You also could use your soundcard: https://bitcointalksearch.org/topic/tx-signing-via-minimodem-735111
Very clever.
Topic: USB key security. (Read 686 times)
Very clever.
You also could use your soundcard: https://bitcointalksearch.org/topic/tx-signing-via-minimodem-735111
Thanks for that guys, some good advice there. Both of those sound like interesting options.
My advice would be not to use USB flash drives at all, and instead use CD-ROMs to transfer transactions for signing between cold storage and broadcast machines. Take an image file of the CD with the un-signed tx burned to it, hash it, then compare the corresponding image hash on an/the trustworthy offline machine before signing the transaction. The USB protocol has several attack vectors when used as a flash storage device, so it's not worth trusting it with a large amount of money.
Quote
USB devices can't sign. What you do is have a watching only wallet on an online computer. Use that to create an unsigned transaction. Copy the unsigned transaction to your usb drive. Take that to your offline signing machine which has the private keys. Sign the unsigned transaction from the usb drive and copy the signed transaction to the usb drive. Then go back to the online computer and broadcast the signed transaction.
I am no expert on malware/viruses/key loggers, but it would seem to me that this is the only practical risk when using digital media that might expose private keys. I seem to remember reading something on the armory site saying this was a remote risk, but a risk never the less?
There is a way to mitigate that though. Another project: https://bitcointalksearch.org/topic/ann-ciyam-safe-offline-txs-using-qr-codes-for-comms-134833 exists where you can actually transfer the necessary data using webcams and QR codes. It encodes the transaction in a qr code and the offline computer uses a webcam to read the qr code from the screen of the online computer to get the unsigned transaction. Then the reverse happens with the signed transaction. I don't think it works with Armory though.
Quote
Trezor is a hardware wallet and completely separate from cold storage and air gapping.
I know, but I was wondering, if you had a multisig cold storage with one of those signers on the trezor device you would get the benefit of effective multi-device/multi-sig? i.e. someone would need both the cold storage machine and the trezor device to sign, and the above leakage risk would be mitigated.
Quote
USB devices can't sign. What you do is have a watching only wallet on an online computer. Use that to create an unsigned transaction. Copy the unsigned transaction to your usb drive. Take that to your offline signing machine which has the private keys. Sign the unsigned transaction from the usb drive and copy the signed transaction to the usb drive. Then go back to the online computer and broadcast the signed transaction.
I am no expert on malware/viruses/key loggers, but it would seem to me that this is the only practical risk when using digital media that might expose private keys. I seem to remember reading something on the armory site saying this was a remote risk, but a risk never the less?
Quote
Trezor is a hardware wallet and completely separate from cold storage and air gapping.
I know, but I was wondering, if you had a multisig cold storage with one of those signers on the trezor device you would get the benefit of effective multi-device/multi-sig? i.e. someone would need both the cold storage machine and the trezor device to sign, and the above leakage risk would be mitigated.
Your question is hard to understand.
With cold storage/airgaps, this seems like the only real attack vector beside physical of course.
What is "this"?Does anyone have any best practice advice on how not to leak private keys, through signing via a usb device.
USB devices can't sign. What you do is have a watching only wallet on an online computer. Use that to create an unsigned transaction. Copy the unsigned transaction to your usb drive. Take that to your offline signing machine which has the private keys. Sign the unsigned transaction from the usb drive and copy the signed transaction to the usb drive. Then go back to the online computer and broadcast the signed transaction.Would this be something that eventual Trezor support could help with? I suspect not unless you could set up multisig with one part on the Trezor device?
Trezor is a hardware wallet and completely separate from cold storage and air gapping.
Hi Guys.
With cold storage/airgaps, this seems like the only real attack vector beside physical of course.
Does anyone have any best practice advice on how not to leak private keys, through signing via a usb device.
Would this be something that eventual Trezor support could help with? I suspect not unless you could set up multisig with one part on the Trezor device?
With cold storage/airgaps, this seems like the only real attack vector beside physical of course.
Does anyone have any best practice advice on how not to leak private keys, through signing via a usb device.
Would this be something that eventual Trezor support could help with? I suspect not unless you could set up multisig with one part on the Trezor device?
Jump to: