USB port blocker - page 2. | Bitcointalksearch.org

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: DaveF on September 23, 2023, 08:53:36 AM

And this also brings home the point of why you should be using VeraCrypt or something similar https://www.veracrypt.fr/en/Home.html
Take my PC, remove the drive, you are still not getting anything out of it.

Some Linux distro even let you encrypt the disk during installation process which is far more simple than configuring VeraCrypt or LUKS post installation.

Quote from: NeuroticFish on September 24, 2023, 03:32:34 AM

Boot from an USB stick with Tails OS. Electrum is there and persistence is off. Yes, one will have to enter the 12-24 words every time, not such a big hassle imho (of course, as said, this is not for safeguarding 10$). It doesn't know what's your WiFi so it cannot connect online.
The seed can be stored easily and safely in so many ways it just depends on each and everyone's imagination.

That's valid option. Although depending on your device, you may face known issue (https://tails.net/support/known_issues/index.en.html) which is tricky to deal with. And as @LoyceMobile said, outdated Electrum could be problematic on few cases. Although these days we have PSBT which cut-off many incompatibility problem.

LoyceMobile

hero member

Activity: 1659

Merit: 687

LoyceV on the road. Or couch.

Quote from: NeuroticFish on September 24, 2023, 03:32:34 AM

One can steal your computer and will find only the watch only wallet. One can steal the live OS stick and also find nothing. And it's also cheap, since one doesn't necessarily need another computer for this.

The back and forth copying of unsigned and signed transactions is cumbersome though, especially if you make a mistake (for instance with fees, or use an incompatible version of Electrum), and have to reboot a few times. I'm speaking from experience.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

I like a lot the simple solutions proposed here, from gluing to VeraCrypt.
However, there's one more option people tend to underestimate. And imho it's cheap and very easy, especially nowadays when computers tend to no longer be connected to UTP cables (if you use permanent connection via cable, just skip this post).

Boot from an USB stick with Tails OS. Electrum is there and persistence is off. Yes, one will have to enter the 12-24 words every time, not such a big hassle imho (of course, as said, this is not for safeguarding 10$). It doesn't know what's your WiFi so it cannot connect online.
The seed can be stored easily and safely in so many ways it just depends on each and everyone's imagination.

One can steal your computer and will find only the watch only wallet. One can steal the live OS stick and also find nothing. And it's also cheap, since one doesn't necessarily need another computer for this.

Of course, if one wants and can use a separate computer as cold storage, probably VeraCrypt beats this.

philipma1957

legendary

Activity: 4326

Merit: 8899

'The right to privacy matters'

Quote from: DaveF on September 23, 2023, 08:53:36 AM

And this also brings home the point of why you should be using VeraCrypt or something similar https://www.veracrypt.fr/en/Home.html
Take my PC, remove the drive, you are still not getting anything out of it.

Use whatever metaphor you want be belt and suspenders, screw and glue, whatever. BIOS boot password, drive encryption password, OS encryption password.
But, once again only if its really worth it. Don't spend $200 of time to protect $50 of crypto.

-Dave

Yeah if you have value say 2 btc it is worth being on its own pc backed up with seeds yada yada yada. and you only use that pc for 1 thing your btc wallet.

and have say 0.1 btc and some shit coins on a less secure setup of pc+phone+exchange.

Back in the day in New York City the 1970's.

I used to carry:
a wallet with some cash say 20-35 bucks
a money clip with more cash say 80-120 bucks
a hidden pocket with more cash say 300 to 400 bucks

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

And this also brings home the point of why you should be using VeraCrypt or something similar https://www.veracrypt.fr/en/Home.html
Take my PC, remove the drive, you are still not getting anything out of it.

Use whatever metaphor you want be belt and suspenders, screw and glue, whatever. BIOS boot password, drive encryption password, OS encryption password.
But, once again only if its really worth it. Don't spend $200 of time to protect $50 of crypto.

-Dave

m2017

legendary

Activity: 1792

Merit: 1296

Crypto Casino and Sportsbook

Quote from: DubemIfedigbo001 on September 22, 2023, 11:11:06 AM

~snip
BIOS settings can be reset by removing the CMOS battery, then plugging the PC. A better way is even replacing the BIOS chip with a spare from a similar Board. it only takes few minutes to execute. you just pray and believe you're not a target cos there are many ways to breach the assumed security.

Trick with removing the CMOS battery doesn't always work.
You are not proposing the simplest solution to replacing the BIOS chip. This process will probably take more than 5 minutes, because you will need to gain access to the board with the chip. For example, on laptops. Sometimes may need to go through nine circles of hell to get to the motherboard without damaging anything.

Here you can add a solution with flashing the BIOS using a programmer, instead of replacing a BIOS chip of an identical model from the exact same motherboard (which still needs to be found).

In general, your message is correct - you should not rely entirely on a password-protected BIOS to block the USB. You can always find a solution to get around this (any) obstacle. It's just a matter of resources spent.

DubemIfedigbo001

sr. member

Activity: 490

Merit: 346

Let love lead

Quote from: DaveF on September 21, 2023, 08:17:50 AM

Waste of money.

1) For a desktop PC all you have to do is pop the top and add in a USB card.
2) They are still plastic, with time and effort you can pull one out.
3) For the determined person it's get laptop, take off cover, un-solder the port (only 4 wires on USB 2) and solder in a new one. But at that point you might as well just pull the drive out

Most if not all PCs can disable the USB ports in BIOS and you can also set a BIOS password so that cannot be changed without the password.

-Dave

well said, an experienced engineer will just loose the computer system, remove the hard drive, use original operating system if its windows10 and attempt repairing the OS, then using command prompt to bypass the password and gain access to the information on the hard drive and the rest is history. Even if you used an application to protect your wallet, it will just be uninstalled, and the rest is history. your computer and the airgap will be there for you unharmed, but your coins are gone.

In conclusion, this approach suggested by OP is just a total waste of money.

Quote from: DaveF on September 21, 2023, 08:17:50 AM

Most if not all PCs can disable the USB ports in BIOS and you can also set a BIOS password so that cannot be changed without the password.

BIOS settings can be reset by removing the CMOS battery, then plugging the PC. A better way is even replacing the BIOS chip with a spare from a similar Board. it only takes few minutes to execute. you just pray and believe you're not a target cos there are many ways to breach the assumed security.

philipma1957

legendary

Activity: 4326

Merit: 8899

'The right to privacy matters'

Quote from: Kryptowerk on September 22, 2023, 10:05:04 AM

Quote from: DaveF on September 21, 2023, 08:17:50 AM

Waste of money.

1) For a desktop PC all you have to do is pop the top and add in a USB card.
2) They are still plastic, with time and effort you can pull one out.
3) For the determined person it's get laptop, take off cover, un-solder the port (only 4 wires on USB 2) and solder in a new one. But at that point you might as well just pull the drive out

Most if not all PCs can disable the USB ports in BIOS and you can also set a BIOS password so that cannot be changed without the password.

-Dave

Correct me if I'm wrong, but isn't the easiest way to reset a BIOS password still to just remove the mainboard battery? Or was that only possible 20 years ago and things have changed? not up to date, but most likely BIOS pws are still quite easy to circumvent I would guess.

A lot depends on the pc case and how well it is secured.

A usb lock you paid for and stuck in a case can pretty much be pulled out with a pliers in about 1 minute.

It is visible and easy to attack it with this

https://www.amazon.com/Wiha-32623-Bent-Pliers-Cutters/dp/B000T9XU8Q/ref=sr_1_23?

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: Kryptowerk on September 22, 2023, 10:05:04 AM

Quote from: DaveF on September 21, 2023, 08:17:50 AM

Waste of money.

1) For a desktop PC all you have to do is pop the top and add in a USB card.
2) They are still plastic, with time and effort you can pull one out.
3) For the determined person it's get laptop, take off cover, un-solder the port (only 4 wires on USB 2) and solder in a new one. But at that point you might as well just pull the drive out

Most if not all PCs can disable the USB ports in BIOS and you can also set a BIOS password so that cannot be changed without the password.

-Dave

Correct me if I'm wrong, but isn't the easiest way to reset a BIOS password still to just remove the mainboard battery? Or was that only possible 20 years ago and things have changed? not up to date, but most likely BIOS pws are still quite easy to circumvent I would guess.

Depends on the machine. Older ones yes, newer ones no.

With the next being said, if you are doing that then you have to power down and reboot the machine. At which point when it reboots.
If you had your drive encrypted then they can't get to it now anyway.
And, if you didn't have it encrypted. Then they powered down your machine and got the battery....they can just take your drive.

Quote from: LoyceMobile on September 22, 2023, 10:29:56 AM

Any half decent BIOS password can't be reset (anymore) by removing the battery.

Keep in mind most of these are going to be on older machines so we are not taking 2023, but 2016....

-Dave

LoyceMobile

hero member

Activity: 1659

Merit: 687

LoyceV on the road. Or couch.

Quote from: Kryptowerk on September 22, 2023, 10:05:04 AM

]Correct me if I'm wrong, but isn't the easiest way to reset a BIOS password still to just remove the mainboard battery? Or was that only possible 20 years ago and things have changed? not up to date, but most likely BIOS pws are still quite easy to circumvent I would guess.

Any half decent BIOS password can't be reset (anymore) by removing the battery.

Kryptowerk

legendary

Activity: 2114

Merit: 1403

Disobey.

Quote from: DaveF on September 21, 2023, 08:17:50 AM

Waste of money.

1) For a desktop PC all you have to do is pop the top and add in a USB card.
2) They are still plastic, with time and effort you can pull one out.
3) For the determined person it's get laptop, take off cover, un-solder the port (only 4 wires on USB 2) and solder in a new one. But at that point you might as well just pull the drive out

Most if not all PCs can disable the USB ports in BIOS and you can also set a BIOS password so that cannot be changed without the password.

-Dave

Correct me if I'm wrong, but isn't the easiest way to reset a BIOS password still to just remove the mainboard battery? Or was that only possible 20 years ago and things have changed? not up to date, but most likely BIOS pws are still quite easy to circumvent I would guess.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: _act_ on September 22, 2023, 05:17:14 AM

Quote from: ?? on ??

I think he refer to either,
1. Transaction with many inputs.

If a transaction is containing many inputs, the transaction virtual size can be high but the signature is just one. Or is that wrong? Or is the high size of the transaction that result to the issue?

With P2PK, P2PKH, P2SH-P2WPKH and P2WPKH, 1 input always require 1 signature. But on P2TR and depending on spend condition, you could utilize signature aggregation where many inputs only require 1 (aggregated) signature.

Quote from: _act_ on September 22, 2023, 05:17:14 AM

Quote from: ?? on ??

2. Transaction which spend input which require to reveal long script or contain many signatures.

Did you mean transactions that are broadcasted using a multisig wallet? If it is multisig, I do not use it as a multisig but as a single signature wallet.

Multisig is just one of the example. Anyway, since the original concern is about size of PSBT, you could just check example on BIP 174[1] to see how long PSBT data could be.

[1] https://github.com/bitcoin/bips/blob/master/bip-0174.mediawiki#user-content-Test_Vectors

LoyceMobile

hero member

Activity: 1659

Merit: 687

LoyceV on the road. Or couch.

If you're worried about physical access to your hardware: use glue! Second hand laptops are cheap enough to be expendable. Fill the ports, glue the memory, glue the lid, make it a lot of work to open it without turning it off.

As paranoid as I am, even I haven't done this. Yet.

_act_

legendary

Activity: 1064

Merit: 1298

Lightning network is good with small amount of BTC

Quote from: ?? on ??

I think he refer to either,
1. Transaction with many inputs.

If a transaction is containing many inputs, the transaction virtual size can be high but the signature is just one. Or is that wrong? Or is the high size of the transaction that result to the issue?

Quote from: ?? on ??

2. Transaction which spend input which require to reveal long script or contain many signatures.

Did you mean transactions that are broadcasted using a multisig wallet? If it is multisig, I do not use it as a multisig but as a single signature wallet.

_act_

legendary

Activity: 1064

Merit: 1298

Lightning network is good with small amount of BTC

Quote from: hugeblack on September 21, 2023, 09:14:46 AM

This is the best method, but I prefer to have a port for an SD card or even a USB. Sometimes, there is a need to transfer PSBT files, or there are large signatures for which a QR code cannot be created due to the lack of enough space.

This is the first time I am hearing about this because QR code has not failed me before. What do you mean by large signature?

Quote from: hugeblack on September 21, 2023, 09:14:46 AM

Hardware wallets feature a secure element, so instead of spending money on a locked USB port, purchasing a hardware wallet with a secure element and creating a multi-signature wallet will greatly enhance the security of your coins.

I did not know that I can be able to lock and unlock the USB board using password on the laptop, it would be best for what I am looking for. When I have old laptop, I do not see a reason I should get a laptop. I may buy hardware wallet.

Quote from: virasog on September 21, 2023, 10:41:05 AM

Apart from this, the USB ports can be disabled in the computer too through "Device Manager" if you are using the Windows Version.

I saw it under universal serial bus controller which can be found under device manager.

virasog

legendary

Activity: 3136

Merit: 1172

Leading Crypto Sports Betting & Casino Platform

Quote from: _act_ on September 21, 2023, 07:43:51 AM

Is it worth buying?

Not really, it will just add an extra cost while the same can be protected through free methods.

First of all, your airgapped device should be password protected. Since no one can access that device without the password, no one can use the USB on that device and you yourself won't use it too. Spending money on buying the USB port blocker is not worth it.

Quote from: DaveF on September 21, 2023, 08:17:50 AM

Most if not all PCs can disable the USB ports in BIOS and you can also set a BIOS password so that cannot be changed without the password.

Apart from this, the USB ports can be disabled in the computer too through "Device Manager" if you are using the Windows Version.

hugeblack

legendary

Activity: 2702

Merit: 4002

Quote from: DaveF on September 21, 2023, 08:17:50 AM

Most if not all PCs can disable the USB ports in BIOS and you can also set a BIOS password so that cannot be changed without the password.

This is the best method, but I prefer to have a port for an SD card or even a USB. Sometimes, there is a need to transfer PSBT files, or there are large signatures for which a QR code cannot be created due to the lack of enough space.

Hardware wallets feature a secure element, so instead of spending money on a locked USB port, purchasing a hardware wallet with a secure element and creating a multi-signature wallet will greatly enhance the security of your coins.

philipma1957

legendary

Activity: 4326

Merit: 8899

'The right to privacy matters'

Quote from: DaveF on September 21, 2023, 08:17:50 AM

Waste of money.

1) For a desktop PC all you have to do is pop the top and add in a USB card.
2) They are still plastic, with time and effort you can pull one out.
3) For the determined person it's get laptop, take off cover, un-solder the port (only 4 wires on USB 2) and solder in a new one. But at that point you might as well just pull the drive out

Most if not all PCs can disable the USB ports in BIOS and you can also set a BIOS password so that cannot be changed without the password.

-Dave

yeah bios and password lock would be best way and cost is zero.

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Waste of money.

1) For a desktop PC all you have to do is pop the top and add in a USB card.
2) They are still plastic, with time and effort you can pull one out.
3) For the determined person it's get laptop, take off cover, un-solder the port (only 4 wires on USB 2) and solder in a new one. But at that point you might as well just pull the drive out

Most if not all PCs can disable the USB ports in BIOS and you can also set a BIOS password so that cannot be changed without the password.

-Dave

_act_

legendary

Activity: 1064

Merit: 1298

Lightning network is good with small amount of BTC

One of the safest method of having a secure wallet is the use of airgapped devices. If an airgapped device has camera, all needed is the use of QR code and the camera for the transfer of PSBT and signed transactions and nothing more than that. Which means after the device OS has been installed again and the wallet has been created on the airgapped device, the device does not need to connect to the internet or other devices again. If the Bluetooth and WiFi card have be removed, what about the USB port?

I found out online that USB port locker can be used. I saw these two videos on YouTube:

https://youtu.be/q1L3lCDVZUg?si=mLgi0uYnk6MHdI-s
https://youtu.be/BEtOV7RVK6s?si=vEUt2D9GbDbBOnGf

If this USB port locker is bought and used to lock the USB ports, is it like the house door keys that if another locker is used with the locked USB Port, the port will not be unlocked until the right one used to lock it will be the only one that can unlock it? Or are there ways attack can be able to remove the locker in a way the USB port will not be damaged?

Or is it just a waste of time in a way that the locked USB port can be removed and replaced by new one?

Is it worth buying?

Topic: USB port blocker - page 2. (Read 534 times)