Bitcoin Forum

Bitcoin => Bitcoin Discussion => Topic started by: Mia Chloe on September 18, 2023, 10:42:08 AM



Title: Does this still count?
Post by: Mia Chloe on September 18, 2023, 10:42:08 AM
Of course one of the most important things to understand as a newbie in the crypto space is how to secure your digital assets. Therefore I decided to give air gapping a try In other to understand air gapping I tried air gapping an old windows PC today  since I didn't know a lot of technical stuff about the internal components of the computer I decided to uninstall all network drivers on the computer I tried doing this from my windows control panel.
Will this still count as an air gapped device or do I still have to remove the hard ware  networking components from the PC board?
And will it be possible for an hacker to install those drivers remotely?


Title: Re: Does this still count?
Post by: ABCbits on September 18, 2023, 11:04:57 AM
Of course one of the most important things to understand as a newbie in the crypto space is how to secure your digital assets. Therefore I decided to give air gapping a try In other to understand air gapping I tried air gapping an old windows PC today  since I didn't know a lot of technical stuff about the internal components of the computer I decided to uninstall all network drivers on the computer I tried doing this from my windows control panel.
Will this still count as an air gapped device or do I still have to remove the hard ware  networking components from the PC board?

Since you said "old windows PC", does that mean the current OS has been installed long time ago and already connected to internet many times? If yes, people usually don't count it as airgapped PC. At least, you should format the storage, reinstall the OS and install other necessary software (such as wallet software) and never connect to internet again. And it's recommended to remove networking component if it's possible.

And will it be possible for an hacker to install those drivers remotely?

No, in first place the hacker must connected to your PC.


Title: Re: Does this still count?
Post by: Mikky.Crypto on September 18, 2023, 11:17:53 AM
Air gapping is a good move, but uninstalling network drivers alone won't cut it. You've got to physically remove the hardware components for a true air-gapped setup. And yeah, hackers can't install drivers remotely if there's no hardware to work with.


Title: Re: Does this still count?
Post by: BlackBoss_ on September 18, 2023, 11:42:13 AM
[Guide] Secure air-gapped crypto wallet storage method (https://bitcointalk.org/index.php?topic=2828437.0)
How to setup a Bitcoin Air-Gap Computer? (https://airgapcomputer.com/)
Many DON'T you should know to set up a Bitcoin air-gap computer, read above please.

You can set up a cold storage with Electrum wallet.
Cold storage (https://electrum.readthedocs.io/en/latest/coldstorage.html#coldstorage)
Creating a cold storage wallet in Electrum (https://bitcoinelectrum.com/creating-a-cold-storage-wallet-in-electrum/)


Title: Re: Does this still count?
Post by: Mia Chloe on September 18, 2023, 11:44:50 AM
Quote
At least, you should format the storage, reinstall the OS and install other necessary software (such as wallet software) and never connect to internet again
Alright I will uninstall the windows software and re install it now.
Quote
And it's recommended to remove networking component if it's possible.
This I may not do yet since I currently don't have Bitcoin hodlings But I will later on when I have some hodlings to use on the hard wallet.


Title: Re: Does this still count?
Post by: michellee on September 18, 2023, 11:47:22 AM
There's no need to be that paranoid @OP. You simply secure your digital assets in a place that only you know. You can buy a hardware wallet that is widely sold or use your old computer and install the asset wallet on that computer. And don't connect that computer to the internet.

You can uninstall the OS on your computer and install it with a new one, and not connect it to the internet or intranet network. It will keep your computer safe from any hacking.

You may also need to remove any hardware network components on your PC board. But it's not easy because some PC boards are integrated with hardware networking components so you need to look for a PC board that really doesn't have them. Hackers need a gap to enter and plant a backdoor into your computer. And if your computer is not connected to the internet, hackers cannot get into your computer.

If you install a crypto wallet on your old computer, just use easy methods so that hackers will never guess that you only used the easiest method to secure your digital wallet.


Title: Re: Does this still count?
Post by: AbuBhakar on September 18, 2023, 11:54:54 AM
Will this still count as an air gapped device or do I still have to remove the hard ware  networking components from the PC board?
And will it be possible for an hacker to install those drivers remotely?

This count as air gapped device but why not just invest on a hardwaware that is 100% air gapped like Keystone and Elipal instead of relying on an old PC that has the tendency of being not functional in future? You will need to import your seed phrase once your computer broke so why not invest earlier on much reliable air gapped wallet.

You can use this website https://wallets.thebitcoinhole.com/ to check hardware wallet specs comparison to easily decide what to buy.


Title: Re: Does this still count?
Post by: Charles-Tim on September 18, 2023, 12:13:04 PM
This count as air gapped device but why not just invest on a hardwaware that is 100% air gapped like Keystone and Elipal instead of relying on an old PC that has the tendency of being not functional in future? You will need to import your seed phrase once your computer broke so why not invest earlier on much reliable air gapped wallet.
If you buy a hardware wallet, there is also tendency that the wallet can be damaged at anytime. He has an old computer that is not useful, I do not see anything bad if he makes it useful by turning it to an airgapped device and install a bitcoin wallet on it.


Title: Re: Does this still count?
Post by: Yamane_Keto on September 18, 2023, 01:09:18 PM
Quote
At least, you should format the storage, reinstall the OS and install other necessary software (such as wallet software) and never connect to internet again
Alright I will uninstall the windows software and re install it now.
Quote
And it's recommended to remove networking component if it's possible.
This I may not do yet since I currently don't have Bitcoin hodlings But I will later on when I have some hodlings to use on the hard wallet.
You did not mention the version of Windows that you are using, but since you describe your device as old, I assume that it is Windows 7. Reinstalling the versions of Windows here may not solve the problem, as there may be vulnerabilities that allow access to your device. You can work with any open source operating system or tails that do not require much experience.

It will only work with Bitcoin/Ethereum/Ethereum based tokens, but if you are planning to airgapped more altcoins, I think it is better to buy a hardware wallet.


Title: Re: Does this still count?
Post by: franky1 on September 18, 2023, 01:28:15 PM
Since you said "old windows PC", does that mean the current OS has been installed long time ago and already connected to internet many times? If yes, people usually don't count it as airgapped PC. At least, you should format the storage, reinstall the OS and install other necessary software (such as wallet software) and never connect to internet again. And it's recommended to remove networking component if it's possible.

And will it be possible for an hacker to install those drivers remotely?

No, in first place the hacker must connected to your PC.

the victim could have downloaded a dodgy wallet.. (meaning no need for hacker to connect) before the victim removed network card/drivers.

whereby the dodgy wallet signs transactions but to a known set of a scammers addresses. so when the victim transfers the signed tx in hex/byte format. the victim wont know the receiver address is the scammer. and the scammer didnt need to connect to the victim

tip: only use open source, verified, clean tx creators.


Title: Re: Does this still count?
Post by: o_e_l_e_o on September 18, 2023, 01:38:10 PM
Alright I will uninstall the windows software and re install it now.
Even better - install a good Linux distro which will be more secure and more private than any Windows system (as well as being open source). You might also find that lots of modern wallet software won't run properly on old versions of Windows.

This count as air gapped device but why not just invest on a hardwaware that is 100% air gapped like Keystone and Elipal instead of relying on an old PC that has the tendency of being not functional in future?
Why would an old PC not be functional? I have computers which are 20+ years old and still run just fine, whereas you can find reports of hardware wallets having their screens die after just a few years.


Title: Re: Does this still count?
Post by: Furious 7 on September 18, 2023, 01:43:47 PM
And will it be possible for an hacker to install those drivers remotely?
As long as the hackers don't have access to your computer, the things that you are overly concerned about like installing drivers or something like that won't happen because they also have to have initial access in order to be free with our computer so when we don't do anything that threatens our computer then I don't think it will be a problem.

Actually the steps you take are very good, but I agree with some people in this case we don't need to be too paranoid. because in the end the worries we do actually make us careless.
Just do what you have to do, like securing your wallet, securing your seeds and never store anything valuable like seeds on a PC or in the cloud which is vulnerable to hacking.
Being cautious is important because anticipation is much better but don't be too worried about what you're doing because paranoia can make us more stupid and make us easily infiltrated by hackers.


Title: Re: Does this still count?
Post by: BlackHatCoiner on September 18, 2023, 01:57:42 PM
I would be more concerned about using Windows if I were you. Sure, removing everything that's going to connect your computer to any network is critical, but it's even more concerning to use closed-source OS that is known to having the most vulnerabilities: https://www.beyondtrust.com/blog/entry/microsoft-vulnerabilities-report

Installing a Live OS like Tails would be preferable.

the victim could have downloaded a dodgy wallet..
You should obviously only install peer-reviewed, tested wallet software, and verify their binaries.


Title: Re: Does this still count?
Post by: SamReomo on September 18, 2023, 01:58:04 PM
Will this still count as an air gapped device or do I still have to remove the hard ware  networking components from the PC board?
And will it be possible for an hacker to install those drivers remotely?

I would not consider it as 100% air gapped device because only removing of networking components may not be sufficient. You might have an hidden malware in your system that you aren't aware of and that could be something troublesome. If you really want your device to be 100% air gapped then surely you'll need to format the drives and install a new operating system into it because sometimes networking components aren't disabled from bios settings and the hardware is also present in that system and due to a wrong step it can still connect to internet. I would suggest you to install a Linux based operating system instead of Windows OS because Linux is much secure and completely open-source. You should also learn about networking hardware of your system and if it's detachable then you should completely remove it from your system. You should never ever use any wifi internet dongle on that device.


And will it be possible for an hacker to install those drivers remotely?

The hackers won't be able to install the drivers remotely if they aren't close to your device but if the device has Bluetooth connectivity and the hacker is in close distance from your device then in theory that person may be able to connect to your device and install those drivers remotely. However, you really don't have to be worried about that thing if your pc doesn't have any Bluetooth connectivity built into it.



Alright I will uninstall the windows software and re install it now.
Even better - install a good Linux distro which will be more secure and more private than any Windows system (as well as being open source). You might also find that lots of modern wallet software won't run properly on old versions of Windows.

That's what I was going to say. Another good thing about Linux distros is that they are light weight and can be installed on any system even with low ram. I personally used Lubuntu on my low end desktop and it was pretty good in performance. The Linux is much safer than Windows OS especially from that decade old Windows OS's. The best thing about Linux distros is that they have support for each wallet and whatever is open-source can be compiled for it and it will work flawlessly.

This count as air gapped device but why not just invest on a hardwaware that is 100% air gapped like Keystone and Elipal instead of relying on an old PC that has the tendency of being not functional in future?
Why would an old PC not be functional? I have computers which are 20+ years old and still run just fine, whereas you can find reports of hardware wallets having their screens die after just a few years.

I'm not a fan of hardware wallets because they aren't necessary for the ones who are technically good. I agree with you the old PC's won't have any issue as long as they are running a Linux distro and they really aren't that bad for wallets but yes the user must have to be careful about the hard drives as they are mechanical in nature and can stop working anytime. An old pc with SATA SSD would work like a charm as an air gapped device, and the users don't really need to update that pc whatsoever.



Title: Re: Does this still count?
Post by: Faisal2202 on September 18, 2023, 02:36:10 PM
Air gap device should not be connected to the outer world, I don't think you have to actually uninstall the drivers but simply you have to disconnect all the ports that could be used to connect your PC to the outer world, and I prefer to not to use windows OS use Ubuntu (Linux) OS for such purposes. I never made an air-gapped device in my life but in my recent time here I have heard a lot about it and just to clear things up for you I'm not an expert but sharing the slightest knowledge I have.

You should not connect your device to the internet and will not even connect any external device with your PC (peripheral device). That's what most people advise.

The point is, why did you want to make your old computer air-gapped, I mean if you think you can make it air-gapped and can use it for wallet purposes and think that for making transactions you can connect it to the Internet for a short time and it will still be count as air-gapped. But no it will not count as air gapped. I know your question is not this but I'm adding useful knowledge for you so you can get familiar with the possibilities and mistakes that people make. Here is a useful topic that you should read for air gaping devices:
If you have an old personal computer, you format it and reinstall the operating system. You remove the WiFi card and the Bluetooth. You have made it airgapped already.

You should start reading it from the start.

PS: I think this topic belongs to the Beginners and Help section.


Title: Re: Does this still count?
Post by: bhadz on September 18, 2023, 03:12:28 PM
instead of relying on an old PC that has the tendency of being not functional in future?
IMHO, they're even more perfect to use when they're older since most of the potential threats are even trying to cope up with updated systems although the older once have the tendency to malfunction and becomes more of a target. This is common for most computers and based on how you use it. And if it's your personal computer and you know the history of it and it's still working flawlessly, that shouldn't be a problem.


Title: Re: Does this still count?
Post by: Ucy on September 18, 2023, 03:50:45 PM
Of course one of the most important things to understand as a newbie in the crypto space is how to secure your digital assets. Therefore I decided to give air gapping a try In other to understand air gapping I tried air gapping an old windows PC today  since I didn't know a lot of technical stuff about the internal components of the computer I decided to uninstall all network drivers on the computer I tried doing this from my windows control panel.
Will this still count as an air gapped device or do I still have to remove the hard ware  networking components from the PC board?
And will it be possible for an hacker to install those drivers remotely?

That could count as an air-gapped device if your aim is to disable anything that makes it possible to communicate wirelessly especially with the internet, but you can't be sure what is going on behind your back though since the hardware and software are trade secret and closed source. However it's better than openening it up to the world yourself. If somehow it gets hacked after a thorough airgapping you could narrow things down to the manufacturer and software makers. But I doubt they would go that route if they know you are knowledgeable in stuff like that as it would  expose what their device and software are capable of doing secretly after thoroughly airgapping it.


Title: Re: Does this still count?
Post by: GbitG on September 18, 2023, 03:51:16 PM
Of course one of the most important things to understand as a newbie in the crypto space is how to secure your digital assets. Therefore I decided to give air gapping a try In other to understand air gapping I tried air gapping an old Windows PC today since I didn't know a lot of technical stuff about the internal components of the computer I decided to uninstall all network drivers on the computer I tried doing this from my windows control panel.
Will this still count as an air-gapped device or do I still have to remove the hardware networking components from the PC board?
And will it be possible for a hacker to install those drivers remotely?
Yes, if you disconnect your PC from the outer world then it will become air-gapped. According to the definition of an air gap device, it should not be connected to the outer world, directly or indirectly. So, you have to make that PC air-gapped but if you were using the same PC while connecting it to the internet then I prefer you to uninstall this window or maybe buy a new HDD or SDD but that's not compulsory.
After that, install a new operating system. Try not to install Windows OS as it is vulnerable to scams and hacks. And I don't think the deletion of network drivers is necessary but that is a good practice to do, just in case. I am also not a technical dude who works at geekforgeeks but after learning from some tutorials you will be able to make an airgap device at home easily. But according to my knowledge, the hard part is to keep that air gap device disconnected from the outside world.


Title: Re: Does this still count?
Post by: pooya87 on September 18, 2023, 04:08:23 PM
I would be more concerned about using Windows if I were you. Sure, removing everything that's going to connect your computer to any network is critical, but it's even more concerning to use closed-source OS that is known to having the most vulnerabilities: https://www.beyondtrust.com/blog/entry/microsoft-vulnerabilities-report

Installing a Live OS like Tails would be preferable.
This. Funny seeing this topic as I just installed Windows 10 and the nightmare is fresh! My Firewall list is already filled with two dozen rules trying to manage what I allow connecting to the internet and what I don't. It's as if it's designed to be a spyware lol.


Title: Re: Does this still count?
Post by: Pmalek on September 18, 2023, 04:41:12 PM
Just do what you have to do, like securing your wallet, securing your seeds and never store anything valuable like seeds on a PC or in the cloud which is vulnerable to hacking.
A properly airgapped computer shouldn't have the hardware components to connect to the internet. So, even if you wanted to store your seed in the cloud using that machine, you wouldn't be able to. If, on the other hand, you import that seed to a hot wallet, it stops being an airgapped cold storage.

Removing connectivity hardware is also a protection against yourself. If you have had your software wallet on your airgapped device for a few years and you feel it's time for an update, you might get lazy and say it doesn't hurt to connect my computer to the internet just once to update it directly on my machine. You can do that if you have the needed hardware. But if you don't, you can't. 

Yes, if you disconnect your PC from the outer world then it will become air-gapped. According to the definition of an air gap device, it should not be connected to the outer world, directly or indirectly. So, you have to make that PC air-gapped but if you were using the same PC while connecting it to the internet then I prefer you to uninstall this window or maybe buy a new HDD or SDD but that's not compulsory.
It's not that common nowadays to find a PC that hasn't been regularly connected to the internet. Reinstalling the OS is therefore recommended regardless of how you used it in the past. The fact that you aren't going to connect a non-reformatted PC to the internet in the future isn't enough. You could have been infected with a clipboard malware, for example. It will be able to replace your copied address even without internet connection. So, don't do it. 


Title: Re: Does this still count?
Post by: m2017 on September 18, 2023, 05:15:24 PM
Of course one of the most important things to understand as a newbie in the crypto space is how to secure your digital assets. Therefore I decided to give air gapping a try In other to understand air gapping I tried air gapping an old windows PC today  since I didn't know a lot of technical stuff about the internal components of the computer I decided to uninstall all network drivers on the computer I tried doing this from my windows control panel.
Will this still count as an air gapped device or do I still have to remove the hard ware  networking components from the PC board?

Since you said "old windows PC", does that mean the current OS has been installed long time ago and already connected to internet many times? If yes, people usually don't count it as airgapped PC. At least, you should format the storage, reinstall the OS and install other necessary software (such as wallet software) and never connect to internet again. And it's recommended to remove networking component if it's possible.
What about flashing the BIOS? In theory, malicious programs from hackers could also be installed there.

Networking components are now integrated into the motherboard, unless it is a very old computer in which the network cards were external and removable. How to be in this case? The Wi-Fi module is unlikely to be integrated into the board, but can the input for the RJ-45 connector just be desoldered just in case?


Title: Re: Does this still count?
Post by: ZAINmalik75 on September 18, 2023, 05:26:32 PM
This count as air gapped device but why not just invest on a hardwaware that is 100% air gapped like Keystone and Elipal instead of relying on an old PC that has the tendency of being not functional in future? You will need to import your seed phrase once your computer broke so why not invest earlier on much reliable air gapped wallet.

You can use this website https://wallets.thebitcoinhole.com/ to check hardware wallet specs comparison to easily decide what to buy.
You gave good advice, but I think there is no need to spend money on extra devices. Because air gap devices are just not connected to the outer world, we can do that at home easily. As the OP said, he disconnected all the drivers, which to me does not matter, but he should change the OS or at least re-install it. And you said he should not use some old PC. I think having an old PC is a good thing to make an augmented device.

As there will be no wireless adapters in it, there will also be no Bluetooth, which makes it less vulnerable to the outer world, and the connectivity will be less to the outside world. The device can be used as an air-gap device or an air-gap wallet. But the hardest part is to follow the best practices so that the device remains in the airgap all the time. Because I have seen cases in which people make dumb decisions and connect their device to the internet for some time and think that their device is still airgap while it is not anymore.


Title: Re: Does this still count?
Post by: BlackHatCoiner on September 18, 2023, 05:29:50 PM
But according to my knowledge, the hard part is to keep that air gap device disconnected from the outside world.
There's nothing difficult in that part. If the device has no Wi-Fi, bluetooth, NFC antennas, USB ports etc., then it's by default unable to connect to a network of computers.

This. Funny seeing this topic as I just installed Windows 10 and the nightmare is fresh!
Windows 10 is basically the Big Brother's operating system. Security asides, the privacy policy explicitly says that they're collecting telemetry and diagnostic data by default, they're using advertising IDs to track and monetize the OS usage, some of their apps request excessive permissions (which includes personal information), and let's not forget mentioning Cortana!  :P


Title: Re: Does this still count?
Post by: Casdinyard on September 18, 2023, 05:32:52 PM
Of course one of the most important things to understand as a newbie in the crypto space is how to secure your digital assets. Therefore I decided to give air gapping a try In other to understand air gapping I tried air gapping an old windows PC today  since I didn't know a lot of technical stuff about the internal components of the computer I decided to uninstall all network drivers on the computer I tried doing this from my windows control panel.
Will this still count as an air gapped device or do I still have to remove the hard ware  networking components from the PC board?
And will it be possible for an hacker to install those drivers remotely?
If you're using an old PC with a pre-installed OS, and then just removed the network drivers, it wouldn't count as air gapping as many others have already told you. You would need to wipe the whole computer off, reinstall a new OS, and from there delete the network drivers to completely air-gap it.While I personally believe in the benefits of air-gapping, I don't think it's that much needed especially if you're careful enough with what you're doing. A bit of an overkill too cause that's a whole pc setup that you're not using for anything besides saving your cryptocurrencies which isn't really something that is cost-effective especially for newbies who are trying bitcoin out for the first time.


Title: Re: Does this still count?
Post by: ChuckBuck on September 18, 2023, 05:38:29 PM
Well, it's good to see someone taking the initiative, even if the approach might not be entirely right. Removing network drivers alone is insufficient to completely open an air gap. Real air gapping necessitates isolation outdoors. Regarding hackers, they might reinstall those drivers if they manage to get physical access or if you use any infected devices. Pro tip? Take it a step further and separate the networking component.  ::) ::)


Title: Re: Does this still count?
Post by: Aikidoka on September 18, 2023, 05:38:34 PM
Of course one of the most important things to understand as a newbie in the crypto space is how to secure your digital assets. Therefore I decided to give air gapping a try In other to understand air gapping I tried air gapping an old windows PC today  since I didn't know a lot of technical stuff about the internal components of the computer I decided to uninstall all network drivers on the computer I tried doing this from my windows control panel.
Will this still count as an air gapped device or do I still have to remove the hard ware  networking components from the PC board?
I think that's good enough. The most important thing is that your device has never been connected to the internet; then you're good to go. However, it would be even better if you physically remove your network components to ensure that your device would never connect to any network.

And will it be possible for an hacker to install those drivers remotely?
It won't be possible for a hacker to install any network drivers remotely if the PC isn't connected to any network especially if you remove your internal components from it. You'd be fully safe to go in that case.

The only way you could get hacked is if the hacker physically steals your air-gapped PC.


Title: Re: Does this still count?
Post by: o_e_l_e_o on September 19, 2023, 02:49:51 PM
This. Funny seeing this topic as I just installed Windows 10 and the nightmare is fresh!
My only question: Why? :P What possible use do you have for Windows?

It's as if it's designed to be a spyware lol.
Windows is spyware with an OS built on top, not the other way around.

but can the input for the RJ-45 connector just be desoldered just in case?
Or just fill it with glue or epoxy or something similar.

While I personally believe in the benefits of air-gapping, I don't think it's that much needed especially if you're careful enough with what you're doing.
You are wrong here. Everyone from bitcoin developers to massive centralized exchanges have had their hot wallets hacked. We hear about hot wallets being hacked literally every day. I'm yet to see a report of a single (properly) airgapped wallet being hacked.


Title: Re: Does this still count?
Post by: BlackHatCoiner on September 19, 2023, 03:08:17 PM
What possible use do you have for Windows?
There are a few things you can do in Windows, which can't be done in Linux, and that's why I haven't completely got rid of Windows. To name two occasions from my experience, Visual Studio and several games which aren't available in any Linux distro. Judging by the history of pooya's posts, he's used to writing C#, which is more or less a Microsoft product as it runs in the .NET framework, so that could be it.

But the reason most people struggle to migrate is habit. If you're used to Microsoft products, then the switch will be uncomfortable at first.


Title: Re: Does this still count?
Post by: tjtonmoy on September 19, 2023, 03:59:23 PM
As long as you keep your device disconnected from the internet wired or wirelessly, that should be considered an air-gapped device. But if it has been connected several times in the past, then maybe there's a possibility that it is not air-gapped anymore. So formatting everything and installing a new operating system is recommended. Simply uninstalling the network drivers will not do the task. OS has this thing of backing up missing components that are required to run smoothly. Network driver is one of them. So try to remove any hardware components as well. That way even the hackers will be unable to do anything.


Title: Re: Does this still count?
Post by: BVeyron on September 20, 2023, 06:13:57 PM
Of course one of the most important things to understand as a newbie in the crypto space is how to secure your digital assets. Therefore I decided to give air gapping a try In other to understand air gapping I tried air gapping an old windows PC today  since I didn't know a lot of technical stuff about the internal components of the computer I decided to uninstall all network drivers on the computer I tried doing this from my windows control panel.
Will this still count as an air gapped device or do I still have to remove the hard ware  networking components from the PC board?
And will it be possible for an hacker to install those drivers remotely?

I think that the main vulnerable node is not PC, doesn't matter if its air gapped or not. The seed phrase is the main thing which needs to be secure. Without it there are no possibilities to look into the wallet, regardless of the presence of other software tools... So, I think, its not necessary to protect acounts via air gapping, since the seed phrase is anyway a deal.


Title: Re: Does this still count?
Post by: satscraper on September 20, 2023, 06:38:55 PM
Of course one of the most important things to understand as a newbie in the crypto space is how to secure your digital assets. Therefore I decided to give air gapping a try In other to understand air gapping I tried air gapping an old windows PC today  since I didn't know a lot of technical stuff about the internal components of the computer I decided to uninstall all network drivers on the computer I tried doing this from my windows control panel.
Will this still count as an air gapped device or do I still have to remove the hard ware  networking components from the PC board?
And will it be possible for an hacker to install those drivers remotely?

I think that the main vulnerable node is not PC, doesn't matter if its air gapped or not. The seed phrase is the main thing which needs to be secure. Without it there are no possibilities to look into the wallet, regardless of the presence of other software tools... So, I think, its not necessary to protect acounts via air gapping, since the seed phrase is anyway a deal.

Completely wrong statement.

Compromised PC is the biggest threat to the digital assets it holds no matter how secure is the seed phrase.

OP's decision to move to air-gapped device is wise and  he can't go wrong with it. The only thing he must consider is to follow ETFbitcoin's  advice and install on his old PC the fresh OS which was never connected to Internet.


Title: Re: Does this still count?
Post by: SamReomo on September 20, 2023, 08:53:43 PM

And will it be possible for an hacker to install those drivers remotely?

The hackers won't be able to install the drivers remotely if they aren't close to your device but if the device has Bluetooth connectivity and the hacker is in close distance from your device then in theory that person may be able to connect to your device and install those drivers remotely. However, you really don't have to be worried about that thing if your pc doesn't have any Bluetooth connectivity built into it.

It's not really practical attack though. Besides, typical bluetooth have either short range (10m or less) or very short range (1m or less). So it could be avoided if you don't invite someone you don't trust to your house.


It's still practical if the hackers use some Bluetooth extending antennas to extend the range of their Bluetooth connectivity to few handed meters and that's why in theory those kind of attacks can take place if the hacker is someone who knows those things. But, still these type of attacks have never took place, however it's always better to know about these  because sometimes when we underestimate little probability things then that can be a reason for us to be hacked. The Bluetooth technology is very vulnerable to attacks and hackers can easily hack it with right tools.


Title: Re: Does this still count?
Post by: Natalim on September 20, 2023, 09:59:04 PM
Remote is just about to happen when you are connected to the internet IMO. It means that we don't need to do any more like moving parts from our computer if we don't have any intention to connect it to the internet as hackers couldn't connect your computer as well. If you are only accessing your wallet offline, that is safe already but if we still do it online on other computers, you are still exposing it to scammers.
I would say that nothing is 100% safe but at least, we did something that would help to have less possibility of getting hacked.


Title: Re: Does this still count?
Post by: SamReomo on September 21, 2023, 03:23:38 PM

I get your point, but
1. AFAIK any OS disable bluetooth by default.

That's true most of the Operating System disable default Bluetooth by default but sometimes the users enable it and don't really care much about it because of the short range it has. Some people enable to it connect Bluetooth speakers and headphones and don't really care much about security when it comes to Bluetooth connection and that's can make things easier for hackers.



2. Bluetooth if OP already uninstall all network driver.
The same answer here as well like most people don't really care much about Bluetooth when it comes to security and they may not disable it only to connect some Bluetooth enabled devices.

I also how much antenna could help for going through thick wall or multiple walls.

They don't help that much but if someone has a extender that can cover huge lengths then such extender could in theory go through some of the thick walls as well. This depends on the resources of the hacker that attacks those Bluetooth enable devices but most of the times hackers attack other networks that have good range. In theory it's possible but in reality we haven't heard any such cases so far.


Title: Re: Does this still count?
Post by: BlackHatCoiner on September 21, 2023, 03:36:29 PM
OP's decision to move to air-gapped device is wise and  he can't go wrong with it.
I mean, if we want to be pedantic, things can go wrong even in an air-gapped device. There may be hardware backdoors, OS zero days, perhaps the BIOS is compromised. Nothing is 100% secure, but if you migrate to an air-gapped environment, you definitely have less things to account for.

That's true most of the Operating System disable default Bluetooth by default but sometimes the users enable it and don't really care much about it because of the short range it has. Some people enable to it connect Bluetooth speakers and headphones and don't really care much about security when it comes to Bluetooth connection and that's can make things easier for hackers.
I don't understand how things can any worse with bluetooth than the Internet. First things first, the user must approve the wireless connection, it's the default security on Linux AFAIK.


Title: Re: Does this still count?
Post by: Pmalek on September 21, 2023, 03:56:21 PM
Regarding hackers, they might reinstall those drivers if they manage to get physical access or if you use any infected devices.
Your disks should also be fully encrypted and password-protected to prevent anyone recovering any data from them in case your machine gets stolen. Remote access shouldn't be a worry in a properly airgapped computer. If it is, then it's not properly airgapped, and you are just adding more risk to the way you store your keys.

There may be hardware backdoors, OS zero days, perhaps the BIOS is compromised. Nothing is 100% secure, but if you migrate to an air-gapped environment, you definitely have less things to account for.
Even if there is a vulnerability, there is no way to steal and send that data to wherever it's supposed to go without networking. If you connect USB devices to it to transfer PSBTs, I doubt a malware can be that good to transfer your data to the USB device and then wait for you to connect it to an online machine to transfer the information over the internet.


Title: Re: Does this still count?
Post by: KiaKia on September 21, 2023, 04:01:57 PM
Access and Authorization is what many aren't careful of when running a PC, either old or new you must be careful what you give an access to, there is no way a hacker can hijack your PC without you been the one that authorise that access in the first place, they must have lure you someone, either through Trojans when you are busy downloading torrent files or some kind of malware when you click on a bad link.

It's almost the same with crypto wallet, most simple hacks I've seen happens when the users try to claim what is not theirs, today I already have countless of fake NFT in my wallet, the scammers are hoping I claim the free offer which isn't mine.

Either Bluetooth or other, you are the one that gives access to the hackers to get your files or tale control of your hardware, I would prefer to buy a hardware wallet instead, an open source hardware wallet though, but if you insist on running wallet on PC, find a separate hard disk and run Linux OS on it, keep your wallets on this OS and never ever use this OS to surf the web or do anything else.


Title: Re: Does this still count?
Post by: BlackHatCoiner on September 21, 2023, 04:06:51 PM
Even if there is a vulnerability, there is no way to steal and send that data to wherever it's supposed to go without networking.
Depends on your setup. If you're using an air-gapped device that makes no use of random number generation, then the attacker can't take advantage of it to sign with insecure k-values (as an example). Transactions are signed using the RFC 6979 which doesn't generate random k-values. You would also need to use dice or coin to generate the entropy of your wallet. In that case, and by assuming the OS does not hide any backdoors for the specific type of wallet software you will use, then it's safe to assume you'll be fine.

If you connect USB devices to it to transfer PSBTs, I doubt a malware can be that good to transfer your data to the USB device and then wait for you to connect it to an online machine to transfer the information over the internet.
It sounds pretty difficult to bypass all those linux protection mechanisms, and install a program which will do that, but if you don't do it you will be 100% you cannot fall victim for that either.


Title: Re: Does this still count?
Post by: Pmalek on September 21, 2023, 06:17:07 PM
Depends on your setup. If you're using an air-gapped device that makes no use of random number generation, then the attacker can't take advantage of it to sign with insecure k-values (as an example). Transactions are signed using the RFC 6979 which doesn't generate random k-values. You would also need to use dice or coin to generate the entropy of your wallet. In that case, and by assuming the OS does not hide any backdoors for the specific type of wallet software you will use, then it's safe to assume you'll be fine.
I have always wondered what can affect the RNG and generating keys with enough entropy? For instance, do we know which hardware and software are always good sources of entropy and which aren't? Is there a list of models and versions that are specially good or bad? Also, can a good source of entropy suddenly go "bad" and generate insufficient entropy due to hardware defects or software misconfiguration?

I never gave it much thought.


Title: Re: Does this still count?
Post by: Ale88 on September 22, 2023, 03:01:41 AM
And will it be possible for an hacker to install those drivers remotely?
If you connect your computer to the internet everything is possible, if you leave it offline then no, that would be impossible, unless somehow they have physical access to your device, that means entering your house, and unless you own a fortune and someone knows about that, I would say it's an extremely remote possibility.


Title: Re: Does this still count?
Post by: satscraper on September 22, 2023, 07:54:11 AM
Depends on your setup. If you're using an air-gapped device that makes no use of random number generation, then the attacker can't take advantage of it to sign with insecure k-values (as an example). Transactions are signed using the RFC 6979 which doesn't generate random k-values. You would also need to use dice or coin to generate the entropy of your wallet. In that case, and by assuming the OS does not hide any backdoors for the specific type of wallet software you will use, then it's safe to assume you'll be fine.
I have always wondered what can affect the RNG and generating keys with enough entropy? For instance, do we know which hardware and software are always good sources of entropy and which aren't? Is there a list of models and versions that are specially good or bad? Also, can a good source of entropy suddenly go "bad" and generate insufficient entropy due to hardware defects or software misconfiguration?

I never gave it much thought.

These  are  very intriguing questions which appeal to the imagination of many learners  in the field. NIST has developed the software set  that  "provides a standardized means of estimating the quality of a source of entropy." (https://github.com/usnistgov/SP800-90B_EntropyAssessment) and almost each year organizes numerous workshops on this matter where you can find some answers. I would focused on     Random Bit Generation Workshop series and Entropy Source Validation Workshop, Just go to NIST site  (https://www.nist.gov/)and search.



Title: Re: Does this still count?
Post by: BlackHatCoiner on September 22, 2023, 08:43:24 AM
I have always wondered what can affect the RNG and generating keys with enough entropy? For instance, do we know which hardware and software are always good sources of entropy and which aren't?
If only it was that simple. If you make a quick search, you will notice that even from experts in the field, there's a moment of doubt when it comes to verifying that the RNG is true. Intel and AMD chips come with an RNG that is impossible to verify completely as far as I'm concerned. You cannot distinguish a pseudo-RNG from a true RNG, because you cannot detect if there is a function that deems deterministic the number generation.

When it comes to software, /dev/urandom and /dev/random are good sources, as for hardware there has been development (http://www.bitbabbler.org/), but if you merely want to run a Bitcoin wallet in an air-gapped device, then you don't need hardware for that purpose. Just roll a dice or flip a coin. It is trivial and completely verifiable.


Title: Re: Does this still count?
Post by: ABCbits on September 22, 2023, 09:09:44 AM
I get your point, but
1. AFAIK any OS disable bluetooth by default.
That's true most of the Operating System disable default Bluetooth by default but sometimes the users enable it and don't really care much about it because of the short range it has. Some people enable to it connect Bluetooth speakers and headphones and don't really care much about security when it comes to Bluetooth connection and that's can make things easier for hackers.

2. Bluetooth if OP already uninstall all network driver.
The same answer here as well like most people don't really care much about Bluetooth when it comes to security and they may not disable it only to connect some Bluetooth enabled devices.

That doesn't apply for OP though since he has some security awareness and plan to use his PC only to manage his Bitcoin. As for people who don't care about security/bluetooth is likely to be connected to internet all the time anyway.

For instance, do we know which hardware and software are always good sources of entropy and which aren't?

It's easy to know bad entropy source, such as current time. But even source of entropy which usually deemed good/secure can't be always good/reliable. For example, /dev/urandom output used to be predictable for about a minute on embedded device[1].

[1] https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final228.pdf (https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final228.pdf)


Title: Re: Does this still count?
Post by: Fivestar4everMVP on September 22, 2023, 09:31:51 AM
Well, I have never done or tried such on a pc though, but I've done something similar on a mobile phone, like' I bought a small android device for this purpose alone, I turned it on, installed a sim and connected to the internet, downloaded mycelium bitcoin wallet, moved most of my bitcoin in there, and after the transaction was confirmed and I was sure of it, I went into my settings, located the network setting and deleted the internet configuration, and immediately, I was disconnected from the internet even with sim card installed and data connection turned on, I then turned the phone off, remove the battery as well as the Sim card, and kept the phone some safe.

I assumed it to be a hardware wallet or a cold bitcoin storage, i left it like that for over eight(8) months before I decide to turn the phone back on, Installed the Sim and requested a new internet configuration from my service provider which was sent immediately, I install it and was able to connect to the internet again, open mycelium wallet and my bitcoins were sitting right there waiting for me.



Title: Re: Does this still count?
Post by: Pmalek on September 22, 2023, 03:30:37 PM
If only it was that simple. If you make a quick search, you will notice that even from experts in the field, there's a moment of doubt when it comes to verifying that the RNG is true. Intel and AMD chips come with an RNG that is impossible to verify completely as far as I'm concerned. You cannot distinguish a pseudo-RNG from a true RNG, because you cannot detect if there is a function that deems deterministic the number generation.
Regarding Intel and AMD chips, their RNGs aren't being used to generate the entropy, right? I mean, if I am creating a seed for a software wallet on my computer, I will be using the entropy of my OS, regardless if on Linux or Windows. And if I am working with a hardware wallet, they have their own RNGs inside the device.

When you say that Intel and AMD's RNGs can't be verified, I doubt it's weak and affects seed generation. Otherwise, almost all wallets generated on such chips wouldn't be secure, and we would have many complaints and reports of mysteriously lost coins.


Title: Re: Does this still count?
Post by: BlackHatCoiner on September 22, 2023, 03:48:25 PM
[...]
You shouldn't be using a mobile phone as your main Bitcoin wallet. Here's why: https://bitcointalk.org/index.php?topic=5463259.msg62732682#msg62732682

Regarding Intel and AMD chips, their RNGs aren't being used to generate the entropy, right?
They are. When you request from your computer to generate a random number, it utilizes RDRAND (https://en.wikipedia.org/wiki/RDRAND), which varies slightly as instruction from Intel to AMD. It's basically the same functionality. From the link, you can read the "Reception" part to confirm that engineers can insert backdoors there.

When you say that Intel and AMD's RNGs can't be verified, I doubt it's weak and affects seed generation. Otherwise, almost all wallets generated on such chips wouldn't be secure, and we would have many complaints and reports of mysteriously lost coins.
I have never heard of a case where someone lost bitcoin because of backdoored RNG, but just as we can't verify it's generating true randomness, we can't complain they're stealing bitcoin either. I mean, think about it. You wake up the next morning, and your wallet is emptied. What do you do? You tell a journalist that AMD and Intel insert backdoors? With what evidence?

I neither believe they're doing it as it isn't worth the risk, but why worrying for being one in the million customers who bought the backdoored hardware? Just flip a coin and sleep easy.


Title: Re: Does this still count?
Post by: Pmalek on September 22, 2023, 06:04:54 PM
I have never heard of a case where someone lost bitcoin because of backdoored RNG, but just as we can't verify it's generating true randomness, we can't complain they're stealing bitcoin either. I mean, think about it. You wake up the next morning, and your wallet is emptied. What do you do? You tell a journalist that AMD and Intel insert backdoors? With what evidence?
I understand what you are saying. But considering how big of a market share AMD and Intel chips have, and if it was a widespread backdooring problem, I think we would have too many complaints not to understand that something is seriously wrong. Especially if governments have a way to meddle and apply blows to Bitcoin that they hate. It would be a great way for them to attack Bitcoin and then spread FUD how unsafe and a big scam it is. They wouldn't be able to restrain themselves.


Title: Re: Does this still count?
Post by: Kakmakr on September 22, 2023, 06:11:07 PM
I do not think you have to go that far to protect your tokens, because most people store their coins in hardware wallets and they are Ok. I have some coins in hardware wallets and the long-term coins are stored on Paper Walets.. that I created with a air-gapped computer.

If you are very paranoid, you can buy a cheap second hand computer and you can create those paper wallets with the computer not connected to the Internet and then you can destroy it. (So if some Malware were storing information and waiting for it to connect, before it send the information.. then you can prevent that)  ;)


Title: Re: Does this still count?
Post by: Silberman on September 22, 2023, 08:47:25 PM
I do not think you have to go that far to protect your tokens, because most people store their coins in hardware wallets and they are Ok. I have some coins in hardware wallets and the long-term coins are stored on Paper Walets.. that I created with a air-gapped computer.

If you are very paranoid, you can buy a cheap second hand computer and you can create those paper wallets with the computer not connected to the Internet and then you can destroy it. (So if some Malware were storing information and waiting for it to connect, before it send the information.. then you can prevent that)  ;)
While it is true that it may not necessary to go that far to secure our coins, this is also a way to have peace of mind and tranquility, after all we hear stories every day of people losing their coins to hackers and scammers, so if this helps the OP to be more at ease knowing their coins are as secure as they could be then this is something they must do, otherwise they will always be worried about the possibility of losing their coins and that is not really a healthy way of living.


Title: Re: Does this still count?
Post by: suzanne5223 on September 22, 2023, 11:38:33 PM
I do not think you have to go that far to protect your tokens, because most people store their coins in hardware wallets and they are Ok. I have some coins in hardware wallets and the long-term coins are stored on Paper Walets.. that I created with a air-gapped computer.

If you are very paranoid, you can buy a cheap second hand computer and you can create those paper wallets with the computer not connected to the Internet and then you can destroy it. (So if some Malware were storing information and waiting for it to connect, before it send the information.. then you can prevent that)  ;)
While it is true that it may not necessary to go that far to secure our coins, this is also a way to have peace of mind and tranquility, after all we hear stories every day of people losing their coins to hackers and scammers, so if this helps the OP to be more at ease knowing their coins are as secure as they could be then this is something they must do, otherwise they will always be worried about the possibility of losing their coins and that is not really a healthy way of living.
I think there's nothing bad in going extra for the sake of securing our cryptocurrency holding but in the case of the OP, I believe he needs to format the old computer since it's a computer that was once connected to the internet long ago cause when we talk about airgap we're talking about wallet that's not connected to the internet.
@Kakmakr I hope you set up transaction notifications for the paper wallet cause we have a situation where some people think they created their paper wallet on Airgap computer but it's the other way around.


Title: Re: Does this still count?
Post by: Pmalek on September 23, 2023, 06:24:41 AM
I do not think you have to go that far to protect your tokens, because most people store their coins in hardware wallets and they are Ok. I have some coins in hardware wallets and the long-term coins are stored on Paper Walets.. that I created with a air-gapped computer.
Don't you think it's a bit weird that you are suggesting it isn't necessary to go the extra mile in protecting your keys when you admitted that you used a similar airgapped system when you generated your paper wallets? I hope you did it properly, and that you used a completely airgapped system and not something that is semi-airgapped or a computer with its LAN cable disconnected during seed generation. You wouldn't want the keys for your long-term holding to be less secure than those created by the hardware wallet you are using.


Title: Re: Does this still count?
Post by: BlackHatCoiner on September 23, 2023, 07:47:48 AM
I understand what you are saying. But considering how big of a market share AMD and Intel chips have, and if it was a widespread backdooring problem, I think we would have too many complaints not to understand that something is seriously wrong.
There have been bug reports regarding RDRAND, which were noticed in some minority of processors.

- https://www.techpowerup.com/255294/some-amd-processors-have-a-hardware-rng-bug-losing-randomness-after-suspend-resume
- https://arstechnica.com/gadgets/2019/10/how-a-months-old-amd-microcode-bug-destroyed-my-weekend/
- http://web.archive.org/web/20221117235141/https://linuxreviews.org/RDRAND_stops_returning_random_values_on_older_AMD_CPUs_after_suspend

As you can see, there have been instances of faulty behavior, and I'm sure you can find more if you dig up the space. I think it's possible for some hardware to be backdoored. (but not all)


Title: Re: Does this still count?
Post by: Pmalek on September 23, 2023, 08:38:29 AM
<Snip>
The first link you shared, says that Linux doesn't rely on RDRAND by default when it generates entropy. I guess it's harder to know its full impact on the close-source Windows. So, the biggest danger would be waking the computer up from sleep mode/hibernate and then attempting to generate a secure-enough seed. Affected CPUs wouldn't generate enough randomness.


Title: Re: Does this still count?
Post by: BlackHatCoiner on September 23, 2023, 09:41:35 AM
The first link you shared, says that Linux doesn't rely on RDRAND by default when it generates entropy.
According to Linus Torvalds, it doesn't rely entirely on RdRand. But /dev/random does make use of it.
Linus Torvalds dismissed concerns about the use of RDRAND in the Linux kernel and pointed out that it is not used as the only source of entropy for /dev/random, but rather used to improve the entropy by combining the values received from RDRAND with other sources of randomness.

You can also read this response by Linus, in which he pretty much sums up his concerns regarding RdRand: https://www.theregister.com/2013/09/10/torvalds_on_rrrand_nsa_gchq/. He's also clarifying that RdRand is one of the many inputs used:
Quote
However, as Torvalds pointed out in response to the petition RdRand is one of many inputs used by the Linux kernel’s pool to generate random characters.

The kernel chieftain wrote: “We use rdrand as _one_ of many inputs into the random pool, and we use it as a way to _improve_ that random pool. So even if rdrand were to be back-doored by the NSA, our use of rdrand actually improves the quality of the random numbers you get from /dev/random. Really short answer: you're ignorant.”

So, probably Linux is safe to an extent.

I guess it's harder to know its full impact on the close-source Windows.
We don't know with certainty: https://security.stackexchange.com/questions/195515/is-rdrand-used-in-a-safe-way-by-windows-10


Title: Re: Does this still count?
Post by: Pmalek on September 23, 2023, 12:57:24 PM
OK, so RDRAND definitely has a hand in the game. It's used to some extent, but because there are many other sources of entropy, even if it has insufficiently secure RNGs, it wouldn't be able to weaken the overall entropy to an alarming level. That's what I get from all this. It might be troublesome on its own, but when combined with better sources of entropy, it evens out. Maybe it's better to say it doesn't get noticed.   

I don't agree with Torvalds estimate in the last quote you posted. A weaker entropy source can't strengthen the overall security of a system despite being pooled together with better sources. 


Title: Re: Does this still count?
Post by: o_e_l_e_o on September 25, 2023, 02:40:45 PM
I assumed it to be a hardware wallet or a cold bitcoin storage
What you have described is neither a hardware wallet nor cold storage. It is a hot wallet which you turned off for a few months, and is only marginally more secure than a hot wallet which is always on.



In terms of  the discussion about RDRAND and entropy sources, this is relevant:

Most good wallets will be based on entropy directly from the OS and the computer's hardware. Bitcoin Core, as an example, draws entropy from /dev/urandom (which is from the OS, or the equivalent on non-Linux systems), RDSEED/RDRAND (which is from the processor), and a whole host of data from the computer itself, such as current resource usage, timestamps, kernel parameters, network data, version data, etc. All of this is then combined through a variety of techniques such as XORs and hashes, so if one source of entropy is weak or compromised then your final result should still be secure.

You can read more in the code here:
https://github.com/bitcoin/bitcoin/blob/master/src/random.h
https://github.com/bitcoin/bitcoin/blob/master/src/random.cpp

And of course, if you really don't trust any of this and still think your entropy might be compromised, then as BHC says, just flip a coin.