Pages:
Author

Topic: Electrum Air Gapped Setup Versus Hardware Wallet - page 2. (Read 384 times)

legendary
Activity: 3472
Merit: 10611
Because of the extra step of signing the transaction on the air gapped wallet, it's not as easy nor as quick to spend BTC, as using a hardware wallet, or a non-airgap setup.
Keep in mind that you can always create and use multiple types of wallets for different purposes and each with a different amount. Let's say you have 10BTC:
1. Paper wallet storing 6BTC for long term HODL and not touched for years
2. Air gapped Electrum storing 3BTC as a cold storage that can be accessed if needed
3. Hardware wallet storing 1BTC as a safe but quickly accessible wallet that could be carried around (eg. when traveling)
4. Hot wallet on desktop or mobile storing 0.05BTC to spend on stuff you want to buy or receive payments!
jr. member
Activity: 32
Merit: 37
There is no universal answer here and it depends if you are newbie, average user or tech expert.

Your own setup can be very safe if you are advanced user, BUT I would never recommend anyone to use AirGapped setup if you are newbie and just getting to know how Bitcoin works.
It is complicated for average users and there are to many steps in the process that with one small mistake can result in losing or locking your coins forever.


I would say that I'm a newbie/average user.

But the steps in https://electrum.readthedocs.io/en/latest/coldstorage.html#coldstorage seem to be well described. Following it step by step appears to be straightforward. Receiving BTC is the same whether Electrum is air-gapped or not.

Because of the extra step of signing the transaction on the air gapped wallet, it's not as easy nor as quick to spend BTC, as using a hardware wallet, or a non-airgap setup.

But I think if we are considering an air gap solution, it's because we are dealing with non-trivial value. In which case, care and time are amply repaid, and outweigh speed or convenience.
legendary
Activity: 2268
Merit: 18711
Most of the vulnerabilities involves sophisticated equipment to glitch the firmware and seems like it came after hours of intensive research to discover.
I don't disagree with you, but the fact that these vulnerabilities keep popping up with some regularity means there is a not-insignificant chance that there are more as of yet unknown or undisclosed vulnerabilities, perhaps one or two of which are much easier to exploit.

Depends on how you transfer unsigned transaction from online computer and signed transaction from airgapped computer. Using USB drive is easiest option, but i have concern the USB drive could infected with Windows virus/malware.
I would say that using two webcams is easier than using USBs, and although it is more costly if you do not currently own two webcams, it is also much safer. Saving transactions to file, copying them to and from USB drives, importing them from file, etc., is much more time consuming than just clicking "Display as QR Code" and pointing a camera at the screen.



If you do choose to go with a hardware wallet OP, I would always advocate using a strong and random passphrase (or perhaps several for plausible deniability), and for maximum security opting to enter it manually on the device each time you want to use it, as opposed to storing it on the device which some wallets will allow you to do.

legendary
Activity: 2212
Merit: 7064
There is no universal answer here and it depends if you are newbie, average user or tech expert.

Your own setup can be very safe if you are advanced user, BUT I would never recommend anyone to use AirGapped setup if you are newbie and just getting to know how Bitcoin works.
It is complicated for average users and there are to many steps in the process that with one small mistake can result in losing or locking your coins forever.
There are so many horror stories with people overcomplicating things like this and I heard Andreas Antonopoulos speaking how people are sending him messages about this all the time.
Jameson Lopp for example is using both options and he tried and used almost all hardware wallets.

Having hardware wallets is good enough for average users BUT I would only choose open source option and I would never buy and order them with my real name, address or phone number, to avoid future leaks.

legendary
Activity: 3472
Merit: 10611
I'd say it is partly a matter of preference.
I personally prefer to do things myself so I always go with the air gapped setup using Electrum and a Linux distro offline. That is also because I don't want to put my trust in a company and their product. As Leo said above there have been issues with hardware wallets and they do have vulnerabilities.
But it may not be easy for others to do the same, after all creating a secure cold storage is not easy. It is also harder to spend from this setup than it is to spend from a hardware wallet.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
There have just been too many issues with hardware wallets in the last few years, from the database hack you mentioned through to unpatchable vulnerabilities allowing extraction of seed phrases, for me not to believe there are not other vulnerabilities or issues which exist but either have not yet been discovered or have not yet been disclosed.
Other than the database hack, I don't think having the vulnerabilities is too much of an issue. Most of the vulnerabilities involves sophisticated equipment to glitch the firmware and seems like it came after hours of intensive research to discover. There's nothing much to research on for airgaps wallets because there isn't any incentives to do so. Of course, side channel attacks is not an issue for most but you can never really get too paranoid as well. Kind of helps that their competitors are always trying to hack each other's device as well.


1. Prepare the air gap pc using a dedicated laptop, with a LAN, WiFi, Bluetooth etc disabled in the BIOS.

2. Instal a fresh copy of Windows 10 from a Microsoft DVD onto the laptop, checking that all networking is disabled.

3. On an online PC, do virus and malware checks, format a USB and download Electrum onto the USB, checking the signature.

4. Transfer the USB to the air gap laptop, and instal, with wallet encryption.

Would this be secure enough?
My air-gapped storage before I started to use a HW wallet involves a Raspberry Pi which is much cheaper than even an old laptop. I'd check the signature on the airgapped wallet instead of the online computer, it's not the target computer to run the wallet after all.
legendary
Activity: 2268
Merit: 18711
I am not clear if the Electrum seed phrase can be used directly in other BIP39 wallets.
It cannot. Electrum uses their own system for creating seed phrases which is slightly different to the BIP39 system. You can read their motivation for doing so here: https://electrum.readthedocs.io/en/latest/seedphrase.html#motivation. There are one or two wallets which will accept Electrum seed phrases, but the majority of wallets will not. However, the way Electrum turns seed phrases in to addresses is still common knowledge and very easy to do. Any piece of open source BIP39 software could be changed to work with Electrum phrases with a few very small modifications. You do not have to worry about Electrum ceasing to exist in the future and you having no way of restoring access to your coins.

So, if I wanted to swap to another wallet (not Electrum) would I need to use the above tool as an intermediate step?
You could use the above tool to extract the private keys to individual addresses and then use those private keys to sweep the funds, yes. There are also a number of other ways you could do this.

Also, if I went down the Electrum air gap route I would go through the following steps:
I would use an open source OS, such as Linux distro of your choice, rather than any version of Windows. Also make sure you format the computer before installing any fresh OS on it. If you can physically remove the WiFi, ethernet, etc. hardware rather than just disabling it, then even better.
jr. member
Activity: 32
Merit: 37
Thanks for those responses.

I am not clear if the Electrum seed phrase can be used directly in other BIP39 wallets.

I entered the Electrum seed for a wallet I just created in "The Electrum Mnemonic Seed Tester" tool, and it gives the same private keys as created in the wallet.

So, if I wanted to swap to another wallet (not Electrum) would I need to use the above tool as an intermediate step?

Also, if I went down the Electrum air gap route I would go through the following steps:

1. Prepare the air gap pc using a dedicated laptop, with a LAN, WiFi, Bluetooth etc disabled in the BIOS.

2. Instal a fresh copy of Windows 10 from a Microsoft DVD onto the laptop, checking that all networking is disabled.

3. On an online PC, do virus and malware checks, format a USB and download Electrum onto the USB, checking the signature.

4. Transfer the USB to the air gap laptop, and instal, with wallet encryption.

Would this be secure enough?

Portability is not high on my list.
legendary
Activity: 2268
Merit: 18711
I'm going to disagree with the post above and say that I prefer airgapped cold storage to hardware wallets. There have just been too many issues with hardware wallets in the last few years, from the database hack you mentioned through to unpatchable vulnerabilities allowing extraction of seed phrases, for me not to believe there are not other vulnerabilities or issues which exist but either have not yet been discovered or have not yet been disclosed. My feeling is that a properly set up, permanently airgapped device, using whole disk encryption, is safer than a hardware wallet, but I concede that such a set up is significantly more complicated than using a hardware wallet, and much more prone to user error. The side channel attacks mentioned are not high up on my list of possible attack vectors since my airgapped device is only ever used in a sealed room inside my house with no one else around, all curtains drawn, no webcams, etc.

Another big question to ask yourself is portability. There is no denying that a hardware wallet is far better than airgapped cold storage when it comes to carrying it around with you and transacting on the go.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
An air-gapped is not malware resistant.
Yes, you are right. I did not generally mean air-gapped wallets, like the hard drive ones that can still be vulnerable to malware attack while online during transaction. But, I mean electrum wallet making use of QR code for signing which I believe is more malware resistant. But, bluetooth can also be used instead of QR code, which I believe is not as malware-resistant if compared to QR code type. Just an opinion, I am all ears to correction.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
You need to be careful of your computer not to have malware that can attack your hardware wallet during bluetooth connection for transaction signing. While I still believe more in electrum cold wallet signing with QR code generating from the watch-only which is malware resistant. Although, we still need to totally do all necessities to avoid malware.
An air-gapped is not malware resistant. It is possible to infect an airgapped wallet though transferring information from an air gap is hard. Hardware wallets are not susceptible to malware attacks. They are designed to not be compromised through any malware as the private keys should never leave the device.

About malacious attacks, there are some vulnerabilities reported in some reputed hardware wallets, while also they can be attacked if your wallet extension device (the computer you use to access it) is having malware. An example is the malware that changes recipient's address to hackers address, that is why you need to check and recheck the address you inputed before sending. The malware can be trasmited through the USB while QR code is still resistant to such which is safest for transaction signing.
An important note, hardware wallet attacks are often fairly sophisticated, save for a few of the less developed ones. They often take advantage of any sidechannel vulnerabilities which can be evasive or costly and often comes after loads of research. In comparison, the main protection against any attacks is the airgap and the airgap only. Hardware wallets are designed to resist any malware attacks and would be alright to be connected to a computer infected with malware.

Hardware wallets would always have a confirmation before signing such that the user is aware of the addresses that is in the transaction. The similar case can be made for an air gapped wallet if the user doesn't check the transaction properly.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
If this is correctly set up, is the hardware wallet inherently more secure?
No, electrum cold wallet is also very secure and safe, if done correctly, both are safe and secure. Also, electrum in that form is a cold wallet while the other electrum is a watch-only wallet. You need to be careful of your computer not to have malware that can attack your hardware wallet during bluetooth connection for transaction signing. While I still believe more in electrum cold wallet signing with QR code generating from the watch-only which is malware resistant. Although, we still need to totally do all necessities to avoid malware.

Hardware failure?
All you need to protect is your BIP39 seed phrase, ones you have it properly backup against damages and attackers, and safe from loss. You can import the seed phrase on another hardware wallet or BIP39 supported wallet which will generate back private keys, addresses, bitcoin and other fund balance immediately.

Malicious attacks?
About malacious attacks, there are some vulnerabilities reported in some reputed hardware wallets, while also they can be attacked if your wallet extension device (the computer you use to access it) is having malware. An example is the malware that changes recipient's address to hackers address, that is why you need to check and recheck the address you inputed before sending. The malware can be trasmited through the USB while QR code is still resistant to such which is safest for transaction signing.

While the hardware vendor client database can be hacked, allowing criminals to come knocking on my door, can the same happen with Electrum?
There are some ways to buy hardware wallet avoid your information being given. You can read the link below for that.

[GUIDE] How to buy a Hardware Wallet the right way

About electrum wallet cold storage, electrum wallet can not be connected to your email, home addresses and the likes, I will prefer to make use of electrum cold wallet. But read the guy above for how to buy hardware wallet appropriately to be able to buy hardware wallet without it linking to your information.


Also, looking longer term, what would be the consequences of developers ceasing to maintain Electrum?
I do not think electrum wallet will cease to exist because it is well supported and developed by Bitcoin developers. But if there is any doubt, know that electrum wallet is an open source wallet, it has a tool you can also use to generate the master private keys and private keys which you can be imported on other reputed Bitcoin wallet.

Should I also export my private keys, in addition to the seed phrase (with appropriate safety and storage precautions)?
You do not need to, ones you know the seed phrase that can be used to generate the private keys using some tools if need be. Like the link I posted above for electrum and iamcoleman for BIP39 seed phrases.

What other criteria should I consider?
Protect your seed phrase, do not let it lost, do like three backup that will make you to be able to access it anytime you want and also do all that are compulsory to make it impossible for attackers to steal.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
If this is correctly set up, is the hardware wallet inherently more secure?
I'm compelled to say yes. Hardware wallets are specifically designed to be secure with convenience at the expense of their price tags. There are also hardware wallets which are able to be airgapped efficiently just like what you can do with Electrum. The only problem that I can see is with the leaks like Ledger's, telling everyone that you own a hardware wallet. I don't send any HW wallet to my residential address so that's fine with me.
- Hardware failure?
Similar. Both can be imported into another wallet easily.
- Malicious attacks?
Hardware wallets are mostly hardened against side channel attacks which most computers are not designed specifically for. The secure element present in some of them also prevents people from brute forcing or extracting the seeds out of the hardware wallet in the event that it gets stolen. AFAIK, some has limited attempts which will brick the entire device once that threshold is reached and thus making brute forcing pins ineffective.
While the hardware vendor client database can be hacked, allowing criminals to come knocking on my door, can the same happen with Electrum?
No.
Also, looking longer term, what would be the consequences of developers ceasing to maintain Electrum?
Nothing. You can extract the private keys from the HD seed generated with Electrum very easily and just import it into another wallet. It's open source as well so I highly doubt that it would just stop development and not create a fork from it and someone else taking the helm
Should I also export my private keys, in addition to the seed phrase (with appropriate safety and storage precautions)?
No. The 12 word seeds is all you need. You can of course do that but you'll be having to secure more things and have to continually update that list if you use your wallet frequently.
jr. member
Activity: 32
Merit: 37
The cost of a hardware wallet is not excessive, given the price of bitcoins. I'm looking to choose an approach.

I've read about the Electrum setup of a watching wallet online combined with a wallet holding the private keys, on an air-gapped computer.

If this is correctly set up, is the hardware wallet inherently more secure?

For example, if I compare the 2 approaches, how do the 2 setups compare if:

- Hardware failure?

- Malicious attacks?

While the hardware vendor client database can be hacked, allowing criminals to come knocking on my door, can the same happen with Electrum?

Also, looking longer term, what would be the consequences of developers ceasing to maintain Electrum?

Should I also export my private keys, in addition to the seed phrase (with appropriate safety and storage precautions)?

What other criteria should I consider?

I'd appreciate any advice from the experts.
Pages:
Jump to: