Topic: Good portable HDD for cold wallet (Read 364 times)

In vast cases the attack vectors on  crypto users are hidden to the naked eye,  thus, their stash loss might be due to the malware hidden in HDD firmware. Research shows that such kind of malware exists and may lurk in relevant drivers or many years. Thus,  I wouldn’t be surprised if they eventually found out they’d lost their  stashes   by courtesy of infected HDD firmware.

My main message is:
A software wallet that secures private keys can't surely protect them from sophisticated enough malware on the same device. The malware could intercept the software wallet, steal keys or manipulate a user's transaction's outputs to divert funds to the malware author's address(es).

A watch-only wallet does not contain private keys and therefore can't leak them and can't sign transactions on its own. It needs a signing device like a hardware wallet which protects the private keys from internet attacks or malware.

Using a hardware wallet usually has two involved components: a watch-only software wallet, likely on an online device for interaction with the user and the hardware wallet that takes a transaction to be signed, displays the transaction's details on its own independant display for verification purposes by the user BEFORE the hardware wallet is commanded by some independant user interaction, e.g. with a physical button on the hardware wallet to sign the transaction and pass it signed back to the software wallet on the online device to broadcast it to the network.

The purpose to always check the transaction's details before you sign them on the hardware wallet's display is that no malware on a potentially infected computer running the watch-only software wallet part can manipulate the transaction details before it is passed for signing to the hardware wallet. You want to make sure your transaction's outputs are exactly what you expect them to be: only your intended output destination address(es) and your wallet's internal change address to return excess coins of spent inputs back to your wallet, usually.
Thorough verification of all output addresses is not entirely easy if you assume the computer and your software wallet component could be infected. To exclude manipulated output addresses by some malware, you would need a second independant offline device OR your hardware wallet verifies and shows that the change address output actually belongs to your own wallet.

Ok so I guess that's pretty much what I do so it's fine ( its an other pc just running the node, I'm not doing anything else on it )

I have to work on storage encryption and could you please explain your last point ?

Your wallet is a hot wallet running on your online node. Your node runs in an OS which is exposed to some extend to the internet. Zero-day exploits or upcoming vulnerabilities of your OS, its components (use only the minimum necessary!) and maybe node could lead to an attack vector for malware.

It's unlikely you do nothing with your node and your wallet otherwise you won't need them. Your node just does its thing and keeps track of the blockchain and maintains your wallet's balance keeping track of relevant transactions and UTXOs related to your wallet.

To keep security up for the OS and your node & wallet living within:

• keep the OS updated and hope updates don't introduce severe vulnerabilities
• keep the OS as minimal as possible: less components, less potential attack surface
• keep the OS behind a firewall and expose only strictly necessary ports to the internet (in most cases you're safe enough behind a NAT router's firewall)
• don't do your daily internet shit on that machine, avoid using any browser on that machine, avoid email on that machine
• full storage device encryption is recommend for that machine if it could get stolen by thieves
• don't forget to have a decent and safe regular backup scheme for that machine, too (redundancy is key)
• use a hot watch-only wallet on that machine and a decent hardware wallet to sign transactions (I don't speak of Ledger crap here); always, I mean ALWAYS, check carefully all transaction's outputs details on the independant display sceen of the decent hardware wallet; NEVER miss that step

I have a bitcoin core full node and also using it as my wallet. Reading you all it seems bad because I'm connected to the internet but I do nothing except running the node.
What would you do ? and can you explain the steps for better security ?

PS : how can malware infect me if I do nothing on this PC/node ?

Has there ever been any substantial evidence for a sort of malicious HDD firmware targeting crypto users? Never ever heard of it.

With such old used drives you're looking for trouble: spindle bearings/motor is likely around its end of life and at such an age the drive could've had quite some careless use or worse, a few owners already, each with its own potential "abuse" of the drive. Of course, it could've been used under near perfect conditions and still running happily ever since.

This sounds really beyond extreme paranoia.

It sounds similar with using old PC to avoid Intel ME completely. Anyway, in such case  worry such HDD suddenly dead or produce bad sector short time after usage.

I used to do this with my mac minis full os and bitcoincore node full.

I would use samsung ssd

https://www.amazon.com/SAMSUNG-Portable-Photographers-MU-PE1T0S-AM/dp/B09VLK9W3S/ref=sr_1_3?


and this hdd

https://www.amazon.com/Toshiba-Canvio-Basics-Portable-External/dp/B0BQX6DVWY/ref=sr_1_4?


put your os on them and bitcoincore or a wallet like electrum


frankly A lot depends if you have these cloned and in a safe place.

say a safe deposit box.

I may say do electrum and make a safe seed

If you want no dodgy Software on it you can purchase and have two or three HDDs on you that were released pre Bitcoin era.  I would say anything from 2011 and older is good if you are afraid the HDD may have some dodgy Bitcoin related proprietary stuff on it.

Even better.  Purchase a pre 2011 very cheap computer only to extract the HDD out of it.  This further lowers the chance you get to own some weird HDD although I think this is extreme paranoid already.

Then make sure you can properly transport the HDD without inducing some sort of damage to it.  Particularly if you walk around a lot and have a great habit of mistakenly hitting corners of walls or shelves with your bag by mistake.

Lastly.  I advise you purchase an HDD with the smallest storage capacity you can get without its age compromising its speed.  The bigger the HDD the more time it takes to fully wipe it.

There's no way around proper backups and if you have them a sudden death issue of an SSD (or HDD) isn't much of a problem. No backups, no mercy!

Portable HDDs are prone to shock issues if not handled carefully (I treat them like raw eggs) and better keep them away from any magnets (sometimes hidden or at unexpected places).

I use quality brand's SSDs, not some cheap end stuff, and never had an issue with any of my SSDs so far (statistically that proves nothing, I'm aware of that). I had a few failing HDDs and unexpected issues with some cheap USB thumbdrives (I stopped using the cheap (no-name) thumbdrive crap; switched to quality microSD cards with an appropriate USB adapter --> more reliable, usually faster performance expecially at writing, no issues so far)).

An SSD has other problems - it is likely to fail at any time and it will be impossible to recover data from this device (with HDD it is possible even from broken devices).

HDD has another problem - low speed of reading and writing data compared to SSD.

Choosing an SSD, in my opinion, is preferable, but you should choose those models (brands) that have proven themselves well and additionally make backup copies of your wallet data on other devices (on the laptop). Still, I wouldn’t trust the SSD 100%.

In OP's scenario I'd still prefer an SSD over an HDD. The former has no moving parts which can cause issues, the latter has moving parts and is much less shock resistant. And auto-encrypting devices are easy and fast to wipe because you only need to tell the device to drop the internal encryption key. Of course, you need to trust your device to do that properly.

You only need to bring one of the drives Have you also thought about backups? Even better if they're fire proof?

If you really want to, they're very easy to destroy (mechanically).

Brute-forcing both FDE and wallet file are practically impossible task though. No sane people would bother do that, unless they assume you use relative-weak password. And if you have backup elsewhere, you can move your Bitcoin as soon as you can do it.

The signing must be done on the offline computer, not the online one, since signing requires private keys and therefore if you have the private keys on the online device, then essentially all your wallets are hot wallets.

I would do the following if I wanted to maintain the 2 computers logic:

1. Online device - A small pc (NUC or Raspberry) with a portable SSD, that would act as a bitcoin node. All the data would be installed on the SSD so in case of fire I would take it and go away. In fact I could also take the small PC with me. But even if I didn't take it, no big deal, I guess.

Note: Using an NUC, you can use internal NVME and then just take the whole PC and run.

2. Offline device - Cheap laptop with the cheapest internal disk. This would be used only for key generation and signing and it would be connected to the node on device (1). I would setup Linux and install Electrum on this device. I would make sure to fully encrypt the disk with a strong password that I would copy in 2 physical media stored in separate places. Of course, for any wallet that I generated I would keep the seed phrase in physical media too and anytime I created a wallet, I would erase the memory after backing it up, so If I needed to sign I would have to type the seed phrase again and then re-erase it. Imagine something like a temporary signer. In case of fire, there is nothing inside the laptop, and even if the stole it, they wouldn't be able to access it, because: Linux with full disk encryption.

Final Note: Running is unnecessary. The only thing you really need is the backups of the seed phrases and to make it difficult for the thieves (or anyone you worry about) to read the disks if the computers are compromised.

According to the latest research the likelihood of this is very high rather than just high. Take for instance the newest  "LogoFAIL firmware attack". They say that secure boot doesn't help to withstand it and "nearly all x64 and ARM CPU ecosystems" are vulnerable. And this is only one instance  of dozens possible attacks on BIOS/UEFI.

Hi, the setup is as follows:
1) laptop with portable HDD, never connects to the internet
2) laptop2 with portable SSD, signs transactions, keeps an updated blockchain, normal internet usage on internal drive on a separate OS

If you need to run because there's a fire, thieves, or gov becomes north korea, you can put your 2 drives in a bag and gtfo, without worrying about no laptop.

If you need to wipe 100% your keys, you can do it because it's an HDD. SD cards or usb sticks or SSD drives would make you paranoid that there was a way to recover keys. Unlikely if you use FDE but still. Since you don't need to sync the blockchain on your HDD, it doesn't matter that it's slower, it's just to store keys and sign tx's, so an HDD is good to go, that is why im asking, what would be a good one to buy. Also, if you use Bitcoin Core as wallet, you need the actual file.

How likely is this? I have a fake Chinese USB stick (only the first 8 GB exist), and after booting Linux from that stick (which worked), the UEFI bios settings were changed and "secure boot" was enabled again. I've never seen a bios change without me doing it. I changed back the settings so it could boot without "secure boot" again, but it makes me wonder what caused this.

@OP: do you want to install the full blockchain on each disk? If not, a fast USB stick could be a better option than an external drive. I'm quite happy with the perforamnce of my 256 GB Sandisk "dual": it's full metal, and has "classic" USB on one end, and USB-C on the other end.

Even at this scenario malware can infect  BIOS/UEFI chip and then penetrate into portable HDD with bootable OS and  wallet which formally are not connected to internet.

Thus, I don't think it is entirely secure setup.

It is better not invent twice  the security wheel for the stash.

First: I don't like external storage hard drives for wallets. USB cables are too easy to accidentally disconnect.
But in your scenario, it sounds like you're running for the mob (or government), and in that case, why bother with external hard drives? All you need is your seed words, or a backup of your Bitcoin Core wallet. The smallest USB stick or SD-card will do. Just make sure the drives you leave behind are sufficiently encrypted so they can't easily be accessed.

It's probably better to already have a backup in a safe location somewhere far far away, so you can run without bringing anything. I have to ask though: how likely is this scenario?

I re-read OP's statement few times and it seems he wants 2 portable HDD contain bootable OS. One of them used while connected to internet, while one other isn't. And it seems OP only plug one of them to the laptop at a time. While i don't know which portable HDD definitely don't have dodgy firmware, i believe he should get portable HDD that is protected against water, shock and others.

There are no HDD/SSD specifically designed for cold storage, so any brand shouldn't matter (ignoring durability). Then, what are your plans for accessing your bitcoins? Buy a new laptop that has never been connected to the internet, or do you have to wipe and reinstall your OS? Because this is the actual important part of the airgapped wallet.

Neither do I.

In any case hot wallet should be online and thus connected (wired) with online computer.

Airgapped (cold) laptop must never be online.

Therefore, OP's plot to connect HDD that holds  hot wallet and airgapped laptop would be an ambivalent practice.

Hi.

Perhaps I don't understand the question so I need to verify. What do you want to store on the external drives? In most cases, you can just run the wallet on the laptop and in case of an emergency you can use the seed backups. That's for the hot wallet.

In case of cold storage you can generate it on the air gapped laptop using electric and store the backups on physical media, produce the xpub so you can generate a view only wallet  and then you can delete it from the air gapped laptop

Do you mean you want to run your own node (Bitcoin core most likely) so the Blockchain needs to be downloaded to the HDD?

I want to use a portable HDD wallet for the airgapped laptop so I can bring it with me when needed. Does anyone know a good model that does not have any of the dodgy firmware stuff, that isnt a weird HDD/SSD hybrid, and that has decent performance?

I would like to have both cold and hot drives to be portable, so in case of an emergency or something, you can easily pick 2 small things and run, instead of having to carry 2 laptops.

The cold wallet I want an HDD in case full wipe is needed. See this for more context:
https://bitcointalksearch.org/topic/m.63393713

Also edited thread because I switched cold with hot wallet by mistake because I was posting after xmas dinner.