Bitcoin Forum>Bitcoin>Development & Technical Discussion
Pages:
Author

Topic: Could the Intel vulnerability have compromised private keys? - page 2. (Read 510 times)

hatshepsut93
legendary
Activity: 3024
Merit: 2148
Re: Could the Intel vulnerability have compromised private keys?
January 04, 2018, 03:15:42 PM
#5
Quote from: HeRetiK on January 04, 2018, 01:26:12 PM

-) A compromised USB stick could still grab your private keys from the airgapped device while copying the signed transaction for later transmission using the online device.


Signed transactions can be easily trasnferred via QR-codes, I did this with Electrum and everything worked well. The problem is to transfer unsigned transactions, which can also be done via QR-codes, but would require a dedicated digital camera and a software that can decode them from images. But I think the risk of malware getting into air-gapped system via USB stick is very small.


Quote from: cellard on January 04, 2018, 12:35:02 PM
As you may know, Intel has been exposed heavily in the past few hours with 2 different exploits that can deliver pretty scare results if used maliciously


Hardware wallet are probably unaffected, which made them more appealing than airgapped computers in my eyes:

https://twitter.com/pavolrusnak/status/948863100194836480
Erelas
full member
Activity: 280
Merit: 102
Re: Could the Intel vulnerability have compromised private keys?
January 04, 2018, 03:11:07 PM
#4
Sheesh!  I mean that's just not good.  Thanks for the information though, until your post I hadn't heard of them, and even if they are not a "real" threat, it's at least interesting for bar trivia.

One of these days, the chip and board manufacturers are going to be held to the same standards we hold automobile manufacturers, but when that happens, none of us will be able to afford one.

Hey, is AMD's stock gonna go up?  (bit tongue in cheek there)
Coin-Keeper
hero member
Activity: 761
Merit: 606
Re: Could the Intel vulnerability have compromised private keys?
January 04, 2018, 02:35:58 PM
#3
Quote
Hot wallets are more susceptible to attacks than ever, at least until the security updates are out.

The best solution where "mobility and actual use" of BTC are needed:  hardware wallet

HW's are completely untouched by this newest annoyance and security threat.  It is so reassuring to safely move coins easily overcoming computer malware and other crap.  Just move cautiously and make sure the destination address showing on the HW screen is accurate and you are good to go.  100-150 bucks for a HW vs 15K + per coin.  No brainer.
HeRetiK
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
Re: Could the Intel vulnerability have compromised private keys?
January 04, 2018, 01:26:12 PM
#2
Quote from: cellard on January 04, 2018, 12:35:02 PM
[...]

Even if I moved all of my private keys into an airgapped laptop which has never seen the internet after being formatted, when I wanted to sign an offline transaction into the online node... the node is still connected to the internet, could somehow a exploit happen in the process?

Signing an offline transaction with an airgapped device won't compromise your private keys, since the online device that transmits the transaction has no access to the private keys on the airgapped device.

However, the following possible exploits still prevail, regardless of Meltdown and Spectre:

-) A compromised USB stick could still grab your private keys from the airgapped device while copying the signed transaction for later transmission using the online device.

-) Simply moving a private key from an online device to an airgapped device will do little for your security. The private keys should be generated by the airgapped device itself.

-) Make sure your device is indeed airgapped and doesn't try to connect to any open Wifis that may be around.


Basically, every offline approach to wallet security still holds. Hot wallets are more susceptible to attacks than ever, at least until the security updates are out.
cellard
legendary
Activity: 1372
Merit: 1252
Re: Could the Intel vulnerability have compromised private keys?
January 04, 2018, 12:35:02 PM
#1
As you may know, Intel has been exposed heavily in the past few hours with 2 different exploits that can deliver pretty scare results if used maliciously:

Quote
Meltdown and Spectre

Bugs in modern computers leak passwords and sensitive data.

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.

https://meltdownattack.com/

On the site you can see them in action:

https://www.youtube.com/watch?v=bReA1dvGJ6Y

https://www.youtube.com/watch?v=RbHbFkh6eeE

What do you think about this when it comes to bitcoin?

Even if I moved all of my private keys into an airgapped laptop which has never seen the internet after being formatted, when I wanted to sign an offline transaction into the online node... the node is still connected to the internet, could somehow a exploit happen in the process?
Pages:
Bitcoin Forum>Bitcoin>Development & Technical Discussion
Jump to: