Pages:
Author

Topic: Request for comments: Developing guide for very high-security bitcoin storage - page 2. (Read 2456 times)

staff
Activity: 3458
Merit: 6793
Just writing some code
I have left several comments on the document.



That may or may not be true. I don't think anyone securely inspected their chips for bugs or backdoors.
Even if the chips allowed something to leak through USB, there still needs to be firmware that controls the chip so that it does do that. IIRC the firmware to most hardware wallets is open source and publicly available (it is for Trezor at least).

But that is not what I was referring too, I was referring to power analysis attack. Since the wallet is powered through the USB port, it would be trivial to mount such an attack and decode the private keys by averaging it over many use cases, and then send out the private key through some covert channel. And since you are forced to be connected to the internet while using them, I would not call an internet connected PC secure.

https://en.wikipedia.org/wiki/Power_analysis
Power analysis attacks have been done before on Trezors: https://jochen-hoenicke.de/trezor-power-analysis/. However these can be relatively easily fixed with firmware changes.
jr. member
Activity: 32
Merit: 1

Hardware wallets are supposed to not send any private keys through the USB, and only sign things when the accept button is physically pressed, the hardware is designed to create an "air gap" between the chip and the plug. The private keys never leave the wallet.

That may or may not be true. I don't think anyone securely inspected their chips for bugs or backdoors.

But that is not what I was referring too, I was referring to power analysis attack. Since the wallet is powered through the USB port, it would be trivial to mount such an attack and decode the private keys by averaging it over many use cases, and then send out the private key through some covert channel. And since you are forced to be connected to the internet while using them, I would not call an internet connected PC secure.

https://en.wikipedia.org/wiki/Power_analysis



This links to a graph of entropy generated by coin flips as a function of the probabilities of the outcomes (bias), note that since the maximum in the graph is smooth, the loss in entropy generated by a slightly biased coin depends quadratically on the bias (a coin with bias ~0.001 should have entropy loss ~0.000001).
I assume a similar relationship holds for dice, but the 5-dimentional bias space is quite hard to visualize, 36 dice rolls (~93 bits) are just about enough for secure BIP38 encryption (use at least 50 for algorithms without key stretching).

Interesting, so are you saying that even a bad dice can generate random numbers, it's just that it loses entropy value.

How can you estimate the entropy of a dice? Assuming that it's not optimal. (2.5849625007)
full member
Activity: 224
Merit: 117
▲ Portable backup power source for mining.
- I agree on the Hardware wallets. The USB port is a joke. Atleast they should be able to have an option to send data over a QR code through an old 2$ webcam, instead of must plug into a PC. You can then dispose of the webcam after using it, if you are paranoid.
Hardware wallets are supposed to not send any private keys through the USB, and only sign things when the accept button is physically pressed, the hardware is designed to create an "air gap" between the chip and the plug. The private keys never leave the wallet.
I am more interested in the dice approach. Can't you technically overcome the dice bias by having more throws (add more entropy)?
https://commons.wikimedia.org/wiki/File:Binary_entropy_plot.svg
This links to a graph of entropy generated by coin flips as a function of the probabilities of the outcomes (bias), note that since the maximum in the graph is smooth, the loss in entropy generated by a slightly biased coin depends quadratically on the bias (a coin with bias ~0.001 should have entropy loss ~0.000001).
I assume a similar relationship holds for dice, but the 5-dimentional bias space is quite hard to visualize, 36 dice rolls (~93 bits) are just about enough for secure BIP38 encryption (use at least 50 for algorithms without key stretching).
jr. member
Activity: 32
Merit: 1
- Read the document, it's good for average users, but it is not the ultimate security. What if the USB stick has hidden malware on it? Can you trust the USB manufacturer? Certainly not.

- I agree on the Hardware wallets. The USB port is a joke. Atleast they should be able to have an option to send data over a QR code through an old 2$ webcam, instead of must plug into a PC. You can then dispose of the webcam after using it, if you are paranoid.


I am more interested in the dice approach. Can't you technically overcome the dice bias by having more throws (add more entropy)?

Instead of generating a 160 bit number, what if you generate an 600 bit number, wouldn't that overcome the bias? I am interested if cryptographic experts would have an answer to that. Thank you.
newbie
Activity: 6
Merit: 1
Secure cold storage of bitcoins is difficult, and near-impossible for an amateur.  We are solving this problem and would like community feedback on our approach.

We attempted to follow the consensus advice for creating secure bitcoin storage - setting up multi-sig paper wallets using air-gapped computers. To our surprise, this common advice was difficult to follow. There were a confusing variety of tools to choose from at each step, most of which weren’t built around this use case.

We were also surprised to discover there were no good tutorials for navigating this process, despite Bitcoin being several years old.  This should not be a gap in the Bitcoin ecosystem in 2016!

We are solving this problem by creating an open source, step-by-step guide that removes all confusion from the process of creating secure cold storage.

As a first step, we’ve written a design document detailing the technical decisions we have made so far. This is not the step-by-step guide, but a summary that we have put together for more efficient critique. Please give us your most severe criticism.

The link is below. Please leave comments here or in the document itself.
https://docs.google.com/document/d/1sYK1aFubfQqj5B_5r0K4piNfYtQrSYqOU70A78DA1xs/edit#
Pages:
Jump to: