Topic: Hardware wallets on USB pendrive (Read 674 times)

Then read
https://www.ledger.com/2019/03/11/our-shared-security-responsibly-disclosing-competitor-vulnerabilities/

/KX

Then your post now, makes no sense.

What i wrote 3 lines below your snip still applies:

Note, that online computer refers to hot wallet and offline computer to cold wallet, in this case.

Manipulating the transaction (which is to be signed) is completely irrelevant from whether an internet connection is available on the computer or not.

Perhaps  you misunderstand me. FYI: what I meant they target destination address in transaction to be signed by "hot" Electrum. Sure, signed  transaction is resistant to any attack.

No attack is targeting 'signed transactions' in any way.

That's not a surface for an attack. You either target the key storage or the signing process. But not the transaction itself.
If the transaction is signed, there is nothing which can be changed anymore.

The transaction has to be manipulated before signing, which can happen either on an online computer or offline computer (e.g. through compromised USB).




A hardware wallet contains a hardened microcontroller with less interfaces than a normal microcontroller and a smaller attack surface.
The private keys are stored inside of (and never leave) the secure element.

Upon booting, it verifies the firmware (whether it has been tampered with) and only proceeds if the software running on the nano s is genuine.

The private keys can not be extracted out of the nano s, the only way to 'access' the private keys is to give it a transaction to be signed (which requires a verification on the device itself).
Extracting the private keys itself, is not possible.




Kali itself is not unsafe. Upon installation it doesn't create a normal user account, but this can be done with an one-liner.

The reason kali is not suitable for everyday-use is because it requires quite some configuration if you want to use it as your daily OS.




It does, but it is outdated.
You won't be able to connect to an electrum server with the outdated version.

So, you'll need to download it anyway, which lets you also choose any other distro.

Tails OS comes with Electrum client built into the OS, but you will have to mount a persistent volume for it to work. I do not know how secure a persistent volume is and if that negates the anonymous features of the OS if you do not "clean" boot with it. 

It will be a bit of a schlep to configure Electrum every time with the Seed, if you do not use a persistent volume with Tails OS, but you will be 100% immune to Malware if you clean boot Tails OS every time you use it. 

Nice thing, it is very small. 

NOT Kali, this is a VERY UNSAFE distro (runs as root). It is meant for attacks not protection, like a bunch of tools you take to a place for penetration testing on commission, not intended for installs or continued use. For protection you need the likes of Tails OS (also Debian based).

You could harden Kali the same way you would harden Debian, but even Debian is more secure by default, if you create and use an user with low privileges. Please do not bring bad habits from windows into linux, Don't run distros that run as root by default.

LOL   ,why would I want to compromise a trezor ?
Obviously I am not asking for component used to build the secure element. I am just asking for high level context. For example: the secure element may use a cryptographic hash function that makes the chip secure and makes the hardware wallet sign the transactions with greater safety.

P.S: I am not such a genius that I can compromise wallets by writing scripts/codes. I just tend to grasp knowledge about anything that grabs my interest and bitcoin is one of them.

I don't even know what powertrip means   

I must say guys that was an intriguing debate. No offence to anybody here but in my mind @bob123 has already won while @naska21 gave him a strong debate.
Hardware wallets are better than USB flash drives as an infected machine can lead to loss of coins. While it is hardly possible to be the victim of an infected machine in today's computer with GPT/UEFI, there will always remain a "minor" risk that can lead to loss of coins. This "Secure element" as you guys say, gives the edge to the hardware wallet which makes it more secure than a USB drive with air-gapped machine.

Anyway, if a user can't really afford the hardware wallet(while it is not relatively costly) he can definitely opt to use a USB drive in a "Truly air-gapped machine" as an alternative.
Another curiosity that is driving me crazy is the secure element that is put into the specialized chips of hardware wallets. What makes the secure element so secure and makes it stand exceptional from others?


Didn't really got your point. What are you trying to say ?

All those were mostly  fishing type of attack that has potential to affect exclusively transactions signed by "hot" Electrum while trx signed by "cold" one remain immune. Hardware  wallets may  also face such attacks,   find out the last one.  It can only be assumed  what number  of devices   has been involved here.  

And, everyone,  please, understand  I'm not intended to create a bad image of hardware wallets.  I merely suggested quite efficient alternative scheme.This scheme has  shortcomings, OK, I know this,  then again,  it owns some leverage.

I beg to differ.. Electrum is one of the wallet providers that are constantly under attack and we have seen this with the latest mass botnet attack that were targeted at Electrum servers and we also saw how hackers tried to get people to use "exploited" public servers. 

I have not seen such attacks being done on hardware wallets like Ledger and Trezor, so your statement is a bit wild.    Yes, hardware wallets can be hacked with physical access to the device, but you need special tools to analyse and read the encrypted data that are send. 

To be fair, most modern OS/computer don't use MBR & BIOS but GPT & UEFI where rootkit can't infect GPT/boot sector easily since valid signature required for booting (unless you disable Secure Boot).

Regardless, it's still more secure using hardware wallet rather than use USB flash drive, especially because private keys never leave the device and signing process happen on HW wallet itself rather than on computer.

That (in bold) means more tongue from you. You are living in a dream world  that has  no relevance to the reality. Still expecting your answer to this:


Theoretically it could be,  but practically not.

Sorry, but you didn't convince me. I don't know any cases when Linux on locked USB stick attached to air-gapped computer was compromised by malware sitting on that machine. If you give me any reference from real world  I will agree with your arguments  regarding safety of my scheme. I'm using it for more than 4 years ( no problems so far)  and intend to proceed with it.  BTW, neither  BIOS nor MBR on my machine is infected. Cheese.

Compromise a transaction ? 


Your whole thinking is wrong.

If you are using the same machine for signing offline and online stuff, it is not air-gapped.

You seem to not understand the scenario at all.

I will briefly explain it to you (once. if you don't understand it afterwards.. your problem):

• You have your computer which is used to be connected to the internet which you 'air-gap' for signing transactions offline (according to you)
• This computer is infected with a rootkit
• You boot from your live USB, because you want to sign a transaction
• The rootkit gains access to all of your seed / private keys (because there are not protected by a secure element, they are just on your USB and if your live OS can access it, the rootkit can too)
• You sign your transaction
• You shut your PC down completely
• You boot your main OS and go online to broadcast the transaction
• The rootkit already has your private keys, and now with internet access, has the ability to send the private keys to the attacker
• -> You know lose all coins associated with the seed / private keys which are stored on your USB
• -> Your so-called 'mimiced hardware wallet' is proven to be not as secure as a real hardware wallet because it lacks the components which define a hardware wallet.

I hope you do understand this. Maybe read that carefully a few times, if you don't 
So, instead of posting wrong information.. try to understand the things you are talking about.

For the future: If you want to post something, log off, research for 1 or 2 hours, if still necessary to post -> post.
Your misinformation are not needed here. And if you get disabused from a misconception, accept it.




Yes.. thats 'all you can tell me'.. simply because you don't know what you are talking about.

Rootkit (and any other malware) on online machine has no chance to compromise transaction signed by correct private key on air-gapped one, to be correct it can change but, such compromised trx will not be broadcasted.  Once more, read carefully all my previous post and try to comprehend them before arguing.

u're wrong. that's all I can tell  u.

If it is not air-gapped all the time, you again have the problem with the rootkit scenario.

Also.. if it is not completely offline all the time, why did you reply like this:



If a computer is not air-gapped all the time, you can't call that truly air-gapped.

As i said.. truly air-gapped = good; sometimes air-gapped / sometimes online = bad.




The topic is not whether it is for people with a low budget or not.
The point is that this is not even close to a hardware wallet, and you made the impression that it is not much less secure than a hardware wallet.

A hardware wallet consists of a secure element which handles the signing and where private keys can not be extracted. Anything else is not a hardware wallet.

There are ways to securely store coins without a hardware wallet, yes. But you should never compare an USB flash disk to a hardware wallet the way you are doing it.

How much do you actually know about infection  of live Linux ( installed on locked USB) via compromised MBR / BIOS? I'm unaware of any occasion.


Not all the time. Air-gapped when there is a need to sign transaction and online (with USB out) when to broadcast it. (Online machine has watch-only copy of Electrum that holds no private keys).... Besides, read my initial post once more.. it is alternative  to  ppl with low budget.


Nope. It was not a joke, at least from  display difference   point of view, and not only that.

Most of ledgers code is open source.
The only thing which isn't is are parts of the firmware of the secure element (due to NDAs, they are working on open sourcing everything).

Trezor, on the  other hand, is completely open source. So that's not an argument.




No, that's simply wrong.

Malware can infect the MBR / BIOS. Booting from a live USB does not protect against that.




Are you really trying to say that it is more convenient to use a wallet on an completely air-gapped computer than plugging in a hardware wallet to your main OS and use this as your wallet  ?

I hope that was a joke.




I am sorry too, that i didn't get that.
I assumed what you say has to make sense (therefore assumed that the computer is only air-gapped when accessing the wallet).. but obviously it doesn't have to fully make sense.

Why should one use an USB if the computer is completely air-gapped (all the time) ?
There is no reason to use an USB in this case.. simply use the computer (with its hard drive) then. This reduces the possible attack vectors compared to when additionally using an USB flash drive.

Turned upside down. Open source Linux&Electrum against  proprietorial Ledger and Trezor.  



Not correct. Root kit  is  only a great danger to the security of  OS on machine, it has no potential to  effect CPU microcode, so OS on air-gapped USB stick remains completely unchanged even if the machine is infected.


Agree with this. I have used to use Kali and cited it as  example of OS.


  Arguable issue.


My initial post says "Use that USB stick  solely  offline" which  implies that bootable   USB with Kali + Electrum is attached to air-gapped  machine, sorry, if you didn't get that.

Not even close to a hardware wallet. Neither security- nor usability-wise.




Uff.. that's a very extreme statement to make..

Anything which holds sensitive information is vulnerable. The question is.. vulnerable to what?

A system which is completely offline is not vulnerable to threats from the internet.. but that's it.
Is your computer infected with a root kit -> Doesn't matter what you boot, doesn't matter if you are offline when booting from the USB, your keys can get stolen.

Also, there is no reason to install kali if you just want to have private keys stored + bootable OS. There are better options available in this case.




Practical ? Usability ?

Air-gapped wallets are one of the least-convenient wallets to use.
They might be more secure than a hardware wallet (but only with a true air-gapped computer, not a stupid bootable USB.. that idea is not even close to being as secure as a hardware wallet), but lacks lots of convenience.

Offline USB sticks with Kali + Electrum are  not vulnerable. Besides they  are far  more practical for those who are  limited in budgets, not to mention their much better usability in comparison with both Ledger or Trezor.