltdown & Spectre is probably pertinent given your priority to keep those keys as safe possible.
--
Jump to: