Corrupt OS defeats air gap. - page 2.

ShadowOfHarbringer

legendary

Activity: 1470

Merit: 1005

Bringing Legendary Har® to you since 1952

Quote from: ?? on ??

Quote from: jubalix on March 04, 2014, 06:22:34 AM

even for linux, who is watching every line in ubuntu to see some code does not do this?

Actually, a lot of people.

I don't know about Ubuntu specifically, but most Linux distributions are well-audited and every line is accounted for.

Debian, which is the distro Ubuntu is based off, prevented two backdoors from being placed in 2003 and 2006.

The one in 2003 was planted when a hacker broke into the source control server and removed a SINGLE character in one core developers repository in order to introduce a root privilege escalation exploit. The developer later merged his changes into the main repository, making it very hard for anybody to spot especially considering these changes (including the backdoor) were coming from a "trusted" developer who had no idea he had been hacked. Despite all of this it was still noticed and patched.

https://freedom-to-tinker.com/blog/felten/the-linux-backdoor-attempt-of-2003/

tl;dr; while it's possible, it's very difficult to insert a backdoor into an open source project.

Awesome, i was waiting for a post like this.

On the topic, programmers nowadays have very powerful tools like IDE's, Diff/Meld, Version control software such as Git, which makes putting a backdoor into anything more difficult than most people would think.

Most changes are not so big and are incremental changes, it is easy to review them by an experienced programmer.

skilo

sr. member

Activity: 321

Merit: 250

If you want to store something and have it really secure or you want an unplugged computer to use for generating keys or such look into a free software linux distro.

Free software is not to be confused with open source, Free software is anti-proprietary where open source may be open but proprietary too.

Use a distro like GNUsense or trisquel etc.

http://www.gnu.org/distros/free-distros.html

These should be free of any backdoors, An unplugged computer running one of those distros should be pretty darn secure.

Abdussamad

legendary

Activity: 3612

Merit: 1564

Quote from: Rannasha on March 04, 2014, 12:17:28 PM

Use an OS that predates Bitcoin. Windows XP or some old Linux distribution. Obviously install the vanilla version and don't update it.

If you use an older, unpatched OS you risk a malware infection. For example if your USB drive gets infected it is more likely to infect the older OS on your offline PC rather than if you had an up to date modern one there.

There is also the question of RNGs on older Linux distros. There was that Debian openssl bug for instance.

softron

full member

Activity: 210

Merit: 100

I think using linux os would be safe for now.

grue

legendary

Activity: 2058

Merit: 1431

Quote from: DannyHamilton on March 04, 2014, 01:24:10 PM

Of course, if the OS cannot be trusted, then the photo method won't work anyhow.

How can you be sure that when the bitcoin address was generated, the OS didn't supply a false "random" private key? Perhaps the OS uses a hidden algorithm to provide private keys that appear to be random, but which are actually predictable?

that's simple to solve. just flip 256 coins to generate the private key.

Carlton Banks

legendary

Activity: 3430

Merit: 3074

I would point out that every OS install image is assumed to be a compile of the source, largely on trust. Of course, the whole development team would not need to be complicit to allow this to happen, as only certain members are involved with the build process.

The best you could do to work around that issue today is to create a build of the source yourself, which is not a small task. Suggestions of pre-bitcoin OS make sense, but you'd have to be very disciplined about maintaining the airgap, as the threat is just less specific in that circumstance.

DannyHamilton

legendary

Activity: 3416

Merit: 4658

Quote from: jubalix on March 04, 2014, 06:22:34 AM

What is the likely hood that OS's are corrupted even on a clean install.

Eg consider the air gapped computer. You sign a transaction onto a usb.

Unknown to you the os was waiting, and deposits privkeys/waller/paswords (key logged) on to the usb in an obfuscated way even perhaps piecemeal over 100 transactions.

The OS you plug the usb into for the client is waiting for a catch points and then sends this data up.

All your coins taken / disappear, even though you had an air gapped Laptop.

even for linux, who is watching every line in ubuntu to see some code does not do this? Huh

what is the solution to this?

the only sure fire way I can think of is you would photograph a qr code that held the signed transaction then this photo could be uploaded onto the client.

as things stand I'm not sure that airgaped but using usb to transfer, are really safe.

Of course, if the OS cannot be trusted, then the photo method won't work anyhow.

How can you be sure that when the bitcoin address was generated, the OS didn't supply a false "random" private key? Perhaps the OS uses a hidden algorithm to provide private keys that appear to be random, but which are actually predictable?

Rannasha

hero member

Activity: 728

Merit: 500

Use an OS that predates Bitcoin. Windows XP or some old Linux distribution. Obviously install the vanilla version and don't update it.

The QR code method you propose also works. I believe that JustDice uses this method for transfers out of its cold wallet.

jubalix

legendary

Activity: 2618

Merit: 1022

What is the likely hood that OS's are corrupted even on a clean install.

Eg consider the air gapped computer. You sign a transaction onto a usb.

Unknown to you the os was waiting, and deposits privkeys/waller/paswords (key logged) on to the usb in an obfuscated way even perhaps piecemeal over 100 transactions.

The OS you plug the usb into for the client is waiting for a catch points and then sends this data up.

All your coins taken / disappear, even though you had an air gapped Laptop.

even for linux, who is watching every line in ubuntu to see some code does not do this? Huh

what is the solution to this?

the only sure fire way I can think of is you would photograph a qr code that held the signed transaction then this photo could be uploaded onto the client.

as things stand I'm not sure that airgaped but using usb to transfer, are really safe.

Topic: Corrupt OS defeats air gap. - page 2. (Read 6336 times)