Pages:
Author

Topic: Corrupt OS defeats air gap. - page 2. (Read 6347 times)

legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
March 04, 2014, 05:21:30 PM
#9
even for linux, who is watching every line in ubuntu to see some code does not do this?

Actually, a lot of people.

I don't know about Ubuntu specifically, but most Linux distributions are well-audited and every line is accounted for.

Debian, which is the distro Ubuntu is based off, prevented two backdoors from being placed in 2003 and 2006.

The one in 2003 was planted when a hacker broke into the source control server and removed a SINGLE character in one core developers repository in order to introduce a root privilege escalation exploit. The developer later merged his changes into the main repository, making it very hard for anybody to spot especially considering these changes (including the backdoor) were coming from a "trusted" developer who had no idea he had been hacked. Despite all of this it was still noticed and patched.

https://freedom-to-tinker.com/blog/felten/the-linux-backdoor-attempt-of-2003/

tl;dr; while it's possible, it's very difficult to insert a backdoor into an open source project.
Awesome, i was waiting for a post like this.

On the topic, programmers nowadays have very powerful tools like IDE's, Diff/Meld, Version control software such as Git, which makes putting a backdoor into anything more difficult than most people would think.

Most changes are not so big and are incremental changes, it is easy to review them by an experienced programmer.
sr. member
Activity: 321
Merit: 250
March 04, 2014, 02:03:55 PM
#8
If you want to store something and have it really secure or you want an unplugged computer to use for generating keys or such look into a free software linux distro.

Free software is not to be confused with open source, Free software is anti-proprietary where open source may be open but proprietary too.

Use a distro like GNUsense or trisquel etc.

http://www.gnu.org/distros/free-distros.html

These should be free of any backdoors, An unplugged computer running one of those distros should be pretty darn secure.
legendary
Activity: 3710
Merit: 1586
March 04, 2014, 01:44:28 PM
#7
Use an OS that predates Bitcoin. Windows XP or some old Linux distribution. Obviously install the vanilla version and don't update it.

If you use an older, unpatched OS you risk a malware infection. For example if your USB drive gets infected it is more likely to infect the older OS on your offline PC rather than if you had an up to date modern one there.

There is also the question of RNGs on older Linux distros. There was that Debian openssl bug for instance.
full member
Activity: 210
Merit: 100
March 04, 2014, 01:27:23 PM
#6
I think using linux os would be safe for now.
legendary
Activity: 2058
Merit: 1452
March 04, 2014, 01:13:39 PM
#5
Of course, if the OS cannot be trusted, then the photo method won't work anyhow.

How can you be sure that when the bitcoin address was generated, the OS didn't supply a false "random" private key?  Perhaps the OS uses a hidden algorithm to provide private keys that appear to be random, but which are actually predictable?
that's simple to solve. just flip 256 coins to generate the private key.
legendary
Activity: 3430
Merit: 3080
March 04, 2014, 01:06:14 PM
#4
I would point out that every OS install image is assumed to be a compile of the source, largely on trust. Of course, the whole development team would not need to be complicit to allow this to happen, as only certain members are involved with the build process.

The best you could do to work around that issue today is to create a build of the source yourself, which is not a small task. Suggestions of pre-bitcoin OS make sense, but you'd have to be very disciplined about maintaining the airgap, as the threat is just less specific in that circumstance.
legendary
Activity: 3472
Merit: 4801
March 04, 2014, 12:24:10 PM
#3
What is the likely hood that OS's are corrupted even on a clean install.

Eg consider the air gapped computer. You sign a transaction onto a usb.

Unknown to you the os was waiting, and deposits privkeys/waller/paswords (key logged) on to the usb in an obfuscated way even perhaps piecemeal over 100 transactions.

The OS you plug the usb into for the client is waiting for a catch points and then sends this data up.

All your coins taken / disappear, even though you had an air gapped Laptop.

even for linux, who is watching every line in ubuntu to see some code does not do this?Huh

what is the solution to this?

the only sure fire way I can think of is you would photograph a qr code that held the signed transaction then this photo could be uploaded onto the client.

as things stand I'm not sure that airgaped but using usb to transfer, are really safe.

Of course, if the OS cannot be trusted, then the photo method won't work anyhow.

How can you be sure that when the bitcoin address was generated, the OS didn't supply a false "random" private key?  Perhaps the OS uses a hidden algorithm to provide private keys that appear to be random, but which are actually predictable?
hero member
Activity: 728
Merit: 500
March 04, 2014, 11:17:28 AM
#2
Use an OS that predates Bitcoin. Windows XP or some old Linux distribution. Obviously install the vanilla version and don't update it.

The QR code method you propose also works. I believe that JustDice uses this method for transfers out of its cold wallet.
legendary
Activity: 2632
Merit: 1023
March 04, 2014, 05:22:34 AM
#1
What is the likely hood that OS's are corrupted even on a clean install.

Eg consider the air gapped computer. You sign a transaction onto a usb.

Unknown to you the os was waiting, and deposits privkeys/waller/paswords (key logged) on to the usb in an obfuscated way even perhaps piecemeal over 100 transactions.

The OS you plug the usb into for the client is waiting for a catch points and then sends this data up.

All your coins taken / disappear, even though you had an air gapped Laptop.

even for linux, who is watching every line in ubuntu to see some code does not do this?Huh

what is the solution to this?

the only sure fire way I can think of is you would photograph a qr code that held the signed transaction then this photo could be uploaded onto the client.

as things stand I'm not sure that airgaped but using usb to transfer, are really safe.

Pages:
Jump to: