Corrupt OS defeats air gap.

[jubalix]

What is the likely hood that OS's are corrupted even on a clean install.

Eg consider the air gapped computer. You sign a transaction onto a usb.

Unknown to you the os was waiting, and deposits privkeys/waller/paswords (key logged) on to the usb in an obfuscated way even perhaps piecemeal over 100 transactions.

The OS you plug the usb into for the client is waiting for a catch points and then sends this data up.

All your coins taken / disappear, even though you had an air gapped Laptop.

even for linux, who is watching every line in ubuntu to see some code does not do this?

what is the solution to this?

the only sure fire way I can think of is you would photograph a qr code that held the signed transaction then this photo could be uploaded onto the client.

as things stand I'm not sure that airgaped but using usb to transfer, are really safe.

[Rannasha]

Use an OS that predates Bitcoin. Windows XP or some old Linux distribution. Obviously install the vanilla version and don't update it.

The QR code method you propose also works. I believe that JustDice uses this method for transfers out of its cold wallet.

[DannyHamilton]

What is the likely hood that OS's are corrupted even on a clean install.

Eg consider the air gapped computer. You sign a transaction onto a usb.

Unknown to you the os was waiting, and deposits privkeys/waller/paswords (key logged) on to the usb in an obfuscated way even perhaps piecemeal over 100 transactions.

The OS you plug the usb into for the client is waiting for a catch points and then sends this data up.

All your coins taken / disappear, even though you had an air gapped Laptop.

even for linux, who is watching every line in ubuntu to see some code does not do this?

what is the solution to this?

the only sure fire way I can think of is you would photograph a qr code that held the signed transaction then this photo could be uploaded onto the client.

as things stand I'm not sure that airgaped but using usb to transfer, are really safe.

Of course, if the OS cannot be trusted, then the photo method won't work anyhow.

How can you be sure that when the bitcoin address was generated, the OS didn't supply a false "random" private key?  Perhaps the OS uses a hidden algorithm to provide private keys that appear to be random, but which are actually predictable?

[Carlton Banks]

I would point out that every OS install image is assumed to be a compile of the source, largely on trust. Of course, the whole development team would not need to be complicit to allow this to happen, as only certain members are involved with the build process.

The best you could do to work around that issue today is to create a build of the source yourself, which is not a small task. Suggestions of pre-bitcoin OS make sense, but you'd have to be very disciplined about maintaining the airgap, as the threat is just less specific in that circumstance.

[grue]

Of course, if the OS cannot be trusted, then the photo method won't work anyhow.

How can you be sure that when the bitcoin address was generated, the OS didn't supply a false "random" private key?  Perhaps the OS uses a hidden algorithm to provide private keys that appear to be random, but which are actually predictable?

that's simple to solve. just flip 256 coins to generate the private key.

[softron]

I think using linux os would be safe for now.

[Abdussamad]

Use an OS that predates Bitcoin. Windows XP or some old Linux distribution. Obviously install the vanilla version and don't update it.

If you use an older, unpatched OS you risk a malware infection. For example if your USB drive gets infected it is more likely to infect the older OS on your offline PC rather than if you had an up to date modern one there.

There is also the question of RNGs on older Linux distros. There was that Debian openssl bug for instance.

[skilo]

If you want to store something and have it really secure or you want an unplugged computer to use for generating keys or such look into a free software linux distro.

Free software is not to be confused with open source, Free software is anti-proprietary where open source may be open but proprietary too.

Use a distro like GNUsense or trisquel etc.

http://www.gnu.org/distros/free-distros.html

These should be free of any backdoors, An unplugged computer running one of those distros should be pretty darn secure.

[ShadowOfHarbringer]

even for linux, who is watching every line in ubuntu to see some code does not do this?

Actually, a lot of people.

I don't know about Ubuntu specifically, but most Linux distributions are well-audited and every line is accounted for.

Debian, which is the distro Ubuntu is based off, prevented two backdoors from being placed in 2003 and 2006.

The one in 2003 was planted when a hacker broke into the source control server and removed a SINGLE character in one core developers repository in order to introduce a root privilege escalation exploit. The developer later merged his changes into the main repository, making it very hard for anybody to spot especially considering these changes (including the backdoor) were coming from a "trusted" developer who had no idea he had been hacked. Despite all of this it was still noticed and patched.

https://freedom-to-tinker.com/blog/felten/the-linux-backdoor-attempt-of-2003/

tl;dr; while it's possible, it's very difficult to insert a backdoor into an open source project.

Awesome, i was waiting for a post like this.

On the topic, programmers nowadays have very powerful tools like IDE's, Diff/Meld, Version control software such as Git, which makes putting a backdoor into anything more difficult than most people would think.

Most changes are not so big and are incremental changes, it is easy to review them by an experienced programmer.

[sunnankar]

what is the solution to this?

the only sure fire way I can think of is you would photograph a qr code that held the signed transaction then this photo could be uploaded onto the client.

Someone already made this solution for Armory.

[hobbes]

Use offbit: https://bitcointalk.org/index.php?topic=488915.0

You can use an offline computer without your privkeys ever coming into contact with persistent storage.

[oakpacific]

If you want to get down to the bottom of it, no code that you don't personally authored can be trusted. http://cm.bell-labs.com/who/ken/trust.html

[V4Vendettas]

I am not a super tec guy like many here but would consider myself above average joe on the street.

If I have constant fears that my cold storage is not safe even if I installed The bitcoin client on a clean Laptop made physical back ups then turned it off how then on earth is this ever going to get adopted by the mainstream?

[Bitalo_Maciej]

This is exactly the issue we solved with Bitalo, where you can create a multisignature wallet that will be safe even if your computer is compromised when setting it up. To achieve that we use MePIN 2-factor authentication, which unline Google 2FA talks directly from our servers to your mobile device, so your computer never sees the secret key for 2-factor.

So now to move your funds from your Bitalo wallet you have to:

- know your account password (which also acts as a key to unlock your part of private key) - this will be known to the attacker because your computer is compromised
- have your mobile device with MePIN app, that will confirm that the transaction is legit. Again, your computer doesn't take any part in it - you just press a button in the MePIN app and their servers send a message to ours that this request is OK.

Only after BOTH of these steps completed we proceed to sign your transaction with our private key and only then it gets submitted to the network and accepted.

[V4Vendettas]

Sure sounds great but.. your far more tech smart than the likes of myself this requires me to trust in you?

No you might say but if I don't understand the details of what your doing then how can I really have a clue if its safe?

I know we can never have anything really safe I get that but we need more than than promise's now days.

Bitcoin is far ahead of just about every law enforcement agency in the world. I just don't see how this can go mainstream without the bloodied piles of victims along the road to mass adoption.

Way I see it its these victims (like myself) that are holding up mass adoption. Every victim is one more human being with a bad story to tell about bitcoin.

The one answer my little brain can come up with is accountability. From my experience many crimes don't happen because people fear getting caught. No one ever seems accountable for lost bitcoins.

Disclaimer: I still believe in bitcoin.

[Bitalo_Maciej]

The good thing about our approach is that you don't have to take my word for it. All of the code that handles Bitcoin is in uncompressed Javascript for everyone to inspect. You can also check network requests to see exactly what's happening. Of course you need to have some knowledge to perform this kind of audit, but if you don't, someone else will. We couldn't possibly try to do anything fishy here that would go undetected.

[V4Vendettas]

The good thing about our approach is that you don't have to take my word for it. All of the code that handles Bitcoin is in uncompressed Javascript for everyone to inspect. You can also check network requests to see exactly what's happening. Of course you need to have some knowledge to perform this kind of audit, but if you don't, someone else will. We couldn't possibly try to do anything fishy here that would go undetected.

I have no doubt your 100% correct.

However does it matter if you are detected when the pot is worthy of a criminal act. Hell is it even a crime to steal bitcoins and if so in which country and with what kind of recourse for the victim?

Please don't think I am some noob ( I am really a tec noob) that's having ago at your product. I don't mean to do that at all and out of personal interest and respect to you I will take some time to have a good read up on it.

Point I am trying to get at is it seems without Companies being truly accountable (fear of punishment) for screw ups and outright fraud with respect to btc what is stopping them?

Things need to change if we want mass adoption and we have to understand not everyone wants to understand the blockchain or how to make things secure they just want it to work and not be terrified of loosing wealth to hackers every time they turn their PC/phone on. Or does the bitcoin global future only belong to the few? I for one have no wish to become the 1%


Again not directed at you at all I take my hat off to anyone trying to make bitcoin a safer and better world.

[Bitalo_Maciej]

I know it's hard to understand because systems like Mt. Gox created a mindset in people that you are totally blind regarding your Bitcoins. That's not the case with multisignature-based services though!

Problem: People STILL don't know what happened to Mt.Gox coins. Whose hands they are now, when exactly they were transfered, what addresses the cold storage was on, etc., etc.
Solution: In a multisig service you can monitor your wallet in real time on the blockchain. If we somehow stole coins from you, you would know that immediately. We would have no excuse.

Problem: When a centralized service fails, often all users lose money. That was the case for Mt. Gox, inputs.io, Flexcoin and others.
Solution: You cannot steal from all users in a multisig service, unless Bitcoin itself has some fatal flaw (in which case we're all doomed). It could be possible to plant malicious javascript to the website, but that would be detected quite quickly and only a handful of users that were using the site at that specific time could be harmed. The "reward" is much, MUCH lower for a thief, so there's less incentive to risk a criminal act.

Sample scenario: let's say that at some point we have 10,000 BTC in our wallet (hint: we have *much* less at this moment). Most users only store few BTCs in their wallet, and only 5% of Bitcoins is in active usage at any given moment. So if we're lucky, we're get 500 BTC out before people find out. Is ~250,000 EUR worth risking jail time? For an individual, maybe. For a trade registered AG company with 75,000 EUR founding capital, not so much I think.

[jubalix]

I know it's hard to understand because systems like Mt. Gox created a mindset in people that you are totally blind regarding your Bitcoins. That's not the case with multisignature-based services though!

Problem: People STILL don't know what happened to Mt.Gox coins. Whose hands they are now, when exactly they were transfered, what addresses the cold storage was on, etc., etc.
Solution: In a multisig service you can monitor your wallet in real time on the blockchain. If we somehow stole coins from you, you would know that immediately. We would have no excuse.

Problem: When a centralized service fails, often all users lose money. That was the case for Mt. Gox, inputs.io, Flexcoin and others.
Solution: You cannot steal from all users in a multisig service, unless Bitcoin itself has some fatal flaw (in which case we're all doomed). It could be possible to plant malicious javascript to the website, but that would be detected quite quickly and only a handful of users that were using the site at that specific time could be harmed. The "reward" is much, MUCH lower for a thief, so there's less incentive to risk a criminal act.

Sample scenario: let's say that at some point we have 10,000 BTC in our wallet (hint: we have *much* less at this moment). Most users only store few BTCs in their wallet, and only 5% of Bitcoins is in active usage at any given moment. So if we're lucky, we're get 500 BTC out before people find out. Is ~250,000 EUR worth risking jail time? For an individual, maybe. For a trade registered AG company with 75,000 EUR founding capital, not so much I think.

i never  quite undestodd with  2fa eg google authenticator or phone based system, what happens if you loose your phone???

[Bitalo_Maciej]

@jubalix: When setting up two-factor, you usually have an option to remember some kind of recovery code, that you can use later should you ever lose your phone. Even if you don't have it, we would get you through the user verification procedure again to make sure it's not a hacker who tries to access your account, and if everything's fine we would disable 2-factor temporarily so you could sign in and set it up again.